Set ProtectHome in systemd service file

Further hardening; the service should be run with as many restrictions as possible without breaking it.
author: setpill <37372069+setpill@users.noreply.github.com> 2019-08-06 14:34:07 +0200
committer: setpill <37372069+setpill@users.noreply.github.com> 2019-08-20 10:54:14 +0200
commit: 870d4152dfc3d990e336723562948835c2dbd646 (patch)
tree: 8de4a04e5c6c6ae8dd26db1960a132586a2cf374 /contrib
parent: 639a416e3758b3005b860b198f0ec7bdd80a7f0c (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/contrib/init/bitcoind.service b/contrib/init/bitcoind.service
index 5f9a649097..34c3e7b3ab 100644
--- a/contrib/init/bitcoind.service
+++ b/contrib/init/bitcoind.service
@@ -58,6 +58,9 @@ PrivateTmp=true
 # Mount /usr, /boot/ and /etc read-only for the process.
 ProtectSystem=full
 
+# Deny access to /home, /root and /run/user
+ProtectHome=true
+
 # Disallow the process and all of its children to gain
 # new privileges through execve().
 NoNewPrivileges=true
author	setpill <37372069+setpill@users.noreply.github.com>	2019-08-06 14:34:07 +0200
committer	setpill <37372069+setpill@users.noreply.github.com>	2019-08-20 10:54:14 +0200
commit	870d4152dfc3d990e336723562948835c2dbd646 (patch)
tree	8de4a04e5c6c6ae8dd26db1960a132586a2cf374 /contrib
parent	639a416e3758b3005b860b198f0ec7bdd80a7f0c (diff)