rpm/caddy
SHA256
1
0
Fork 0
forked from pool/caddy
Code Pull Requests Activity

Accepting request 914365 from home:jsegitz:branches:systemdhardening:server:http

Browse Source 
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/914365
OBS-URL: https://build.opensuse.org/package/show/server:http/caddy?expand=0&rev=5
This commit is contained in:
Alexandre Vicenzi
2021-09-02 14:38:26 +00:00
committed by Git OBS Bridge
parent dca65c36eb
commit 583b912711
3 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
caddy.service
View File

@@ -14,6 +14,18 @@ LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectHome=true
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]