commit 33faf4b606a1387d21c67306befacc986a8a8aac (tree) parent 9dcdbee21081d934d2e6945db58b23219ed5933b Author: Motiejus Jakštys <desired.mta@gmail.com> Date: Sun, 12 Apr 2020 13:57:42 +0300 more hardening Diffstat:
| M | root/rslsync/etc/systemd/system/rslsync@.service | | | 3 | ++- |
| M | root/syncthing/etc/systemd/system/syncthing@.service.d/hardening.conf | | | 3 | ++- |
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/root/rslsync/etc/systemd/system/rslsync@.service b/root/rslsync/etc/systemd/system/rslsync@.service @@ -20,9 +20,10 @@ NoNewPrivileges=true ProtectControlGroups=true ProtectKernelModules=true ProtectKernelTunables=true +PrivateDevices=true # Paths -TemporaryFileSystem=/home +ProtectHome=tmpfs BindPaths=/home/%i/.config/resilio-sync BindPaths=/bigdisk/annex2/R-Camera diff --git a/root/syncthing/etc/systemd/system/syncthing@.service.d/hardening.conf b/root/syncthing/etc/systemd/system/syncthing@.service.d/hardening.conf @@ -3,9 +3,10 @@ ProtectSystem=strict ProtectControlGroups=true ProtectKernelModules=true ProtectKernelTunables=true +PrivateDevices=true +ProtectHome=tmpfs # Paths -TemporaryFileSystem=/home BindPaths=/home/%i/.config/syncthing TemporaryFileSystem=/bigdisk BindPaths=/bigdisk/annex2