diff options
-rw-r--r-- | newsboat/systemd/user/reload-newsboat.service | 20 | ||||
-rw-r--r-- | systemd/user/notify-email@.service | 11 |
2 files changed, 0 insertions, 31 deletions
diff --git a/newsboat/systemd/user/reload-newsboat.service b/newsboat/systemd/user/reload-newsboat.service index 981ef7bc..2699697c 100644 --- a/newsboat/systemd/user/reload-newsboat.service +++ b/newsboat/systemd/user/reload-newsboat.service @@ -8,23 +8,3 @@ Type=oneshot LogsDirectory=newsboat LogsDirectoryMode=0700 ExecStart=newsboat --execute=reload --log-file=%L/newsboat/%p.log --log-level=5 -# Hardening -IPAddressDeny=any -IPAddressAllow=localhost -KeyringMode=private -LockPersonality=true -MemoryDenyWriteExecute=true -NoNewPrivileges=true -RestrictAddressFamilies=AF_UNIX -RestrictAddressFamilies=~AF_UNIX -RestrictNamespaces=true -RestrictRealtime=true -SystemCallArchitectures=native -SystemCallErrorNumber=EPERM -SystemCallFilter=@system-service -SystemCallFilter=~@privileged @resources -UMask=0077 -# Slowing -Nice=10 -IOSchedulingClass=best-effort -IOSchedulingPriority=7 diff --git a/systemd/user/notify-email@.service b/systemd/user/notify-email@.service index bddee12a..9293c423 100644 --- a/systemd/user/notify-email@.service +++ b/systemd/user/notify-email@.service @@ -4,14 +4,3 @@ Description=unit status mailer service for %i [Service] Type=oneshot ExecStart=sh -c 'systemctl --user status %i | mail --append="From: systemd" --append="X-systemd: %H %m %b" --subject="[systemd] %i failure" %u' -# Hardening -DevicePolicy=closed -IPAddressDeny=any -PrivateMounts=true -PrivateTmp=true -ProtectControlGroups=true -ProtectHome=true -ProtectSystem=full -RemoveIPC=true -SystemCallErrorNumber=EPERM -UMask=027 |