From 652dd8a9c200d10fbfb9fd4a7edefacabef7a267 Mon Sep 17 00:00:00 2001 From: NanoSector Date: Sun, 10 Mar 2019 17:41:05 +0100 Subject: [PATCH] Touch up the systemd unit to add optional sandboxing parameters --- Autostart-on-Linux.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/Autostart-on-Linux.md b/Autostart-on-Linux.md index 1a91cf3..62e202c 100644 --- a/Autostart-on-Linux.md +++ b/Autostart-on-Linux.md @@ -3,7 +3,7 @@ Most modern Linux distributions have switched to systemd, which involves a simple service file which gets enabled and started. ### Service File -Be sure to change the `User`, `Group` and path for both `mono` and `Radarr.exe` to match your installation. The file should be named `radarr.service` and the best place for it is `/etc/systemd/system/`. Alternative locations like `/usr/lib/systemd/system/` and `/lib/systemd/system/` may depend on the distribution used. +Be sure to change the `User`, `Group` and path for both `mono` and `Radarr.exe` to match your installation. The file should be named `radarr.service` and the best place for it is `/etc/systemd/system/`. Alternative locations like `/usr/lib/systemd/system/` and `/lib/systemd/system/` may depend on the distribution used. This example unit assumes that Radarr's executable is placed in `/opt/Radarr`. ``` [Unit] @@ -11,15 +11,25 @@ Description=Radarr Daemon After=syslog.target network.target [Service] -User=user -Group=group +# Change the user and group variables here. +User=radarr +Group=radarr Type=simple + +# Change the path to Radarr or mono here if it is in a different location for you. ExecStart=/usr/bin/mono --debug /opt/Radarr/Radarr.exe -nobrowser TimeoutStopSec=20 KillMode=process Restart=on-failure +# These lines optionally isolate (sandbox) Radarr from the rest of the system. +# Make sure to add any paths it might use to the list below (space-separated). +#ReadWritePaths=/opt/Radarr /path/to/movies/folder +#ProtectSystem=strict +#PrivateDevices=true +#ProtectHome=true + [Install] WantedBy=multi-user.target ```