upgrade to alpha19, add slasher

author: Spider.007 / Sjon 2020-08-09 14:32:42 +0200
committer: Spider.007 / Sjon 2020-08-09 15:02:17 +0200
commit: 396c6a5b26a0e2bef87769c248e26f6c6893eaee (patch)
tree: a2c46e8c1627e3df4552858e9b999d199d3ead7d /prysm-beacon-chain.service
parent: 14d67fc58a33f0802e99b969ffdb1f3deb522245 (diff)
download: aur-396c6a5b26a0e2bef87769c248e26f6c6893eaee.tar.gz
1 files changed, 22 insertions, 1 deletions
diff --git a/prysm-beacon-chain.service b/prysm-beacon-chain.service
index d2a3b71409eb..6fd8a524e9df 100644
--- a/prysm-beacon-chain.service
+++ b/prysm-beacon-chain.service
@@ -3,9 +3,30 @@ Description=Prysm beacon-chain client
 After=network-online.target
 
 [Service]
-ExecStartPre=/usr/bin/mkdir -p /var/lib/prysm/beacon-chain
+DynamicUser=true
 ExecStart=/usr/bin/prysm.beacon-chain --datadir=/var/lib/prysm/beacon-chain
 Restart=always
+StateDirectory=prysm/beacon-chain
+
+NoNewPrivileges=yes
+CapabilityBoundingSet=
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+
+PrivateDevices=yes
+PrivateUsers=yes
+PrivateTmp=yes
+
+ProtectSystem=strict
+ProtectClock=yes
+ProtectHome=true
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
 
 [Install]
 WantedBy=default.target
author	Spider.007 / Sjon	2020-08-09 14:32:42 +0200
committer	Spider.007 / Sjon	2020-08-09 15:02:17 +0200
commit	396c6a5b26a0e2bef87769c248e26f6c6893eaee (patch)
tree	a2c46e8c1627e3df4552858e9b999d199d3ead7d /prysm-beacon-chain.service
parent	14d67fc58a33f0802e99b969ffdb1f3deb522245 (diff)
download	aur-396c6a5b26a0e2bef87769c248e26f6c6893eaee.tar.gz