pool/at
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
at/harden_atd.service.patch
Danilo Spinella cbc8544d9f Accepting request 956821 from home:dspinella:branches:Base:System 
- Update to version 3.2.4:
  * Upstream SUSE patches
- Update to version 3.2.3:
  * Fix two typos on documentation
  * Upstream SUSE patches
  * Various improvements to the code and the build system
- Refresh patches:
  * at-3.1.16-handle_malformed_jobs.patch
  * at-3.2.2.patch
  * at-backport-old-privs.patch
  * harden_atd.service.patch
- Drop upstreamed patches:
  * at-3.1.13-leak-fix.patch
  * at-3.1.13-massive_batch.patch
  * at-3.1.14-joblist.patch
  * at-3.1.14-usePOSIXtimers.patch
  * at-3.1.8-jobdir-mtime.patch
  * at-atq-timeformat.patch
  * at-secure_getenv.patch

OBS-URL: https://build.opensuse.org/request/show/956821
OBS-URL: https://build.opensuse.org/package/show/Base:System/at?expand=0&rev=121
2022-02-22 16:51:45 +00:00

23 lines
744 B
Diff
Raw Blame History

Index: at-3.2.4/atd.service.in
===================================================================
--- at-3.2.4.orig/atd.service.in
+++ at-3.2.4/atd.service.in
@@ -4,6 +4,17 @@ Documentation=man:atd(8)
After=remote-fs.target nss-user-lookup.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
ExecStartPre=-find @atjobdir@ -type f -name "=*" -not -newercc /run/systemd -delete
ExecStart=@sbindir@/atd -f
IgnoreSIGPIPE=false
Reference in New Issue View Git Blame Copy Permalink