From 661c52862ca96b2787193929ee7c3a1d4d897cf9 Mon Sep 17 00:00:00 2001 From: David Runge Date: Sun, 7 Jul 2019 13:58:27 +0200 Subject: .config/systemd/user/mpd@.service: Adding hardening options. --- .config/systemd/user/mpd@.service | 6 ++++++ 1 file changed, 6 insertions(+) (limited to '.config/systemd/user') diff --git a/.config/systemd/user/mpd@.service b/.config/systemd/user/mpd@.service index 6bde606..abf1504 100644 --- a/.config/systemd/user/mpd@.service +++ b/.config/systemd/user/mpd@.service @@ -7,6 +7,12 @@ Conflicts=mpd.service ExecStart=/usr/bin/mpd --no-daemon %h/.config/mpd/mpd-%i.conf LimitRTPRIO=75 LimitRTTIME=infinity +ProtectSystem=yes +NoNewPrivileges=yes +ProtectKernelTunables=yes +ProtectControlGroups=yes +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK +RestrictNamespaces=yes [Install] WantedBy=default.target -- cgit v1.2.3-70-g09d2