From 69d29a79313316ee3a8342c8911effe2f7eb6d2a Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 23 Jan 2021 23:02:10 +0100 Subject: apply a bit more systemd hardening --- debian/taler-exchange.postinst | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst index 9bad800d7..26bf3de69 100644 --- a/debian/taler-exchange.postinst +++ b/debian/taler-exchange.postinst @@ -114,6 +114,9 @@ User=${_EUSERNAME} Type=simple Restart=on-failure ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler-exchange.conf +PrivateTmp=no +PrivateDevices=yes +ProtectSystem=full [Install] WantedBy=multi-user.target @@ -129,9 +132,10 @@ User=${_RSECUSERNAME} Type=simple Restart=on-failure ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler-exchange.conf +PrivateTmp=no +PrivateDevices=yes +ProtectSystem=full -[Install] -WantedBy=multi-user.target EOF cat > "/etc/systemd/system/taler-exchange-secmod-eddsa.service" < "/etc/systemd/system/taler-exchange-wirewatch.service" < "/etc/systemd/system/taler-exchange-transfer.service" < "/etc/systemd/system/taler-exchange-aggregator.service" <