A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
ageis
/ systemd_service_hardening.md
Last active
May 4, 2024 15:57
Options for hardening systemd service units