aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ejabberd.service.template7
1 files changed, 7 insertions, 0 deletions
diff --git a/ejabberd.service.template b/ejabberd.service.template
index 80b15adbd..49ba14737 100644
--- a/ejabberd.service.template
+++ b/ejabberd.service.template
@@ -12,6 +12,13 @@ ExecStop=@ctlscriptpath@/ejabberdctl stop
ExecReload=@ctlscriptpath@/ejabberdctl reload_config
Type=oneshot
RemainAfterExit=yes
+# The CAP_DAC_OVERRIDE capability is required for pam authentication to work
+CapabilityBoundingSet=CAP_DAC_OVERRIDE
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=full
+NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 19:43:40 +0000