tamiko 14/11/21 23:51:23 Modified: tor.service Log: set additional hardening options for tor.service file, wrt bug #529212 (Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key BD3A97A3)
Revision Changes Path 1.4 net-misc/tor/files/tor.service file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/tor/files/tor.service?rev=1.4&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/tor/files/tor.service?rev=1.4&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/tor/files/tor.service?r1=1.3&r2=1.4 Index: tor.service =================================================================== RCS file: /var/cvsroot/gentoo-x86/net-misc/tor/files/tor.service,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- tor.service 20 Nov 2014 14:41:40 -0000 1.3 +++ tor.service 21 Nov 2014 23:51:23 -0000 1.4 @@ -3,12 +3,19 @@ [Service] ExecStartPre=/usr/bin/tor --verify-config -f /etc/tor/torrc -ExecStart=/usr/bin/tor --runasdaemon 0 -f /etc/tor/torrc -ExecStop=/bin/kill -INT $MAINPID +ExecStart=/usr/bin/tor --RunAsDaemon 0 -f /etc/tor/torrc ExecReload=/bin/kill -HUP $MAINPID +KillSignal=SIGINT TimeoutStopSec=32 LimitNOFILE=30000 -Group=tor + +# Hardening options: +CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE +PrivateTmp = yes +PrivateDevices = yes +ProtectHome = yes +ProtectSystem = full +NoNewPrivileges = yes [Install] WantedBy=multi-user.target
