[tor-commits] [tor/master] systemd unit file: ensures that the process and all its children can never gain
nickm at torproject.org
nickm at torproject.org
Wed Sep 3 17:30:18 UTC 2014
commit b4170421cc58d8c57254f4224ba259e817f48869
Author: intrigeri <intrigeri at boum.org>
Date: Wed Aug 27 03:18:26 2014 +0000
systemd unit file: ensures that the process and all its children can never gain
new privileges (#12939).
---
contrib/dist/tor.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in
index 2fe51c7..c4709a7 100644
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -19,6 +19,7 @@ PrivateTmp = yes
DeviceAllow = /dev/null rw
DeviceAllow = /dev/urandom r
InaccessibleDirectories = /home
+NoNewPrivileges = yes
[Install]
WantedBy = multi-user.target
More information about the tor-commits
mailing list