diff options
author | David Runge | 2017-02-02 18:17:34 +0100 |
---|---|---|
committer | David Runge | 2017-02-02 18:17:34 +0100 |
commit | 2c5d7388371ebe54901f2f83f50b47e99f1258f7 (patch) | |
tree | 02431ed9956a58d9cc0df9ab4d25566f993c3b0b /nextcloud-news-updater.service | |
parent | dc0b85230baed56480cbde2943af13acf1bac3ea (diff) | |
download | aur-2c5d7388371ebe54901f2f83f50b47e99f1258f7.tar.gz |
nextcloud-news-updater.service: Adding more paranoid protection schemes. Setting up ReadWritePaths properly. Adding Environment for NEXTCLOUD_CONFIG_DIR.
Diffstat (limited to 'nextcloud-news-updater.service')
-rw-r--r-- | nextcloud-news-updater.service | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/nextcloud-news-updater.service b/nextcloud-news-updater.service index db33b02ddc08..99c27bb7b173 100644 --- a/nextcloud-news-updater.service +++ b/nextcloud-news-updater.service @@ -1,15 +1,19 @@ [Unit] Description=Nextcloud news updater service -After=default.targ +After=default.target [Service] Type=simple User=http Group=http +Environment=NEXTCLOUD_CONFIG_DIR=/etc/webapps/nextcloud ExecStart=/usr/bin/owncloud-news-updater -c /etc/webapps/nextcloud/news/nextcloud-news-updater.ini PrivateTmp=yes ProtectSystem=full -ReadOnlyDirectories=/etc/webapps/nextcloud /usr/share/webapps/nextcloud +PrivateDevices=true +ProtectKernelTunables=true +ProtectControlGroups=true +ReadWritePaths=/etc/webapps/nextcloud /usr/share/webapps/nextcloud ProtectHome=yes NoNewPrivileges=yes |