JonnyBravo/systemd_notiz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
d3cada920574cf6dd2432b480bc9f40bcf094b77
systemd_notiz/cap
root ab9457a1d5 add
2023-08-25 16:22:24 +02:00

40 lines
780 B
Plaintext
Raw Blame History

#show
systemctl show <service> |grep -i capa
#prüfe welche du brauchst und eine Unit könnte so aussehen
#
[Unit]
Description=Start Server
[Service]
Type=simple
Restart=on-failure
ExecStart=/usr/bin/python3 -m http.server
WorkingDirectory=/
#Namespace tricks
#macht Verzeichnise readOnly
#ReadOnlyPaths=/var /usr
#zeigt sie leer an
InaccessiblePaths=/sys /proc
#eignes tmp
PrivateTmp=yes
ProtectSystem=strict
#PrivatUser=yes
#limit tricks
#darf nur 1 Process geben
#LimitNPROC=1
#darf keine Files schreiben
#LimitFSIZE=0
#entfert ~ capability
#CapabilityBoundingSet=~cap_net_raw cap_chown
#CapabilityBoundingSet=cap_net_bind_service
#Run as user
CapabilityBoundingSet=cap_net_bind_service
AmbientCapabilities=cap_net_bind_service
#User=nutzer16
#Group=users
DynamicUser=yes
Reference in New Issue View Git Blame Copy Permalink