forked from pool/postfix
0eb4d6cbfe
- Ensure postfix can write to home directory or server side filtering wont work (sieve) OBS-URL: https://build.opensuse.org/request/show/926909 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=429
26 lines
863 B
Diff
26 lines
863 B
Diff
Index: postfix-3.6.2/postfix-SUSE/postfix.service
|
|
===================================================================
|
|
--- postfix-3.6.2.orig/postfix-SUSE/postfix.service
|
|
+++ postfix-3.6.2/postfix-SUSE/postfix.service
|
|
@@ -19,6 +19,20 @@ After=amavis.service mysql.service cyrus
|
|
Conflicts=sendmail.service exim.service
|
|
|
|
[Service]
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+ReadWritePaths=/etc/postfix
|
|
+ProtectHome=false
|
|
+PrivateDevices=true
|
|
+ProtectHostname=true
|
|
+ProtectClock=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
Type=forking
|
|
PIDFile=/var/spool/postfix/pid/master.pid
|
|
ExecStartPre=-/bin/echo 'Starting mail service (Postfix)'
|