blob: 1ac29c283a854e5228ddcbd93958b2053d1f3b34 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
diff --git a/lib/systemd/system/appgateservice.service b/lib/systemd/system/appgateservice.service
index 7a8faf7..f944300 100644
--- a/lib/systemd/system/appgateservice.service
+++ b/lib/systemd/system/appgateservice.service
@@ -12,8 +12,8 @@ ExecStart="/opt/appgate/service/appgateservice" --service
ExecReload=/bin/kill -HUP $MAINPID
Type=simple
Restart=always
-InaccessibleDirectories=/media /boot /srv
-ReadOnlyDirectories=/etc /usr /bin /lib /lib64 /sbin /mnt
+InaccessibleDirectories=-/media -/boot -/srv
+ReadOnlyDirectories=-/etc -/usr -/bin -/lib -/lib64 -/sbin -/mnt
PrivateDevices=true
NoNewPrivileges=true
PrivateTmp=true
diff --git a/lib/systemd/system/appgateservice@.service b/lib/systemd/system/appgateservice@.service
index 74faa34..269ffc4 100644
--- a/lib/systemd/system/appgateservice@.service
+++ b/lib/systemd/system/appgateservice@.service
@@ -11,8 +11,8 @@ ExecReload=/bin/kill -HUP $MAINPID
Type=forking
TimeoutStopSec=30
Restart=always
-InaccessibleDirectories=/media /boot /srv
-ReadOnlyDirectories=/etc /usr /bin /lib /lib64 /sbin
+InaccessibleDirectories=-/media -/boot -/srv
+ReadOnlyDirectories=-/etc -/usr -/bin -/lib -/lib64 -/sbin
PrivateDevices=true
NoNewPrivileges=true
PrivateTmp=true
|