mirror
/
transmission
mirror of https://github.com/transmission/transmission
1
0
Fork 0
Code Issues Releases Wiki Activity

Add ProtectSystem and PrivateTmp to systemd service (#1452) 

ProtectSystem mounts /boot, /efi and /usr as read only, basically
disallowing the daemon from ever writing there. PrivateTmp sets up a
file system namespace for /tmp and /var/tmp/ basically hiding it from
other processes.

Co-authored-by: Charles Kerr <charles@charleskerr.com>
This commit is contained in:
Jelle van der Waa 2022-02-13 21:06:55 +01:00 committed by GitHub
parent 31cbb3b708
commit 18b8e98e3f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
daemon/transmission-daemon.service
View File

@ -9,6 +9,8 @@ ExecStart=/usr/bin/transmission-daemon -f --log-error
ExecReload=/bin/kill -s HUP $MAINPID
NoNewPrivileges=true
MemoryDenyWriteExecute=true
ProtectSystem=true
PrivateTmp=true
[Install]
WantedBy=multi-user.target