|
|
|
@ -29,7 +29,6 @@ PrivateDevices=yes |
|
|
|
PrivateTmp=yes |
|
|
|
PrivateTmp=yes |
|
|
|
PrivateUsers=yes |
|
|
|
PrivateUsers=yes |
|
|
|
ProtectControlGroups=yes |
|
|
|
ProtectControlGroups=yes |
|
|
|
ProtectHome=true |
|
|
|
|
|
|
|
ProtectKernelModules=yes |
|
|
|
ProtectKernelModules=yes |
|
|
|
ProtectKernelTunables=yes |
|
|
|
ProtectKernelTunables=yes |
|
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 |
|
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 |
|
|
|
@ -44,6 +43,10 @@ ProtectSystem=full |
|
|
|
#ProtectSystem=strict |
|
|
|
#ProtectSystem=strict |
|
|
|
#ReadWritePaths=/var/airsonic |
|
|
|
#ReadWritePaths=/var/airsonic |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# You can uncomment the following line if you don't have any media |
|
|
|
|
|
|
|
# in /home/…. This will prevent airsonic from ever read/write anything there. |
|
|
|
|
|
|
|
#ProtectHome=true |
|
|
|
|
|
|
|
|
|
|
|
# You can uncomment the following line if you're not using the OpenJDK. |
|
|
|
# You can uncomment the following line if you're not using the OpenJDK. |
|
|
|
# This will prevent processes from having a memory zone that is both writeable |
|
|
|
# This will prevent processes from having a memory zone that is both writeable |
|
|
|
# and executeable, making hacker's lifes a bit harder. |
|
|
|
# and executeable, making hacker's lifes a bit harder. |
|
|
|
|
jvoisin
7 years ago