diff options
Diffstat (limited to 'systemd/go-import-redirect.service')
| -rw-r--r-- | systemd/go-import-redirect.service | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/systemd/go-import-redirect.service b/systemd/go-import-redirect.service index 38d8023..86f02a3 100644 --- a/systemd/go-import-redirect.service +++ b/systemd/go-import-redirect.service @@ -6,7 +6,34 @@ Description=go-import-redirect [Service] ExecStart=go-import-redirect + +CapabilityBoundingSet= DynamicUser=true +IPAddressDeny=any +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateNetwork=true +PrivateTmp=true +PrivateUsers=true +ProcSubset=pid +ProtectClock=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible +ProtectSystem=strict +RestrictAddressFamilies=none +RestrictNamespaces=true +RestrictRealtime=true +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +UMask=0077 [Install] WantedBy=multi-user.target |