mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-06-02 07:16:06 +02:00
planet: harden planet generation service
Harden the unit by limiting access to the system and dissallowing privilege escalation.
This commit is contained in:
parent
155104d445
commit
a65a62e259
|
@ -6,3 +6,10 @@ Type=oneshot
|
|||
User=http
|
||||
ExecStart=/usr/bin/python2 planet.py archplanet/config.ini
|
||||
WorkingDirectory={{ planet_dir }}
|
||||
NoNewPrivileges=yes
|
||||
ProtectHome=true
|
||||
ProtectSystem=full
|
||||
PrivateTmp=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectControlGroups=true
|
||||
|
|
Loading…
Reference in New Issue