Skip to content

Commit 870d415

Browse files
committed
Set ProtectHome in systemd service file
Further hardening; the service should be run with as many restrictions as possible without breaking it.
1 parent 639a416 commit 870d415

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

contrib/init/bitcoind.service

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,9 @@ PrivateTmp=true
5858
# Mount /usr, /boot/ and /etc read-only for the process.
5959
ProtectSystem=full
6060

61+
# Deny access to /home, /root and /run/user
62+
ProtectHome=true
63+
6164
# Disallow the process and all of its children to gain
6265
# new privileges through execve().
6366
NoNewPrivileges=true

0 commit comments

Comments
 (0)