[packages/mosquitto] add some hardening options to systemd unit

atler Mon, 28 Aug 2023 08:49:41 -0700

commit 9d6a153a1c75c550652df1a25aef46d54d8a585f
Author: Jan Palus <[email protected]>
Date:   Mon Aug 28 17:48:59 2023 +0200


    add some hardening options to systemd unit

 mosquitto.service | 7 +++++++
 1 file changed, 7 insertions(+)
---
diff --git a/mosquitto.service b/mosquitto.service
index f04a065..bcc1230 100644
--- a/mosquitto.service
+++ b/mosquitto.service
@@ -12,6 +12,13 @@ Group=mosquitto
 ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure
+PrivateDevices=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectHome=yes
+ProtectProc=invisible
+ProtectSystem=yes
+RestrictNamespaces=yes
 
 [Install]
 WantedBy=multi-user.target
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/mosquitto.git/commitdiff/9d6a153a1c75c550652df1a25aef46d54d8a585f

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

[packages/mosquitto] add some hardening options to systemd unit

Reply via email to