extend matterbridge service hardening

2024-12-18 12:24:37 -05:00 · 2022-08-09 06:18:21 -04:00 · 2022-08-09 06:18:21 -04:00 · 5a4b71ed29
commit 5a4b71ed29
parent 28c063bdc2
1 changed files with 8 additions and 0 deletions
--- a/systemd/system/matterbridge.service.d/hardening.conf
+++ b/systemd/system/matterbridge.service.d/hardening.conf
@ -0,0 +1,8 @@
+[Service]
+# use a persistent user so that nftables can use it for skuid rules
+DynamicUser=false
+
+MemoryDenyWriteExecute=true
+RemoveIPC=true
+ProcSubset=pid
+ProtectProc=invisible