df6f7fba40
- Drop ProtectClock hardening, can cause issues if other device acceess is needed OBS-URL: https://build.opensuse.org/request/show/925450 OBS-URL: https://build.opensuse.org/package/show/network:telephony/coturn?expand=0&rev=20
23 lines
725 B
Diff
23 lines
725 B
Diff
Index: coturn-4.5.2/examples/etc/coturn.service
|
|
===================================================================
|
|
--- coturn-4.5.2.orig/examples/etc/coturn.service
|
|
+++ coturn-4.5.2/examples/etc/coturn.service
|
|
@@ -15,6 +15,17 @@ ExecStart=/usr/bin/turnserver -c /etc/tu
|
|
Restart=on-failure
|
|
InaccessibleDirectories=/home
|
|
PrivateTmp=yes
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+ProtectHome=true
|
|
+ProtectHostname=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|