Congegni
/
libretime
mirror of https://github.com/libretime/libretime.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: extra systemd service hardening (#2197)

This commit is contained in:
Jonas L 2022-09-27 13:17:43 +02:00 committed by GitHub
parent 6fb667d510
commit c9bc3a1298
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
analyzer/install/systemd/libretime-analyzer.service
View File

@ -11,9 +11,11 @@ PrivateUsers=true
ProtectClock=true ProtectClock=true
ProtectControlGroups=true ProtectControlGroups=true
ProtectHome=true ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true ProtectKernelLogs=true
ProtectKernelModules=true ProtectKernelModules=true
ProtectKernelTunables=true ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=full ProtectSystem=full
Environment=LIBRETIME_CONFIG_FILEPATH=@@CONFIG_FILEPATH@@ Environment=LIBRETIME_CONFIG_FILEPATH=@@CONFIG_FILEPATH@@

2
api/install/systemd/libretime-api.service
View File

@ -12,9 +12,11 @@ PrivateUsers=true
ProtectClock=true ProtectClock=true
ProtectControlGroups=true ProtectControlGroups=true
ProtectHome=true ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true ProtectKernelLogs=true
ProtectKernelModules=true ProtectKernelModules=true
ProtectKernelTunables=true ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=full ProtectSystem=full
Environment=LIBRETIME_CONFIG_FILEPATH=@@CONFIG_FILEPATH@@ Environment=LIBRETIME_CONFIG_FILEPATH=@@CONFIG_FILEPATH@@

2
playout/install/systemd/libretime-liquidsoap.service
View File

@ -11,9 +11,11 @@ PrivateUsers=true
ProtectClock=true ProtectClock=true
ProtectControlGroups=true ProtectControlGroups=true
ProtectHome=true ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true ProtectKernelLogs=true
ProtectKernelModules=true ProtectKernelModules=true
ProtectKernelTunables=true ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=full ProtectSystem=full
Environment=LIBRETIME_CONFIG_FILEPATH=@@CONFIG_FILEPATH@@ Environment=LIBRETIME_CONFIG_FILEPATH=@@CONFIG_FILEPATH@@

2
playout/install/systemd/libretime-playout.service
View File

@ -13,9 +13,11 @@ PrivateUsers=true
ProtectClock=true ProtectClock=true
ProtectControlGroups=true ProtectControlGroups=true
ProtectHome=true ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true ProtectKernelLogs=true
ProtectKernelModules=true ProtectKernelModules=true
ProtectKernelTunables=true ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=full ProtectSystem=full
Environment=LIBRETIME_CONFIG_FILEPATH=@@CONFIG_FILEPATH@@ Environment=LIBRETIME_CONFIG_FILEPATH=@@CONFIG_FILEPATH@@

2
worker/install/systemd/libretime-worker.service
View File

@ -11,9 +11,11 @@ PrivateUsers=true
ProtectClock=true ProtectClock=true
ProtectControlGroups=true ProtectControlGroups=true
ProtectHome=true ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true ProtectKernelLogs=true
ProtectKernelModules=true ProtectKernelModules=true
ProtectKernelTunables=true ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=full ProtectSystem=full
Environment=LIBRETIME_CONFIG_FILEPATH=@@CONFIG_FILEPATH@@ Environment=LIBRETIME_CONFIG_FILEPATH=@@CONFIG_FILEPATH@@