nextcloud-news-updater.service: Adding more paranoid protection schemes. Setting up ReadWritePaths properly. Adding Environment for NEXTCLOUD_CONFIG_DIR.

author: David Runge 2017-02-02 18:17:34 +0100
committer: David Runge 2017-02-02 18:17:34 +0100
commit: 2c5d7388371ebe54901f2f83f50b47e99f1258f7 (patch)
tree: 02431ed9956a58d9cc0df9ab4d25566f993c3b0b /nextcloud-news-updater.service
parent: dc0b85230baed56480cbde2943af13acf1bac3ea (diff)
download: aur-2c5d7388371ebe54901f2f83f50b47e99f1258f7.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/nextcloud-news-updater.service b/nextcloud-news-updater.service
index db33b02ddc08..99c27bb7b173 100644
--- a/nextcloud-news-updater.service
+++ b/nextcloud-news-updater.service
@@ -1,15 +1,19 @@
 [Unit]
 Description=Nextcloud news updater service
-After=default.targ
+After=default.target
 
 [Service]
 Type=simple
 User=http
 Group=http
+Environment=NEXTCLOUD_CONFIG_DIR=/etc/webapps/nextcloud
 ExecStart=/usr/bin/owncloud-news-updater -c /etc/webapps/nextcloud/news/nextcloud-news-updater.ini
 PrivateTmp=yes
 ProtectSystem=full
-ReadOnlyDirectories=/etc/webapps/nextcloud /usr/share/webapps/nextcloud
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+ReadWritePaths=/etc/webapps/nextcloud /usr/share/webapps/nextcloud
 ProtectHome=yes
 NoNewPrivileges=yes
author	David Runge	2017-02-02 18:17:34 +0100
committer	David Runge	2017-02-02 18:17:34 +0100
commit	2c5d7388371ebe54901f2f83f50b47e99f1258f7 (patch)
tree	02431ed9956a58d9cc0df9ab4d25566f993c3b0b /nextcloud-news-updater.service
parent	dc0b85230baed56480cbde2943af13acf1bac3ea (diff)
download	aur-2c5d7388371ebe54901f2f83f50b47e99f1258f7.tar.gz