[packages/mosquitto] add some hardening options to systemd unit
atler
atler at pld-linux.org
Mon Aug 28 18:19:03 CEST 2023
commit 9d6a153a1c75c550652df1a25aef46d54d8a585f
Author: Jan Palus <atler at pld-linux.org>
Date: Mon Aug 28 17:48:59 2023 +0200
add some hardening options to systemd unit
mosquitto.service | 7 +++++++
1 file changed, 7 insertions(+)
---
diff --git a/mosquitto.service b/mosquitto.service
index f04a065..bcc1230 100644
--- a/mosquitto.service
+++ b/mosquitto.service
@@ -12,6 +12,13 @@ Group=mosquitto
ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
+PrivateDevices=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectHome=yes
+ProtectProc=invisible
+ProtectSystem=yes
+RestrictNamespaces=yes
[Install]
WantedBy=multi-user.target
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/mosquitto.git/commitdiff/9d6a153a1c75c550652df1a25aef46d54d8a585f
More information about the pld-cvs-commit
mailing list