Add SystemD hardening (#1720)
* Add SystemD hardening Co-authored-by: abraunegg <alex.braunegg@gmail.com>
This commit is contained in:
parent
df3d137772
commit
89d2085c69
|
@ -5,6 +5,17 @@ After=network-online.target
|
|||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
# Commented out hardenings are disabled because they don't work out of the box.
|
||||
# If you know what you are doing please try to enable them.
|
||||
ProtectSystem=full
|
||||
#PrivateDevices=true
|
||||
ProtectHostname=true
|
||||
#ProtectClock=true
|
||||
ProtectKernelTunables=true
|
||||
#ProtectKernelModules=true
|
||||
#ProtectKernelLogs=true
|
||||
ProtectControlGroups=true
|
||||
RestrictRealtime=true
|
||||
ExecStart=@prefix@/bin/onedrive --monitor
|
||||
Restart=on-failure
|
||||
RestartSec=3
|
||||
|
|
|
@ -5,6 +5,17 @@ After=network-online.target
|
|||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
# Commented out hardenings are disabled because they don't work out of the box.
|
||||
# If you know what you are doing please try to enable them.
|
||||
ProtectSystem=full
|
||||
#PrivateDevices=true
|
||||
ProtectHostname=true
|
||||
#ProtectClock=true
|
||||
ProtectKernelTunables=true
|
||||
#ProtectKernelModules=true
|
||||
#ProtectKernelLogs=true
|
||||
ProtectControlGroups=true
|
||||
RestrictRealtime=true
|
||||
ExecStart=@prefix@/bin/onedrive --monitor --confdir=/home/%i/.config/onedrive
|
||||
User=%i
|
||||
Group=users
|
||||
|
|
Loading…
Reference in New Issue