diff options
Diffstat (limited to 'vlmcsd.service')
| -rw-r--r-- | vlmcsd.service | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/vlmcsd.service b/vlmcsd.service index e499d0880938..8549477a95d2 100644 --- a/vlmcsd.service +++ b/vlmcsd.service @@ -2,8 +2,30 @@ Description=KMS Emulator [Service] +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +SystemCallArchitectures=native +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=true +NoNewPrivileges=true +LockPersonality=true +RestrictRealtime=true +MemoryDenyWriteExecute=true +ProtectHome=true +ProtectSystem=strict +PrivateDevices=true +PrivateUsers=true +ProtectClock=true +ProtectProc=invisible +ProcSubset=pid +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +DevicePolicy=closed +DynamicUser=true Type=forking -User=nobody ExecStart=/usr/bin/vlmcsd [Install] |