lgladsden/jellyfin-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #6953 from matthiasdv/mdv/harden-systemd-service

Browse Source 
Add more hardening to systemd service
This commit is contained in:
Claus Vium 2021-12-07 19:46:45 +01:00 committed by GitHub
commit dd8b9e9d23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
debian/jellyfin.service vendored
View File

@ -13,7 +13,20 @@ TimeoutSec = 15
NoNewPrivileges=true NoNewPrivileges=true
SystemCallArchitectures=native SystemCallArchitectures=native
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
ProtectKernelModules=True RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
LockPersonality=true
PrivateTmp=true
PrivateDevices=false
PrivateUsers=true
RemoveIPC=true
SystemCallFilter=~@clock SystemCallFilter=~@clock
SystemCallFilter=~@aio SystemCallFilter=~@aio
SystemCallFilter=~@chown SystemCallFilter=~@chown