Newer
Older
[Unit]
Description=Prometheus blackbox Exporter
After=network.target
[Service]
EnvironmentFile=-/etc/conf.d/prometheus-blackbox-exporter
ExecStart=/usr/bin/prometheus-blackbox-exporter $BLACKBOX_EXPORTER_ARGS
ExecReload=/bin/kill -HUP $MAINPID
DynamicUser=true
ProtectSystem=full
ProtectKernelModules=true
ProtectKernelTunables=true
PrivateTmp=true
LockPersonality=true
ProtectHostname=true
Jelle van der Waa
committed
ProtectKernelLogs=true
PrivateDevices=true
RestrictRealtime=true
CapabilityBoundingSet=
MemoryDenyWriteExecute=true
Jelle van der Waa
committed
CapabilityBoundingSet=CAP_NET_RAW
AmbientCapabilities=CAP_NET_RAW