forked from pool/tvheadend
Takashi Iwai
34e9297ce0
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/933792 OBS-URL: https://build.opensuse.org/package/show/multimedia:apps/tvheadend?expand=0&rev=42
23 lines
790 B
Diff
23 lines
790 B
Diff
Index: tvheadend-4.2.8/rpm/tvheadend.service
|
|
===================================================================
|
|
--- tvheadend-4.2.8.orig/rpm/tvheadend.service
|
|
+++ tvheadend-4.2.8/rpm/tvheadend.service
|
|
@@ -3,6 +3,17 @@ Description=Tvheadend - a TV streaming s
|
|
After=network.target auditd.service
|
|
|
|
[Service]
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+ProtectHome=true
|
|
+ProtectHostname=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
EnvironmentFile=/etc/sysconfig/tvheadend
|
|
ExecStart=/usr/bin/tvheadend -f -p /run/tvheadend.pid $OPTIONS
|
|
PIDFile=/run/tvheadend.pid
|