summaryrefslogtreecommitdiff
path: root/src/upower.service.in
diff options
context:
space:
mode:
Diffstat (limited to 'src/upower.service.in')
-rw-r--r--src/upower.service.in23
1 files changed, 23 insertions, 0 deletions
diff --git a/src/upower.service.in b/src/upower.service.in
index d0945f0..835529a 100644
--- a/src/upower.service.in
+++ b/src/upower.service.in
@@ -8,5 +8,28 @@ BusName=org.freedesktop.UPower
ExecStart=@libexecdir@/upowerd
Restart=on-failure
+# Filesystem lockdown
+ProtectSystem=strict
+ProtectKernelTunables=true
+ProtectControlGroups=true
+ReadWritePaths=@historydir@
+ProtectHome=true
+PrivateTmp=true
+
+# Network
+PrivateNetwork=true
+
+# Execute Mappings
+MemoryDenyWriteExecute=true
+
+# Modules
+ProtectKernelModules=true
+
+# Real-time
+RestrictRealtime=true
+
+# Privilege escalation
+NoNewPrivileges=true
+
[Install]
WantedBy=graphical.target
View Lorry Controller Status