I just learned about a couple more specific systemd settings. The ones I think which could be useful to extend our systemd example service with are below.
> PrivateTmp: > Use private /tmp and /var/tmp folders inside a new file system namespace, > which are discarded after the process stops. > ProtectHome: > The /home, /root, and /run/user folders can not be accessed by this service > anymore. If your Pleroma user has its home folder in one of the restricted > places, or use one of these folders as its working directory, you have to set > this to false. > ProtectSystem: > Mount /usr, /boot, and /etc as read-only for processes invoked by this > service. Do you think this is okay for a good user experience, or should this be a separate example file? _______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
