mesh.cat/meshname
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge 71c2eaf727 into 38781e39fe

Browse Source
This commit is contained in:
Marek Küthe 2024-02-25 00:31:58 +00:00 committed by GitHub
commit ab90b27509
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
meshnamed.service
View File

@ -4,10 +4,31 @@ Wants=network.target
After=network.target
[Service]
User=nobody
Group=nogroup
RemoveIPC=true
DynamicUser=true
NoNewPrivileges=true
CapabilityBoundingSet=
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
LockPersonality=true
RestrictNamespaces=true
RestrictAddressFamilies=AF_INET6
RestrictRealtime=true
ProtectKernelTunables=true
ProtectHostname=true
ProtectHome=true
ProtectSystem=true
ProtectProc=ptraceable
ProtectSystem=strict
ProtectClock=true
ProtectKernelLogs=true
ProtectControlGroups=true
ProtectKernelModules=true
PrivateTmp=true
PrivateUsers=true
PrivateDevices=true
ProcSubset=pid
SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete @privileged @raw-io @reboot @resources @swap
SyslogIdentifier=meshnamed
ExecStart=/usr/local/bin/meshnamed -listenaddr [::1]:53535
Restart=always