diff options
author | Christian Pointner <equinox@spreadspace.org> | 2016-07-04 00:01:20 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2016-07-04 00:01:20 +0200 |
commit | cc8033bba74e3fcbf5bf38af82e32178501eea71 (patch) | |
tree | 9ef7e53268bd745e3b5ed7322847227cdb52e5c8 /usr/lib/systemd/system | |
parent | weakend -Werror a little (diff) |
added some privilege limitations to sample systemd services
Diffstat (limited to 'usr/lib/systemd/system')
-rw-r--r-- | usr/lib/systemd/system/anytun-control@.service | 5 | ||||
-rw-r--r-- | usr/lib/systemd/system/anytun@.service | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/usr/lib/systemd/system/anytun-control@.service b/usr/lib/systemd/system/anytun-control@.service index ec857e9..b2e6a2c 100644 --- a/usr/lib/systemd/system/anytun-control@.service +++ b/usr/lib/systemd/system/anytun-control@.service @@ -8,6 +8,11 @@ Type=simple PIDFile=/run/anytun-controld/%i.pid Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3" ExecStart=/usr/bin/anytun-launcher.sh configd +Restart=on-failure +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +ProtectHome=yes [Install] WantedBy=multi-user.target diff --git a/usr/lib/systemd/system/anytun@.service b/usr/lib/systemd/system/anytun@.service index 2b7fa72..b28433b 100644 --- a/usr/lib/systemd/system/anytun@.service +++ b/usr/lib/systemd/system/anytun@.service @@ -7,6 +7,11 @@ Type=simple PIDFile=/run/anytun/%i.pid Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3" ExecStart=/usr/bin/anytun-launcher.sh vpn +Restart=on-failure +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +ProtectHome=yes [Install] WantedBy=multi-user.target |