From 08695038f96f58b2eff4ae49627ce042494dbd3e Mon Sep 17 00:00:00 2001
From: phil <phil@systemausfall.org>
Date: Tue, 13 Dec 2022 16:47:31 +0100
Subject: [PATCH] =?UTF-8?q?F=C3=BCge=20hardening-Optionen=20zu=20system-Se?=
 =?UTF-8?q?rvice=20hinzu?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 templates/lstu.service.j2 | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/templates/lstu.service.j2 b/templates/lstu.service.j2
index 74dc270..55531a2 100644
--- a/templates/lstu.service.j2
+++ b/templates/lstu.service.j2
@@ -14,5 +14,14 @@ ExecStart=/usr/bin/carton exec hypnotoad script/lstu
 ExecStop=/usr/bin/carton exec hypnotoad -s script/lstu
 ExecReload=/usr/bin/carton exec hypnotoad script/lstu
 
+# Hardening
+CapabilityBoundingSet=
+PrivateMounts=true
+PrivateTmp=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectSystem=strict
+ReadWritePaths=-{{ lstu.path }}
+
 [Install]
 WantedBy=multi-user.target