Conservancy/ForwardXMPP
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

systemd: Additional service hardening.

Browse source
This commit is contained in:
Brett Smith 2020-01-27 10:05:03 -05:00
parent 8c722dece1
commit 4f96088167
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
systemd/forwardxmpp.service
View file

@ -11,6 +11,8 @@ ExecStart=/usr/bin/python3 -m forwardxmpp --config-file /etc/forwardxmpp/config.
DynamicUser=true DynamicUser=true
DevicePolicy=closed
MemoryDenyWriteExecute=true
PrivateDevices=true PrivateDevices=true
PrivateNetwork=false PrivateNetwork=false
PrivateTmp=true PrivateTmp=true
@ -20,6 +22,9 @@ ProtectHome=true
ProtectKernelModules=true ProtectKernelModules=true
ProtectKernelTunables=true ProtectKernelTunables=true
ProtectSystem=strict ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=true
RestrictRealtime=true
CapabilityBoundingSet= CapabilityBoundingSet=
NoNewPrivileges=true NoNewPrivileges=true