nxshock/gonx
1
0
Fork 0
mirror of https://github.com/nxshock/gonx.git synced 2024-11-27 17:11:01 +05:00
Code Issues Projects Releases Wiki Activity

More systemd hardening

Browse Source
This commit is contained in:
nxshock 2023-12-28 18:40:38 +05:00
parent 9b394d902b
commit 52536b2675
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gonx.service
View File

@ -37,6 +37,9 @@ RestrictRealtime=true
RestrictSUIDSGID=true RestrictSUIDSGID=true
SystemCallArchitectures=native SystemCallArchitectures=native
UMask=0027 UMask=0027
ProtectProc=noaccess
ProcSubset=pid
SystemCallFilter=~@clock @swap @reboot @raw-io @privileged @obsolete @mount @module @debug @cpu-emulation
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target