File plocate-updatedb.service of Package plocate

[Unit]
Description=Update the locate database
Documentation=man:updatedb

[Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectHome=read-only
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_CHOWN CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
IPAddressDeny=any
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateTmp=true
PrivateNetwork=true
RestrictAddressFamilies=AF_UNIX
RestrictNamespaces=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service @chown
Type=oneshot
ExecStart=/usr/sbin/updatedb

UMask=0022

LimitNOFILE=131072

# Alter the priority of the updatedb process
Nice=19
IOSchedulingClass=idle

# Load sysconfig
EnvironmentFile=/etc/sysconfig/locate
Places

File plocate-updatedb.service of Package plocate

Places
