RemoveIPC setting
The property RemoveIPC is a systemd unit setting used for sandboxing. It is available since systemd 232.
Purpose: defines if System V and POSIX IPC objects by the user and group are removed upon stopping the service
New to securing and tuning systemd services? Start with the how to harden a systemd service unit article to learn tuning step-by-step, including the usage of relevant tools.
Why and when to use RemoveIPC
Systemd provides the unit setting RemoveIPC to perform a cleanup of IPC objects after a service exits. If this option is set, then upon the exit of a service all relevant IPC objects (System V and POSIX) will be removed.
Inter-process communication (IPC) provides processes with the capability to communicate with each other. This communication can happen via a variety of ways, using process signals, pipes, message queues, semaphores, and shared memory usage.
See What is inter-process communication (IPC)? for more details.
Generic advice
For most common services this option can be set safely. If a process uses IPC, then most likely it will contain support for one of the common methods, such as message queues, semaphores or shared memory.
See filter set @ipc for syscalls that might be related.
Values
Systemd unit setting RemoveIPC expects a boolean (yes/no or true/false).
Value | Intended action | Available since systemd version |
---|---|---|
no | normal behavior of System V and POSIX IPC objects - default | 232 |
yes | System V and POSIX IPC objects are removed upon service termination | 232 |
Example to show the current value of RemoveIPC for the ssh service:
systemctl show --property=RemoveIPC ssh.service