diff options
author | Christian Hesse <mail@eworm.de> | 2015-06-27 21:43:26 +0200 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2015-06-27 21:43:26 +0200 |
commit | 20fe29aaf9f64850e21b1c0ced95278c7a4a4329 (patch) | |
tree | 49d8d5bffa00aa5176145b1b107e0d87fd9efe6e /systemd | |
parent | f58f35c0b001cf639ebe0144bea3850b9a2cbde7 (diff) | |
download | paccache-20fe29aaf9f64850e21b1c0ced95278c7a4a4329.tar.gz paccache-20fe29aaf9f64850e21b1c0ced95278c7a4a4329.tar.zst |
add some extra security to systemd units
Diffstat (limited to 'systemd')
-rw-r--r-- | systemd/pacdbserve.service | 4 | ||||
-rw-r--r-- | systemd/pacredir.service | 4 | ||||
-rw-r--r-- | systemd/pacserve.service | 4 |
3 files changed, 12 insertions, 0 deletions
diff --git a/systemd/pacdbserve.service b/systemd/pacdbserve.service index aebd368..fcde113 100644 --- a/systemd/pacdbserve.service +++ b/systemd/pacdbserve.service @@ -6,6 +6,10 @@ After=network.target User=nobody Group=nobody ExecStart=/usr/bin/darkhttpd /var/lib/pacman/sync/ --port 7079 +ProtectSystem=full +ProtectHome=on +PrivateDevices=on +NoNewPrivileges=on [Install] WantedBy=multi-user.target diff --git a/systemd/pacredir.service b/systemd/pacredir.service index adb9087..2fa1328 100644 --- a/systemd/pacredir.service +++ b/systemd/pacredir.service @@ -7,6 +7,10 @@ After=avahi-daemon.service User=nobody Group=nobody ExecStart=/usr/bin/pacredir +ProtectSystem=full +ProtectHome=on +PrivateDevices=on +NoNewPrivileges=on [Install] WantedBy=multi-user.target diff --git a/systemd/pacserve.service b/systemd/pacserve.service index 74db6ef..6ec4aab 100644 --- a/systemd/pacserve.service +++ b/systemd/pacserve.service @@ -6,6 +6,10 @@ After=network.target User=nobody Group=nobody ExecStart=/usr/bin/darkhttpd /var/cache/pacman/pkg/ --port 7078 +ProtectSystem=full +ProtectHome=on +PrivateDevices=on +NoNewPrivileges=on [Install] WantedBy=multi-user.target |