summaryrefslogtreecommitdiffstats
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/changelog3
-rw-r--r--debian/sear.c.service4
2 files changed, 5 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index dd2f4f0..6251242 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,9 @@ sear.c (0.0.20-1) stable; urgency=low
* Added fallback option to another server via HTTP redirect in case of
CAPTCHA.
+ * Enchanced systemd unit security by whitelisting /lib, /etc and /usr/bin.
- -- Anton Luka Šijanec <anton@sijanec.eu> Tue, 31 Jan 2022 19:00:00 +0200
+ -- Anton Luka Šijanec <anton@sijanec.eu> Tue, 31 Jan 2022 20:00:00 +0200
sear.c (0.0.19-1) stable; urgency=low
diff --git a/debian/sear.c.service b/debian/sear.c.service
index 4b3271b..b3b8b2b 100644
--- a/debian/sear.c.service
+++ b/debian/sear.c.service
@@ -3,9 +3,11 @@ Description=scrapes search results of popular engines, caches them and creates a
After=network.target
[Service]
+TemporaryFileSystem=/:ro
+BindReadOnlyPaths=/lib /etc /usr/bin
+EnvironmentFile=-/etc/sear.c
Type=simple
DynamicUser=yes
-RuntimeDirectory=sear.c
ExecStart=/usr/bin/sear.c
Restart=no