Yan Gao
135dbd3f79
- Update to version 1.5.1+20211210.92ff8d8: - configure: have --with-runstatedir overrule --runstatedir (bsc#1185182) - services: enable systemd sandboxing settings for releases >= 15.4 - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_sbd.service.patch * harden_sbd_remote.service.patch OBS-URL: https://build.opensuse.org/request/show/940717 OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/sbd?expand=0&rev=113
20 lines
670 B
Diff
20 lines
670 B
Diff
Index: sbd-1.5.1+20211116.6bb085f/src/sbd_remote.service.in
|
|
===================================================================
|
|
--- sbd-1.5.1+20211116.6bb085f.orig/src/sbd_remote.service.in
|
|
+++ sbd-1.5.1+20211116.6bb085f/src/sbd_remote.service.in
|
|
@@ -7,6 +7,14 @@ RefuseManualStop=true
|
|
RefuseManualStart=true
|
|
|
|
[Service]
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+ProtectHome=true
|
|
+ProtectHostname=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+# end of automatic additions
|
|
Type=forking
|
|
PIDFile=@runstatedir@/sbd.pid
|
|
EnvironmentFile=-@CONFIGDIR@/sbd
|