mirror of
https://github.com/transmission/transmission
synced 2024-12-23 00:04:06 +00:00
Add ProtectSystem and PrivateTmp to systemd service (#1452)
ProtectSystem mounts /boot, /efi and /usr as read only, basically disallowing the daemon from ever writing there. PrivateTmp sets up a file system namespace for /tmp and /var/tmp/ basically hiding it from other processes. Co-authored-by: Charles Kerr <charles@charleskerr.com>
This commit is contained in:
parent
31cbb3b708
commit
18b8e98e3f
1 changed files with 2 additions and 0 deletions
|
@ -9,6 +9,8 @@ ExecStart=/usr/bin/transmission-daemon -f --log-error
|
||||||
ExecReload=/bin/kill -s HUP $MAINPID
|
ExecReload=/bin/kill -s HUP $MAINPID
|
||||||
NoNewPrivileges=true
|
NoNewPrivileges=true
|
||||||
MemoryDenyWriteExecute=true
|
MemoryDenyWriteExecute=true
|
||||||
|
ProtectSystem=true
|
||||||
|
PrivateTmp=true
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
Loading…
Reference in a new issue