msuraev has submitted this change. ( https://gerrit.osmocom.org/c/osmo-hlr/+/29379 ) Change subject: systemd: enable basic hardening ...................................................................... systemd: enable basic hardening This ensures that systemd will not allow us to modify /home, /root and /run/user which we shouldn't be doing anyway. See https://www.freedesktop.org/software/systemd/man/systemd.exec.html for details. It should also should silence corresponding lintian warning. Related: OS#4107 Change-Id: Ida5f13bdb9e5bd956c440a381d94eecc18f0b2ef --- M contrib/systemd/osmo-hlr.service 1 file changed, 1 insertion(+), 0 deletions(-) Approvals: Jenkins Builder: Verified pespin: Looks good to me, but someone else must approve osmith: Looks good to me, but someone else must approve msuraev: Looks good to me, approved laforge: Looks good to me, but someone else must approve diff --git a/contrib/systemd/osmo-hlr.service b/contrib/systemd/osmo-hlr.service index aa2f281..7ab4279 100644 --- a/contrib/systemd/osmo-hlr.service +++ b/contrib/systemd/osmo-hlr.service @@ -9,6 +9,7 @@ WorkingDirectory=%S/osmocom ExecStart=/usr/bin/osmo-hlr -c /etc/osmocom/osmo-hlr.cfg -l /var/lib/osmocom/hlr.db RestartSec=2 +ProtectHome=true [Install] WantedBy=multi-user.target -- To view, visit https://gerrit.osmocom.org/c/osmo-hlr/+/29379 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-hlr Gerrit-Branch: master Gerrit-Change-Id: Ida5f13bdb9e5bd956c440a381d94eecc18f0b2ef Gerrit-Change-Number: 29379 Gerrit-PatchSet: 2 Gerrit-Owner: msuraev <msuraev(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: msuraev <msuraev(a)sysmocom.de> Gerrit-Reviewer: osmith <osmith(a)sysmocom.de> Gerrit-Reviewer: pespin <pespin(a)sysmocom.de> Gerrit-CC: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-MessageType: merged