mirror of
https://gitlab.com/mishakmak/pam-fprint-grosshack.git
synced 2026-04-08 20:03:34 +02:00
Revert "data: Add additional fprintd lockdown"
The current lockdown rules prevent USB devices from being accessed and
cause threading to not work.
As such, revert them until it is clear on how/if we can apply these
measures. It is primarily not clear on how to prevent fork/clone as
fprintd does not need those.
This reverts commit 2fd86624e5.
See: #82
This commit is contained in:
Benjamin Berg
committed by
Benjamin Berg
Benjamin Berg
parent
b2cae5cccf
commit
e224913b80
@ -15,8 +15,6 @@ ProtectControlGroups=true
|
||||
StateDirectory=fprint
|
||||
ProtectHome=true
|
||||
PrivateTmp=true
|
||||
ProtectKernelLogs=yes
|
||||
SystemCallFilter=@system-service
|
||||
|
||||
# Network
|
||||
PrivateNetwork=true
|
||||
@ -33,8 +31,3 @@ RestrictRealtime=true
|
||||
|
||||
# Privilege escalation
|
||||
NoNewPrivileges=true
|
||||
TasksMax=1
|
||||
|
||||
# Capabilities
|
||||
CapabilityBoundingSet=
|
||||
ProtectClock=yes
|
||||
|
||||
Reference in New Issue
Block a user