Commit Graph

8 Commits

Author SHA1 Message Date
Jelle van der Waa 18b8e98e3f
Add ProtectSystem and PrivateTmp to systemd service (#1452)
ProtectSystem mounts /boot, /efi and /usr as read only, basically
disallowing the daemon from ever writing there. PrivateTmp sets up a
file system namespace for /tmp and /var/tmp/ basically hiding it from
other processes.

Co-authored-by: Charles Kerr <charles@charleskerr.com>
2022-02-13 14:06:55 -06:00
Craig Andrews 56dab2bd18
daemon: deny memory wx in transmission-daemon.service (#2573)
Attempts to create memory mappings that are writable and executable at the same time, or to change existing memory mappings to become executable, or mapping shared memory segments as executable are prohibited.

There's no reason transmission should be doing that. If it does, it's because of malicious code exploiting a vulnerability.

See: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#MemoryDenyWriteExecute=
2022-02-04 22:08:51 -06:00
Jelle van der Waa d1d060c3a9 daemon: harden transmission-daemon.service
Systemd 227 introduced the option to make a service disallow elevating
privileges.
2018-12-28 22:47:16 +01:00
Jordan Lee 72f9cb7112 (trunk, daemon) #5503: add an ExecReload rule to the systemd service file. 2014-01-21 02:19:48 +00:00
Jordan Lee 2db09dad54 add After=network.target as suggested by upstream arch bug #31478 2013-07-15 23:49:04 +00:00
Jordan Lee ea19848067 don't hardcode the config dir, as discussed in ticket #4503 comments 17, 19 2013-06-09 22:52:33 +00:00
Jordan Lee d1db86eba9 in transmission-daemon.service, remove unnecessary comments and change Type from simple to notify since transmission-daemon uses sd_notify() 2013-06-09 19:54:58 +00:00
Jordan Lee a7d9f17b22 (trunk daemon) add a systemd service file for transmission-daemon.
Suggestions / improvements welcomed at https://trac.transmissionbt.com/ticket/4503
2013-06-09 18:18:09 +00:00