mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2025-11-02 09:01:50 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

systemd: add sandboxing also for the system service

Browse source 
Based on dd1bf796cb
and https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/blob/master/src/daemon/systemd/user/pulseaudio.service.in

See also: #763
This commit is contained in:
George Kiagiadakis 2021-02-23 15:56:38 +02:00 committed by Wim Taymans
parent d2fb6db21f
commit b7c6f70ae3
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/daemon/systemd/system/pipewire.service.in
View file

@ -15,6 +15,12 @@ Description=Multimedia Service
Requires=pipewire.socket Requires=pipewire.socket
[Service] [Service]
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
RestrictNamespaces=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
Type=simple Type=simple
ExecStart=@PW_BINARY@ ExecStart=@PW_BINARY@
Restart=on-failure Restart=on-failure