From 20fe29aaf9f64850e21b1c0ced95278c7a4a4329 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Sat, 27 Jun 2015 21:43:26 +0200
Subject: add some extra security to systemd units

---
 systemd/pacdbserve.service | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'systemd/pacdbserve.service')

diff --git a/systemd/pacdbserve.service b/systemd/pacdbserve.service
index aebd368..fcde113 100644
--- a/systemd/pacdbserve.service
+++ b/systemd/pacdbserve.service
@@ -6,6 +6,10 @@ After=network.target
 User=nobody
 Group=nobody
 ExecStart=/usr/bin/darkhttpd /var/lib/pacman/sync/ --port 7079
+ProtectSystem=full
+ProtectHome=on
+PrivateDevices=on
+NoNewPrivileges=on
 
 [Install]
 WantedBy=multi-user.target
-- 
cgit v1.2.3-54-g00ecf