Projects/muscl
12
5
Fork 0
Code Issues 75 Pull Requests Actions Packages Releases 1 Activity

Add landlock rulesets

Browse Source
This commit is contained in:
Oystein Kristoffer Tveit
2025-12-01 11:15:29 +09:00
parent 2472936857
commit 152c3ddbcc
7 changed files with 136 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
assets/systemd/muscl.service
View File

@@ -51,6 +51,6 @@ RestrictRealtime=true
RestrictSUIDSGID=true
SocketBindDeny=any
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=@system-service @sandbox
SystemCallFilter=~@privileged @resources
UMask=0777