From cc8033bba74e3fcbf5bf38af82e32178501eea71 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 4 Jul 2016 00:01:20 +0200
Subject: added some privilege limitations to sample systemd services

---
 usr/lib/systemd/system/anytun@.service | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'usr/lib/systemd/system/anytun@.service')

diff --git a/usr/lib/systemd/system/anytun@.service b/usr/lib/systemd/system/anytun@.service
index 2b7fa72..b28433b 100644
--- a/usr/lib/systemd/system/anytun@.service
+++ b/usr/lib/systemd/system/anytun@.service
@@ -7,6 +7,11 @@ Type=simple
 PIDFile=/run/anytun/%i.pid
 Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3"
 ExecStart=/usr/bin/anytun-launcher.sh vpn
+Restart=on-failure
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
 
 [Install]
 WantedBy=multi-user.target
-- 
cgit v1.2.3