forked from pool/rrdtool
bfff176f02
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/932184 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/rrdtool?expand=0&rev=91
25 lines
835 B
Diff
25 lines
835 B
Diff
Index: rrdtool-1.7.2/etc/rrdcached.service.in
|
|
===================================================================
|
|
--- rrdtool-1.7.2.orig/etc/rrdcached.service.in
|
|
+++ rrdtool-1.7.2/etc/rrdcached.service.in
|
|
@@ -8,6 +8,19 @@ Description=Data caching daemon for rrdt
|
|
Documentation=man:rrdcached(1)
|
|
|
|
[Service]
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+ProtectHome=true
|
|
+PrivateDevices=true
|
|
+ProtectHostname=true
|
|
+ProtectClock=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
# If you enable socket-activable rrdcached.socket,
|
|
# command line socket declarations will be ignored
|
|
ExecStart=@prefix@/bin/rrdcached -g
|