rpms / fprintd

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   0001-Remove-sandboxing-that-s-unsupported-in-RHEL7-s-syst.patch
Blob Blame History Raw 
From 3eb55a6e11efcaab94d6595bfbdbe8ab6557f662 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Fri, 21 Sep 2018 12:33:21 +0200
Subject: [PATCH] Remove sandboxing that's unsupported in RHEL7's systemd

---
 data/fprintd.service.in | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/data/fprintd.service.in b/data/fprintd.service.in
index 5f46810..05f4ddf 100644
--- a/data/fprintd.service.in
+++ b/data/fprintd.service.in
@@ -8,10 +8,7 @@ BusName=net.reactivated.Fprint
 ExecStart=@libexecdir@/fprintd
 
 # Filesystem lockdown
-ProtectSystem=strict
-ProtectKernelTunables=true
-ProtectControlGroups=true
-ReadWritePaths=@localstatedir@/lib/fprint
+ProtectSystem=true
 ProtectHome=true
 PrivateTmp=true
 
@@ -19,14 +16,5 @@ PrivateTmp=true
 PrivateNetwork=true
 RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
 
-# Execute Mappings
-MemoryDenyWriteExecute=true
-
-# Modules
-ProtectKernelModules=true
-
-# Real-time
-RestrictRealtime=true
-
 # Privilege escalation
 NoNewPrivileges=true
-- 
2.17.1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation