spaces
This commit is contained in:
parent
527fc76341
commit
dd377da623
|
@ -12,7 +12,7 @@ StandardOutput=append:/var/log/__APP__/__APP__.log
|
||||||
StandardError=inherit
|
StandardError=inherit
|
||||||
|
|
||||||
# Sandboxing options to harden security
|
# Sandboxing options to harden security
|
||||||
# Depending on specificities of your service/app, you may need to tweak these
|
# Depending on specificities of your service/app, you may need to tweak these
|
||||||
# .. but this should be a good baseline
|
# .. but this should be a good baseline
|
||||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
|
@ -39,7 +39,7 @@ CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||||
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||||
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||||
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||||
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
Loading…
Reference in New Issue
Block a user