Permalink
Browse files

etc: Add hardening options to syncthing systemd services (fixes #5286) (

  • Loading branch information...
desbma authored and calmh committed Dec 7, 2018
1 parent 002de7b commit 132789785d1bddf750b81a7ef86b9b54055bffc1
Showing with 14 additions and 0 deletions.
  1. +7 −0 etc/linux-systemd/system/syncthing@.service
  2. +7 −0 etc/linux-systemd/user/syncthing.service
@@ -10,5 +10,12 @@ Restart=on-failure
SuccessExitStatus=3 4
RestartForceExitStatus=3 4

# Hardening
ProtectSystem=full
PrivateTmp=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target
@@ -8,5 +8,12 @@ Restart=on-failure
SuccessExitStatus=3 4
RestartForceExitStatus=3 4

# Hardening
ProtectSystem=full
PrivateTmp=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true

[Install]
WantedBy=default.target

0 comments on commit 1327897

Please sign in to comment.