Uncomment hardening of systemd units

Fixes: xrootd#2033
abh3 · Sep 3, 2024 · b93e088 · b93e088
1 parent 0d9cadb
commit b93e088
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 32 deletions.
diff --git a/packaging/common/[email protected] b/packaging/common/[email protected]
@@ -6,14 +6,14 @@ Requires=network-online.target
 After=network-online.target
 
 [Service]
-#PrivateDevices=true
-#ProtectHostname=true
-#ProtectClock=true
-#ProtectKernelTunables=true
-#ProtectKernelModules=true
-#ProtectKernelLogs=true
-#ProtectControlGroups=true
-#RestrictRealtime=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
 ExecStart=/usr/bin/cmsd -l /var/log/xrootd/cmsd.log -c /etc/xrootd/xrootd-%i.cfg -k fifo -s /run/xrootd/cmsd-%i.pid -n %i
 User=xrootd
 Group=xrootd

diff --git a/packaging/common/[email protected] b/packaging/common/[email protected]
@@ -6,14 +6,14 @@ Requires=network-online.target
 After=network-online.target
 
 [Service]
-#PrivateDevices=true
-#ProtectHostname=true
-#ProtectClock=true
-#ProtectKernelTunables=true
-#ProtectKernelModules=true
-#ProtectKernelLogs=true
-#ProtectControlGroups=true
-#RestrictRealtime=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
 ExecStart=/usr/bin/frm_purged -l /var/log/xrootd/frm_purged.log -c /etc/xrootd/xrootd-%i.cfg -k fifo -s /run/xrootd/frm_purged-%i.pid -n %i
 User=xrootd
 Group=xrootd

diff --git a/packaging/common/[email protected] b/packaging/common/[email protected]
@@ -6,14 +6,14 @@ Requires=network-online.target
 After=network-online.target
 
 [Service]
-#PrivateDevices=true
-#ProtectHostname=true
-#ProtectClock=true
-#ProtectKernelTunables=true
-#ProtectKernelModules=true
-#ProtectKernelLogs=true
-#ProtectControlGroups=true
-#RestrictRealtime=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
 ExecStart=/usr/bin/frm_xfrd -l /var/log/xrootd/frm_xfrd.log -c /etc/xrootd/xrootd-%i.cfg -k fifo -s /run/xrootd/frm_xfrd-%i.pid -n %i
 User=xrootd
 Group=xrootd

diff --git a/packaging/common/[email protected] b/packaging/common/[email protected]
@@ -6,14 +6,14 @@ Requires=network-online.target
 After=network-online.target
 
 [Service]
-#PrivateDevices=true
-#ProtectHostname=true
-#ProtectClock=true
-#ProtectKernelTunables=true
-#ProtectKernelModules=true
-#ProtectKernelLogs=true
-#ProtectControlGroups=true
-#RestrictRealtime=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
 ExecStart=/usr/bin/xrootd -l /var/log/xrootd/xrootd.log -c /etc/xrootd/xrootd-%i.cfg -k fifo -s /run/xrootd/xrootd-%i.pid -n %i
 User=xrootd
 Group=xrootd