Hi, > On 7. Mar 2019, at 15:28, [email protected] wrote: > > I just learned about a couple more specific systemd settings. > The ones I think which could be useful to extend our systemd > example service with are below. > >> PrivateTmp: >> Use private /tmp and /var/tmp folders inside a new file system namespace, >> which are discarded after the process stops.
GNUnet has lots of things that need persistance. Like cryptographic keys. > >> ProtectHome: >> The /home, /root, and /run/user folders can not be accessed by this service >> anymore. If your Pleroma user has its home folder in one of the restricted >> places, or use one of these folders as its working directory, you have to >> set this to false. > See above. /home/<user>/.config/gnunet et al. >> ProtectSystem: >> Mount /usr, /boot, and /etc as read-only for processes invoked by this >> service. > This might be interesting wrt hardening? Idk. > > Do you think this is okay for a good user experience, or should > this be a separate example file? > > _______________________________________________ > GNUnet-developers mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/gnunet-developers
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
