1 2Run the Parsec service as parsec user in /var/lib/parsec/ working directory. 3 4Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> 5Upstream-Status: Inappropriate [deployment configuration] 6 7diff --git a/systemd-daemon/parsec.service b/systemd-daemon/parsec.service 8index c07c3b9..a6fe6a3 100644 9--- a/systemd-daemon/parsec.service 10+++ b/systemd-daemon/parsec.service 11@@ -3,13 +3,15 @@ Description=Parsec Service 12 Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html 13 14 [Service] 15-WorkingDirectory=/home/parsec/ 16+User=parsec 17+Group=parsec 18+WorkingDirectory=/var/lib/parsec/ 19 ExecStart=/usr/libexec/parsec/parsec --config /etc/parsec/config.toml 20 # Systemd hardening 21 ProtectSystem=full 22 ProtectHome=true 23 ProtectHostname=true 24-ProtectKernelTunables=true 25+#ProtectKernelTunables=true 26 ProtectKernelModules=true 27 ProtectKernelLogs=true 28 ProtectControlGroups=true 29