dany/eg25-manager
1
0
Fork 0
mirror of https://gitlab.com/mobian1/eg25-manager.git synced 2025-08-29 23:32:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

d/eg25-manager.service: be less restrictive

Browse Source 
Additional security options in kernel config make it more picky, 
removing problematic directives (`DeviceAllow` and `ProtectClock`) from 
the service file helps getting things straight.

Other options aren't recognized by our systemd version 
(`ProtectKernelModules`, `ProtectProc`, `ProtectDevices` and 
`ProtectKernelLog`), so we can just as well remove those.
This commit is contained in:
Arnaud Ferraris
2021-09-01 00:26:21 +02:00
parent 24dbcf464c
commit 162fcf6fca
1 changed files with 0 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
debian/eg25-manager.service vendored
View File

@@ -12,17 +12,11 @@ ProtectKernelTunables=true
ProtectSystem=strict ProtectSystem=strict
RestrictSUIDSGID=true RestrictSUIDSGID=true
PrivateTmp=true PrivateTmp=true
ProtectedKernelModules=true
MemoryDenyWriteExecute=true MemoryDenyWriteExecute=true
PrivateMounts=true PrivateMounts=true
NoNewPrivileges=true NoNewPrivileges=true
CapabilityBoundingSet= CapabilityBoundingSet=
ProtectProc=true
ProtectDevices=true
DeviceAllow=/dev/ttyS2
LockPersonality=true LockPersonality=true
ProtectClock=true
ProtectKernelLog=true
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target