From: intrigeri <intrigeri@boum.org>
Date: Wed, 27 Aug 2014 03:18:26 +0000 (+0000)
Subject: systemd unit file: ensures that the process and all its children can never gain
X-Git-Tag: tor-0.2.6.1-alpha~154^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4170421cc58d8c57254f4224ba259e817f48869;p=thirdparty%2Ftor.git

systemd unit file: ensures that the process and all its children can never gain
new privileges (#12939).
---

diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in
index 2fe51c75d9..c4709a7fd6 100644
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -19,6 +19,7 @@ PrivateTmp = yes
 DeviceAllow = /dev/null rw
 DeviceAllow = /dev/urandom r
 InaccessibleDirectories = /home
+NoNewPrivileges = yes
 
 [Install]
 WantedBy = multi-user.target