Update default Systemd example file to include ram locking

Question

Update default Systemd example file to include ram locking

Aureliolo opened this issue 2 years ago · comments

Hi,

I chose todo a feature-request issue since no doc-change label was available and the wiki is not open to editing.

The default file recommended here does not include "AmbientCapabilities=CAP_IPC_LOCK". Would maybe be good to have it in there so that if someone copies it the security flag is set by default.
https://github.com/minio/kes/wiki/Systemd#4-systemd-service

Could also be added to the lower part as a separate option like where it recommends adding Ambient capabilities for lower ports.

Mostly to avoid people googling how to set it when systemctl status kes tells them to enable it for ram locking :)

Sveinn · Answer 1 · Mon Oct 30 2023 18:12:35 GMT+0800 (China Standard Time)

The flag has been added to the systemd example configuration, thank you for letting us know it was missing!
https://github.com/minio/kes/wiki/Systemd