diff options
| author | Giovanni Harting | 2024-03-23 18:08:17 +0100 |
|---|---|---|
| committer | Giovanni Harting | 2024-03-23 18:08:17 +0100 |
| commit | 9b8a11cf122a849a91eae27fdc767e256a131b53 (patch) | |
| tree | 7b8844686c22e9f38d7c784be3026583bb50da80 /adguardhome.service | |
| parent | 300a4972d55fc021a32d3c2aa900ed9cb6e3a3a2 (diff) | |
| download | aur-9b8a11cf122a849a91eae27fdc767e256a131b53.tar.gz | |
upgpkg: adguardhome 1:0.107.46-2
more systemd service hardening
Diffstat (limited to 'adguardhome.service')
| -rw-r--r-- | adguardhome.service | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/adguardhome.service b/adguardhome.service index df860598bc18..b1c683da33ec 100644 --- a/adguardhome.service +++ b/adguardhome.service @@ -10,5 +10,16 @@ AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW ExecStart=/usr/bin/adguardhome -w /var/lib/adguardhome -l syslog +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +PrivateDevices=true +ProtectKernelTunables=true +ProtectControlGroups=true +NoNewPrivileges=true +MemoryDenyWriteExecute=true +LockPersonality=true +ProtectHostname=true + [Install] WantedBy=multi-user.target |