summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGaming4JC <g4jc@openmailbox.org>2017-03-05 10:03:05 -0500
committerGaming4JC <g4jc@openmailbox.org>2017-03-05 10:03:05 -0500
commit23527d57b4df85f0f210f3a249d93a7fbbe98230 (patch)
treecc1778a2572e462307db243c75898b087675c350
parent0b701b8a4e03ba9e1a547a8c68350e337c12ccf9 (diff)
downloadabslibre-23527d57b4df85f0f210f3a249d93a7fbbe98230.tar.gz
abslibre-23527d57b4df85f0f210f3a249d93a7fbbe98230.tar.bz2
abslibre-23527d57b4df85f0f210f3a249d93a7fbbe98230.zip
basic i2p hardening
-rw-r--r--pcr/i2p/i2prouter.service23
1 files changed, 23 insertions, 0 deletions
diff --git a/pcr/i2p/i2prouter.service b/pcr/i2p/i2prouter.service
index 7c278c833..2ac9c2304 100644
--- a/pcr/i2p/i2prouter.service
+++ b/pcr/i2p/i2prouter.service
@@ -14,6 +14,29 @@ SendSIGKILL=no
ExecReload=/bin/kill -USR1 $MAINPID
ExecStop=/bin/kill -TERM $MAINPID
SuccessExitStatus=0 2 3
+PrivateTmp=yes
+PrivateDevices=yes
+ReadOnlyDirectories=/etc
+ReadOnlyDirectories=/usr
+ReadOnlyDirectories=/var/lib
+InaccessibleDirectories=-/root
+InaccessibleDirectories=-/media
+InaccessibleDirectories=-/boot
+InaccessibleDirectories=-/home
+InaccessibleDirectories=-/run/console
+InaccessibleDirectories=-/run/dbus
+InaccessibleDirectories=-/run/lock
+InaccessibleDirectories=-/run/mount
+InaccessibleDirectories=-/run/systemd/generator
+InaccessibleDirectories=-/run/systemd/system
+InaccessibleDirectories=-/run/systemd/users
+InaccessibleDirectories=-/run/udev
+InaccessibleDirectories=-/run/user
+InaccessibleDirectories=-/var/lib/dbus
+InaccessibleDirectories=-/var/lib/rpm
+InaccessibleDirectories=-/var/lib/systemd
+InaccessibleDirectories=-/var/lib/yum
+InaccessibleDirectories=-/var/spool
[Install]
WantedBy=multi-user.target