From 51ee63978fd73d3bd42b84e059529ad75ea90a60 Mon Sep 17 00:00:00 2001
From: Averell7 <dy1977@orange.fr>
Date: Mon, 7 Oct 2019 19:44:18 +0200
Subject: [PATCH] Modify logrotate.service

Create a modified logrotate.service to improve armbian-ramlog.
See discussion here
https://github.com/armbian/build/issues/1582
---
 .../etc/systemd/system/logrotate.service      | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 packages/bsp/common/etc/systemd/system/logrotate.service

diff --git a/packages/bsp/common/etc/systemd/system/logrotate.service b/packages/bsp/common/etc/systemd/system/logrotate.service
new file mode 100644
index 0000000000..0bb3bd6cdc
--- /dev/null
+++ b/packages/bsp/common/etc/systemd/system/logrotate.service
@@ -0,0 +1,28 @@
+[Unit]
+Description=Rotate log files
+Documentation=man:logrotate(8) man:logrotate.conf(5)
+ConditionACPower=true
+
+[Service]
+Type=oneshot
+ExecStartPre=/usr/lib/armbian/armbian-ramlog write
+ExecStart=/usr/sbin/logrotate /etc/logrotate.conf
+ExecStartPost=/usr/lib/armbian/armbian-ramlog postrotate
+
+# performance options
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
+
+# hardening options
+#  details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+#  no ProtectHome for userdir logs
+#  no PrivateNetwork for mail deliviery
+#  no ProtectKernelTunables for working SELinux with systemd older than 235
+#  no MemoryDenyWriteExecute for gzip on i686
+PrivateDevices=true
+PrivateTmp=true
+ProtectControlGroups=true
+ProtectKernelModules=true
+ProtectSystem=full
+RestrictRealtime=true