systemd unit file: ensures that the process and all its children can never gain

new privileges (#12939).
2024-11-27 13:53:31 +01:00 · 2014-08-27 03:18:26 +00:00 · 2014-08-27 03:18:26 +00:00 · b4170421cc
commit b4170421cc
parent b159ffb675
1 changed files with 1 additions and 0 deletions
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@ -19,6 +19,7 @@ PrivateTmp = yes
 DeviceAllow = /dev/null rw
 DeviceAllow = /dev/urandom r
 InaccessibleDirectories = /home
+NoNewPrivileges = yes

 [Install]
 WantedBy = multi-user.target