SLFO-pool/pesign
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
pesign/pesign-bsc1202933-Make-etc-pki-pesign-writeable.patch

26 lines
832 B
Diff
Raw Permalink Blame History

From 73cd25615367ff1f9a19fdfd38017f68a12a354d Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Tue, 7 Feb 2023 15:34:09 +0800
Subject: [PATCH] Make /etc/pki/pesign/ writeable
The default NSS database for the pesign daemon is stored in /etc/pki/pesign/.
Make it writeable after hardening the service.
Signed-off-by: Gary Lin <glin@suse.com>
---
src/pesign.service.in | 1 +
1 file changed, 1 insertion(+)
Index: pesign-116/src/pesign.service.in
===================================================================
--- pesign-116.orig/src/pesign.service.in
+++ pesign-116/src/pesign.service.in
@@ -18,6 +18,7 @@ RestrictRealtime=true
# end of automatic additions
PIDFile=@@RUNDIR@@/pesign.pid
ExecStart=/usr/bin/pesign --daemonize --nofork
+ReadWritePaths=/etc/pki/pesign/
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink