Skip to content

Commit

Permalink
Harden the systemd service using DynamicUser.
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikispag
mikispag committed Oct 1, 2023
1 parent 64afc97 commit 9f1fdcb
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions debian/dns-over-tls-forwarder.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@ Description=DNS-over-TLS forwarder
After=network.target

[Service]
User=nobody
Group=nogroup
DynamicUser=yes
LimitNOFILE=32768
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
Expand Down

0 comments on commit 9f1fdcb

Please sign in to comment.