|  | #  SPDX-License-Identifier: LGPL-2.1-or-later | 
|  | # | 
|  | #  This file is part of systemd. | 
|  | # | 
|  | #  systemd is free software; you can redistribute it and/or modify it | 
|  | #  under the terms of the GNU Lesser General Public License as published by | 
|  | #  the Free Software Foundation; either version 2.1 of the License, or | 
|  | #  (at your option) any later version. | 
|  |  | 
|  | [Unit] | 
|  | Description=Journal Remote Upload Service | 
|  | Documentation=man:systemd-journal-upload(8) | 
|  | Wants=network-online.target | 
|  | After=network-online.target | 
|  |  | 
|  | [Service] | 
|  | DynamicUser=yes | 
|  | ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-upload --save-state | 
|  | LockPersonality=yes | 
|  | MemoryDenyWriteExecute=yes | 
|  | PrivateDevices=yes | 
|  | ProtectProc=invisible | 
|  | ProtectControlGroups=yes | 
|  | ProtectHome=yes | 
|  | ProtectHostname=yes | 
|  | ProtectKernelLogs=yes | 
|  | ProtectKernelModules=yes | 
|  | ProtectKernelTunables=yes | 
|  | RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 | 
|  | RestrictNamespaces=yes | 
|  | RestrictRealtime=yes | 
|  | StateDirectory=systemd/journal-upload | 
|  | SupplementaryGroups=systemd-journal | 
|  | SystemCallArchitectures=native | 
|  | User=systemd-journal-upload | 
|  | {{SERVICE_WATCHDOG}} | 
|  |  | 
|  | # If there are many split up journal files we need a lot of fds to access them | 
|  | # all in parallel. | 
|  | LimitNOFILE={{HIGH_RLIMIT_NOFILE}} | 
|  |  | 
|  | [Install] | 
|  | WantedBy=multi-user.target |