To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to common.ent
- Committer: Teddy Hogeborn
- Date: 2016-03-04 22:07:35 UTC
- Revision ID: teddy@recompile.se-20160304220735-4xeeqt5p4nhw5cuh
Restrict the Mandos server daemon in the systemd service file.
* mandos.service ([Service]/ProtectSystem): Set to "full".
([Service]/PrivateTmp, [Service]/PrivateDevices,
[Service]/ProtectHome): Set to "yes".
([Service]/CapabilityBoundingSet): Set to "CAP_SETUID
CAP_DAC_OVERRIDE CAP_NET_RAW".
* mandos.service ([Service]/ProtectSystem): Set to "full".
([Service]/PrivateTmp, [Service]/PrivateDevices,
[Service]/ProtectHome): Set to "yes".
([Service]/CapabilityBoundingSet): Set to "CAP_SETUID
CAP_DAC_OVERRIDE CAP_NET_RAW".
- files added:
- .bzr-builddeb
- debian
- debian/po
- debian/source
- debian/upstream
- network-hooks.d
- plugin-helpers
- plugins.d
- files removed:
- bad-ca.pem
- files renamed:
- mandos-clients.conf => clients.conf
- server.py => mandos
- files modified:
- Makefile
added
removed
common.ent
