Why and when to use ProtectControlGroups The systemd unit setting ProtectControlGroups reduces write access to cgroup or Linux control groups. Information about cgroups are normally available under /sys/fs/cgroup. This setting may restrict a process from writing anything to this directory structure. Configuration options Before systemd 257, only boolean values (yes/no, true/false) were accepted. With systemd 257 private and strict where added. Generic advice For most services ProtectControlGroups can be turned on. Only container managers do require write access to the control groups structures. Example configuration [Service] ProtectControlGroups=yes
No comments yet. Log in to reply on the Fediverse. Comments will appear here.