Blame harden_upmpdcli.service.patch
|
|
9b719b |
Index: upmpdcli-1.5.11/systemd/upmpdcli.service
|
|
|
9b719b |
===================================================================
|
|
|
9b719b |
--- upmpdcli-1.5.11.orig/systemd/upmpdcli.service
|
|
|
9b719b |
+++ upmpdcli-1.5.11/systemd/upmpdcli.service
|
|
|
9b719b |
@@ -4,6 +4,19 @@ After=network-online.target mpd.service
|
|
|
9b719b |
Wants=network-online.target
|
|
|
9b719b |
|
|
|
9b719b |
[Service]
|
|
|
9b719b |
+# added automatically, for details please see
|
|
|
9b719b |
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
Bernhard M. Wiedemann |
541fcc |
+ProtectSystem=true
|
|
|
9b719b |
+ProtectHome=true
|
|
|
9b719b |
+PrivateDevices=true
|
|
|
9b719b |
+ProtectHostname=true
|
|
|
9b719b |
+ProtectClock=true
|
|
|
9b719b |
+ProtectKernelTunables=true
|
|
|
9b719b |
+ProtectKernelModules=true
|
|
|
9b719b |
+ProtectKernelLogs=true
|
|
|
9b719b |
+ProtectControlGroups=true
|
|
|
9b719b |
+RestrictRealtime=true
|
|
|
9b719b |
+# end of automatic additions
|
|
|
9b719b |
Type=simple
|
|
|
9b719b |
# Note: if start fails check with "systemctl status upmpdcli"
|
|
|
72f8c9 |
ExecStart=/usr/bin/upmpdcli -c /etc/upmpdcli.conf
|