1
0
mirror of https://github.com/nxshock/gonx.git synced 2024-11-27 17:11:01 +05:00

More systemd hardening

This commit is contained in:
nxshock 2023-12-28 18:40:38 +05:00
parent 9b394d902b
commit 52536b2675

View File

@ -37,6 +37,9 @@ RestrictRealtime=true
RestrictSUIDSGID=true RestrictSUIDSGID=true
SystemCallArchitectures=native SystemCallArchitectures=native
UMask=0027 UMask=0027
ProtectProc=noaccess
ProcSubset=pid
SystemCallFilter=~@clock @swap @reboot @raw-io @privileged @obsolete @mount @module @debug @cpu-emulation
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target