|
@@ -16,8 +16,7 @@ LimitNOFILE = 32768
|
|
|
|
|
|
|
|
# Hardening
|
|
# Hardening
|
|
|
PrivateTmp = yes
|
|
PrivateTmp = yes
|
|
|
-DeviceAllow = /dev/null rw
|
|
|
|
|
-DeviceAllow = /dev/urandom r
|
|
|
|
|
|
|
+PrivateDevices = yes
|
|
|
InaccessibleDirectories = /home
|
|
InaccessibleDirectories = /home
|
|
|
ReadOnlyDirectories = /
|
|
ReadOnlyDirectories = /
|
|
|
ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
|
|
ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
|
Craig Andrews