Update collabore-tunnel.service
This commit is contained in:
parent
ac1b5209e8
commit
8fba5f8ecb
|
|
@ -34,6 +34,7 @@ PrivateDevices=true
|
||||||
ProtectControlGroups=true
|
ProtectControlGroups=true
|
||||||
ProtectKernelModules=true
|
ProtectKernelModules=true
|
||||||
ProtectKernelTunables=true
|
ProtectKernelTunables=true
|
||||||
|
ProtectKernelLogs=true
|
||||||
ReadWritePaths=
|
ReadWritePaths=
|
||||||
|
|
||||||
# network
|
# network
|
||||||
|
|
@ -54,7 +55,7 @@ ProtectClock=true
|
||||||
ProtectProc=invisible
|
ProtectProc=invisible
|
||||||
|
|
||||||
# capabilities
|
# capabilities
|
||||||
RestrictNamespaces=uts ipc pid cgroup
|
RestrictNamespaces=yes
|
||||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||||
AmbientCapabilities=
|
AmbientCapabilities=
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user