Re: [PATCH] Whitelist libuuid clock file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 25, 2022 at 11:17:27AM +0100, Stanislav Brabec wrote:
> diff --git a/misc-utils/uuidd.service.in b/misc-utils/uuidd.service.in
> index 065b4a194..e64ca59b5 100644
> --- a/misc-utils/uuidd.service.in
> +++ b/misc-utils/uuidd.service.in
> @@ -8,6 +8,7 @@ ExecStart=@usrsbin_execdir@/uuidd --socket-activation
>  Restart=no
>  User=uuidd
>  Group=uuidd
> +ProtectSystem=strict
>  ProtectHome=yes
>  PrivateDevices=yes
>  PrivateNetwork=yes
> @@ -17,6 +18,7 @@ ProtectKernelModules=yes
>  ProtectControlGroups=yes
>  RestrictAddressFamilies=AF_UNIX
>  MemoryDenyWriteExecute=yes
> +ReadWritePaths=/var/lib/libuuid/

OK, seems better than my solution ;-) Thanks!

   Karel

-- 
 Karel Zak  <kzak@xxxxxxxxxx>
 http://karelzak.blogspot.com




[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux