summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNicolas Braud-Santoni <nicoo@debian.org>2020-01-31 05:36:34 +0100
committerNicolas Braud-Santoni <nicolas@braud-santoni.eu>2020-01-31 05:36:34 +0100
commit0c7c8c971b3fbb917601bca366dbbd619b6f0f1d (patch)
tree28bfdd12495b2afe9ee8e9ac1598dd3a7cfabec1
parentinit.d/service.fedora: Enforce W^X (memory cannot be writeable and executable) (diff)
downloadhaveged-0c7c8c971b3fbb917601bca366dbbd619b6f0f1d.tar.xz
haveged-0c7c8c971b3fbb917601bca366dbbd619b6f0f1d.zip
init.d/service.fedora: Add syscall filter for the service
Diffstat
-rw-r--r--init.d/service.fedora3
1 files changed, 3 insertions, 0 deletions
diff --git a/init.d/service.fedora b/init.d/service.fedora
index 3e19a4e..4ca8128 100644
--- a/init.d/service.fedora
+++ b/init.d/service.fedora
@@ -25,6 +25,9 @@ RestrictRealtime=true
LockPersonality=true
MemoryDenyWriteExecute=true
+SystemCallArchitectures=native
+SystemCallFilter=@basic-io @file-system @io-event @network-io @signal
+SystemCallFilter=arch_prctl brk ioctl mprotect sysinfo
[Install]
WantedBy=sysinit.target
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 09:51:40 +0100