forked from mirrors/nixpkgs
privoxy service: additional isolation
This commit is contained in:
parent
54cea02d90
commit
ad88f1040e
|
@ -100,6 +100,11 @@ in
|
|||
after = [ "network.target" "nss-lookup.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.ExecStart = "${privoxy}/sbin/privoxy --no-daemon --user ${privoxyUser} ${confFile}";
|
||||
|
||||
serviceConfig.PrivateDevices = true;
|
||||
serviceConfig.PrivateTmp = true;
|
||||
serviceConfig.ProtectHome = true;
|
||||
serviceConfig.ProtectSystem = "full";
|
||||
};
|
||||
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue