Tree - rpms/fprintd - CentOS Git server

Blob History Raw

		1ba30d	`From 3eb55a6e11efcaab94d6595bfbdbe8ab6557f662 Mon Sep 17 00:00:00 2001`
		1ba30d	`From: Bastien Nocera <hadess@hadess.net>`
		1ba30d	`Date: Fri, 21 Sep 2018 12:33:21 +0200`
		1ba30d	`Subject: [PATCH] Remove sandboxing that's unsupported in RHEL7's systemd`
		1ba30d
		1ba30d	`---`
		1ba30d	`data/fprintd.service.in \| 14 +-------------`
		1ba30d	`1 file changed, 1 insertion(+), 13 deletions(-)`
		1ba30d
		1ba30d	`diff --git a/data/fprintd.service.in b/data/fprintd.service.in`
		1ba30d	`index 5f46810..05f4ddf 100644`
		1ba30d	`--- a/data/fprintd.service.in`
		1ba30d	`+++ b/data/fprintd.service.in`
		1ba30d	`@@ -8,10 +8,7 @@ BusName=net.reactivated.Fprint`
		1ba30d	`ExecStart=@libexecdir@/fprintd`
		1ba30d
		1ba30d	`# Filesystem lockdown`
		1ba30d	`-ProtectSystem=strict`
		1ba30d	`-ProtectKernelTunables=true`
		1ba30d	`-ProtectControlGroups=true`
		1ba30d	`-ReadWritePaths=@localstatedir@/lib/fprint`
		1ba30d	`+ProtectSystem=true`
		1ba30d	`ProtectHome=true`
		1ba30d	`PrivateTmp=true`
		1ba30d
		1ba30d	`@@ -19,14 +16,5 @@ PrivateTmp=true`
		1ba30d	`PrivateNetwork=true`
		1ba30d	`RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK`
		1ba30d
		1ba30d	`-# Execute Mappings`
		1ba30d	`-MemoryDenyWriteExecute=true`
		1ba30d	`-`
		1ba30d	`-# Modules`
		1ba30d	`-ProtectKernelModules=true`
		1ba30d	`-`
		1ba30d	`-# Real-time`
		1ba30d	`-RestrictRealtime=true`
		1ba30d	`-`
		1ba30d	`# Privilege escalation`
		1ba30d	`NoNewPrivileges=true`
		1ba30d	`--`
		1ba30d	`2.17.1`
		1ba30d