summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCraig Andrews <candrews@integralblue.com>2016-06-30 11:55:03 -0400
committerMichał Górny <mgorny@gentoo.org>2016-11-26 20:08:24 +0100
commit1a34370c22e9d57dbf10f3830528b19c17704d5d (patch)
treea6b46ae50a475a1160d7fe65ac277c398fd1185a
parentsys-kernel/gentoo-sources: Linux patch 4.4.35 (diff)
downloadgentoo-1a34370c22e9d57dbf10f3830528b19c17704d5d.tar.gz
gentoo-1a34370c22e9d57dbf10f3830528b19c17704d5d.tar.bz2
gentoo-1a34370c22e9d57dbf10f3830528b19c17704d5d.zip
mail-filter/sqlgrey: systemd .service hardening
Bug: https://bugs.gentoo.org/587596 Closes: https://github.com/gentoo/gentoo/pull/1800
-rw-r--r--mail-filter/sqlgrey/files/sqlgrey.service13
-rw-r--r--mail-filter/sqlgrey/sqlgrey-1.7.6-r2.ebuild (renamed from mail-filter/sqlgrey/sqlgrey-1.7.6-r1.ebuild)0
2 files changed, 13 insertions, 0 deletions
diff --git a/mail-filter/sqlgrey/files/sqlgrey.service b/mail-filter/sqlgrey/files/sqlgrey.service
index f6be356b11e7..a3171863e22a 100644
--- a/mail-filter/sqlgrey/files/sqlgrey.service
+++ b/mail-filter/sqlgrey/files/sqlgrey.service
@@ -3,7 +3,20 @@ Description=SQLgrey Postfix Grey-listing Policy service
After=network.target
[Service]
+User=sqlgrey
+Group=sqlgrey
ExecStart=/usr/sbin/sqlgrey
+CapabilityBoundingSet=
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryDenyWriteExecute=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+RestrictRealtime=true
[Install]
WantedBy=multi-user.target
diff --git a/mail-filter/sqlgrey/sqlgrey-1.7.6-r1.ebuild b/mail-filter/sqlgrey/sqlgrey-1.7.6-r2.ebuild
index 5fac631afa0b..5fac631afa0b 100644
--- a/mail-filter/sqlgrey/sqlgrey-1.7.6-r1.ebuild
+++ b/mail-filter/sqlgrey/sqlgrey-1.7.6-r2.ebuild