19 lines
441 B
Plaintext
19 lines
441 B
Plaintext
[Service]
|
|
LimitNOFILE=100000
|
|
ProtectSystem=strict
|
|
PrivateTmp=true
|
|
NoNewPrivileges=true
|
|
PrivateDevices=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
LockPersonality=true
|
|
MemoryDenyWriteExecute=true
|
|
SystemCallArchitectures=native
|
|
ReadWritePaths=-/run
|
|
ReadWritePaths=-/var/run
|
|
ReadWritePaths=-/var/lib/dovecot
|
|
ReadWritePaths=-/var/spool/postfix/private
|
|
InaccessiblePaths=-/var/www
|
|
InaccessiblePaths=-/root
|