etc: Add hardening options to syncthing systemd services (fixes #5286) (#5351)

This commit is contained in:
desbma 2018-12-07 14:58:12 +01:00 committed by Jakob Borg
parent 002de7b6a0
commit 132789785d
2 changed files with 14 additions and 0 deletions

View File

@ -10,5 +10,12 @@ Restart=on-failure
SuccessExitStatus=3 4 SuccessExitStatus=3 4
RestartForceExitStatus=3 4 RestartForceExitStatus=3 4
# Hardening
ProtectSystem=full
PrivateTmp=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -8,5 +8,12 @@ Restart=on-failure
SuccessExitStatus=3 4 SuccessExitStatus=3 4
RestartForceExitStatus=3 4 RestartForceExitStatus=3 4
# Hardening
ProtectSystem=full
PrivateTmp=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true
[Install] [Install]
WantedBy=default.target WantedBy=default.target