File harden_sssd-kcm.service.patch of Package sssd

Overview Repositories Revisions Requests Users Attributes Meta

File harden_sssd-kcm.service.patch of Package sssd

From 47a18db90ae89803532d6fa8e0790fcb98b76a07 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Tue, 16 Jul 2024 09:21:00 +0200
Subject: [PATCH] Harden sssd-kcm.service

---
 src/sysv/systemd/sssd-kcm.service.in | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/sysv/systemd/sssd-kcm.service.in b/src/sysv/systemd/sssd-kcm.service.in
index 2b3de184b..610ba2e18 100644
--- a/src/sysv/systemd/sssd-kcm.service.in
+++ b/src/sysv/systemd/sssd-kcm.service.in
@@ -8,6 +8,19 @@ After=sssd-kcm.socket
 Also=sssd-kcm.socket
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
 Environment=DEBUG_LOGGER=--logger=files
 ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/sssd.conf
 ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/conf.d
-- 
2.45.2

Places

File harden_sssd-kcm.service.patch of Package sssd

Places