Mini Shell
[Unit]
Description=irqbalance daemon
Documentation=man:irqbalance(1)
Documentation=https://github.com/Irqbalance/irqbalance
ConditionVirtualization=!container
ConditionCPUs=>1
[Service]
EnvironmentFile=-/etc/sysconfig/irqbalance
ExecStart=/usr/sbin/irqbalance $IRQBALANCE_ARGS
CapabilityBoundingSet=
NoNewPrivileges=yes
ProtectSystem=strict
ReadOnlyPaths=/
ReadWritePaths=/proc/irq
RestrictAddressFamilies=AF_UNIX AF_NETLINK
RuntimeDirectory=irqbalance/
IPAddressDeny=any
ProtectHome=true
PrivateTmp=yes
PrivateNetwork=yes
PrivateUsers=true
ProtectHostname=yes
ProtectClock=yes
ProtectKernelModules=yes
ProtectKernelLogs=yes
ProtectControlGroups=yes
RestrictNamespaces=yes
LockPersonality=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
RemoveIPC=yes
PrivateMounts=yes
SystemCallFilter=@cpu-emulation @privileged @system-service
SystemCallFilter=~@clock @module @mount @obsolete @raw-io @reboot @resources @swap
SystemCallErrorNumber=EPERM
SystemCallArchitectures=native
[Install]
WantedBy=multi-user.target
Zerion Mini Shell 1.0