aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2015-06-27 21:43:26 +0200
committerGravatar Christian Hesse <mail@eworm.de>2015-06-27 21:43:26 +0200
commit20fe29aaf9f64850e21b1c0ced95278c7a4a4329 (patch)
tree49d8d5bffa00aa5176145b1b107e0d87fd9efe6e
parentf58f35c0b001cf639ebe0144bea3850b9a2cbde7 (diff)
downloadpaccache-20fe29aaf9f64850e21b1c0ced95278c7a4a4329.tar.gz
paccache-20fe29aaf9f64850e21b1c0ced95278c7a4a4329.tar.zst
add some extra security to systemd units
-rw-r--r--systemd/pacdbserve.service4
-rw-r--r--systemd/pacredir.service4
-rw-r--r--systemd/pacserve.service4
3 files changed, 12 insertions, 0 deletions
diff --git a/systemd/pacdbserve.service b/systemd/pacdbserve.service
index aebd368..fcde113 100644
--- a/systemd/pacdbserve.service
+++ b/systemd/pacdbserve.service
@@ -6,6 +6,10 @@ After=network.target
User=nobody
Group=nobody
ExecStart=/usr/bin/darkhttpd /var/lib/pacman/sync/ --port 7079
+ProtectSystem=full
+ProtectHome=on
+PrivateDevices=on
+NoNewPrivileges=on
[Install]
WantedBy=multi-user.target
diff --git a/systemd/pacredir.service b/systemd/pacredir.service
index adb9087..2fa1328 100644
--- a/systemd/pacredir.service
+++ b/systemd/pacredir.service
@@ -7,6 +7,10 @@ After=avahi-daemon.service
User=nobody
Group=nobody
ExecStart=/usr/bin/pacredir
+ProtectSystem=full
+ProtectHome=on
+PrivateDevices=on
+NoNewPrivileges=on
[Install]
WantedBy=multi-user.target
diff --git a/systemd/pacserve.service b/systemd/pacserve.service
index 74db6ef..6ec4aab 100644
--- a/systemd/pacserve.service
+++ b/systemd/pacserve.service
@@ -6,6 +6,10 @@ After=network.target
User=nobody
Group=nobody
ExecStart=/usr/bin/darkhttpd /var/cache/pacman/pkg/ --port 7078
+ProtectSystem=full
+ProtectHome=on
+PrivateDevices=on
+NoNewPrivileges=on
[Install]
WantedBy=multi-user.target