Commit graph

13 commits

Author SHA1 Message Date
Alexandre Aubin
ac52667ca0
Merge pull request #180 from YunoHost/improve-systemd-security
Improve systemd hardening
2022-11-20 17:53:57 +01:00
Alexandre Aubin
028e7303ab
Update conf/systemd.service
Co-authored-by: Tagada <36127788+Tagadda@users.noreply.github.com>
2022-11-20 17:52:43 +01:00
yalh76
dd377da623 spaces 2022-07-02 18:44:48 +02:00
Alexandre Aubin
b6af3ebb37
systemd conf: Add AF_NETLINK address family 2022-01-25 01:29:14 +01:00
Alexandre Aubin
f6f814e69b
Update systemd.service 2022-01-19 19:40:39 +01:00
yalh76
965f253be5
Merge pull request #136 from YunoHost/sandbox-baseline-for-systemd-services
[WIP] Add some systemd.service security baseline
2021-06-11 00:02:06 +02:00
Kay0u
cc0ac3c16a
Fix systemd stdout/stderr 2020-12-10 13:46:39 +01:00
Alexandre Aubin
6dd9c32323
Not sure why but @priviledged is causing issue on some legit services.. 2020-11-11 20:00:58 +01:00
Alexandre Aubin
f1ec6a6c85
Add RestrictAddressFamilies and SystemCallFilter 2020-11-11 19:54:27 +01:00
Alexandre Aubin
1ac3a1c1f7
Add RestrictNamespaces=yes 2020-11-11 19:15:01 +01:00
Alexandre Aubin
fe29c72b12
Remove two options that may in fact cause issues ... and add a bunch of CapabilityBoundingSet instructions that should be somewhat sane defaults ? 2020-11-11 18:50:52 +01:00
Alexandre Aubin
2b8e86f9c3
Update systemd.service 2020-11-11 16:02:30 +01:00
Maniack Crudelis
5ef1d07752 Add a systemd default file 2017-09-05 17:47:31 +02:00