diff options
author | Tom Ryder <tom@sanctum.geek.nz> | 2020-09-13 01:19:27 +1200 |
---|---|---|
committer | Tom Ryder <tom@sanctum.geek.nz> | 2020-09-13 01:19:27 +1200 |
commit | 95719938f1e8e62577d4c5631607ac075b78b6d9 (patch) | |
tree | 50a8f566a0e45846c1d91b340f828c24ca1e1180 /newsboat/systemd/user | |
parent | Merge branch 'release/v10.7.0' into develop (diff) | |
download | dotfiles-95719938f1e8e62577d4c5631607ac075b78b6d9.tar.gz dotfiles-95719938f1e8e62577d4c5631607ac075b78b6d9.zip |
Remove hardening from systemd units
I suspect most-to-all of this doesn't actually work, and probably
shouldn't deploy it unless and until I am.
Diffstat (limited to 'newsboat/systemd/user')
-rw-r--r-- | newsboat/systemd/user/reload-newsboat.service | 20 |
1 files changed, 0 insertions, 20 deletions
diff --git a/newsboat/systemd/user/reload-newsboat.service b/newsboat/systemd/user/reload-newsboat.service index 981ef7bc..2699697c 100644 --- a/newsboat/systemd/user/reload-newsboat.service +++ b/newsboat/systemd/user/reload-newsboat.service @@ -8,23 +8,3 @@ Type=oneshot LogsDirectory=newsboat LogsDirectoryMode=0700 ExecStart=newsboat --execute=reload --log-file=%L/newsboat/%p.log --log-level=5 -# Hardening -IPAddressDeny=any -IPAddressAllow=localhost -KeyringMode=private -LockPersonality=true -MemoryDenyWriteExecute=true -NoNewPrivileges=true -RestrictAddressFamilies=AF_UNIX -RestrictAddressFamilies=~AF_UNIX -RestrictNamespaces=true -RestrictRealtime=true -SystemCallArchitectures=native -SystemCallErrorNumber=EPERM -SystemCallFilter=@system-service -SystemCallFilter=~@privileged @resources -UMask=0077 -# Slowing -Nice=10 -IOSchedulingClass=best-effort -IOSchedulingPriority=7 |