Overview

File prometheus-json_exporter.service of Package prometheus-json_exporter

[Unit]
Description=Prometheus exporter for JSON metrics
Documentation=https://github.com/prometheus-community/json_exporter
Wants=network-online.target
After=network-online.target

[Service]
Restart=always
User=prometheus
EnvironmentFile=-/etc/sysconfig/prometheus-json_exporter
ExecStart=/usr/bin/json_exporter $ARGS

# various hardening options
CapabilityBoundingSet=
AmbientCapabilities=
StandardInput=null
UMask=0077
PrivateUsers=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectProc=invisible
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectKernelLogs=yes
ProtectControlGroups=yes
ProtectHostname=yes
ProtectClock=yes
NoNewPrivileges=yes
MountFlags=private
LockPersonality=yes
KeyringMode=private
RestrictRealtime=yes
RestrictNamespaces=yes
RestrictSUIDSGID=yes
DevicePolicy=closed
PrivateIPC=yes
RemoveIPC=yes
MemoryDenyWriteExecute=yes
ProcSubset=pid
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
SystemCallArchitectures=native
SystemCallFilter=access madvise newfstatat openat readlinkat setrlimit rt_sigprocmask sigaltstack rt_sigaction clone clone3 fcntl epoll_create1 pipe2 @io-event fstat @basic-io @network-io
SystemCallFilter=~ @clock @cpu-emulation @debug @keyring @module @mount @raw-io @reboot @swap @obsolete splice @chown @privileged @pkey @setuid @timer

[Install]
WantedBy=multi-user.target
openSUSE Build Service is sponsored by
Places