notification-hub

distraction-free notification daemon for simple linux desktops.
git clone https://git.ce9e.org/notification-hub.git
commit
89ec3b2129e44adc4b8cb2922997d50bac713929
parent
4e21c145e4612ae87b40d393f508bc0220dcdd84
Author
Tobias Bengfort <tobias.bengfort@posteo.de>
Date
2026-03-06 07:11
tweak systemd hardening

- rm ProtectSystem (because it does nothing for user services
- copy some options from pipewire

see also https://github.com/systemd/systemd/pull/21240

Diffstat

M systemd.service 4 +++-

1 files changed, 3 insertions, 1 deletions

diff --git a/systemd.service b/systemd.service 

@@ -6,8 +6,10 @@ PartOf=graphical-session.target
    6     6 Type=dbus
    7     7 BusName=org.freedesktop.Notifications
    8     8 ExecStart=/usr/bin/notification-hub
   -1     9 
   -1    10 LockPersonality=yes
    9    11 MemoryDenyWriteExecute=yes
   10    12 NoNewPrivileges=yes
   11    -1 ProtectSystem=strict
   -1    13 SystemCallFilter=@system-service
   12    14 InaccessiblePaths=/home
   13    15 PrivateTmp=yes