diff options
Diffstat (limited to 'bandwidthd.service')
-rw-r--r-- | bandwidthd.service | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/bandwidthd.service b/bandwidthd.service index b9bf7c9734b4..24d3d370caa5 100644 --- a/bandwidthd.service +++ b/bandwidthd.service @@ -7,8 +7,34 @@ User=bandwidthd Group=bandwidthd CapabilityBoundingSet=CAP_NET_RAW AmbientCapabilities=CAP_NET_RAW +RestrictAddressFamilies=AF_UNIX AF_PACKET +RestrictNamespaces=true +PrivateDevices=true +NoNewPrivileges=true +PrivateTmp=true +ProtectClock=true +ProtectControlGroups=true +ProtectHome=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +StateDirectory=bandwidthd +RuntimeDirectory=bandwidthd +ConfigurationDirectory=bandwidthd +RestrictSUIDSGID=true +SystemCallArchitectures=native +RestrictRealtime=true +LockPersonality=true +MemoryDenyWriteExecute=true +RemoveIPC=true +UMask=066 +ProtectHostname=true +IPAddressDeny=any +SystemCallFilter=@system-service +SystemCallFilter=~@privileged ExecStart=/usr/bin/bandwidthd -D -c /etc/bandwidthd/bandwidthd.conf -PIDFile=/run/bandwidthd/bandwidthd.pid +PIDFile=bandwidthd/bandwidthd.pid [Install] WantedBy=multi-user.target |