rpms / chrony

Clone
Source Code
GIT

Blame SOURCES/chrony-services.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   5d6ed859d0f0f50031de3da3abfa9225388e7a12
  2.   SOURCES
  3.   chrony-services.patch
Blob History Raw
f77576 
diff -up chrony-4.2/examples/chronyd.service.services chrony-4.2/examples/chronyd.service
f77576 
--- chrony-4.2/examples/chronyd.service.services	2021-12-16 13:17:42.000000000 +0100
f77576 
+++ chrony-4.2/examples/chronyd.service	2022-01-19 13:55:59.066677473 +0100
f77576 
@@ -32,8 +32,7 @@ ProtectKernelLogs=yes
f77576 
 ProtectKernelModules=yes
f77576 
 ProtectKernelTunables=yes
f77576 
 ProtectProc=invisible
f77576 
-ProtectSystem=strict
f77576 
-ReadWritePaths=/run /var/lib/chrony -/var/log
f77576 
+ProtectSystem=full
f77576 
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
f77576 
 RestrictNamespaces=yes
f77576 
 RestrictSUIDSGID=yes
f77576 
@@ -42,7 +41,6 @@ SystemCallFilter=~@cpu-emulation @debug
f77576
f77576 
 # Adjust restrictions for /usr/sbin/sendmail (mailonchange directive)
f77576 
 NoNewPrivileges=no
f77576 
-ReadWritePaths=-/var/spool
f77576 
 RestrictAddressFamilies=AF_NETLINK
f77576
f77576 
 [Install]
f77576
f77576 
Avoid a SELinux issue
f77576
f77576 
diff --git a/examples/chrony-wait.service b/examples/chrony-wait.service
f77576 
index 72b028f2..57646950 100644
f77576 
--- a/examples/chrony-wait.service
f77576 
+++ b/examples/chrony-wait.service
f77576 
@@ -18,7 +18,7 @@ StandardOutput=null
f77576
f77576 
 CapabilityBoundingSet=
f77576 
 DevicePolicy=closed
f77576 
-DynamicUser=yes
f77576 
+#DynamicUser=yes
f77576 
 IPAddressAllow=localhost
f77576 
 IPAddressDeny=any
f77576 
 LockPersonality=yes
f77576

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation