[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: apply a bit more systemd hardeni
|
From: |
gnunet |
|
Subject: |
[taler-exchange] branch master updated: apply a bit more systemd hardening |
|
Date: |
Sat, 23 Jan 2021 23:02:12 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new 69d29a79 apply a bit more systemd hardening
69d29a79 is described below
commit 69d29a79313316ee3a8342c8911effe2f7eb6d2a
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Jan 23 23:02:10 2021 +0100
apply a bit more systemd hardening
---
debian/taler-exchange.postinst | 26 ++++++++++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
index 9bad800d..26bf3de6 100644
--- a/debian/taler-exchange.postinst
+++ b/debian/taler-exchange.postinst
@@ -114,6 +114,9 @@ User=${_EUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler-exchange.conf
+PrivateTmp=no
+PrivateDevices=yes
+ProtectSystem=full
[Install]
WantedBy=multi-user.target
@@ -129,9 +132,10 @@ User=${_RSECUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler-exchange.conf
+PrivateTmp=no
+PrivateDevices=yes
+ProtectSystem=full
-[Install]
-WantedBy=multi-user.target
EOF
cat > "/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF
[Unit]
@@ -143,6 +147,10 @@ User=${_ESECUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler-exchange.conf
+PrivateTmp=no
+PrivateDevices=yes
+ProtectSystem=full
+
EOF
cat > "/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF
[Unit]
@@ -155,6 +163,11 @@ User=${_WIREUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+
+
EOF
cat > "/etc/systemd/system/taler-exchange-transfer.service" <<EOF
[Unit]
@@ -167,6 +180,10 @@ User=${_WIREUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+
EOF
cat > "/etc/systemd/system/taler-exchange-aggregator.service" <<EOF
[Unit]
@@ -178,6 +195,11 @@ User=${_AGGRUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler.conf
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+
+
EOF
cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: apply a bit more systemd hardening,
gnunet <=