mirror of
https://github.com/drakkan/sftpgo.git
synced 2025-12-06 22:30:56 +03:00
9b6b9cca3d
We can tighten security by adding the following to the systemd service file: * NoNewPrivileges: should never be needed * DevicePolicy: only basics required * PrivateDevices: only needs mounted stuff, never devs * ProtectSystem: no need to change boot * RestrictAddressFamilies: INET, UNIX only Signed-off-by: Marc <mail@lpcvoid.com>