mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 10:12:15 +01:00
Use PrivateDevices instead of DeviceAllow
See 13805
This commit is contained in:
Craig Andrews
parent
11b652acb3
commit
1ac3b74405
3
contrib/dist/tor.service.in
vendored
3
contrib/dist/tor.service.in
vendored
@ -16,8 +16,7 @@ LimitNOFILE = 32768
|
|||||||
|
|
||||||
# Hardening
|
# Hardening
|
||||||
PrivateTmp = yes
|
PrivateTmp = yes
|
||||||
DeviceAllow = /dev/null rw
|
PrivateDevices = yes
|
||||||
DeviceAllow = /dev/urandom r
|
|
||||||
InaccessibleDirectories = /home
|
InaccessibleDirectories = /home
|
||||||
ReadOnlyDirectories = /
|
ReadOnlyDirectories = /
|
||||||
ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
|
ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user