summaryrefslogtreecommitdiffstats
path: root/roles/lists/files/etc/systemd/system
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-05-16 04:07:47 +0200
committerGuilhem Moulin <guilhem@fripost.org>2020-05-16 05:51:06 +0200
commit30c52c6fd758059604b44564384ae919940cf994 (patch)
tree8025ab2ea4a4e69457ad1b9233dd45fb43fc4cae /roles/lists/files/etc/systemd/system
parent655e051437391797e0e6a152e650c80b2517a723 (diff)
antilop: Upgrade baseline to Debian 10.
Diffstat (limited to 'roles/lists/files/etc/systemd/system')
-rw-r--r--roles/lists/files/etc/systemd/system/wwsympa.service9
1 files changed, 4 insertions, 5 deletions
diff --git a/roles/lists/files/etc/systemd/system/wwsympa.service b/roles/lists/files/etc/systemd/system/wwsympa.service
index 3f76aca..1d302ef 100644
--- a/roles/lists/files/etc/systemd/system/wwsympa.service
+++ b/roles/lists/files/etc/systemd/system/wwsympa.service
@@ -12,16 +12,15 @@ ExecStart=/usr/lib/cgi-bin/sympa/wwsympa.fcgi
# Hardening
NoNewPrivileges=yes
-PrivateDevices=yes
-ProtectHome=yes
-ProtectSystem=strict
-PrivateTmp=yes
ReadWriteDirectories=/etc/sympa
ReadWriteDirectories=/var/lib/sympa
-ReadWriteDirectories=-/var/run/sympa
ReadWriteDirectories=/var/spool/sympa
+RuntimeDirectory=sympa
PrivateDevices=yes
PrivateNetwork=yes
+ProtectHome=yes
+ProtectSystem=strict
+PrivateTmp=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes