Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-12-22 13:45:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add NoNewPrivileges=true for certbot

Browse Source
This commit is contained in:
Tommy 2024-06-24 08:51:14 -07:00 committed by Daniel Micay
parent 55221c8e44
commit 6fc45525d9
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
systemd/system/certbot-renew.service.d/local.conf
View File

@ -5,6 +5,7 @@ ExecStart=
ExecStart=/usr/bin/certbot -q renew --no-random-sleep-on-renew --max-log-backups 0 ExecStart=/usr/bin/certbot -q renew --no-random-sleep-on-renew --max-log-backups 0
LockPersonality=true LockPersonality=true
MemoryDenyWriteExecute=true MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true PrivateDevices=true
PrivateIPC=true PrivateIPC=true
PrivateUsers=true PrivateUsers=true