1
0
Fork 0
mirror of https://github.com/transmission/transmission synced 2024-12-23 00:04:06 +00:00

Add ProtectSystem and PrivateTmp to systemd service (#1452)

ProtectSystem mounts /boot, /efi and /usr as read only, basically
disallowing the daemon from ever writing there. PrivateTmp sets up a
file system namespace for /tmp and /var/tmp/ basically hiding it from
other processes.

Co-authored-by: Charles Kerr <charles@charleskerr.com>
This commit is contained in:
Jelle van der Waa 2022-02-13 21:06:55 +01:00 committed by GitHub
parent 31cbb3b708
commit 18b8e98e3f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -9,6 +9,8 @@ ExecStart=/usr/bin/transmission-daemon -f --log-error
ExecReload=/bin/kill -s HUP $MAINPID ExecReload=/bin/kill -s HUP $MAINPID
NoNewPrivileges=true NoNewPrivileges=true
MemoryDenyWriteExecute=true MemoryDenyWriteExecute=true
ProtectSystem=true
PrivateTmp=true
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target