Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-01-02 10:36:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

add chronyd.service hardening based on not using sendmail

Browse Source 
This reverts the extra directives included in the standard
chronyd.service for supporting sendmail.
This commit is contained in:
Daniel Micay 2024-12-19 11:35:31 -05:00
parent ad7a380ae9
commit e40fb1bd4e
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
systemd/system/chronyd.service.d/override.conf
View File

@ -1,5 +1,9 @@
[Service] [Service]
NoNewPrivileges=yes
ReadWritePaths=
ReadWritePaths=/run /var/lib/chrony -/var/log
Restart=always Restart=always
RestartMaxDelaySec=10s RestartMaxDelaySec=10s
RestartSec=100ms RestartSec=100ms
RestartSteps=5 RestartSteps=5
RestrictAddressFamilies=~AF_NETLINK