36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
|
From ecd5f01ad3078e391a289563e9a77db015a6bc3a Mon Sep 17 00:00:00 2001
|
||
|
|
From: David Runge <dave@sleepmap.de>
|
||
|
|
Date: Wed, 7 Sep 2022 10:30:26 +0200
|
||
|
|
Subject: [PATCH] Remove systemd hardening options for system services
|
||
|
|
|
||
|
|
fluidsynth.service.in:
|
||
|
|
As fluidsynth is run as a systemd user service, applying sandboxing
|
||
|
|
options only available to systemd system services will prevent the user
|
||
|
|
service from starting, thus we remove the ones only available to system
|
||
|
|
services.
|
||
|
|
---
|
||
|
|
fluidsynth.service.in | 9 ---------
|
||
|
|
1 file changed, 9 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/fluidsynth.service.in b/fluidsynth.service.in
|
||
|
|
index 857994214..f49d5fce9 100644
|
||
|
|
--- a/fluidsynth.service.in
|
||
|
|
+++ b/fluidsynth.service.in
|
||
|
|
@@ -4,16 +4,7 @@ Documentation=man:fluidsynth(1)
|
||
|
|
After=sound.target
|
||
|
|
|
||
|
|
[Service]
|
||
|
|
-# added automatically, for details please see
|
||
|
|
-# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||
|
|
ProtectSystem=full
|
||
|
|
-ProtectHome=read-only
|
||
|
|
-ProtectHostname=true
|
||
|
|
-ProtectKernelTunables=true
|
||
|
|
-ProtectKernelModules=true
|
||
|
|
-ProtectKernelLogs=true
|
||
|
|
-ProtectControlGroups=true
|
||
|
|
-# end of automatic additions
|
||
|
|
Type=notify
|
||
|
|
NotifyAccess=main
|
||
|
|
EnvironmentFile=@FLUID_DAEMON_ENV_FILE@
|