cookiez/pam-fprint-grosshack
1
0
Fork 0
mirror of https://gitlab.com/mishakmak/pam-fprint-grosshack.git synced 2026-04-08 20:03:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

data: Disallow fprintd to read kernel logs

Browse Source
This commit is contained in:
Benjamin Berg
2021-06-29 21:10:03 +02:00
parent fcd7e9bc76
commit 0f7340130e
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
data/fprintd.service.in
View File

@ -10,6 +10,7 @@ ExecStart=@libexecdir@/fprintd
# Filesystem lockdown # Filesystem lockdown
ProtectSystem=strict ProtectSystem=strict
ProtectKernelTunables=true ProtectKernelTunables=true
ProtectKernelLogs=true
ProtectControlGroups=true ProtectControlGroups=true
# This always corresponds to /var/lib/fprint # This always corresponds to /var/lib/fprint
StateDirectory=fprint StateDirectory=fprint