1
mirror of https://git.burble.com/burble.dn42/dn42regsrv.git synced 2024-02-26 20:28:04 +01:00

Harden systemd unit file

This commit is contained in:
Simon Marsh 2019-03-06 19:21:33 +00:00
parent 79081f79d2
commit 2d5839e044
No known key found for this signature in database
GPG Key ID: 7B9FE8780CFB6593

@ -14,6 +14,17 @@ User=regsrv
Group=registry
Type=simple
Restart=on-failure
# service hardening
ProtectSystem=strict
ReadOnlyPaths=/home/regsrv/go/src/git.dn42.us/burble/dn42regsrv/StaticRoot
ReadWritePaths=/home/regsrv/registry
NoNewPrivileges=yes
ProtectControlGroups=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
MemoryDenyWriteExecute=yes
#
ExecStart=/home/regsrv/go/bin/dn42regsrv \
-s /home/regsrv/go/src/git.dn42.us/burble/dn42regsrv/StaticRoot \
-d /home/regsrv/registry