diff options
-rw-r--r-- | systemd/user/notify-email@.service | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/systemd/user/notify-email@.service b/systemd/user/notify-email@.service index 9293c423..bddee12a 100644 --- a/systemd/user/notify-email@.service +++ b/systemd/user/notify-email@.service @@ -4,3 +4,14 @@ Description=unit status mailer service for %i [Service] Type=oneshot ExecStart=sh -c 'systemctl --user status %i | mail --append="From: systemd" --append="X-systemd: %H %m %b" --subject="[systemd] %i failure" %u' +# Hardening +DevicePolicy=closed +IPAddressDeny=any +PrivateMounts=true +PrivateTmp=true +ProtectControlGroups=true +ProtectHome=true +ProtectSystem=full +RemoveIPC=true +SystemCallErrorNumber=EPERM +UMask=027 |