Add sandboxing to ntfy.service#1467
Conversation
See [systemd.exec(5)](https://man.archlinux.org/man/systemd.exec.5) to find out what the options mean!
|
Ideally |
|
I tried this out and most seem harmless. However,
So I think I'll add the others and update the docs with hardening suggestions. Sound good? |
You should be using /run.
databases should not be in /etc. If you want i can ammend the commit to remove PrivateTmp. If a lot of people are putting sockets in /run i reccommend that you still add PrivateTmp but put a warning in the changelog. |
See systemd.exec(5) to find out what the options mean!