summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/rng-tools/rng-tools/rngd.service
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support/rng-tools/rng-tools/rngd.service')
-rw-r--r--meta/recipes-support/rng-tools/rng-tools/rngd.service19
1 files changed, 19 insertions, 0 deletions
diff --git a/meta/recipes-support/rng-tools/rng-tools/rngd.service b/meta/recipes-support/rng-tools/rng-tools/rngd.service
index 084322ac40..0559b97991 100644
--- a/meta/recipes-support/rng-tools/rng-tools/rngd.service
+++ b/meta/recipes-support/rng-tools/rng-tools/rngd.service
@@ -8,6 +8,25 @@ Conflicts=shutdown.target
[Service]
EnvironmentFile=-@SYSCONFDIR@/default/rng-tools
ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS
+CapabilityBoundingSet=CAP_SYS_ADMIN
+IPAddressDeny=any
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectSystem=strict
+RestrictAddressFamilies=AF_UNIX
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
[Install]
WantedBy=sysinit.target
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-25 13:53:52 +0000