mirror of
https://gitlab.com/mobian1/eg25-manager.git
synced 2025-08-29 15:22:20 +02:00
d/eg25-manager.service: be less restrictive
Additional security options in kernel config make it more picky, removing problematic directives (`DeviceAllow` and `ProtectClock`) from the service file helps getting things straight. Other options aren't recognized by our systemd version (`ProtectKernelModules`, `ProtectProc`, `ProtectDevices` and `ProtectKernelLog`), so we can just as well remove those.
This commit is contained in:
6
debian/eg25-manager.service
vendored
6
debian/eg25-manager.service
vendored
@@ -12,17 +12,11 @@ ProtectKernelTunables=true
|
||||
ProtectSystem=strict
|
||||
RestrictSUIDSGID=true
|
||||
PrivateTmp=true
|
||||
ProtectedKernelModules=true
|
||||
MemoryDenyWriteExecute=true
|
||||
PrivateMounts=true
|
||||
NoNewPrivileges=true
|
||||
CapabilityBoundingSet=
|
||||
ProtectProc=true
|
||||
ProtectDevices=true
|
||||
DeviceAllow=/dev/ttyS2
|
||||
LockPersonality=true
|
||||
ProtectClock=true
|
||||
ProtectKernelLog=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
Reference in New Issue
Block a user