mirror of
https://github.com/ArcticFoxes-net/Synapse-Ubuntu-ZFS
synced 2024-11-14 06:31:33 -05:00
30 lines
754 B
Plaintext
30 lines
754 B
Plaintext
|
[Service]
|
||
|
# The following directives give the synapse service R/W access to:
|
||
|
# - /var/lib/matrix-synapse
|
||
|
# - /var/log/matrix-synapse
|
||
|
|
||
|
StateDirectory=matrix-synapse
|
||
|
LogsDirectory=matrix-synapse
|
||
|
|
||
|
######################
|
||
|
## Security Sandbox ##
|
||
|
######################
|
||
|
|
||
|
# Make sure that the service has its own unshared tmpfs at /tmp and that it
|
||
|
# cannot see or change any real devices
|
||
|
PrivateTmp=true
|
||
|
PrivateDevices=true
|
||
|
|
||
|
# We give no capabilities to a service by default
|
||
|
#CapabilityBoundingSet=
|
||
|
#AmbientCapabilities=
|
||
|
|
||
|
# Protect the following from modification:
|
||
|
# - The entire filesystem
|
||
|
# - sysctl settings and loaded kernel modules
|
||
|
# - No modifications allowed to Control Groups
|
||
|
# - Hostname
|
||
|
# - System Clock
|
||
|
ProtectSystem=strict
|
||
|
ProtectKernelTunables=true
|