systemd unit file: only allow tor to write to /var/lib/tor and /var/log/tor (#12751).

author intrigeri <intrigeri@boum.org>

Wed, 27 Aug 2014 03:05:12 +0000 (03:05 +0000)

committer intrigeri <intrigeri@boum.org>

Wed, 27 Aug 2014 03:13:53 +0000 (03:13 +0000)
author intrigeri <intrigeri@boum.org>
Wed, 27 Aug 2014 03:05:12 +0000 (03:05 +0000)
committer intrigeri <intrigeri@boum.org>
Wed, 27 Aug 2014 03:13:53 +0000 (03:13 +0000)
diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in

index 2fe51c75d912d276e761359e42aaa645abc9d107..8c70ccc6e387dc9fbd79deb7c97a70aa808fcf28 100644 (file)
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -19,6 +19,9 @@ PrivateTmp = yes
  DeviceAllow = /dev/null rw
  DeviceAllow = /dev/urandom r
  InaccessibleDirectories = /home
+ReadOnlyDirectories = /
+ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
+ReadWriteDirectories = @LOCALSTATEDIR@/log/tor
  
  [Install]
  WantedBy = multi-user.target
author	intrigeri <intrigeri@boum.org>
	Wed, 27 Aug 2014 03:05:12 +0000 (03:05 +0000)
committer	intrigeri <intrigeri@boum.org>
	Wed, 27 Aug 2014 03:13:53 +0000 (03:13 +0000)