Date: Friday, November 2, 2018 @ 15:58:17 Author: archange Revision: 401236
Rebuild for https://framagit.org/kresusapp/kresus/issues/795 Also harden even more. Modified: kresus/trunk/PKGBUILD kresus/trunk/kresus.service ----------------+ PKGBUILD | 4 ++-- kresus.service | 10 +++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2018-11-02 15:48:24 UTC (rev 401235) +++ PKGBUILD 2018-11-02 15:58:17 UTC (rev 401236) @@ -3,7 +3,7 @@ pkgname=kresus pkgver=0.13.3 _commit=c6a2355c8d31be99d1a9d8ab53d3f3e58c57cf1b -pkgrel=1 +pkgrel=2 pkgdesc="Self-hosted personal finance manager" arch=('x86_64') url="https://kresus.org"; @@ -19,7 +19,7 @@ "${pkgname}.tmpfiles") sha256sums=('a1df0997f46e5e9d4745fc1e9f4e875ffa3c99ec32848fd78fb9872092281cc2' 'adc91cd0cef6b546d482ebe1e9de85a451105166c15c190caa8c6a86c023b07a' - '5ea65d143558e50a47a65daa6a363b876e0d369a162ba88e3070f685a9ac8de9' + '0231362054dca49e4fadf3f853095a0f9d6ceebf1d8b12d9332a7bf8b09bcbe2' 'd9d30f5470c7165e4917487b69d7ab82e463da4e1355056e1035ee501d3f1adc' 'ba8ad7d9eb5d2b47fde5f6a3ab98596e5c679141b78d76d54b44830604b67632') Modified: kresus.service =================================================================== --- kresus.service 2018-11-02 15:48:24 UTC (rev 401235) +++ kresus.service 2018-11-02 15:58:17 UTC (rev 401236) @@ -6,10 +6,13 @@ User=kresus Group=kresus Type=simple -Environment="NODE_ENV=production" +WorkingDirectory=~ +Environment=NODE_ENV=production ExecStart=/usr/bin/kresus -c /etc/webapps/kresus/config.ini Restart=always +CapabilityBoundingSet= NoNewPrivileges=true +PrivateUsers=true PrivateDevices=true PrivateTmp=true ProtectHome=true @@ -18,6 +21,11 @@ ProtectKernelTunables=true ProtectKernelModules=yes ReadWritePaths=/etc/webapps/kresus/config.ini /var/lib/kresus +LockPersonality=true +#MemoryDenyWriteExecute=true +RestrictRealtime=true +SystemCallArchitectures=native +SystemCallFilter=@system-service [Install] WantedBy=multi-user.target
