Use PrivateDevices instead of DeviceAllow

author Craig Andrews <candrews@integralblue.com>

Fri, 28 Nov 2014 17:36:17 +0000 (12:36 -0500)

committer Craig Andrews <candrews@integralblue.com>

Fri, 28 Nov 2014 17:36:17 +0000 (12:36 -0500)
author Craig Andrews <candrews@integralblue.com>
Fri, 28 Nov 2014 17:36:17 +0000 (12:36 -0500)
committer Craig Andrews <candrews@integralblue.com>
Fri, 28 Nov 2014 17:36:17 +0000 (12:36 -0500)
diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in

index 57409a7b0abb464a2b0d51eb144e2887f81937b4..63628553dd048ca709567367efc6b65894e26446 100644 (file)
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -16,8 +16,7 @@ LimitNOFILE = 32768
  
  # Hardening
  PrivateTmp = yes
-DeviceAllow = /dev/null rw
-DeviceAllow = /dev/urandom r
+PrivateDevices = yes
  InaccessibleDirectories = /home
  ReadOnlyDirectories = /
  ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
author	Craig Andrews <candrews@integralblue.com>
	Fri, 28 Nov 2014 17:36:17 +0000 (12:36 -0500)
committer	Craig Andrews <candrews@integralblue.com>
	Fri, 28 Nov 2014 17:36:17 +0000 (12:36 -0500)