prysm-pulse/beacon-chain/package/prysm-beacon-chain.service

[Unit]
Description=Prysm Ethereum Beacon Chain
Wants=network-online.target
After=network-online.target

[Service]
User=prysm-beacon
Group=prysm-beacon
Type=simple
ExecStart=/usr/bin/beacon-chain --config-file /etc/prysm/beacon-chain.yaml --accept-terms-of-use

NoNewPrivileges=yes
CapabilityBoundingSet=
SystemCallArchitectures=native
SystemCallFilter=@system-service

PrivateDevices=yes
PrivateUsers=yes
PrivateTmp=yes

ProtectSystem=strict
ReadWritePaths=/var/lib/prysm/beacon-chain
ProtectClock=yes
ProtectHome=true
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectHostname=yes
ProtectControlGroups=yes

RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK

[Install]
WantedBy=multi-user.target
Feature/debian packages (#8872) * Basic build targets for debian packages * Add comments to config files * Harden beacon-chain systemd service * Add install scripts to set users and folders up * Rename bazel target, fix service files * Extra service hardening, cleanup install scripts * Fix linting issues * //shared:version_file run local only * gazelle Co-authored-by: Nishant Das <nishdas93@gmail.com> Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> Co-authored-by: Preston Van Loon <preston@prysmaticlabs.com> 2021-06-01 15:44:24 +00:00			`[Unit]`
Reduce Usage of Eth2 Terminology in Prysm (#9104) * remove all mentions * more changes * folder by folder Co-authored-by: terence tsao <terence@prysmaticlabs.com> Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> 2021-06-26 19:00:33 +00:00			`Description=Prysm Ethereum Beacon Chain`
Feature/debian packages (#8872) * Basic build targets for debian packages * Add comments to config files * Harden beacon-chain systemd service * Add install scripts to set users and folders up * Rename bazel target, fix service files * Extra service hardening, cleanup install scripts * Fix linting issues * //shared:version_file run local only * gazelle Co-authored-by: Nishant Das <nishdas93@gmail.com> Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> Co-authored-by: Preston Van Loon <preston@prysmaticlabs.com> 2021-06-01 15:44:24 +00:00			`Wants=network-online.target`
			`After=network-online.target`

			`[Service]`
			`User=prysm-beacon`
			`Group=prysm-beacon`
			`Type=simple`
			`ExecStart=/usr/bin/beacon-chain --config-file /etc/prysm/beacon-chain.yaml --accept-terms-of-use`

			`NoNewPrivileges=yes`
			`CapabilityBoundingSet=`
			`SystemCallArchitectures=native`
			`SystemCallFilter=@system-service`

			`PrivateDevices=yes`
			`PrivateUsers=yes`
			`PrivateTmp=yes`

			`ProtectSystem=strict`
			`ReadWritePaths=/var/lib/prysm/beacon-chain`
			`ProtectClock=yes`
			`ProtectHome=true`
			`ProtectKernelLogs=yes`
			`ProtectKernelModules=yes`
			`ProtectKernelTunables=yes`
			`ProtectHostname=yes`
			`ProtectControlGroups=yes`

			`RestrictNamespaces=yes`
			`RestrictRealtime=yes`
			`RestrictSUIDSGID=yes`
			`RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK`

			`[Install]`
			`WantedBy=multi-user.target`