commit: 1a34370c22e9d57dbf10f3830528b19c17704d5d Author: Craig Andrews <candrews <AT> integralblue <DOT> com> AuthorDate: Thu Jun 30 15:55:03 2016 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Sat Nov 26 19:08:24 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a34370c
mail-filter/sqlgrey: systemd .service hardening Bug: https://bugs.gentoo.org/587596 Closes: https://github.com/gentoo/gentoo/pull/1800 mail-filter/sqlgrey/files/sqlgrey.service | 13 +++++++++++++ .../{sqlgrey-1.7.6-r1.ebuild => sqlgrey-1.7.6-r2.ebuild} | 0 2 files changed, 13 insertions(+) diff --git a/mail-filter/sqlgrey/files/sqlgrey.service b/mail-filter/sqlgrey/files/sqlgrey.service index f6be356..a317186 100644 --- a/mail-filter/sqlgrey/files/sqlgrey.service +++ b/mail-filter/sqlgrey/files/sqlgrey.service @@ -3,7 +3,20 @@ Description=SQLgrey Postfix Grey-listing Policy service After=network.target [Service] +User=sqlgrey +Group=sqlgrey ExecStart=/usr/sbin/sqlgrey +CapabilityBoundingSet= +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +ProtectHome=yes +NoNewPrivileges=yes +MemoryDenyWriteExecute=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +RestrictRealtime=true [Install] WantedBy=multi-user.target diff --git a/mail-filter/sqlgrey/sqlgrey-1.7.6-r1.ebuild b/mail-filter/sqlgrey/sqlgrey-1.7.6-r2.ebuild similarity index 100% rename from mail-filter/sqlgrey/sqlgrey-1.7.6-r1.ebuild rename to mail-filter/sqlgrey/sqlgrey-1.7.6-r2.ebuild
