48d81feec7
lircd: allow input device access in lircd.service again OBS-URL: https://build.opensuse.org/request/show/931284 OBS-URL: https://build.opensuse.org/package/show/vdr/lirc?expand=0&rev=110
24 lines
764 B
Diff
24 lines
764 B
Diff
--- lirc-0.10.1.orig/systemd/lircd.service 2021-11-13 20:42:43.204519438 +0100
|
|
+++ lirc-0.10.1/systemd/lircd.service 2021-11-13 20:47:54.182189779 +0100
|
|
@@ -6,6 +6,20 @@ Wants=lircd-setup.service
|
|
After=network.target lircd-setup.service
|
|
|
|
[Service]
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectHostname=true
|
|
+ProtectClock=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
+#
|
|
+# ProtectClock=true from above blocks all device accesses, allow input device access again
|
|
+DeviceAllow=char-input
|
|
+#
|
|
Type=simple
|
|
ExecStart=/usr/sbin/lircd --nodaemon
|
|
; User=lirc
|