easier service-file, no error on rpi

This commit is contained in:
Alexander Gabriel 2021-06-06 19:28:32 +01:00
parent f25d2c2010
commit 9b69ce37eb

View File

@ -23,26 +23,5 @@ TimeoutStopSec=30
StartLimitInterval=30 StartLimitInterval=30
StartLimitBurst=3 StartLimitBurst=3
; Process capabilities & privileges
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
SecureBits=keep-caps
NoNewPrivileges=yes
; Sandboxing
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
PrivateTmp=true
PrivateDevices=true
ProtectControlGroups=true
ProtectKernelTunables=true
ProtectKernelModules=true
LockPersonality=true
RemoveIPC=true
RestrictRealtime=true
SystemCallFilter=@system-service
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
ReadWriteDirectories=/etc/step-ca/.step/db
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target