Home Explore Help
Sign In
mirrors
/
jellyfin
mirror of https://github.com/jellyfin/jellyfin
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #6953 from matthiasdv/mdv/harden-systemd-service

Add more hardening to systemd service
Claus Vium 3 years ago
parent
9cafa2cab4 3176a4ddd9
commit
dd8b9e9d23
1 changed files with 14 additions and 1 deletions
Split View Show Diff Stats
  1. 14 1
      debian/jellyfin.service

+ 14 - 1
debian/jellyfin.service
View File 

@@ -13,7 +13,20 @@ TimeoutSec = 15
 
 NoNewPrivileges=true
 
 SystemCallArchitectures=native
 
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
 
-ProtectKernelModules=True
 
+RestrictNamespaces=true
 
+RestrictRealtime=true
 
+RestrictSUIDSGID=true
 
+ProtectClock=true
 
+ProtectControlGroups=true
 
+ProtectHostname=true
 
+ProtectKernelLogs=true
 
+ProtectKernelModules=true
 
+ProtectKernelTunables=true
 
+LockPersonality=true
 
+PrivateTmp=true
 
+PrivateDevices=false
 
+PrivateUsers=true
 
+RemoveIPC=true
 
 SystemCallFilter=~@clock
 
 SystemCallFilter=~@aio
 
 SystemCallFilter=~@chown