squid/harden_squid.service.patch
Adam Majer fcd32b7814 Accepting request 1103093 from home:polslinux:branches:server:proxy
- update to 6.2:
  * Major UI changes:
    - Remove 8K limit for single access.log line
    - Add tls_key_log to report TLS communication secrets
  * Minor UI changes:
    - Add %transport::>connection_id logformat code
    - Add paranoid_hit_validation directive
    - Report SMP store queues state (mgr:store_queues)
    - Addcache_log_message directive
  * Developer Interest changes:
    - Replaced X-Cache and X-Cache-Lookup headers with Cache-Status
    - Reject HTTP/1.0 requests with unusual framing
    - codespell check added to source maintenance enforcement
    - Streamlined ./configure handling of optional libraries
    - Add –progress option to test-builds.sh
    - Remove layer-00-bootstrap from test script
    - Convert LRU map into a CLP map
    - Remove legacy context-based debugging in favor of CodeContext
  * Removed features:
    - Remove unused cache_diff binary
    - Remove obsolete membanger test
    - Remove deprecated leakfinder (–enable-leakfinder)

OBS-URL: https://build.opensuse.org/request/show/1103093
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=277
2023-08-09 09:34:23 +00:00

24 lines
777 B
Diff

Index: squid-6.2/tools/systemd/squid.service
===================================================================
--- squid-6.2.orig/tools/systemd/squid.service
+++ squid-6.2/tools/systemd/squid.service
@@ -11,6 +11,18 @@ Documentation=man:squid(8)
After=network.target network-online.target nss-lookup.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=notify
PIDFile=/var/run/squid.pid
ExecStartPre=/usr/sbin/squid --foreground -z