Pārlūkot izejas kodu

Update log2ram.service

untested. partial sandboxing.
pull/195/head
TubbyCat pirms 2 gadiem
committed by GitHub
vecāks
revīzija
e38c73e2d5
Šim parakstam datu bāzē netika atrasta zināma atslēga GPG atslēgas ID: 4AEE18F83AFDEB23
1 mainītis faili ar 23 papildinājumiem un 0 dzēšanām
  1. +23
    -0
      log2ram.service

+ 23
- 0
log2ram.service Parādīt failu

@@ -15,5 +15,28 @@ ExecReload= /usr/local/bin/log2ram write
TimeoutStartSec=120
RemainAfterExit=yes

#SANDBOXING# -- NEEDS TESTING
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPriviliges=true
#PrivateDevices=
#PrivateNetwork=true
#Will likely break "MAIL" in log2ram.config if does not point to localhost / disabled
ProtectClock=true
ProtectControlGroups=
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
RestrictSUIDSGID=true
ProtectSystem=full
# ALT: ProtectSystem=true # if-and-only-if needs /etc, but can whitelist dir prn
ProtectHome=true
#will likely break situations wherein configured to also copy logs from $HOME.
#can probably fix with systemctl edit to whitelist relevant dirs




[Install]
WantedBy=sysinit.target

Notiek ielāde…
Atcelt
Saglabāt