proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-08-08 14:36:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use more restrictive settings when running under systemd

Browse Source
This commit is contained in:
Richard Hughes 2016-12-14 10:53:49 +00:00
parent df3aa3bdc9
commit 99b317d4f7
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
data/fwupd.service.in
View File

@ -9,4 +9,14 @@ ConditionPathExists=/var/lib/fwupd/pending.db
Type=dbus Type=dbus
BusName=org.freedesktop.fwupd BusName=org.freedesktop.fwupd
ExecStart=@servicedir@/fwupd/fwupd ExecStart=@servicedir@/fwupd/fwupd
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateTmp=yes PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=full
RestrictAddressFamilies=AF_NETLINK AF_UNIX
RestrictRealtime=yes