From: Christian Hesse <mail@eworm.de>
Date: Wed, 4 Sep 2019 11:32:19 +0000 (+0200)
Subject: use systemd security features
X-Git-Tag: v1.9.7~1^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0fad7226c33c5fd1f94321986f0a96bd9fd5da04;p=haveged

use systemd security features
---

diff --git a/init.d/service.fedora b/init.d/service.fedora
index 0fe6ef6..fdc7bae 100644
--- a/init.d/service.fedora
+++ b/init.d/service.fedora
@@ -9,6 +9,11 @@ Before=sysinit.target shutdown.target systemd-journald.service
 ExecStart=/usr/sbin/haveged -w 1024 -v 1 --Foreground
 Restart=always
 SuccessExitStatus=137 143
+CapabilityBoundingSet=CAP_SYS_ADMIN
+NoNewPrivileges=on
+PrivateDevices=on
+PrivateNetwork=on
+ProtectSystem=full
 
 [Install]
 WantedBy=sysinit.target