fa617d246f
- Added hardening to systemd service(s). Added patch(es): * harden_bitcoind.service.patch Modified: * bitcoind.service OBS-URL: https://build.opensuse.org/request/show/914548 OBS-URL: https://build.opensuse.org/package/show/network:cryptocurrencies/bitcoin?expand=0&rev=42
22 lines
823 B
Diff
22 lines
823 B
Diff
Index: bitcoin-0.21.1/contrib/init/bitcoind.service
|
|
===================================================================
|
|
--- bitcoin-0.21.1.orig/contrib/init/bitcoind.service
|
|
+++ bitcoin-0.21.1/contrib/init/bitcoind.service
|
|
@@ -69,6 +69,16 @@ NoNewPrivileges=true
|
|
# Use a new /dev namespace only populated with API pseudo devices
|
|
# such as /dev/null, /dev/zero and /dev/random.
|
|
PrivateDevices=true
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectHostname=true
|
|
+ProtectClock=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
|
|
# Deny the creation of writable and executable memory mappings.
|
|
MemoryDenyWriteExecute=true
|