[arch-commits] Commit in alertmanager/trunk (PKGBUILD alertmanager.service)

Fri, 13 Sep 2019 14:52:43 -0700 

    Date: Friday, September 13, 2019 @ 21:51:54
  Author: jelle
Revision: 362610

upgpkg: alertmanager 0.18.0-3

Add more hardening to alertmanager

Modified:
  alertmanager/trunk/PKGBUILD
  alertmanager/trunk/alertmanager.service

----------------------+
 PKGBUILD             |    4 ++--
 alertmanager.service |    9 +++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD    2019-09-13 21:19:44 UTC (rev 362609)
+++ PKGBUILD    2019-09-13 21:51:54 UTC (rev 362610)
@@ -2,7 +2,7 @@
 
 pkgname=alertmanager
 pkgver=0.18.0
-pkgrel=2
+pkgrel=3
 pkgdesc="Service which handles alerts sent by client applications such as the 
Prometheus server"
 url="https://github.com/prometheus/alertmanager";
 arch=(x86_64)
@@ -12,7 +12,7 @@
 backup=('etc/alertmanager/alertmanager.yml')
 
source=($pkgname-$pkgver.tar.gz::https://github.com/prometheus/alertmanager/archive/v${pkgver}.tar.gz
 alertmanager.service alertmanager.sysusers)
 
sha512sums=('59faec308abaac3d2b59198fef25109b208de1a807b38803dc10722ff0caf1bac9d9795005fefb3b4e2acda62be136bfcafe7b9702ae52565021a424f99fa730'
-            
'3d99e1781488bba6cab6e13b0ec7f441efd1070b3deaad648fefd11ae18e28da8bea46af30b3459bb0935fd786c2e4045c5cd15d8ab3fb638c6827ba4e2fac92'
+            
'e814d4aca46c2e243a2fe137b2ca102d5adfc18a5d4ab1d316ae593e60a256f8f7f699eb2d8c28b74e6f26fd17b682df927517db4819b167ab0269aa3f76894e'
             
'469f321f40b0dd6e1cc6d0791032c476449bb2ab2364d57b06d0e0309d09710be8751ded64d84e29dd6e28e96b71ef69e2bee6c71282500a9074a9d7ada8bdf0')
 
 build() {

Modified: alertmanager.service
===================================================================
--- alertmanager.service        2019-09-13 21:19:44 UTC (rev 362609)
+++ alertmanager.service        2019-09-13 21:51:54 UTC (rev 362610)
@@ -13,7 +13,16 @@
 ProtectHome=true
 ProtectSystem=full
 ProtectHostname=true
+ProtectControlGroups=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
 LockPersonality=true
+PrivateTmp=true
+PrivateDevices=True
+RestrictRealtime=true
+CapabilityBoundingSet=
+SystemCallArchitectures=native
+MemoryDenyWriteExecute=true
 
 [Install]
 WantedBy=multi-user.target

Reply via email to