mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 02:09:24 +01:00
Use PrivateDevices instead of DeviceAllow
See 13805
This commit is contained in:
Craig Andrews
parent
11b652acb3
commit
1ac3b74405
3
contrib/dist/tor.service.in
vendored
3
contrib/dist/tor.service.in
vendored
@ -16,8 +16,7 @@ LimitNOFILE = 32768
|
||||
|
||||
# Hardening
|
||||
PrivateTmp = yes
|
||||
DeviceAllow = /dev/null rw
|
||||
DeviceAllow = /dev/urandom r
|
||||
PrivateDevices = yes
|
||||
InaccessibleDirectories = /home
|
||||
ReadOnlyDirectories = /
|
||||
ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
|
||||
|
||||
Loading…
Reference in New Issue
Block a user