blob: cff2db7c713f0439d09432ec7ddc915e99c210ac (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
[Unit]
Description=WWSympa Service
After=network.target
PartOf=sympa.service
Requires=wwsympa.socket
[Service]
StandardInput=socket
User=sympa
Group=sympa
ExecStart=/usr/lib/cgi-bin/sympa/wwsympa.fcgi
# Hardening
NoNewPrivileges=yes
ReadWriteDirectories=/etc/sympa
ReadWriteDirectories=/var/lib/sympa
ReadWriteDirectories=/var/spool/sympa
ReadWriteDirectories=/run/sympa
PrivateDevices=yes
PrivateNetwork=yes
ProtectHome=yes
ProtectSystem=strict
PrivateTmp=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=
[Install]
WantedBy=multi-user.target
|