~arx10/furemcape unlisted

2a16b9d559ea1d81195b8b09bf42ddfe5e9a3d5f — Justin Ludwig 8 months ago b05c375
relax execmem restrictions for feeder service tls

Signed-off-by: Justin Ludwig <justin@arcemtene.com>
1 files changed, 3 insertions(+), 1 deletions(-)

M feeder/etc/feeder.service
M feeder/etc/feeder.service => feeder/etc/feeder.service +3 -1
@@ 13,7 13,9 @@ Restart=always

# HARDENING
LockPersonality=yes
MemoryDenyWriteExecute=yes
# listening for TLS connections requires write+execute memory
# see https://github.com/pyca/pyopenssl/issues/873
# MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes