systemd unit file: ensures that the process and all its children can never gain

new privileges (#12939).
author: intrigeri <intrigeri@boum.org> 2014-08-27 03:18:26 +0000
committer: intrigeri <intrigeri@boum.org> 2014-08-27 03:18:26 +0000
commit: b4170421cc58d8c57254f4224ba259e817f48869 (patch)
tree: 314ffb95e912f296cfa8bb25c2f78f3768a494ca /contrib/dist
parent: b159ffb675a274b285acc55204eaf6e83cd72bf8 (diff)
download: tor-b4170421cc58d8c57254f4224ba259e817f48869.tar.gz
tor-b4170421cc58d8c57254f4224ba259e817f48869.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in
index 2fe51c75d9..c4709a7fd6 100644
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -19,6 +19,7 @@ PrivateTmp = yes
 DeviceAllow = /dev/null rw
 DeviceAllow = /dev/urandom r
 InaccessibleDirectories = /home
+NoNewPrivileges = yes
 
 [Install]
 WantedBy = multi-user.target
author	intrigeri <intrigeri@boum.org>	2014-08-27 03:18:26 +0000
committer	intrigeri <intrigeri@boum.org>	2014-08-27 03:18:26 +0000
commit	b4170421cc58d8c57254f4224ba259e817f48869 (patch)
tree	314ffb95e912f296cfa8bb25c2f78f3768a494ca /contrib/dist
parent	b159ffb675a274b285acc55204eaf6e83cd72bf8 (diff)
download	tor-b4170421cc58d8c57254f4224ba259e817f48869.tar.gz tor-b4170421cc58d8c57254f4224ba259e817f48869.zip