mirror of
https://codeberg.org/icewind/shortcutd.git
synced 2026-06-03 09:14:07 +02:00
28 lines
579 B
Desktop File
28 lines
579 B
Desktop File
[Unit]
|
|
Description=shortcutd
|
|
|
|
[Service]
|
|
# restrict permissions as much as possible
|
|
ProtectControlGroups=true
|
|
ProtectHome=true
|
|
ProtectKernelTunables=true
|
|
ProtectSystem=strict
|
|
RestrictSUIDSGID=true
|
|
PrivateNetwork=true
|
|
CapabilityBoundingSet=true
|
|
RestrictNamespaces=true
|
|
RestrictAddressFamilies=AF_UNIX
|
|
PrivateUsers=true
|
|
PrivateTmp=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
NoNewPrivileges=true
|
|
SystemCallFilter=@system-service
|
|
SystemCallFilter=~@resources
|
|
MemoryDenyWriteExecute=true
|
|
IPAddressDeny=any
|
|
|
|
ExecStart=/usr/bin/shortcutd
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|