summarylogtreecommitdiffstats
path: root/carbonapi.service
diff options
context:
space:
mode:
Diffstat (limited to 'carbonapi.service')
-rw-r--r--carbonapi.service20
1 files changed, 20 insertions, 0 deletions
diff --git a/carbonapi.service b/carbonapi.service
index 311f56332533..625626f42488 100644
--- a/carbonapi.service
+++ b/carbonapi.service
@@ -8,5 +8,25 @@ Type=simple
ExecStart=/usr/bin/carbonapi -config /etc/carbonapi.yaml
Restart=on-failure
+DynamicUser=true
+
+CapabilityBoundingSet=
+AmbientCapabilities=
+NoNewPrivileges=true
+
+ProtectSystem=strict
+ProtectHome=true
+
+PrivateTmp=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+RemoveIPC=true
+
[Install]
WantedBy=multi-user.target