commit: 80f094370d5e5c11c8f5eb3bde48710403309261 Author: Richard Freeman <rich0 <AT> gentoo <DOT> org> AuthorDate: Sat Aug 13 21:03:55 2016 +0000 Commit: Richard Freeman <rich0 <AT> gentoo <DOT> org> CommitDate: Sat Aug 13 21:03:55 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80f09437
mail-mta/postfix: add systemd hardening Package-Manager: portage-2.2.28 mail-mta/postfix/files/postfix.service | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mail-mta/postfix/files/postfix.service b/mail-mta/postfix/files/postfix.service index d3d4804..eddd550 100644 --- a/mail-mta/postfix/files/postfix.service +++ b/mail-mta/postfix/files/postfix.service @@ -8,6 +8,12 @@ ExecStartPre=-/usr/bin/newaliases ExecStart=/usr/sbin/postfix start ExecStop=/usr/sbin/postfix stop ExecReload=/usr/sbin/postfix reload +# Hardening +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE +MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target
