diff options
| author | Nicolas Braud-Santoni <nicoo@debian.org> | 2020-01-31 05:26:33 +0100 |
|---|---|---|
| committer | Nicolas Braud-Santoni <nicolas@braud-santoni.eu> | 2020-01-31 05:26:33 +0100 |
| commit | aead88ab596ca75cc3f13a14d99f1f685a687832 (patch) | |
| tree | 2f3d9da3d1b7d5b6a62e7677183562b5c7ac198d /init.d/service.fedora | |
| parent | Merge pull request #24 from Polynomial-C/enable-threads_build_fix (diff) | |
| download | haveged-aead88ab596ca75cc3f13a14d99f1f685a687832.tar.xz haveged-aead88ab596ca75cc3f13a14d99f1f685a687832.zip | |
init.d/service.fedora: Set SecureBits=noroot-locked
No capabilities(7) are granted through execve(2); this setting cannot be undone.
Diffstat (limited to 'init.d/service.fedora')
| -rw-r--r-- | init.d/service.fedora | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/init.d/service.fedora b/init.d/service.fedora index 5d6bdd3..228eb36 100644 --- a/init.d/service.fedora +++ b/init.d/service.fedora @@ -9,6 +9,8 @@ Before=sysinit.target shutdown.target systemd-journald.service ExecStart=/usr/sbin/haveged -w 1024 -v 1 --Foreground Restart=always SuccessExitStatus=137 143 + +SecureBits=noroot-locked CapabilityBoundingSet=CAP_SYS_ADMIN PrivateDevices=true PrivateNetwork=true |