highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-11-10 14:08:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Set ProtectHome in systemd service file

Browse Source 
Further hardening; the service should be run with as many restrictions
as possible without breaking it.
This commit is contained in:
setpill
2019-08-06 14:34:07 +02:00
parent 639a416e37
commit 870d4152df
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
contrib/init/bitcoind.service
View File

@@ -58,6 +58,9 @@ PrivateTmp=true
# Mount /usr, /boot/ and /etc read-only for the process. # Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full ProtectSystem=full
# Deny access to /home, /root and /run/user
ProtectHome=true
# Disallow the process and all of its children to gain # Disallow the process and all of its children to gain
# new privileges through execve(). # new privileges through execve().
NoNewPrivileges=true NoNewPrivileges=true