[Libreoffice-commits] online.git: loolwsd.service
Martin Milata (via logerrit)
logerrit at kemper.freedesktop.org
Thu Jun 25 08:58:42 UTC 2020
loolwsd.service | 8 ++++++++
1 file changed, 8 insertions(+)
New commits:
commit 40da3305b4647f0ebe8d6853651d9eb5d4dfb157
Author: Martin Milata <martin at martinmilata.cz>
AuthorDate: Thu Feb 6 18:43:58 2020 +0100
Commit: Jan Holesovsky <kendy at collabora.com>
CommitDate: Thu Jun 25 10:58:23 2020 +0200
service: enable sandboxing options
See also https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Sandboxing
Change-Id: I7ae1070c170db2f91dbeb177f03390a0b45143eb
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88128
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
Reviewed-by: Jan Holesovsky <kendy at collabora.com>
diff --git a/loolwsd.service b/loolwsd.service
index 93e98fd67..2204bb736 100644
--- a/loolwsd.service
+++ b/loolwsd.service
@@ -11,5 +11,13 @@ User=lool
KillMode=control-group
Restart=always
+ProtectSystem=strict
+ReadWritePaths=/opt/lool
+
+ProtectHome=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+CapabilityBoundingSet=CAP_FOWNER CAP_MKNOD CAP_SYS_CHROOT
+
[Install]
WantedBy=multi-user.target
More information about the Libreoffice-commits
mailing list