cookiez/pam-fprint-grosshack
1
0
Fork 0
mirror of https://gitlab.com/mishakmak/pam-fprint-grosshack.git synced 2026-04-08 20:03:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

data: Restrict syscall usage of fprintd

Browse Source 
fprintd only needs very few syscalls. Mainly normal IO operations and
ioctl for USB access. All of this is covered by @system-service, we
could likely restrict it quite a bit more though.
This commit is contained in:
Benjamin Berg
2021-06-29 21:10:59 +02:00
parent 0f7340130e
commit 7aecec1449
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
data/fprintd.service.in
View File

@ -18,6 +18,8 @@ StateDirectoryMode=0700
ProtectHome=true ProtectHome=true
PrivateTmp=true PrivateTmp=true
SystemCallFilter=@system-service
# Network # Network
PrivateNetwork=true PrivateNetwork=true
RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK