atari
10
did you tweak around with the debian-default profiles?
if not, everything should work without “NoNewPrivileges”-stuff
so this should be enough:
sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy
if you installed obfs4proxy from backports (recommended) you should consider this fix for apparmor:
further exploring systemd hardening:
please run:
systemd-analyze security
see also:
4 Likes