c031f9aa5d
The io_uring buffer is allocated as memlocked memory, as MPD needs to be able to lock memory.
37 lines
900 B
SYSTEMD
37 lines
900 B
SYSTEMD
[Unit]
|
|
Description=Music Player Daemon
|
|
Documentation=man:mpd(1) man:mpd.conf(5)
|
|
After=network.target sound.target
|
|
|
|
[Service]
|
|
Type=notify
|
|
ExecStart=@prefix@/bin/mpd --no-daemon
|
|
|
|
# Enable this setting to ask systemd to watch over MPD, see
|
|
# systemd.service(5). This is disabled by default because it causes
|
|
# periodic wakeups which are unnecessary if MPD is not playing.
|
|
#WatchdogSec=120
|
|
|
|
# allow MPD to use real-time priority 40
|
|
LimitRTPRIO=40
|
|
LimitRTTIME=infinity
|
|
|
|
# for io_uring
|
|
LimitMEMLOCK=64M
|
|
|
|
# disallow writing to /usr, /bin, /sbin, ...
|
|
ProtectSystem=yes
|
|
|
|
# more paranoid security settings
|
|
NoNewPrivileges=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectControlGroups=yes
|
|
ProtectKernelModules=yes
|
|
# AF_NETLINK is required by libsmbclient, or it will exit() .. *sigh*
|
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
|
|
RestrictNamespaces=yes
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
Also=mpd.socket
|