[Libreoffice-commits] online.git: loolwsd.service

Martin Milata (via logerrit) Thu, 25 Jun 2020 01:59:10 -0700

 loolwsd.service |    8 ++++++++
 1 file changed, 8 insertions(+)

New commits:
commit 40da3305b4647f0ebe8d6853651d9eb5d4dfb157
Author:     Martin Milata <mar...@martinmilata.cz>
AuthorDate: Thu Feb 6 18:43:58 2020 +0100
Commit:     Jan Holesovsky <ke...@collabora.com>
CommitDate: Thu Jun 25 10:58:23 2020 +0200


    service: enable sandboxing options
    
    See also 
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Sandboxing
    
    Change-Id: I7ae1070c170db2f91dbeb177f03390a0b45143eb
    Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88128
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Jan Holesovsky <ke...@collabora.com>

diff --git a/loolwsd.service b/loolwsd.service
index 93e98fd67..2204bb736 100644
--- a/loolwsd.service
+++ b/loolwsd.service
@@ -11,5 +11,13 @@ User=lool
 KillMode=control-group
 Restart=always
 
+ProtectSystem=strict
+ReadWritePaths=/opt/lool
+
+ProtectHome=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+CapabilityBoundingSet=CAP_FOWNER CAP_MKNOD CAP_SYS_CHROOT
+
 [Install]
 WantedBy=multi-user.target
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] online.git: loolwsd.service

Reply via email to