Tanu Kaskinen pushed to branch master at PulseAudio / pulseaudio
Commits: 279b99e1 by Topi Miettinen at 2019-06-17T08:44:35Z daemon: Harden systemd service Signed-off-by: Topi Miettinen <toiwo...@gmail.com> - - - - - 1 changed file: - src/daemon/systemd/user/pulseaudio.service.in Changes: ===================================== src/daemon/systemd/user/pulseaudio.service.in ===================================== @@ -17,10 +17,17 @@ Requires=pulseaudio.socket ConditionUser=!root [Service] -# Note that notify will only work if --daemonize=no -Type=notify ExecStart=@PA_BINARY@ --daemonize=no +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes Restart=on-failure +RestrictNamespaces=yes +SystemCallArchitectures=native +SystemCallFilter=@system-service +# Note that notify will only work if --daemonize=no +Type=notify +UMask=0077 [Install] Also=pulseaudio.socket View it on GitLab: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/279b99e101c9d4d25e7ad7ce377623feb85352ea -- View it on GitLab: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/279b99e101c9d4d25e7ad7ce377623feb85352ea You're receiving this email because of your account on gitlab.freedesktop.org.
_______________________________________________ pulseaudio-commits mailing list pulseaudio-commits@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/pulseaudio-commits
