diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2018-12-09 18:15:10 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2018-12-09 20:25:40 +0100 |
| commit | 2147ff3bd9091b88960e2243b2d7d76d03cadc89 (patch) | |
| tree | fa970590ab58a1d42913deccbca3adef05eaae83 /roles/lists/files | |
| parent | 2845af5f76ad3be9c0a1f69ab478ff5a08346a4c (diff) | |
systemd.service: Tighten hardening options.
Diffstat (limited to 'roles/lists/files')
| -rw-r--r-- | roles/lists/files/etc/systemd/system/wwsympa.service | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/roles/lists/files/etc/systemd/system/wwsympa.service b/roles/lists/files/etc/systemd/system/wwsympa.service index 7d2440c..3f76aca 100644 --- a/roles/lists/files/etc/systemd/system/wwsympa.service +++ b/roles/lists/files/etc/systemd/system/wwsympa.service @@ -20,6 +20,12 @@ ReadWriteDirectories=/etc/sympa ReadWriteDirectories=/var/lib/sympa ReadWriteDirectories=-/var/run/sympa ReadWriteDirectories=/var/spool/sympa +PrivateDevices=yes +PrivateNetwork=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies= [Install] WantedBy=multi-user.target |