%PDF- %PDF- Mini Shell
Mini Shell

Current File : //usr/lib/systemd/system/colord.service
[Unit]
Description=Manage, Install and Generate Color Profiles

[Service]
Type=dbus
BusName=org.freedesktop.ColorManager
ExecStart=/usr/libexec/colord
User=colord
PrivateTmp=yes
ProtectSystem=strict
ProtectHome=true
ProtectHostname=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true

ConfigurationDirectory=colord
StateDirectory=colord
CacheDirectory=colord

# drop all capabilities
CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_RAWIO CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_MKNOD CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM

NoNewPrivileges=true
PrivateUsers=true
ProtectProc=invisible
ProcSubset=pid
RestrictSUIDSGID=true
SystemCallArchitectures=native

RestrictNamespaces=~cgroup user pid net uts mnt ipc

LockPersonality=true
MemoryDenyWriteExecute=true
RemoveIPC=true
Zerion Mini Shell 1.0