diff options
| author | Haelwenn (lanodan) Monnier <contact@hacktivis.me> | 2023-06-13 12:45:18 +0200 |
|---|---|---|
| committer | Haelwenn (lanodan) Monnier <contact@hacktivis.me> | 2023-06-13 12:47:02 +0200 |
| commit | a663b73634ddf355827051cc139c0159f8eb794b (patch) | |
| tree | e0c6ec7b924213fe1dcf6b057cfd37a6660762f1 | |
| parent | fdb5bec431ad815263bae542324257a8ca29d81e (diff) | |
Add no_new_privs to OpenRC service filesno_new_privs
| -rw-r--r-- | changelog.d/no_new_privs.add | 1 | ||||
| -rwxr-xr-x | installation/init.d/pleroma | 1 | ||||
| -rwxr-xr-x | rel/files/installation/init.d/pleroma | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/changelog.d/no_new_privs.add b/changelog.d/no_new_privs.add new file mode 100644 index 000000000..b67396a4b --- /dev/null +++ b/changelog.d/no_new_privs.add @@ -0,0 +1 @@ +(hardening) Add no_new_privs=yes to OpenRC service files diff --git a/installation/init.d/pleroma b/installation/init.d/pleroma index 384536f7e..cb6635a0b 100755 --- a/installation/init.d/pleroma +++ b/installation/init.d/pleroma @@ -8,6 +8,7 @@ pidfile="/var/run/pleroma.pid" directory=/opt/pleroma healthcheck_delay=60 healthcheck_timer=30 +no_new_privs="yes" : ${pleroma_port:-4000} diff --git a/rel/files/installation/init.d/pleroma b/rel/files/installation/init.d/pleroma index dea1db26c..ca5b842e1 100755 --- a/rel/files/installation/init.d/pleroma +++ b/rel/files/installation/init.d/pleroma @@ -9,6 +9,7 @@ command=/opt/pleroma/bin/pleroma command_args="start" command_user=pleroma command_background=1 +no_new_privs="yes" # Ask process to terminate within 30 seconds, otherwise kill it retry="SIGTERM/30/SIGKILL/5" |