Commit b4170421 authored by intrigeri's avatar intrigeri
Browse files

systemd unit file: ensures that the process and all its children can never gain

new privileges (#12939).
parent b159ffb6
......@@ -19,6 +19,7 @@ PrivateTmp = yes
DeviceAllow = /dev/null rw
DeviceAllow = /dev/urandom r
InaccessibleDirectories = /home
NoNewPrivileges = yes
[Install]
WantedBy = multi-user.target
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment