From 4a6cd14465d0612d5edd2db60a48f54c3db1f417 Mon Sep 17 00:00:00 2001 From: JackDandy Date: Thu, 13 Jun 2024 13:49:28 +0100 Subject: [PATCH] Change systemd remove py2 and add basic hardening options (thanks to team sabnzbd). --- CHANGES.md | 3 ++- init-scripts/init.systemd | 8 ++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index ebb24f24..62e06dca 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -20,7 +20,8 @@ * Update Tornado Web Server 6.4 (b3f2a4b) to 6.4.1 (2a0e1d1) * Update unidecode module 1.3.6 (4141992) to 1.3.8 (dfe397d) * Update urllib3 2.0.7 (56f01e0) to 2.2.1 (54d6edf) -* Change growl notifier location for Apprise update refactor +* Change growl notifier location for Apprise update refactor +* Change systemd remove py2 and add basic hardening options ### 3.31.0 (2024-06-05 08:00:00 UTC) diff --git a/init-scripts/init.systemd b/init-scripts/init.systemd index dfe3ff7c..62b4494a 100755 --- a/init-scripts/init.systemd +++ b/init-scripts/init.systemd @@ -39,10 +39,14 @@ User=sickgear Group=sickgear Environment=PYTHONUNBUFFERED=true -ExecStart=/usr/bin/python2 /opt/sickgear/app/sickgear.py --systemd --datadir=/opt/sickgear/data +ExecStart=/opt/sickgear/app/sickgear.py --systemd --datadir=/opt/sickgear/data KillMode=process Restart=on-failure -WorkingDirectory=/opt/sickgear +ProtectSystem=full +DeviceAllow=/dev/null rw +DeviceAllow=/dev/urandom r +DevicePolicy=strict +NoNewPrivileges=yesWorkingDirectory=/opt/sickgear [Install] WantedBy=multi-user.target