mirror of
https://github.com/dadevel/wg-netns
synced 2024-10-30 21:20:12 +00:00
systemd: partially revert hardening
Remove some hardening options introduced with commit a4c991a
. Fixes #20.
This commit is contained in:
parent
6d209c1e18
commit
9d27593150
@ -14,8 +14,6 @@ RemainAfterExit=yes
|
|||||||
WorkingDirectory=%E/wireguard
|
WorkingDirectory=%E/wireguard
|
||||||
ConfigurationDirectory=wireguard
|
ConfigurationDirectory=wireguard
|
||||||
ConfigurationDirectoryMode=0700
|
ConfigurationDirectoryMode=0700
|
||||||
ReadOnlyPaths=%E/wireguard
|
|
||||||
ReadWritePaths=%E/netns
|
|
||||||
|
|
||||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_SYS_ADMIN
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_SYS_ADMIN
|
||||||
LimitNOFILE=4096
|
LimitNOFILE=4096
|
||||||
@ -23,19 +21,8 @@ LimitNPROC=512
|
|||||||
LockPersonality=true
|
LockPersonality=true
|
||||||
MemoryDenyWriteExecute=true
|
MemoryDenyWriteExecute=true
|
||||||
NoNewPrivileges=true
|
NoNewPrivileges=true
|
||||||
PrivateDevices=true
|
|
||||||
PrivateMounts=true
|
|
||||||
PrivateTmp=true
|
|
||||||
ProcSubset=pid
|
|
||||||
ProtectClock=true
|
ProtectClock=true
|
||||||
ProtectControlGroups=true
|
|
||||||
ProtectHome=true
|
|
||||||
ProtectHostname=true
|
ProtectHostname=true
|
||||||
ProtectKernelLogs=true
|
|
||||||
ProtectKernelModules=true
|
|
||||||
ProtectKernelTunables=true
|
|
||||||
ProtectProc=noaccess
|
|
||||||
ProtectSystem=strict
|
|
||||||
RemoveIPC=true
|
RemoveIPC=true
|
||||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK
|
||||||
RestrictNamespaces=mnt net
|
RestrictNamespaces=mnt net
|
||||||
|
Loading…
Reference in New Issue
Block a user