[exim] Re: exim systemd service: Type=exec or Type=simple

Góra strony
Delete this message
Reply to this message
Autor: Andreas Metzler
Data:  
Dla: exim-users
Temat: [exim] Re: exim systemd service: Type=exec or Type=simple
On 2023-07-24 Heiko Schlittermann via Exim-users <exim-users@???> wrote:
> Andreas Metzler via Exim-users <exim-users@???> (Mo 24 Jul 2023 18:52:14 CEST):

[...]
> Maybe you want to check the branch hs/systemd-units, there I started to
> collect my effort to provide native systemd units for Exim.


> I'd be happy if we can join our efforts.

[...]

Hello,

I do not think ProtectSystem=strict works for exim, however OpenSuse has
these and I think they should be fine:

PrivateTmp=true
ProtectSystem=full
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
ProtectProc=invisible
RestrictRealtime=true

I do not see why this should not work either:
ProtectProc=invisible

cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/