cookiez/pam-fprint-grosshack
1
0
Fork 0
mirror of https://gitlab.com/mishakmak/pam-fprint-grosshack.git synced 2026-04-08 20:03:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

data: Add additional fprintd lockdown

Browse Source
This commit is contained in:
Bastien Nocera
2020-10-02 14:17:38 +02:00
committed by Benjamin Berg
parent 6dc699ae6f
commit 2fd86624e5
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
data/fprintd.service.in
View File

@ -15,6 +15,8 @@ ProtectControlGroups=true
StateDirectory=fprint
ProtectHome=true
PrivateTmp=true
ProtectKernelLogs=yes
SystemCallFilter=@system-service
# Network
PrivateNetwork=true
@ -31,3 +33,8 @@ RestrictRealtime=true
# Privilege escalation
NoNewPrivileges=true
TasksMax=1
# Capabilities
CapabilityBoundingSet=
ProtectClock=yes