Verified Commit 8855cd05 authored by Morten Linderud's avatar Morten Linderud 🏄 Committed by Jelle van der Waa
Browse files

Service hardening



Signed-off-by: Morten Linderud's avatarMorten Linderud <morten@linderud.pw>
parent 640b56bc
...@@ -5,8 +5,14 @@ Description=The official Arch Linux IRC bugbot ...@@ -5,8 +5,14 @@ Description=The official Arch Linux IRC bugbot
EnvironmentFile=/srv/bugbot/env EnvironmentFile=/srv/bugbot/env
ExecStart=/srv/bugbot/bugbot.py ExecStart=/srv/bugbot/bugbot.py
Restart=on-failure Restart=on-failure
ProtectSystem=full ProtectSystem=strict
DynamicUser=yes DynamicUser=yes
PrivateDevices=true
ProtectKernelTunables=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
[Install] [Install]
WantedBy=default.target WantedBy=multi-user.target
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment