search

irungentoo / toxcore

The future of online communications.
https://tox.chat/
GNU General Public License v3.0
8.74k stars 1.27k forks source link

Restrict bootstrapd behavior in systemd service file #1613

Open benwaffle opened 8 years ago

benwaffle commented 8 years ago

See this reddit comment and check out systemd.exec(5)

You just add some lines such as:

PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes