Restrict namespaces for systemd services by default

This commit is contained in:
Jonas Nick 2019-04-28 13:11:27 +00:00
parent eaaf8e9aab
commit 6f8dac6e07
No known key found for this signature in database
GPG Key ID: 4861DBF262123605

View File

@ -14,6 +14,7 @@ let
ProtectKernelModules = "true"; ProtectKernelModules = "true";
ProtectControlGroups = "true"; ProtectControlGroups = "true";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6"; RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
RestrictNamespaces = "true";
LockPersonality = "true"; LockPersonality = "true";
IPAddressDeny = "any"; IPAddressDeny = "any";
}; };