From 6494efa94e5bb27f235ed758bba971c2d609ea2f Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 13 Sep 2017 15:48:17 +0200
Subject: [PATCH] data: Stop privilege escalations in daemon

Using the NoNewPrivileges stanza from systemd.
---
 data/fprintd.service.in | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/fprintd.service.in b/data/fprintd.service.in
index 150e58a..24d7f5d 100644
--- a/data/fprintd.service.in
+++ b/data/fprintd.service.in
@@ -26,3 +26,6 @@ ProtectKernelModules=true
 
 # Real-time
 RestrictRealtime=true
+
+# Privilege escalation
+NoNewPrivileges=true