extern/endlessh
1
0
Fork 1
mirror of https://github.com/skeeto/endlessh.git synced 2024-12-01 17:23:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

PrivateUsers=true prevents privileged port mapping

Browse Source
This commit is contained in:
Cengiz Can 2019-05-13 15:25:04 +03:00 committed by GitHub
parent 4321fe93e5
commit 44b3285bb2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
util/endlessh.service
View File

@ -27,10 +27,11 @@ ProtectHome=true
## setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh ## setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
## 2) uncomment following line ## 2) uncomment following line
#AmbientCapabilities=CAP_NET_BIND_SERVICE #AmbientCapabilities=CAP_NET_BIND_SERVICE
## 4) comment following line
PrivateUsers=true
NoNewPrivileges=true NoNewPrivileges=true
ConfigurationDirectory=endlessh ConfigurationDirectory=endlessh
PrivateUsers=true
ProtectKernelTunables=true ProtectKernelTunables=true
ProtectKernelModules=true ProtectKernelModules=true
ProtectControlGroups=true ProtectControlGroups=true