todo

2022-03-26 14:11:22 +01:00 · 2022-03-26 13:55:59 +01:00
1 changed files with 40 additions and 0 deletions
--- a/test.service
+++ b/test.service
@ -0,0 +1,40 @@
+[Unit]
+Description=TEST
+
+[Service]
+Type=oneshot
+ExecStart=/opt/test
+
+ProtectSystem=strict
+ProtectHome=yes
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateNetwork=yes
+PrivateUsers=yes
+ProtectHostname=yes
+ProtectClock=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectControlGroups=yes
+RestrictAddressFamilies=none
+RestrictFileSystems=ext4 tmpfs zfs
+RestrictNamespaces=yes
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+RemoveIPC=yes
+PrivateMounts=yes
+SystemCallFilter=
+SystemCallArchitectures=native
+CapabilityBoundingSet=
+ProtectProc=invisible
+
+ReadOnlyPaths=/
+
+NoExecPaths=/
+ExecPaths=/opt/test /bin/bash /lib
+
+[Install]
+WantedBy=multi-user.target
Author	SHA1	Message	Date
mwiegand	5ab169efe0	todo	2022-03-26 14:11:22 +01:00
mwiegand	00ffe8e8bc	todo	2022-03-26 13:55:59 +01:00