rpms / fprintd

Clone
Source Code
GIT

Blame SOURCES/0001-Remove-sandboxing-that-s-unsupported-in-RHEL7-s-syst.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   0001-Remove-sandboxing-that-s-unsupported-in-RHEL7-s-syst.patch
Blob History Raw
8244b9 
From 3eb55a6e11efcaab94d6595bfbdbe8ab6557f662 Mon Sep 17 00:00:00 2001
8244b9 
From: Bastien Nocera <hadess@hadess.net>
8244b9 
Date: Fri, 21 Sep 2018 12:33:21 +0200
8244b9 
Subject: [PATCH] Remove sandboxing that's unsupported in RHEL7's systemd
8244b9
8244b9 
---
8244b9 
 data/fprintd.service.in | 14 +-------------
8244b9 
 1 file changed, 1 insertion(+), 13 deletions(-)
8244b9
8244b9 
diff --git a/data/fprintd.service.in b/data/fprintd.service.in
8244b9 
index 5f46810..05f4ddf 100644
8244b9 
--- a/data/fprintd.service.in
8244b9 
+++ b/data/fprintd.service.in
8244b9 
@@ -8,10 +8,7 @@ BusName=net.reactivated.Fprint
8244b9 
 ExecStart=@libexecdir@/fprintd
8244b9
8244b9 
 # Filesystem lockdown
8244b9 
-ProtectSystem=strict
8244b9 
-ProtectKernelTunables=true
8244b9 
-ProtectControlGroups=true
8244b9 
-ReadWritePaths=@localstatedir@/lib/fprint
8244b9 
+ProtectSystem=true
8244b9 
 ProtectHome=true
8244b9 
 PrivateTmp=true
8244b9
8244b9 
@@ -19,14 +16,5 @@ PrivateTmp=true
8244b9 
 PrivateNetwork=true
8244b9 
 RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
8244b9
8244b9 
-# Execute Mappings
8244b9 
-MemoryDenyWriteExecute=true
8244b9 
-
8244b9 
-# Modules
8244b9 
-ProtectKernelModules=true
8244b9 
-
8244b9 
-# Real-time
8244b9 
-RestrictRealtime=true
8244b9 
-
8244b9 
 # Privilege escalation
8244b9 
 NoNewPrivileges=true
8244b9 
--
8244b9 
2.17.1
8244b9

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation