mirror of
https://github.com/abraunegg/onedrive
synced 2024-05-26 02:22:13 +02:00
Add SystemD hardening (#1720)
* Add SystemD hardening Co-authored-by: abraunegg <alex.braunegg@gmail.com>
This commit is contained in:
parent
df3d137772
commit
89d2085c69
|
@ -5,6 +5,17 @@ After=network-online.target
|
||||||
Wants=network-online.target
|
Wants=network-online.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
# Commented out hardenings are disabled because they don't work out of the box.
|
||||||
|
# If you know what you are doing please try to enable them.
|
||||||
|
ProtectSystem=full
|
||||||
|
#PrivateDevices=true
|
||||||
|
ProtectHostname=true
|
||||||
|
#ProtectClock=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
#ProtectKernelModules=true
|
||||||
|
#ProtectKernelLogs=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
RestrictRealtime=true
|
||||||
ExecStart=@prefix@/bin/onedrive --monitor
|
ExecStart=@prefix@/bin/onedrive --monitor
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
RestartSec=3
|
RestartSec=3
|
||||||
|
|
|
@ -5,6 +5,17 @@ After=network-online.target
|
||||||
Wants=network-online.target
|
Wants=network-online.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
# Commented out hardenings are disabled because they don't work out of the box.
|
||||||
|
# If you know what you are doing please try to enable them.
|
||||||
|
ProtectSystem=full
|
||||||
|
#PrivateDevices=true
|
||||||
|
ProtectHostname=true
|
||||||
|
#ProtectClock=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
#ProtectKernelModules=true
|
||||||
|
#ProtectKernelLogs=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
RestrictRealtime=true
|
||||||
ExecStart=@prefix@/bin/onedrive --monitor --confdir=/home/%i/.config/onedrive
|
ExecStart=@prefix@/bin/onedrive --monitor --confdir=/home/%i/.config/onedrive
|
||||||
User=%i
|
User=%i
|
||||||
Group=users
|
Group=users
|
||||||
|
|
Loading…
Reference in a new issue