antilop: Upgrade baseline to Debian 10.

author: Guilhem Moulin <guilhem@fripost.org> 2020-05-16 04:07:47 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2020-05-16 05:51:06 +0200
commit: 30c52c6fd758059604b44564384ae919940cf994 (patch)
tree: 8025ab2ea4a4e69457ad1b9233dd45fb43fc4cae /roles/lists/files/etc/systemd/system
parent: 655e051437391797e0e6a152e650c80b2517a723 (diff)
1 files changed, 4 insertions, 5 deletions
diff --git a/roles/lists/files/etc/systemd/system/wwsympa.service b/roles/lists/files/etc/systemd/system/wwsympa.service
index 3f76aca..1d302ef 100644
--- a/roles/lists/files/etc/systemd/system/wwsympa.service
+++ b/roles/lists/files/etc/systemd/system/wwsympa.service
@@ -12,16 +12,15 @@ ExecStart=/usr/lib/cgi-bin/sympa/wwsympa.fcgi
 
 # Hardening
 NoNewPrivileges=yes
-PrivateDevices=yes
-ProtectHome=yes
-ProtectSystem=strict
-PrivateTmp=yes
 ReadWriteDirectories=/etc/sympa
 ReadWriteDirectories=/var/lib/sympa
-ReadWriteDirectories=-/var/run/sympa
 ReadWriteDirectories=/var/spool/sympa
+RuntimeDirectory=sympa
 PrivateDevices=yes
 PrivateNetwork=yes
+ProtectHome=yes
+ProtectSystem=strict
+PrivateTmp=yes
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
author	Guilhem Moulin <guilhem@fripost.org>	2020-05-16 04:07:47 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2020-05-16 05:51:06 +0200
commit	30c52c6fd758059604b44564384ae919940cf994 (patch)
tree	8025ab2ea4a4e69457ad1b9233dd45fb43fc4cae /roles/lists/files/etc/systemd/system
parent	655e051437391797e0e6a152e650c80b2517a723 (diff)