Using systemd services with profiles

For general information on "profiles", see Sandboxing with profiles.

For every process, a separate service is required. For the profiles "internal" and "external", the services "airlock-iam-auth-external.service" and "airlock-iam-auth-internal.service" can be created using the CLI:

copy
iam systemd -c /home/airlock/iam --instance auth --profile external
iam systemd -c /home/airlock/iam --instance auth --profile internal

Disabling systemd Services

Disabling systemd services will prevent the system from attempting to launch them on start-up.

In order to find all relevant systemd service units, run the following command as "root:

copy
systemctl list-unit-files 'airlock-iam*'
systemctl list-units 'airlock-iam*'
ls -l /etc/systemd/system/airlock-iam* /etc/systemd/system/multi-user.target.wants/airlock-iam*

Any enabled services that are no longer required, or should be replaced can be disabled.

The following example disables the service for Airlock IAM 6.4 and earlier:

copy
systemctl disable airlock-iam@authws # Additional services to be disabled can be added to this command
# You may also have to delete old systemd service unit files in "/etc/systemd/system"