summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNicolas Braud-Santoni <nicoo@debian.org>2020-01-31 05:26:33 +0100
committerNicolas Braud-Santoni <nicolas@braud-santoni.eu>2020-01-31 05:26:33 +0100
commitaead88ab596ca75cc3f13a14d99f1f685a687832 (patch)
tree2f3d9da3d1b7d5b6a62e7677183562b5c7ac198d
parentMerge pull request #24 from Polynomial-C/enable-threads_build_fix (diff)
downloadhaveged-aead88ab596ca75cc3f13a14d99f1f685a687832.tar.xz
haveged-aead88ab596ca75cc3f13a14d99f1f685a687832.zip
init.d/service.fedora: Set SecureBits=noroot-locked
No capabilities(7) are granted through execve(2); this setting cannot be undone.
Diffstat
-rw-r--r--init.d/service.fedora2
1 files changed, 2 insertions, 0 deletions
diff --git a/init.d/service.fedora b/init.d/service.fedora
index 5d6bdd3..228eb36 100644
--- a/init.d/service.fedora
+++ b/init.d/service.fedora
@@ -9,6 +9,8 @@ Before=sysinit.target shutdown.target systemd-journald.service
ExecStart=/usr/sbin/haveged -w 1024 -v 1 --Foreground
Restart=always
SuccessExitStatus=137 143
+
+SecureBits=noroot-locked
CapabilityBoundingSet=CAP_SYS_ADMIN
PrivateDevices=true
PrivateNetwork=true
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 09:51:55 +0100