systemd: Sort hardening options

* init/systemd/man-db.service.in: Sort hardening options.
author: Colin Watson <cjwatson@debian.org> 2023-07-03 22:41:32 +0100
committer: Colin Watson <cjwatson@debian.org> 2023-07-03 22:41:32 +0100
commit: e662d242d63e29c21133f92631050081fade3194 (patch)
tree: efb6f0fbd7720d7924928afc125ff96cda42aee4 /init
parent: 0d2161ceaf779111a423e304c67d93d200aa18a8 (diff)
1 files changed, 9 insertions, 8 deletions
diff --git a/init/systemd/man-db.service.in b/init/systemd/man-db.service.in
index d9a0eb59..7115f414 100644
--- a/init/systemd/man-db.service.in
+++ b/init/systemd/man-db.service.in
@@ -15,15 +15,16 @@ User=@cache_top_owner@
 Nice=19
 IOSchedulingClass=idle
 IOSchedulingPriority=7
-ProtectSystem=full
-ProtectHome=true
-PrivateTmp=true
+
+LockPersonality=true
 PrivateDevices=true
-ProtectHostname=true
+PrivateTmp=true
 ProtectClock=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectKernelLogs=true
 ProtectControlGroups=true
-LockPersonality=true
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=full
 RestrictRealtime=true
author	Colin Watson <cjwatson@debian.org>	2023-07-03 22:41:32 +0100
committer	Colin Watson <cjwatson@debian.org>	2023-07-03 22:41:32 +0100
commit	e662d242d63e29c21133f92631050081fade3194 (patch)
tree	efb6f0fbd7720d7924928afc125ff96cda42aee4 /init
parent	0d2161ceaf779111a423e304c67d93d200aa18a8 (diff)