nxshock/gonx
1
0
Fork 0
mirror of https://github.com/nxshock/gonx.git synced 2024-11-27 17:11:01 +05:00
Code Issues Projects Releases Wiki Activity

More systemd hardening

Browse Source
This commit is contained in:
nxshock 2023-12-28 20:01:36 +05:00
parent 52536b2675
commit 19d0db3a00
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
gonx.service
View File

@ -40,6 +40,8 @@ UMask=0027
ProtectProc=noaccess ProtectProc=noaccess
ProcSubset=pid ProcSubset=pid
SystemCallFilter=~@clock @swap @reboot @raw-io @privileged @obsolete @mount @module @debug @cpu-emulation SystemCallFilter=~@clock @swap @reboot @raw-io @privileged @obsolete @mount @module @debug @cpu-emulation
RestrictAddressFamilies=~AF_UNIX AF_PACKET AF_NETLINK
UMask=0066
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target