diff options
author | Richard Freeman <rich0@gentoo.org> | 2016-08-13 17:03:55 -0400 |
---|---|---|
committer | Richard Freeman <rich0@gentoo.org> | 2016-08-13 17:03:55 -0400 |
commit | 80f094370d5e5c11c8f5eb3bde48710403309261 (patch) | |
tree | bead7a1f1eb8f090bc207cf7f6469a9bc345ce55 /mail-mta | |
parent | www-servers/apache: add systemd hardening (diff) | |
download | gentoo-80f094370d5e5c11c8f5eb3bde48710403309261.tar.gz gentoo-80f094370d5e5c11c8f5eb3bde48710403309261.tar.bz2 gentoo-80f094370d5e5c11c8f5eb3bde48710403309261.zip |
mail-mta/postfix: add systemd hardening
Package-Manager: portage-2.2.28
Diffstat (limited to 'mail-mta')
-rw-r--r-- | mail-mta/postfix/files/postfix.service | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/mail-mta/postfix/files/postfix.service b/mail-mta/postfix/files/postfix.service index d3d4804138b9..eddd5507ba8e 100644 --- a/mail-mta/postfix/files/postfix.service +++ b/mail-mta/postfix/files/postfix.service @@ -8,6 +8,12 @@ ExecStartPre=-/usr/bin/newaliases ExecStart=/usr/sbin/postfix start ExecStop=/usr/sbin/postfix stop ExecReload=/usr/sbin/postfix reload +# Hardening +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE +MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target |