This commit adds a warning for settings that possibly provide better sandboxing and explains their tradeoffs. --- contrib/systemd/haproxy.service.in | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/contrib/systemd/haproxy.service.in b/contrib/systemd/haproxy.service.in index 804be3583..5d8eecf06 100644 --- a/contrib/systemd/haproxy.service.in +++ b/contrib/systemd/haproxy.service.in @@ -12,5 +12,11 @@ KillMode=mixed Restart=always Type=notify +# The following lines leverage SystemD's sandboxing options to provide +# defense in depth protection at the expense of restricting some flexibility +# in your setup (e.g. placement of your configuration files) or possibly +# reduced performance. See systemd.service(5) and systemd.exec(5) for further +# information. + [Install] WantedBy=multi-user.target -- 2.16.2
