nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

quassel: Use systemd sandboxing features

Browse Source 
Tests:
- Installed Quassel and diagnostics are passed.
- Quassel client connection is successful.

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Remove RemainAfterExit=no as it is default]
[sunil: Remove ReadWritePaths= as {Logs|State}Directory= take care of it]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This commit is contained in:
James Valleroy 2020-05-16 08:04:27 -04:00 committed by Sunil Mohan Adapa
parent e51d027618
commit dbf70b9fef
No known key found for this signature in database
GPG Key ID: 43EA1CFF0AA7C5F2
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
plinth/modules/quassel/data/lib/systemd/system/quasselcore.service.d/freedombox.conf Normal file
View File

@ -0,0 +1,17 @@
[Service]
LockPersonality=yes
LogsDirectory=quassel
NoNewPrivileges=yes
PrivateDevices=yes
PrivateMounts=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_INET AF_INET6
RestrictRealtime=yes
StateDirectory=quassel
SystemCallArchitectures=native