mirror of
https://github.com/transmission/transmission
synced 2024-12-23 00:04:06 +00:00
Add ProtectSystem and PrivateTmp to systemd service (#1452)
ProtectSystem mounts /boot, /efi and /usr as read only, basically disallowing the daemon from ever writing there. PrivateTmp sets up a file system namespace for /tmp and /var/tmp/ basically hiding it from other processes. Co-authored-by: Charles Kerr <charles@charleskerr.com>
This commit is contained in:
parent
31cbb3b708
commit
18b8e98e3f
1 changed files with 2 additions and 0 deletions
|
@ -9,6 +9,8 @@ ExecStart=/usr/bin/transmission-daemon -f --log-error
|
|||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
NoNewPrivileges=true
|
||||
MemoryDenyWriteExecute=true
|
||||
ProtectSystem=true
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
Loading…
Reference in a new issue