Adam Majer
fcd32b7814
- update to 6.2: * Major UI changes: - Remove 8K limit for single access.log line - Add tls_key_log to report TLS communication secrets * Minor UI changes: - Add %transport::>connection_id logformat code - Add paranoid_hit_validation directive - Report SMP store queues state (mgr:store_queues) - Addcache_log_message directive * Developer Interest changes: - Replaced X-Cache and X-Cache-Lookup headers with Cache-Status - Reject HTTP/1.0 requests with unusual framing - codespell check added to source maintenance enforcement - Streamlined ./configure handling of optional libraries - Add –progress option to test-builds.sh - Remove layer-00-bootstrap from test script - Convert LRU map into a CLP map - Remove legacy context-based debugging in favor of CodeContext * Removed features: - Remove unused cache_diff binary - Remove obsolete membanger test - Remove deprecated leakfinder (–enable-leakfinder) OBS-URL: https://build.opensuse.org/request/show/1103093 OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=277
24 lines
777 B
Diff
24 lines
777 B
Diff
Index: squid-6.2/tools/systemd/squid.service
|
|
===================================================================
|
|
--- squid-6.2.orig/tools/systemd/squid.service
|
|
+++ squid-6.2/tools/systemd/squid.service
|
|
@@ -11,6 +11,18 @@ Documentation=man:squid(8)
|
|
After=network.target network-online.target nss-lookup.target
|
|
|
|
[Service]
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+PrivateDevices=true
|
|
+ProtectHostname=true
|
|
+ProtectClock=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
Type=notify
|
|
PIDFile=/var/run/squid.pid
|
|
ExecStartPre=/usr/sbin/squid --foreground -z
|