summaryrefslogtreecommitdiffstats
path: root/roles/IMAP/files/etc/systemd
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2018-12-09 18:15:10 +0100
committerGuilhem Moulin <guilhem@fripost.org>2018-12-09 20:25:40 +0100
commit2147ff3bd9091b88960e2243b2d7d76d03cadc89 (patch)
treefa970590ab58a1d42913deccbca3adef05eaae83 /roles/IMAP/files/etc/systemd
parent2845af5f76ad3be9c0a1f69ab478ff5a08346a4c (diff)
systemd.service: Tighten hardening options.
Diffstat (limited to 'roles/IMAP/files/etc/systemd')
-rw-r--r--roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service5
1 files changed, 5 insertions, 0 deletions
diff --git a/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service b/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
index 7e790e3..d20f9c2 100644
--- a/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
+++ b/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
@@ -15,6 +15,11 @@ NoNewPrivileges=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=read-only
+PrivateDevices=yes
+PrivateNetwork=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
RestrictAddressFamilies=
[Install]