[tor-commits] [tor/master] Use PrivateDevices instead of DeviceAllow

Sun Jan 11 16:27:22 UTC 2015

commit 1ac3b74405098d6cace271e0c5c6b0cf33ba0154
Author: Craig Andrews <candrews at integralblue.com>
Date:   Fri Nov 28 12:36:17 2014 -0500

    Use PrivateDevices instead of DeviceAllow
    
    See 13805
---
 contrib/dist/tor.service.in |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in
index 57409a7..6362855 100644
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -16,8 +16,7 @@ LimitNOFILE = 32768
 
 # Hardening
 PrivateTmp = yes
-DeviceAllow = /dev/null rw
-DeviceAllow = /dev/urandom r
+PrivateDevices = yes
 InaccessibleDirectories = /home
 ReadOnlyDirectories = /
 ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor



