fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-04 15:40:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/src/nm-cloud-setup/nm-cloud-setup.service.in
Íñigo Huguet 4024e5c612 cloud-setup: Add OCI (Oracle Cloud) provider 
Initial support for OCI. It doesn't support VLAN configuration yet as
the requirements are not clear. It doesn't support secondary IP
addresses because the IMDS server doesn't expose them.

Instead of using plain text format, it gets a single response in JSON
format and parses it. The dependency to jansson is now mandatory for
that.
2024-10-24 16:14:48 +02:00

64 lines
1.8 KiB
SYSTEMD
Raw Blame History

[Unit]
Description=Automatically configure NetworkManager in cloud
Documentation=man:nm-cloud-setup(8)
Before=network-online.target
After=NetworkManager.service
# The service restart gets triggered from dispatcher script
# (pre-up and dhcp4-change actions), possibly ending up with many
# restart requests at the same time (e.g. on initial daemon startup
# on a machine with multiple NICs). The systemd handles multiple
# concurrent restart requests gracefully (the newer requests supersede
# older, which wait for them to finish), but the default limits are way
# too low: 5 restarts in 10 seconds. Raise that high enough for us to
# be on the safe side.
StartLimitIntervalSec=1
StartLimitBurst=100
[Service]
Type=oneshot
ExecStart=@libexecdir@/nm-cloud-setup
#Environment=NM_CLOUD_SETUP_LOG=TRACE
# Cloud providers are disabled by default. You need to
# Opt-in by setting the right environment variable for
# the provider.
#
# Create a drop-in file to overwrite these variables or
# use systemctl edit.
#Environment=NM_CLOUD_SETUP_EC2=yes
#Environment=NM_CLOUD_SETUP_GCP=yes
#Environment=NM_CLOUD_SETUP_AZURE=yes
#Environment=NM_CLOUD_SETUP_ALIYUN=yes
#Environment=NM_CLOUD_SETUP_OCI=yes
CapabilityBoundingSet=
KeyringMode=private
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
ProtectSystem=strict
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
DevicePolicy=closed
PrivateNetwork=no
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
SystemCallFilter=@system-service
[Install]
WantedBy=NetworkManager.service
Reference in a new issue View git blame Copy permalink