add LogDir, ProtectSystem=yes and capabilities to bind ports

2024-10-21 17:50:05 +02:00 · 2024-10-21 17:50:05 +02:00 · a42bb63039
commit a42bb63039
parent 70772806c8
1 changed files with 3 additions and 2 deletions
--- a/ncam.service
+++ b/ncam.service
@ -8,11 +8,12 @@ Type=forking
 ExecStart=/usr/bin/ncam -b
 User=ncam
 ConfigurationDirectory=ncam
+LogsDirectory=ncam
 PrivateTmp=yes
 ProtectHome=yes
-ProtectSystem=strict
+ProtectSystem=yes
 NoNewPrivileges=yes
-ReadWritePaths=-/var/lib/ncam
+AmbientCapabilities=CAP_NET_BIND_SERVICE

 [Install]
 WantedBy=multi-user.target