aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--changes/bug12939-systemd-no-new-privileges4
-rw-r--r--contrib/dist/tor.service.in1
2 files changed, 5 insertions, 0 deletions
diff --git a/changes/bug12939-systemd-no-new-privileges b/changes/bug12939-systemd-no-new-privileges
new file mode 100644
index 0000000000..d9103b7055
--- /dev/null
+++ b/changes/bug12939-systemd-no-new-privileges
@@ -0,0 +1,4 @@
+ o Distribution:
+ - systemd unit file: ensures that the process and all its children
+ can never gain new privileges.
+ Patch by intrigeri; resolves ticket 12939.
diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in
index 8c70ccc6e3..20ceecf0ca 100644
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -22,6 +22,7 @@ InaccessibleDirectories = /home
ReadOnlyDirectories = /
ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
ReadWriteDirectories = @LOCALSTATEDIR@/log/tor
+NoNewPrivileges = yes
[Install]
WantedBy = multi-user.target
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion