d/eg25-manager.service: be less restrictive

Additional security options in kernel config make it more picky, 
removing problematic directives (`DeviceAllow` and `ProtectClock`) from 
the service file helps getting things straight.

Other options aren't recognized by our systemd version 
(`ProtectKernelModules`, `ProtectProc`, `ProtectDevices` and 
`ProtectKernelLog`), so we can just as well remove those.
This commit is contained in:
Arnaud Ferraris
2021-09-01 00:26:21 +02:00
parent 24dbcf464c
commit 162fcf6fca

View File

@@ -12,17 +12,11 @@ ProtectKernelTunables=true
ProtectSystem=strict
RestrictSUIDSGID=true
PrivateTmp=true
ProtectedKernelModules=true
MemoryDenyWriteExecute=true
PrivateMounts=true
NoNewPrivileges=true
CapabilityBoundingSet=
ProtectProc=true
ProtectDevices=true
DeviceAllow=/dev/ttyS2
LockPersonality=true
ProtectClock=true
ProtectKernelLog=true
[Install]
WantedBy=multi-user.target