Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
server:proxy
apache-trafficserver
apache-trafficserver-harden.service.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache-trafficserver-harden.service.patch of Package apache-trafficserver
Index: trafficserver-9.1.0/rc/trafficserver.service.in =================================================================== --- trafficserver-9.1.0.orig/rc/trafficserver.service.in +++ trafficserver-9.1.0/rc/trafficserver.service.in @@ -34,5 +34,19 @@ TimeoutStopSec=5s ExecReload=@exp_bindir@/traffic_ctl config reload KillMode=process +# Lock-down for the simplest use-case +ProtectSystem=full +ProtectHome=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectControlGroups=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictRealtime=yes +RestrictNamespaces=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +MemoryDenyWriteExecute=yes +CapabilityBoundingSet=~CAP_SYS_ADMIN + [Install] WantedBy=multi-user.target
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
