-
Committer:
Teddy Hogeborn
-
Date:
2016-03-04 22:07:35 UTC
-
Revision ID:
teddy@recompile.se-20160304220735-4xeeqt5p4nhw5cuh
Restrict the Mandos server daemon in the systemd service file.
* mandos.service ([Service]/ProtectSystem): Set to "full".
([Service]/PrivateTmp, [Service]/PrivateDevices,
[Service]/ProtectHome): Set to "yes".
([Service]/CapabilityBoundingSet): Set to "CAP_SETUID
CAP_DAC_OVERRIDE CAP_NET_RAW".