mirror of
https://github.com/GrapheneOS/infrastructure.git
synced 2025-07-31 10:38:46 -04:00
add chronyd.service hardening based on not using sendmail
This reverts the extra directives included in the standard chronyd.service for supporting sendmail.
This commit is contained in:
Daniel Micay
parent
ad7a380ae9
commit
e40fb1bd4e
1 changed files with 4 additions and 0 deletions
|
|
@ -1,5 +1,9 @@
|
||||||
[Service]
|
[Service]
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
ReadWritePaths=
|
||||||
|
ReadWritePaths=/run /var/lib/chrony -/var/log
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartMaxDelaySec=10s
|
RestartMaxDelaySec=10s
|
||||||
RestartSec=100ms
|
RestartSec=100ms
|
||||||
RestartSteps=5
|
RestartSteps=5
|
||||||
|
RestrictAddressFamilies=~AF_NETLINK
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue