diff options
author | Christian Hesse | 2016-12-27 23:18:32 +0100 |
---|---|---|
committer | David Sommerseth | 2017-01-25 19:40:39 +0100 |
commit | 76096c605fcac4815674b6ae76ac1f31f03a8186 (patch) | |
tree | a9057495f11f9988c3cb07071b7c9800dca5e81b /include | |
parent | 3de7be7b17de879a78eea4afe4c918c6104c635d (diff) | |
download | openvpn-76096c605fcac4815674b6ae76ac1f31f03a8186.zip openvpn-76096c605fcac4815674b6ae76ac1f31f03a8186.tar.gz |
systemd: Add more security feature for systemd units
ProtectSystem=true mounts the /usr and /boot directories read-only.
ProtectHome=true makes the directories /home, /root and /run/user
inaccessible and empty for the process.
See systemd.exec(5) [0] for details.
v2: Replace ProtectSystem=strict with ProtectSystem=true. Some
configurations may want to write to /etc or the like.
[0] https://www.freedesktop.org/software/systemd/man/systemd.exec.html
Signed-off-by: Christian Hesse <mail@eworm.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20161227221832.610-1-list@eworm.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13743.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions