From aead88ab596ca75cc3f13a14d99f1f685a687832 Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni <nicoo@debian.org>
Date: Fri, 31 Jan 2020 05:26:33 +0100
Subject: init.d/service.fedora: Set SecureBits=noroot-locked

No capabilities(7) are granted through execve(2); this setting cannot be undone.
---
 init.d/service.fedora | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/init.d/service.fedora b/init.d/service.fedora
index 5d6bdd3..228eb36 100644
--- a/init.d/service.fedora
+++ b/init.d/service.fedora
@@ -9,6 +9,8 @@ Before=sysinit.target shutdown.target systemd-journald.service
 ExecStart=/usr/sbin/haveged -w 1024 -v 1 --Foreground
 Restart=always
 SuccessExitStatus=137 143
+
+SecureBits=noroot-locked
 CapabilityBoundingSet=CAP_SYS_ADMIN
 PrivateDevices=true
 PrivateNetwork=true
-- 
cgit v1.2.3