nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

upgrades: Add systemd sandboxing features to repository setup service

Browse Source 
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This commit is contained in:
James Valleroy 2019-12-21 17:04:56 -05:00 committed by Sunil Mohan Adapa
parent c91939710b
commit ddd1abdb8a
No known key found for this signature in database
GPG Key ID: 43EA1CFF0AA7C5F2
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
plinth/modules/upgrades/data/lib/systemd/system/freedombox-setup-repositories.service
View File

@ -21,3 +21,15 @@ Description=FreedomBox: Setup software repositories
[Service]
ExecStart=/usr/share/plinth/actions/upgrades setup-repositories
Type=oneshot
LockPersonality=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictRealtime=yes
SystemCallArchitectures=native