Merge remote-tracking branch 'candrews/issue13805'

author: Nick Mathewson <nickm@torproject.org> 2015-01-11 11:24:48 -0500
committer: Nick Mathewson <nickm@torproject.org> 2015-01-11 11:24:48 -0500
commit: c98e075ebc17d7e5b4548cc58f58088cff83d0ca (patch)
tree: 14dad3042d80f90dfb33e2b64b914e1dde75e076 /contrib/dist
parent: e009c2da5138bce5e8244658177efbe48c641035 (diff)
parent: 5bdf12ca8aa13cd98c6a4b7457b37df2b519e8a7 (diff)
download: tor-c98e075ebc17d7e5b4548cc58f58088cff83d0ca.tar.gz
tor-c98e075ebc17d7e5b4548cc58f58088cff83d0ca.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in
index f50075da6f..d7bf611846 100644
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -16,13 +16,13 @@ LimitNOFILE = 32768
 
 # Hardening
 PrivateTmp = yes
-DeviceAllow = /dev/null rw
-DeviceAllow = /dev/urandom r
-InaccessibleDirectories = /home
+PrivateDevices = yes
+ProtectHome = yes
+ProtectSystem = full
 ReadOnlyDirectories = /
-ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
-ReadWriteDirectories = @LOCALSTATEDIR@/log/tor
-ReadWriteDirectories = @LOCALSTATEDIR@/run/tor
+ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor
+ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor
+ReadWriteDirectories = -@LOCALSTATEDIR@/run/tor
 NoNewPrivileges = yes
 
 [Install]
author	Nick Mathewson <nickm@torproject.org>	2015-01-11 11:24:48 -0500
committer	Nick Mathewson <nickm@torproject.org>	2015-01-11 11:24:48 -0500
commit	c98e075ebc17d7e5b4548cc58f58088cff83d0ca (patch)
tree	14dad3042d80f90dfb33e2b64b914e1dde75e076 /contrib/dist
parent	e009c2da5138bce5e8244658177efbe48c641035 (diff)
parent	5bdf12ca8aa13cd98c6a4b7457b37df2b519e8a7 (diff)
download	tor-c98e075ebc17d7e5b4548cc58f58088cff83d0ca.tar.gz tor-c98e075ebc17d7e5b4548cc58f58088cff83d0ca.zip