sbose / rpms / realmd

Forked from rpms/realmd 7 months ago
Clone
Source Code
GIT

Files

  1.   a43bfe4f8c2932aac23e632f4185a319a381c591
  2.   0001-Systemd-security-settings.patch
Blob Blame History Raw 
From 83b8eba4f9aa0ce8a5e22ef1829df167f9bfd027 Mon Sep 17 00:00:00 2001
From: Rahul Sundaram <sundaram@fedoraproject.org>
Date: Thu, 29 Feb 2024 21:27:03 -0500
Subject: [PATCH] Systemd security settings

---
 dbus/realmd.service.in | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/dbus/realmd.service.in b/dbus/realmd.service.in
index f0e8973..8fce139 100644
--- a/dbus/realmd.service.in
+++ b/dbus/realmd.service.in
@@ -6,3 +6,21 @@ Documentation=man:realm(8) man:realmd.conf(5)
 Type=dbus
 BusName=org.freedesktop.realmd
 ExecStart=@libexecdir@/realmd
+DevicePolicy=closed
+KeyringMode=private
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectProc=invisible
+ProtectSystem=no
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
-- 
2.44.0
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.