diff options
Diffstat (limited to 'bs-init.service')
| -rw-r--r-- | bs-init.service | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/bs-init.service b/bs-init.service index 9c8aa9334b24..70a95df8da70 100644 --- a/bs-init.service +++ b/bs-init.service @@ -7,6 +7,12 @@ Type=oneshot User=obelisk Group=obelisk ExecStart=/usr/bin/bs -i /etc/obelisk/bs/bs.cfg +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateTmp=true +ProtectSystem=full +SystemCallArchitectures=native [Install] WantedBy=multi-user.target |