Skip to content

Commit

Permalink
systemd/eturnal: Use ProtectSystem=strict
Browse files Browse the repository at this point in the history 
[`ProtectSystem=strict` mounts more directories as read-only.][1]

[The upstream service unit only sets it to `full` to support older
systemd releases.][2] systemd 242, currently shipped by MarIuX, support
`strict`, so use it.

[1]: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=
[2]: https://github.com/processone/eturnal/issues/14#issuecomment-843021648
  • Loading branch information
@pmenzel
pmenzel committed May 18, 2021
1 parent beb0617 commit c9686d4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion misc_systemd_units/eturnal.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,6 @@ RestartSec=3
WatchdogSec=30
LimitNOFILE=50000
RuntimeDirectory=eturnal
ProtectSystem=full
ProtectSystem=strict
NoNewPrivileges=true
AmbientCapabilities=CAP_NET_BIND_SERVICE

0 comments on commit c9686d4

Please sign in to comment.