From 66016b8499761460ccf3db99a4747ca87a50ff33 Mon Sep 17 00:00:00 2001
From: Bogdan Khomutsky <bogdan@khomutsky.com>
Date: Mon, 9 Jul 2018 11:13:28 +0300
Subject: [PATCH] scripts: apply hardening for systemd service (#5332)

---
 scripts/systemd/gogs.service | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/systemd/gogs.service b/scripts/systemd/gogs.service
index 9f105bf8e..d9f12e30e 100644
--- a/scripts/systemd/gogs.service
+++ b/scripts/systemd/gogs.service
@@ -18,6 +18,10 @@ WorkingDirectory=/home/git/gogs
 ExecStart=/home/git/gogs/gogs web
 Restart=always
 Environment=USER=git HOME=/home/git
+# Hardening
+ProtectSystem=full
+PrivateDevices=yes
+PrivateTmp=yes
 
 [Install]
 WantedBy=multi-user.target