mirror/transmission
1
0
Fork 0
mirror of https://github.com/transmission/transmission synced 2024-12-22 15:54:57 +00:00
Code Issues Releases Wiki Activity

Add ProtectSystem and PrivateTmp to systemd service (#1452)

Browse source 
ProtectSystem mounts /boot, /efi and /usr as read only, basically
disallowing the daemon from ever writing there. PrivateTmp sets up a
file system namespace for /tmp and /var/tmp/ basically hiding it from
other processes.

Co-authored-by: Charles Kerr <charles@charleskerr.com>
This commit is contained in:
Jelle van der Waa 2022-02-13 21:06:55 +01:00 committed by GitHub
parent 31cbb3b708
commit 18b8e98e3f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
daemon/transmission-daemon.service
View file

@ -9,6 +9,8 @@ ExecStart=/usr/bin/transmission-daemon -f --log-error
ExecReload=/bin/kill -s HUP $MAINPID
NoNewPrivileges=true
MemoryDenyWriteExecute=true
ProtectSystem=true
PrivateTmp=true
[Install]
WantedBy=multi-user.target