chore: systemd hardening #86
Conversation
zsien
force-pushed
the
zs/systemdhardening
branch
6 times, most recently
from
1ca33fe to
1c1cd92
Compare
| # Make ${localstatedir}/lib/dde-dconfig-daemon (required for systemd < 237) | ||
| # Adjust mode and ownership if it already exists. | ||
|
|
||
| d /var/lib/dde-dconfig-daemon 0755 dde-dconfig-daemon - - |
There was a problem hiding this comment.
SUSE 安全团队认为至少是 .cache 目录应该是 0700 权限。
There was a problem hiding this comment.
如果这样的话, 这个是不是更应该保留了, 值换成0700,
There was a problem hiding this comment.
这里改到了 systemd service 的 StateDirectory=dde-dconfig-daemon
| @@ -2,4 +2,4 @@ | |||
| Name=org.desktopspec.ConfigManager | |||
| Exec=/usr/bin/dde-dconfig-daemon | |||
| User=dde-dconfig-daemon | |||
| SystemdService=dde-dconfig-daemon.service | |||
| SystemdService=dbus-org.desktopspec.ConfigManager.service | |||
There was a problem hiding this comment.
名字直接用org.desktopspec.ConfigManager, 不加dbus-
There was a problem hiding this comment.
dbus 服务都是 dbus- 开头,所以这里要么用 dde-dconfig-daemon.service,要么用 dbus-org.desktopspec.ConfigManager.service
|
@hillwoodroc 帮忙瞅瞅哈, |
zsien
force-pushed
the
zs/systemdhardening
branch
from
1c1cd92 to
ad4cc51
Compare
zsien
force-pushed
the
zs/systemdhardening
branch
from
ad4cc51 to
1f23dad
Compare
deepin pr auto review关键摘要:
是否建议立即修改:
|
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: 18202781743, zsien The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/merge |
加固 dbus 进程