Hardening Service-File
Task Info (Flyspray) | |
---|---|
Opened By | Michael Schönitzer (Nudin) |
Task ID | 52178 |
Type | Feature Request |
Project | Community Packages |
Category | Security |
Version | None |
OS | All |
Opened | 2016-12-16 15:22:25 UTC |
Status | Assigned |
Assignee | Felix Yan (felixonmars) |
Assignee | Brett Cornwall (ainola) |
Details
Is there a reason against hardening the systemd service-file? I'm running the following setup without problems:
´´´ PrivateDevices=yes PrivateTmp=yes ProtectHome=yes ProtectSystem=yes MountFlags=slave RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 NoNewPrivileges=yes SystemCallArchitectures=native ´´´