mirrors/pulseaudio
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pulseaudio/pulseaudio.git synced 2025-11-06 13:29:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

daemon: Harden systemd service

Browse source 
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
This commit is contained in:
Topi Miettinen 2019-04-10 14:44:28 +03:00 committed by Tanu Kaskinen
parent 4e08c14cc3
commit 279b99e101
1 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/daemon/systemd/user/pulseaudio.service.in
View file

@ -17,10 +17,17 @@ Requires=pulseaudio.socket
ConditionUser=!root ConditionUser=!root
[Service] [Service]
ExecStart=@PA_BINARY@ --daemonize=no
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
Restart=on-failure
RestrictNamespaces=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
# Note that notify will only work if --daemonize=no # Note that notify will only work if --daemonize=no
Type=notify Type=notify
ExecStart=@PA_BINARY@ --daemonize=no UMask=0077
Restart=on-failure
[Install] [Install]
Also=pulseaudio.socket Also=pulseaudio.socket