nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

deluge: Use systemd sandboxing features

Browse Source 
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Remove directive for unused logs directory]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This commit is contained in:
James Valleroy 2019-12-21 14:48:06 -05:00 committed by Sunil Mohan Adapa
parent bc748ed5bb
commit b4e00d2574
No known key found for this signature in database
GPG Key ID: 43EA1CFF0AA7C5F2
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
actions/deluge
View File

@ -38,6 +38,20 @@ ExecStart=bash -c "/usr/bin/deluge-web --base=deluge $(/usr/bin/deluge-web --ver
Restart=on-failure
User=debian-deluged
Group=debian-deluged
LockPersonality=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictRealtime=yes
StateDirectory=deluged
SystemCallArchitectures=native
[Install]
WantedBy=multi-user.target

2
plinth/modules/deluge/__init__.py
View File

@ -30,7 +30,7 @@ from plinth.modules.users import register_group
from .manifest import backup, clients # noqa, pylint: disable=unused-import
version = 3
version = 4
managed_services = ['deluge-web']