|
|
|
@ -24,7 +24,6 @@ Group=airsonic |
|
|
|
# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html |
|
|
|
# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html |
|
|
|
# for details |
|
|
|
# for details |
|
|
|
DevicePolicy=closed |
|
|
|
DevicePolicy=closed |
|
|
|
MemoryDenyWriteExecute=yes |
|
|
|
|
|
|
|
NoNewPrivileges=yes |
|
|
|
NoNewPrivileges=yes |
|
|
|
PrivateDevices=yes |
|
|
|
PrivateDevices=yes |
|
|
|
PrivateTmp=yes |
|
|
|
PrivateTmp=yes |
|
|
|
@ -45,6 +44,11 @@ ProtectSystem=full |
|
|
|
#ProtectSystem=strict |
|
|
|
#ProtectSystem=strict |
|
|
|
#ReadWritePaths=/var/airsonic |
|
|
|
#ReadWritePaths=/var/airsonic |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# You can uncomment the following line if you're not using the OpenJDK. |
|
|
|
|
|
|
|
# This will prevent processes from having a memory zone that is both writeable |
|
|
|
|
|
|
|
# and executeable, making hacker's lifes a bit harder. |
|
|
|
|
|
|
|
#MemoryDenyWriteExecute=yes |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[Install] |
|
|
|
[Install] |
|
|
|
WantedBy=multi-user.target |
|
|
|
WantedBy=multi-user.target |
|
|
|
|
jvoisin
7 years ago