diff options
author | Gaming4JC <g4jc@openmailbox.org> | 2017-03-05 10:03:05 -0500 |
---|---|---|
committer | Gaming4JC <g4jc@openmailbox.org> | 2017-03-05 10:03:05 -0500 |
commit | 23527d57b4df85f0f210f3a249d93a7fbbe98230 (patch) | |
tree | cc1778a2572e462307db243c75898b087675c350 | |
parent | 0b701b8a4e03ba9e1a547a8c68350e337c12ccf9 (diff) | |
download | abslibre-23527d57b4df85f0f210f3a249d93a7fbbe98230.tar.gz abslibre-23527d57b4df85f0f210f3a249d93a7fbbe98230.tar.bz2 abslibre-23527d57b4df85f0f210f3a249d93a7fbbe98230.zip |
basic i2p hardening
-rw-r--r-- | pcr/i2p/i2prouter.service | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/pcr/i2p/i2prouter.service b/pcr/i2p/i2prouter.service index 7c278c833..2ac9c2304 100644 --- a/pcr/i2p/i2prouter.service +++ b/pcr/i2p/i2prouter.service @@ -14,6 +14,29 @@ SendSIGKILL=no ExecReload=/bin/kill -USR1 $MAINPID ExecStop=/bin/kill -TERM $MAINPID SuccessExitStatus=0 2 3 +PrivateTmp=yes +PrivateDevices=yes +ReadOnlyDirectories=/etc +ReadOnlyDirectories=/usr +ReadOnlyDirectories=/var/lib +InaccessibleDirectories=-/root +InaccessibleDirectories=-/media +InaccessibleDirectories=-/boot +InaccessibleDirectories=-/home +InaccessibleDirectories=-/run/console +InaccessibleDirectories=-/run/dbus +InaccessibleDirectories=-/run/lock +InaccessibleDirectories=-/run/mount +InaccessibleDirectories=-/run/systemd/generator +InaccessibleDirectories=-/run/systemd/system +InaccessibleDirectories=-/run/systemd/users +InaccessibleDirectories=-/run/udev +InaccessibleDirectories=-/run/user +InaccessibleDirectories=-/var/lib/dbus +InaccessibleDirectories=-/var/lib/rpm +InaccessibleDirectories=-/var/lib/systemd +InaccessibleDirectories=-/var/lib/yum +InaccessibleDirectories=-/var/spool [Install] WantedBy=multi-user.target |