holm/endlessh
1
1
Fork 0
forked from extern/endlessh
Code Issues Pull Requests Packages Projects Releases Wiki Activity

PrivateUsers=true prevents privileged port mapping

Browse Source
This commit is contained in:
Cengiz Can 2019-05-13 15:25:04 +03:00 committed by GitHub
parent 4321fe93e5
commit 44b3285bb2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
util/endlessh.service
View File

@ -27,10 +27,11 @@ ProtectHome=true
## setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
## 2) uncomment following line
#AmbientCapabilities=CAP_NET_BIND_SERVICE
## 4) comment following line
PrivateUsers=true
NoNewPrivileges=true
ConfigurationDirectory=endlessh
PrivateUsers=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true