Merge remote-tracking branch 'candrews/issue13805'

2024-11-10 13:13:44 +01:00 · 2015-01-11 11:24:48 -05:00 · 2015-01-11 11:24:48 -05:00 · c98e075ebc
commit c98e075ebc
parent e009c2da51 5bdf12ca8a
1 changed files with 6 additions and 6 deletions
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@ -16,13 +16,13 @@ LimitNOFILE = 32768

 # Hardening
 PrivateTmp = yes
-DeviceAllow = /dev/null rw
-DeviceAllow = /dev/urandom r
-InaccessibleDirectories = /home
+PrivateDevices = yes
+ProtectHome = yes
+ProtectSystem = full
 ReadOnlyDirectories = /
-ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
-ReadWriteDirectories = @LOCALSTATEDIR@/log/tor
-ReadWriteDirectories = @LOCALSTATEDIR@/run/tor
+ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor
+ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor
+ReadWriteDirectories = -@LOCALSTATEDIR@/run/tor
 NoNewPrivileges = yes

 [Install]