systemd hardening for pvv-nettsiden-gallery-update.service #90
|
@ -70,7 +70,7 @@ in {
|
|||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true; # disable for third party rotate scripts
|
||||
PrivateDevices = true;
|
||||
#PrivateNetwork = true; # disable for mail delivery
|
||||
PrivateNetwork = true; # disable for mail delivery
|
||||
PrivateTmp = true;
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
|
@ -84,7 +84,7 @@ in {
|
|||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true; # disable for creating setgid directories
|
||||
#SocketBindDeny = [ "any" ];
|
||||
SocketBindDeny = [ "any" ];
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
|
|
Loading…
Reference in New Issue