e313ed0efc
* all: Ensure pid file exists when respawning child process
* vrrp: check ifindex != 0 before using the interface
* vrrp: Duplicate/drop MLDv1 listener reports on VMACs
* core: ensure only one instance of keepalived can run per config_id
* configure: add --enable-(cflags,cppflags,ldflags) options
* configure: add --enable-sanitize-(undefined,leak,memory,scudo,hwaddress) options
* vrrp: change vrrp_in_chk_vips to return bool rather than int
* core: cosmetic code layout change
* core: remove some duplicate include files
* vrrp: stop memory leak when error in configuring vrrp_iptables
(bsc#1228123) VUL-0: CVE-2024-41184: keepalived: integer overflow in vrrp_ipsets_handler
OBS-URL: https://build.opensuse.org/package/show/network/keepalived?expand=0&rev=89
25 lines
818 B
Diff
25 lines
818 B
Diff
Index: keepalived-2.2.2/keepalived/keepalived.service.in
|
|
===================================================================
|
|
--- keepalived-2.2.2.orig/keepalived/keepalived.service.in
|
|
+++ keepalived-2.2.2/keepalived/keepalived.service.in
|
|
@@ -8,6 +8,19 @@ After=network-online.target syslog.targe
|
|
Documentation=https://keepalived.org
|
|
|
|
[Service]
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+ProtectHome=true
|
|
+PrivateDevices=true
|
|
+ProtectHostname=true
|
|
+ProtectClock=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
Type=@SYSTEMD_SERVICE_TYPE@
|
|
PIDFile=@RUN_DIR@/run/keepalived.pid
|
|
KillMode=process
|