20 lines
521 B
Django/Jinja
20 lines
521 B
Django/Jinja
[Service]
|
|
ExecStart=
|
|
ExecStart=/usr/sbin/murmurd -fg -ini {{ global.murmur.configpath }}
|
|
ProtectSystem=strict
|
|
PrivateUsers=true
|
|
NoNewPrivileges=yes
|
|
TemporaryFileSystem=/:ro
|
|
BindReadOnlyPaths={{ global.murmur.configpath }} /usr /lib /lib64
|
|
ProtectControlGroups=yes
|
|
ProtectKernelModules=yes
|
|
ProtectKernelTunables=yes
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
|
RestrictNamespaces=yes
|
|
RestrictRealtime=yes
|
|
RestrictSUIDSGID=yes
|
|
MemoryDenyWriteExecute=yes
|
|
LockPersonality=yes
|
|
PrivateTmp=yes
|
|
PrivateDevices=yes
|