Harden the systemd service for greetd
Description:
Similar to seatd#1 (closed)
By default, the systemd unit for greetd
is provided by upstream but it's insecure and extremely basic. Specifically, it's marked as insecure by systemd-analyze with a value of 9.8, and should be hardened by providing options such as ProtectSystem
, ProtectHome
, NoNewPrivileges
, etc. to the service unit.
Additional info:
- package version(s): 0.9.0-3