add

2023-08-25 16:22:24 +02:00
parent 27c9174741
commit ab9457a1d5
9 changed files with 210 additions and 1 deletions
--- a/39
+++ b/39
@@ -0,0 +1,39 @@
+#show
+
+systemctl show <service> |grep -i capa
+#prüfe welche du brauchst und eine Unit könnte so aussehen
+#
+[Unit]
+Description=Start Server
+
+[Service]
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/python3 -m http.server
+
+WorkingDirectory=/
+#Namespace tricks
+#macht Verzeichnise readOnly
+#ReadOnlyPaths=/var /usr
+#zeigt sie leer an
+InaccessiblePaths=/sys /proc
+#eignes tmp
+PrivateTmp=yes
+ProtectSystem=strict
+#PrivatUser=yes
+
+#limit tricks
+#darf nur 1 Process geben
+#LimitNPROC=1
+#darf keine Files schreiben
+#LimitFSIZE=0
+#entfert ~ capability
+#CapabilityBoundingSet=~cap_net_raw cap_chown
+#CapabilityBoundingSet=cap_net_bind_service
+#Run as user
+CapabilityBoundingSet=cap_net_bind_service
+AmbientCapabilities=cap_net_bind_service
+#User=nutzer16
+#Group=users
+DynamicUser=yes
+