diff options
author | Craig Andrews <candrews@integralblue.com> | 2016-06-30 11:55:03 -0400 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2016-11-26 20:08:24 +0100 |
commit | 1a34370c22e9d57dbf10f3830528b19c17704d5d (patch) | |
tree | a6b46ae50a475a1160d7fe65ac277c398fd1185a | |
parent | sys-kernel/gentoo-sources: Linux patch 4.4.35 (diff) | |
download | gentoo-1a34370c22e9d57dbf10f3830528b19c17704d5d.tar.gz gentoo-1a34370c22e9d57dbf10f3830528b19c17704d5d.tar.bz2 gentoo-1a34370c22e9d57dbf10f3830528b19c17704d5d.zip |
mail-filter/sqlgrey: systemd .service hardening
Bug: https://bugs.gentoo.org/587596
Closes: https://github.com/gentoo/gentoo/pull/1800
-rw-r--r-- | mail-filter/sqlgrey/files/sqlgrey.service | 13 | ||||
-rw-r--r-- | mail-filter/sqlgrey/sqlgrey-1.7.6-r2.ebuild (renamed from mail-filter/sqlgrey/sqlgrey-1.7.6-r1.ebuild) | 0 |
2 files changed, 13 insertions, 0 deletions
diff --git a/mail-filter/sqlgrey/files/sqlgrey.service b/mail-filter/sqlgrey/files/sqlgrey.service index f6be356b11e7..a3171863e22a 100644 --- a/mail-filter/sqlgrey/files/sqlgrey.service +++ b/mail-filter/sqlgrey/files/sqlgrey.service @@ -3,7 +3,20 @@ Description=SQLgrey Postfix Grey-listing Policy service After=network.target [Service] +User=sqlgrey +Group=sqlgrey ExecStart=/usr/sbin/sqlgrey +CapabilityBoundingSet= +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +ProtectHome=yes +NoNewPrivileges=yes +MemoryDenyWriteExecute=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +RestrictRealtime=true [Install] WantedBy=multi-user.target diff --git a/mail-filter/sqlgrey/sqlgrey-1.7.6-r1.ebuild b/mail-filter/sqlgrey/sqlgrey-1.7.6-r2.ebuild index 5fac631afa0b..5fac631afa0b 100644 --- a/mail-filter/sqlgrey/sqlgrey-1.7.6-r1.ebuild +++ b/mail-filter/sqlgrey/sqlgrey-1.7.6-r2.ebuild |