Frank Kunz
01d5e987db
- New Version 2.4.6 - Adapt to Raspberry Pi 5 GPIO pin numbering changes - Use libgpiod for GPIO pin access on Linux - Change runstatedir default from /var/run to /run on Linux OBS-URL: https://build.opensuse.org/request/show/1185434 OBS-URL: https://build.opensuse.org/package/show/electronics/brickd?expand=0&rev=19
36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
From 4f9372d700da8d41fbba5b547b68be44397987d2 Mon Sep 17 00:00:00 2001
|
|
From: Frank Kunz <mailinglists@kunz-im-inter.net>
|
|
Date: Thu, 4 Jul 2024 19:22:09 +0200
|
|
Subject: [PATCH 2/2] harden_brickd.service
|
|
|
|
Signed-off-by: Frank Kunz <mailinglists@kunz-im-inter.net>
|
|
---
|
|
.../linux/installer/lib/systemd/system/brickd.service | 11 +++++++++++
|
|
1 file changed, 11 insertions(+)
|
|
|
|
diff --git a/src/build_data/linux/installer/lib/systemd/system/brickd.service b/src/build_data/linux/installer/lib/systemd/system/brickd.service
|
|
index 9ccc7b3..180599a 100644
|
|
--- a/src/build_data/linux/installer/lib/systemd/system/brickd.service
|
|
+++ b/src/build_data/linux/installer/lib/systemd/system/brickd.service
|
|
@@ -3,6 +3,17 @@ Description=Brick Daemon
|
|
After=network.target
|
|
|
|
[Service]
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+ProtectHome=true
|
|
+ProtectHostname=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
Type=forking
|
|
ExecStart=/usr/bin/brickd --daemon
|
|
PIDFile=/run/brickd.pid
|
|
--
|
|
2.45.2
|
|
|