Skip to content
GitLab
Commit 9ffdb683 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

archweb: harden mirror related further 

Add some new systemd hardening features to network related services.
parent 86cd446a
Hide whitespace changes
Inline Side-by-side
roles/archweb/templates/archweb-mirrorcheck.service.j2
View file @ 9ffdb683
......@@ -20,6 +20,10 @@ PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
ProtectHostname=true
RestrictRealtime=true
CapabilityBoundingSet=
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
roles/archweb/templates/archweb-mirrorresolv.service.j2
View file @ 9ffdb683
......@@ -17,6 +17,10 @@ PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
ProtectHostname=true
RestrictRealtime=true
CapabilityBoundingSet=
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment