Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
501f2adc
Verified
Commit
501f2adc
authored
Jan 26, 2021
by
Jelle van der Waa
🚧
Browse files
Harden the aurweb tuvotereminder service
This service only requires MySQL access and ability to submit an email.
parent
9a831e39
Pipeline
#5398
passed with stage
in 45 seconds
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
roles/aurweb/templates/aurweb-tuvotereminder.service.j2
View file @
501f2adc
...
...
@@ -7,3 +7,27 @@ After=mysqld.service
Type=oneshot
User={{ aurweb_user }}
ExecStart=/usr/local/bin/aurweb-tuvotereminder
NoNewPrivileges=true
LockPersonality=true
CapabilityBoundingSet=
PrivateDevices=true
PrivateTmp=true
ProtectSystem=strict
MemoryDenyWriteExecute=true
RemoveIPC=true
RestrictRealtime=true
RestrictNamespaces=true
RestrictSUIDSGID=true
ProtectHostname=true
ProtectControlGroups=true
ProtectKernelLogs=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectClock=true
ProtectProc=noaccess
SystemCallArchitectures=native
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment