summaryrefslogtreecommitdiff
path: root/contrib/dist/tor.service.in
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/dist/tor.service.in')
-rw-r--r--contrib/dist/tor.service.in12
1 files changed, 6 insertions, 6 deletions
diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in
index f50075da6f..d7bf611846 100644
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -16,13 +16,13 @@ LimitNOFILE = 32768
# Hardening
PrivateTmp = yes
-DeviceAllow = /dev/null rw
-DeviceAllow = /dev/urandom r
-InaccessibleDirectories = /home
+PrivateDevices = yes
+ProtectHome = yes
+ProtectSystem = full
ReadOnlyDirectories = /
-ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
-ReadWriteDirectories = @LOCALSTATEDIR@/log/tor
-ReadWriteDirectories = @LOCALSTATEDIR@/run/tor
+ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor
+ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor
+ReadWriteDirectories = -@LOCALSTATEDIR@/run/tor
NoNewPrivileges = yes
[Install]
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion