From b93e088866a20e06d9039ffaa69018dbc4bc4f56 Mon Sep 17 00:00:00 2001 From: Guilherme Amadio Date: Thu, 15 Jun 2023 08:54:40 +0200 Subject: [PATCH] Uncomment hardening of systemd units Fixes: #2033 --- packaging/common/cmsd@.service | 16 ++++++++-------- packaging/common/frm_purged@.service | 16 ++++++++-------- packaging/common/frm_xfrd@.service | 16 ++++++++-------- packaging/common/xrootd@.service | 16 ++++++++-------- 4 files changed, 32 insertions(+), 32 deletions(-) diff --git a/packaging/common/cmsd@.service b/packaging/common/cmsd@.service index f69e0e54d5d..4a540277229 100644 --- a/packaging/common/cmsd@.service +++ b/packaging/common/cmsd@.service @@ -6,14 +6,14 @@ Requires=network-online.target After=network-online.target [Service] -#PrivateDevices=true -#ProtectHostname=true -#ProtectClock=true -#ProtectKernelTunables=true -#ProtectKernelModules=true -#ProtectKernelLogs=true -#ProtectControlGroups=true -#RestrictRealtime=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true ExecStart=/usr/bin/cmsd -l /var/log/xrootd/cmsd.log -c /etc/xrootd/xrootd-%i.cfg -k fifo -s /run/xrootd/cmsd-%i.pid -n %i User=xrootd Group=xrootd diff --git a/packaging/common/frm_purged@.service b/packaging/common/frm_purged@.service index 942dbf5adb2..a01c266f2cb 100644 --- a/packaging/common/frm_purged@.service +++ b/packaging/common/frm_purged@.service @@ -6,14 +6,14 @@ Requires=network-online.target After=network-online.target [Service] -#PrivateDevices=true -#ProtectHostname=true -#ProtectClock=true -#ProtectKernelTunables=true -#ProtectKernelModules=true -#ProtectKernelLogs=true -#ProtectControlGroups=true -#RestrictRealtime=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true ExecStart=/usr/bin/frm_purged -l /var/log/xrootd/frm_purged.log -c /etc/xrootd/xrootd-%i.cfg -k fifo -s /run/xrootd/frm_purged-%i.pid -n %i User=xrootd Group=xrootd diff --git a/packaging/common/frm_xfrd@.service b/packaging/common/frm_xfrd@.service index cfc580db2f2..4ea41172260 100644 --- a/packaging/common/frm_xfrd@.service +++ b/packaging/common/frm_xfrd@.service @@ -6,14 +6,14 @@ Requires=network-online.target After=network-online.target [Service] -#PrivateDevices=true -#ProtectHostname=true -#ProtectClock=true -#ProtectKernelTunables=true -#ProtectKernelModules=true -#ProtectKernelLogs=true -#ProtectControlGroups=true -#RestrictRealtime=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true ExecStart=/usr/bin/frm_xfrd -l /var/log/xrootd/frm_xfrd.log -c /etc/xrootd/xrootd-%i.cfg -k fifo -s /run/xrootd/frm_xfrd-%i.pid -n %i User=xrootd Group=xrootd diff --git a/packaging/common/xrootd@.service b/packaging/common/xrootd@.service index 1c8284c9c89..5f323fbc87c 100644 --- a/packaging/common/xrootd@.service +++ b/packaging/common/xrootd@.service @@ -6,14 +6,14 @@ Requires=network-online.target After=network-online.target [Service] -#PrivateDevices=true -#ProtectHostname=true -#ProtectClock=true -#ProtectKernelTunables=true -#ProtectKernelModules=true -#ProtectKernelLogs=true -#ProtectControlGroups=true -#RestrictRealtime=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true ExecStart=/usr/bin/xrootd -l /var/log/xrootd/xrootd.log -c /etc/xrootd/xrootd-%i.cfg -k fifo -s /run/xrootd/xrootd-%i.pid -n %i User=xrootd Group=xrootd