diff options
| -rw-r--r-- | syntax-highlighting.service.in | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/syntax-highlighting.service.in b/syntax-highlighting.service.in index cd90546..38faaa8 100644 --- a/syntax-highlighting.service.in +++ b/syntax-highlighting.service.in @@ -10,8 +10,10 @@ IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes +CapabilityBoundingSet= PrivateDevices=yes PrivateTmp=yes +ProtectClock=yes ProtectControlGroups=yes ProtectHome=yes ProtectHostname=yes @@ -24,7 +26,6 @@ RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes SystemCallArchitectures=native -SystemCallErrorNumber=EPERM SystemCallFilter=@system-service [Install] |