rpms/usbguard
6
0
Fork 0
Code Issues Pull Requests Releases Activity
96eb0f7b90
usbguard/SOURCES/usbguard-forking-style.patch
CentOS Sources 96eb0f7b90 import usbguard-0.7.8-5.el8
2021-09-10 05:33:09 +00:00

35 lines
1.2 KiB
Diff
Raw Blame History

diff -up ./usbguard.service.in.forking ./usbguard.service.in
--- ./usbguard.service.in.forking 2020-06-17 20:07:04.720564149 +0200
+++ ./usbguard.service.in 2020-06-17 20:10:00.744063846 +0200
@@ -8,11 +8,12 @@ AmbientCapabilities=
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER
DeviceAllow=/dev/null rw
DevicePolicy=strict
-ExecStart=%sbindir%/usbguard-daemon -k -c %sysconfdir%/usbguard/usbguard-daemon.conf
+ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf
IPAddressDeny=any
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
+PIDFile=/var/run/usbguard.pid
PrivateDevices=yes
PrivateTmp=yes
ProtectControlGroups=yes
@@ -20,14 +21,14 @@ ProtectHome=yes
ProtectKernelModules=yes
ProtectSystem=yes
ReadOnlyPaths=-/
-ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/
+ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/ -/var/run
Restart=on-failure
RestrictAddressFamilies=AF_UNIX AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
-Type=simple
+Type=forking
UMask=0077
[Install]
Reference in New Issue View Git Blame Copy Permalink