Blame harden_accounts-daemon.service.patch
|
|
ee7cb7 |
Index: accountsservice-0.6.55/data/accounts-daemon.service.in
|
|
|
ee7cb7 |
===================================================================
|
|
|
ee7cb7 |
--- accountsservice-0.6.55.orig/data/accounts-daemon.service.in
|
|
|
ee7cb7 |
+++ accountsservice-0.6.55/data/accounts-daemon.service.in
|
|
|
039ea2 |
@@ -8,6 +8,15 @@ After=nss-user-lookup.target
|
|
|
ee7cb7 |
Wants=nss-user-lookup.target
|
|
|
ee7cb7 |
|
|
|
ee7cb7 |
[Service]
|
|
|
ee7cb7 |
+# added automatically, for details please see
|
|
|
ee7cb7 |
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
|
ee7cb7 |
+PrivateDevices=true
|
|
|
ee7cb7 |
+ProtectHostname=true
|
|
|
ee7cb7 |
+ProtectClock=true
|
|
|
ee7cb7 |
+ProtectKernelTunables=true
|
|
|
ee7cb7 |
+ProtectKernelModules=true
|
|
|
ee7cb7 |
+ProtectKernelLogs=true
|
|
|
ee7cb7 |
+ProtectControlGroups=true
|
|
|
ee7cb7 |
Type=dbus
|
|
|
ee7cb7 |
BusName=org.freedesktop.Accounts
|
|
|
ee7cb7 |
ExecStart=@libexecdir@/accounts-daemon
|