msuraev has submitted this change. ( https://gerrit.osmocom.org/c/osmo-hlr/+/29379 )
Change subject: systemd: enable basic hardening ......................................................................
systemd: enable basic hardening
This ensures that systemd will not allow us to modify /home, /root and /run/user which we shouldn't be doing anyway. See https://www.freedesktop.org/software/systemd/man/systemd.exec.html for details.
It should also should silence corresponding lintian warning.
Related: OS#4107 Change-Id: Ida5f13bdb9e5bd956c440a381d94eecc18f0b2ef --- M contrib/systemd/osmo-hlr.service 1 file changed, 1 insertion(+), 0 deletions(-)
Approvals: Jenkins Builder: Verified pespin: Looks good to me, but someone else must approve osmith: Looks good to me, but someone else must approve msuraev: Looks good to me, approved laforge: Looks good to me, but someone else must approve
diff --git a/contrib/systemd/osmo-hlr.service b/contrib/systemd/osmo-hlr.service index aa2f281..7ab4279 100644 --- a/contrib/systemd/osmo-hlr.service +++ b/contrib/systemd/osmo-hlr.service @@ -9,6 +9,7 @@ WorkingDirectory=%S/osmocom ExecStart=/usr/bin/osmo-hlr -c /etc/osmocom/osmo-hlr.cfg -l /var/lib/osmocom/hlr.db RestartSec=2 +ProtectHome=true
[Install] WantedBy=multi-user.target