diff options
| author | Tom Ryder <tom@sanctum.geek.nz> | 2020-09-13 01:19:27 +1200 |
|---|---|---|
| committer | Tom Ryder <tom@sanctum.geek.nz> | 2020-09-13 01:19:27 +1200 |
| commit | 95719938f1e8e62577d4c5631607ac075b78b6d9 (patch) | |
| tree | 50a8f566a0e45846c1d91b340f828c24ca1e1180 /systemd | |
| parent | Merge branch 'release/v10.7.0' into develop (diff) | |
| download | dotfiles-95719938f1e8e62577d4c5631607ac075b78b6d9.tar.gz dotfiles-95719938f1e8e62577d4c5631607ac075b78b6d9.zip | |
Remove hardening from systemd units
I suspect most-to-all of this doesn't actually work, and probably
shouldn't deploy it unless and until I am.
Diffstat (limited to 'systemd')
| -rw-r--r-- | systemd/user/notify-email@.service | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/systemd/user/notify-email@.service b/systemd/user/notify-email@.service index bddee12a..9293c423 100644 --- a/systemd/user/notify-email@.service +++ b/systemd/user/notify-email@.service @@ -4,14 +4,3 @@ Description=unit status mailer service for %i [Service] Type=oneshot ExecStart=sh -c 'systemctl --user status %i | mail --append="From: systemd" --append="X-systemd: %H %m %b" --subject="[systemd] %i failure" %u' -# Hardening -DevicePolicy=closed -IPAddressDeny=any -PrivateMounts=true -PrivateTmp=true -ProtectControlGroups=true -ProtectHome=true -ProtectSystem=full -RemoveIPC=true -SystemCallErrorNumber=EPERM -UMask=027 |