mirror of
https://git.burble.com/burble.dn42/dn42regsrv.git
synced 2024-02-26 20:28:04 +01:00
Harden systemd unit file
This commit is contained in:
parent
79081f79d2
commit
2d5839e044
@ -14,6 +14,17 @@ User=regsrv
|
||||
Group=registry
|
||||
Type=simple
|
||||
Restart=on-failure
|
||||
# service hardening
|
||||
ProtectSystem=strict
|
||||
ReadOnlyPaths=/home/regsrv/go/src/git.dn42.us/burble/dn42regsrv/StaticRoot
|
||||
ReadWritePaths=/home/regsrv/registry
|
||||
NoNewPrivileges=yes
|
||||
ProtectControlGroups=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
DevicePolicy=closed
|
||||
MemoryDenyWriteExecute=yes
|
||||
#
|
||||
ExecStart=/home/regsrv/go/bin/dn42regsrv \
|
||||
-s /home/regsrv/go/src/git.dn42.us/burble/dn42regsrv/StaticRoot \
|
||||
-d /home/regsrv/registry
|
||||
|
Loading…
x
Reference in New Issue
Block a user