[Unit] Description=Cleanup Conservancy website Before=apache2.service [Service] Type=oneshot User=www ExecStart=/usr/bin/python /var/www/website/www/manage.py clearsessions --verbosity 0 SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete CapabilityBoundingSet= NoNewPrivileges=true PrivateDevices=true PrivateNetwork=true PrivateTmp=true PrivateUsers=true ProtectControlGroups=true ProtectHome=true ProtectKernelModules=true ProtectKernelTunables=true ProtectSystem=strict ReadWritePaths=/var/lib/www/database [Install] WantedBy=apache2.service