diff options
| author | Eric Anderson | 2016-12-10 12:44:41 -0800 |
|---|---|---|
| committer | Eric Anderson | 2016-12-10 12:44:41 -0800 |
| commit | 2e63277a928efa2dfc7261ed94895bf8f5f75789 (patch) | |
| tree | d5bf8edb9f7460a3728d0cb86c4a25b39a6024be /pkgdistcached.service | |
| parent | 9d3c1c043b866e51b02f1dfa2a744aa246f2632c (diff) | |
| download | aur-2e63277a928efa2dfc7261ed94895bf8f5f75789.tar.gz | |
Security-harden service file
Diffstat (limited to 'pkgdistcached.service')
| -rw-r--r-- | pkgdistcached.service | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/pkgdistcached.service b/pkgdistcached.service index 2dfa1ec4043b..5827192dabc5 100644 --- a/pkgdistcached.service +++ b/pkgdistcached.service @@ -3,6 +3,18 @@ Description=Distributed pacman package cache [Service] ExecStart=/usr/bin/pkgdistcache-daemon -F +User=nobody +Group=nobody +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=strict +ProtectHome=yes +ProtectControlGroups=yes +ProtectKernelTunables=yes +MemoryDenyWriteExecute=yes +RestrictRealtime=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 [Install] WantedBy=multi-user.target |