openldap2/slapd.service
William Brown 8644a7376a Accepting request 1031422 from home:firstyear:branches:network:ldap
- bsc#1202931 - CVE-2022-31253 - Openldap start script allowed the ldap user
  to privilege escalate to root due to unbound chown commands.

OBS-URL: https://build.opensuse.org/request/show/1031422
OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=307
2022-10-27 01:27:25 +00:00

29 lines
581 B
Desktop File

[Unit]
Description=OpenLDAP Server Daemon
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/usr/lib/openldap/start
# Hardening to prevent security escalation.
## Future hardening for FS protection.
# ProtectSystem=full
# ReadWritePaths=/etc/openldap/slapd.d /var/lib/ldap
RestrictSUIDSGID=true
NoNewPrivileges=true
PrivateTmp=true
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target