rpms / fprintd

Clone
Source Code
GIT

Blame SOURCES/0001-Remove-sandboxing-that-s-unsupported-in-RHEL7-s-syst.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   2ff111d690d3d82a33f86bf37480c2e2d1179ba2
  2.   SOURCES
  3.   0001-Remove-sandboxing-that-s-unsupported-in-RHEL7-s-syst.patch
Blob History Raw
2ff111 
From 3eb55a6e11efcaab94d6595bfbdbe8ab6557f662 Mon Sep 17 00:00:00 2001
2ff111 
From: Bastien Nocera <hadess@hadess.net>
2ff111 
Date: Fri, 21 Sep 2018 12:33:21 +0200
2ff111 
Subject: [PATCH] Remove sandboxing that's unsupported in RHEL7's systemd
2ff111
2ff111 
---
2ff111 
 data/fprintd.service.in | 14 +-------------
2ff111 
 1 file changed, 1 insertion(+), 13 deletions(-)
2ff111
2ff111 
diff --git a/data/fprintd.service.in b/data/fprintd.service.in
2ff111 
index 5f46810..05f4ddf 100644
2ff111 
--- a/data/fprintd.service.in
2ff111 
+++ b/data/fprintd.service.in
2ff111 
@@ -8,10 +8,7 @@ BusName=net.reactivated.Fprint
2ff111 
 ExecStart=@libexecdir@/fprintd
2ff111
2ff111 
 # Filesystem lockdown
2ff111 
-ProtectSystem=strict
2ff111 
-ProtectKernelTunables=true
2ff111 
-ProtectControlGroups=true
2ff111 
-ReadWritePaths=@localstatedir@/lib/fprint
2ff111 
+ProtectSystem=true
2ff111 
 ProtectHome=true
2ff111 
 PrivateTmp=true
2ff111
2ff111 
@@ -19,14 +16,5 @@ PrivateTmp=true
2ff111 
 PrivateNetwork=true
2ff111 
 RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
2ff111
2ff111 
-# Execute Mappings
2ff111 
-MemoryDenyWriteExecute=true
2ff111 
-
2ff111 
-# Modules
2ff111 
-ProtectKernelModules=true
2ff111 
-
2ff111 
-# Real-time
2ff111 
-RestrictRealtime=true
2ff111 
-
2ff111 
 # Privilege escalation
2ff111 
 NoNewPrivileges=true
2ff111 
--
2ff111 
2.17.1
2ff111

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation