diff options
author | Max <msuraev@sysmocom.de> | 2022-09-16 10:58:03 +0700 |
---|---|---|
committer | Max <msuraev@sysmocom.de> | 2022-09-18 19:23:52 +0700 |
commit | 00aea9e0d9461a829237c8e479d3d4be75affb70 (patch) | |
tree | 0119ff7ff827e9fe9572fa89d240dc18336b90f1 | |
parent | 023c6524a2749fbff17ad9252d02e7b2d7d901d9 (diff) |
systemd: enable basic hardening
This ensures that systemd will not allow us to modify
/home, /root and /run/user which we shouldn't be doing anyway.
See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
for details.
It should also should silence corresponding lintian warning.
Related: OS#4107
Change-Id: Ida5f13bdb9e5bd956c440a381d94eecc18f0b2ef
-rw-r--r-- | contrib/systemd/osmo-hlr.service | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/contrib/systemd/osmo-hlr.service b/contrib/systemd/osmo-hlr.service index aa2f281..7ab4279 100644 --- a/contrib/systemd/osmo-hlr.service +++ b/contrib/systemd/osmo-hlr.service @@ -9,6 +9,7 @@ StateDirectory=osmocom WorkingDirectory=%S/osmocom ExecStart=/usr/bin/osmo-hlr -c /etc/osmocom/osmo-hlr.cfg -l /var/lib/osmocom/hlr.db RestartSec=2 +ProtectHome=true [Install] WantedBy=multi-user.target |