wireproxy

mirrors/wireproxy

Fork 0

mirror of https://github.com/whyvl/wireproxy.git synced 2025-04-29 19:01:42 +02:00

Commit graph

Author	SHA1	Message	Date
J. Dekker	4f066d050a	systemd: tight sandboxing (#103 ) wireproxy needs very little permissions, we can restrict it to basically nothing. DynamicUser means the system will generate a UID on demand for service, also CAP_NET_BIND_SERVICE can be used to allow this user to bind to a port < 1024 if desired. Also LoadCredential lets us read a file with tight permissions i.e. root:root 0400 and pass it to only wireproxy in an ephemeral and constrained manner. Signed-off-by: J. Dekker <jdek@itanimul.li>	2024-03-18 16:42:03 +00:00
villepeh	05c8493981	Provide an example systemd service file (#77 ) * Create README.md * Create wireproxy.service * Update README.md	2023-07-15 20:39:33 +01:00

Author

SHA1

Message

Date

J. Dekker

4f066d050a

systemd: tight sandboxing (#103 )

wireproxy needs very little permissions, we can restrict it to basically
nothing. DynamicUser means the system will generate a UID on demand
for service, also CAP_NET_BIND_SERVICE can be used to allow this user
to bind to a port < 1024 if desired. Also LoadCredential lets us read
a file with tight permissions i.e. root:root 0400 and pass it to only
wireproxy in an ephemeral and constrained manner.

Signed-off-by: J. Dekker <jdek@itanimul.li>

2024-03-18 16:42:03 +00:00

villepeh

05c8493981

Provide an example systemd service file (#77 )

* Create README.md

* Create wireproxy.service

* Update README.md

2023-07-15 20:39:33 +01:00

2 commits