mirror of
https://github.com/YunoHost-Apps/kresus_ynh.git
synced 2024-09-03 19:36:10 +02:00
Harden systemd service
This is a sync with current ArchLinux file.
This commit is contained in:
Bruno Pagani
Nicolas Frandeboeuf
parent
4693050608
commit
f54d8268ed
4 changed files with 32 additions and 10 deletions
|
|
@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
|
|||
Kresus is an open-source libre self-hosted personal finance manager. It allows you to safely track your banking history, check your overall balance and know exactly how you are spending money using categories!
|
||||
|
||||
|
||||
**Shipped version:** 0.18.1~ynh2
|
||||
**Shipped version:** 0.18.1~ynh3
|
||||
|
||||
## Screenshots
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
|
|||
|
||||
Kresus est un gestionnaire de finances personnelles gratuit et libre qui tourne sur votre serveur. Il récupère automatiquement et quotidiennement toutes vos nouvelles transactions bancaires et vous permet de les catégoriser, étudier via des graphiques, et établir un budget.
|
||||
|
||||
**Version incluse :** 0.18.1~ynh2
|
||||
**Version incluse :** 0.18.1~ynh3
|
||||
|
||||
## Captures d'écran
|
||||
|
||||
|
|
|
|||
|
|
@ -14,14 +14,36 @@ Restart=always
|
|||
StandardOutput=syslog
|
||||
StandardError=syslog
|
||||
SyslogIdentifier=__APP__
|
||||
# /var/log is implied
|
||||
LogsDirectory=__APP__
|
||||
|
||||
AmbientCapabilities=
|
||||
CapabilityBoundingSet=
|
||||
LockPersonality=true
|
||||
#Not compatible with NodeJS
|
||||
#MemoryDenyWriteExecute=true
|
||||
NoNewPrivileges=true
|
||||
PrivateDevices=true
|
||||
PrivateTmp=true
|
||||
PrivateUsers=true
|
||||
ProtectClock=true
|
||||
ProtectControlGroups=true
|
||||
ProtectHome=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectProc=invisible
|
||||
ProtectSystem=strict
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
||||
RestrictNamespaces=true
|
||||
RestrictRealtime=true
|
||||
RestrictSUIDSGID=true
|
||||
#SecureBits=noroot-locked
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallErrorNumber=EPERM
|
||||
|
||||
NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
ProtectHome=yes
|
||||
ProtectSystem=full
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
# to allow this systemd service to use sendmail.
|
||||
# references:
|
||||
# https://bugs.archlinux.org/task/57721
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
"en": "Personal finance manager",
|
||||
"fr": "Outil personnel de gestion de finances"
|
||||
},
|
||||
"version": "0.18.1~ynh2",
|
||||
"version": "0.18.1~ynh3",
|
||||
"url": "https://framagit.org/kresusapp/kresus",
|
||||
"upstream": {
|
||||
"license": "free",
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue