f3e5d1945b
* Added --time_interval N to add entropy unconditionally every N
seconds.
* Synchronize haveged instances during switch root.
* 90-haveged.rules: fix warnings reported by udevadm verify.
- Introduce haveged-once.service.
* This new service is meant to be called from initrd, and it uses
the '--once' flag.
* Haveged is executed, and then exits, raising the entropy levels
during very early boot.
Once / is mounted and 'systemd switch-root' is called, then the
regular haveged.service is invoked.
* Fix for bsc#1165294 and bsc#1222296.
- Improve haveged-dracut.module, so that haveged is called only once
from initrd.
OBS-URL: https://build.opensuse.org/package/show/security/haveged?expand=0&rev=151
17 lines
599 B
Diff
17 lines
599 B
Diff
Index: haveged-1.9.14/contrib/Fedora/haveged.service
|
|
===================================================================
|
|
--- haveged-1.9.14.orig/contrib/Fedora/haveged.service
|
|
+++ haveged-1.9.14/contrib/Fedora/haveged.service
|
|
@@ -24,6 +24,11 @@ ProtectKernelLogs=true
|
|
ProtectKernelModules=true
|
|
RestrictNamespaces=true
|
|
RestrictRealtime=true
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectClock=true
|
|
+ProtectControlGroups=true
|
|
+# end of automatic additions
|
|
|
|
LockPersonality=true
|
|
MemoryDenyWriteExecute=true
|