A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
Amine Hassane Sporif
ageis
/ systemd_service_hardening.md
Last active
November 1, 2024 09:45
Options for hardening systemd service units