nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

matrixsynapse: Enable systemd sandboxing

Browse Source 
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This commit is contained in:
James Valleroy 2020-02-01 18:05:22 -05:00 committed by Sunil Mohan Adapa
parent 4fc3d14ac3
commit e5c80e8af3
No known key found for this signature in database
GPG Key ID: 43EA1CFF0AA7C5F2
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
plinth/modules/matrixsynapse/data/lib/systemd/system/matrix-synapse.service.d/freedombox.conf Normal file
View File

@ -0,0 +1,17 @@
[Service]
ConfigurationDirectory=matrix-synapse
LockPersonality=yes
LogsDirectory=matrix-synapse
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictRealtime=yes
StateDirectory=matrix-synapse
SystemCallArchitectures=native