diff options
author | David Runge <dave@sleepmap.de> | 2019-07-07 13:58:27 +0200 |
---|---|---|
committer | David Runge <dave@sleepmap.de> | 2019-07-07 13:58:27 +0200 |
commit | 661c52862ca96b2787193929ee7c3a1d4d897cf9 (patch) | |
tree | 225d51708bb699f3bf8bf028bf71ebef67ad283c | |
parent | db183686ce59c72e656a095ad2c6d83d50dfb3b0 (diff) | |
download | dotfiles-661c52862ca96b2787193929ee7c3a1d4d897cf9.tar.gz dotfiles-661c52862ca96b2787193929ee7c3a1d4d897cf9.tar.bz2 dotfiles-661c52862ca96b2787193929ee7c3a1d4d897cf9.tar.xz dotfiles-661c52862ca96b2787193929ee7c3a1d4d897cf9.zip |
.config/systemd/user/mpd@.service: Adding hardening options.
-rw-r--r-- | .config/systemd/user/mpd@.service | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/.config/systemd/user/mpd@.service b/.config/systemd/user/mpd@.service index 6bde606..abf1504 100644 --- a/.config/systemd/user/mpd@.service +++ b/.config/systemd/user/mpd@.service @@ -7,6 +7,12 @@ Conflicts=mpd.service ExecStart=/usr/bin/mpd --no-daemon %h/.config/mpd/mpd-%i.conf LimitRTPRIO=75 LimitRTTIME=infinity +ProtectSystem=yes +NoNewPrivileges=yes +ProtectKernelTunables=yes +ProtectControlGroups=yes +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK +RestrictNamespaces=yes [Install] WantedBy=default.target |