diff options
Diffstat (limited to 'newsboat')
-rw-r--r-- | newsboat/systemd/user/reload-newsboat.service | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/newsboat/systemd/user/reload-newsboat.service b/newsboat/systemd/user/reload-newsboat.service index c1e5fab9..24cda424 100644 --- a/newsboat/systemd/user/reload-newsboat.service +++ b/newsboat/systemd/user/reload-newsboat.service @@ -8,3 +8,21 @@ Type=oneshot LogsDirectory=newsboat LogsDirectoryMode=0700 ExecStart=newsboat --execute=reload --log-file=%L/newsboat/%p.log --log-level=6 +# Hardening +KeyringMode=private +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +RestrictAddressFamilies=AF_UNIX +RestrictAddressFamilies=~AF_UNIX +RestrictNamespaces=true +RestrictRealtime=true +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +UMask=0077 +# Slowing +Nice=10 +IOSchedulingClass=best-effort +IOSchedulingPriority=7 |