mirrors/ympd
1
0
Fork 0
mirror of https://github.com/SuperBFG7/ympd synced 2025-03-12 06:28:19 +00:00
Code Issues Releases Wiki Activity

Harden ympd.service

Browse Source 
This offers a measure of protection against potential ympd vulnerabilities.  See
https://www.freedesktop.org/software/systemd/man/systemd.exec.html for
documentation.
This commit is contained in:
Clément Pit-Claudel 2019-03-10 16:43:39 +00:00 committed by GitHub
parent 612f8fc0b2
commit 0917b467e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
contrib/ympd.service
View File

@ -3,6 +3,26 @@ Description=ympd server daemon
Requires=network.target local-fs.target Requires=network.target local-fs.target
[Service] [Service]
User=ympd
DynamicUser=yes
MountAPIVFS=yes
RemoveIPC=yes
CapabilityBoundingSet=
LockPersonality=yes
PrivateUsers=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
NoNewPrivileges=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
ProtectHome=yes
Environment=MPD_HOST=localhost Environment=MPD_HOST=localhost
Environment=MPD_PORT=6600 Environment=MPD_PORT=6600
Environment=MPD_PASSWORD= Environment=MPD_PASSWORD=