From 0f7340130e6231503b76019799b9458ee27ab92c Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Tue, 29 Jun 2021 21:10:03 +0200
Subject: [PATCH] data: Disallow fprintd to read kernel logs

---
 data/fprintd.service.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/fprintd.service.in b/data/fprintd.service.in
index ef20c1d..8ff9fc9 100644
--- a/data/fprintd.service.in
+++ b/data/fprintd.service.in
@@ -10,6 +10,7 @@ ExecStart=@libexecdir@/fprintd
 # Filesystem lockdown
 ProtectSystem=strict
 ProtectKernelTunables=true
+ProtectKernelLogs=true
 ProtectControlGroups=true
 # This always corresponds to /var/lib/fprint
 StateDirectory=fprint