[quake] 09/10: deny capabilities to all services
Simon McVittie
smcv at debian.org
Wed Feb 4 11:07:05 UTC 2015
This is an automated email from the git hooks/post-receive script.
smcv pushed a commit to branch master
in repository quake.
commit 5aad614b3f58f1530cddeabf57dbc19bfafeb627
Author: Simon McVittie <smcv at debian.org>
Date: Mon Jan 26 23:53:38 2015 +0000
deny capabilities to all services
---
debian/quake-server.service | 1 +
debian/quake-server at .service | 1 +
debian/quake2-server.service | 1 +
debian/quake2-server at .service | 1 +
debian/quake3-server.service | 1 +
debian/quake3-server at .service | 1 +
6 files changed, 6 insertions(+)
diff --git a/debian/quake-server.service b/debian/quake-server.service
index 135b481..458f593 100644
--- a/debian/quake-server.service
+++ b/debian/quake-server.service
@@ -13,6 +13,7 @@ ExecStart=/usr/games/quake-server $DAEMON_OPTS +exec etc/quake-server/server.cfg
Restart=on-failure
RestartPreventExitStatus=72
# hardening
+CapabilityBoundingSet=
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
diff --git a/debian/quake-server at .service b/debian/quake-server at .service
index df93bba..3aa2c7a 100644
--- a/debian/quake-server at .service
+++ b/debian/quake-server at .service
@@ -12,6 +12,7 @@ ExecStart=/usr/games/quake-server $DAEMON_OPTS +exec etc/quake-server/%i.cfg
Restart=on-failure
RestartPreventExitStatus=72
# hardening
+CapabilityBoundingSet=
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
diff --git a/debian/quake2-server.service b/debian/quake2-server.service
index d798a78..257efa2 100644
--- a/debian/quake2-server.service
+++ b/debian/quake2-server.service
@@ -15,6 +15,7 @@ Restart=on-failure
RestartPreventExitStatus=72
# hardening
NoNewPrivileges=true
+CapabilityBoundingSet=
PrivateDevices=true
PrivateTmp=true
ProtectHome=true
diff --git a/debian/quake2-server at .service b/debian/quake2-server at .service
index e02c2cf..2f8d114 100644
--- a/debian/quake2-server at .service
+++ b/debian/quake2-server at .service
@@ -12,6 +12,7 @@ ExecStart=/usr/games/quake2-server $DAEMON_OPTS +exec etc/quake2-server/%i.cfg
Restart=on-failure
RestartPreventExitStatus=72
# hardening
+CapabilityBoundingSet=
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
diff --git a/debian/quake3-server.service b/debian/quake3-server.service
index 6ed9205..d291c78 100644
--- a/debian/quake3-server.service
+++ b/debian/quake3-server.service
@@ -14,6 +14,7 @@ ExecStart=/usr/games/quake3-server +set com_homepath server.q3a $DAEMON_OPTS +ex
Restart=on-failure
RestartPreventExitStatus=72
# hardening
+CapabilityBoundingSet=
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
diff --git a/debian/quake3-server at .service b/debian/quake3-server at .service
index 842f0c0..c31cf43 100644
--- a/debian/quake3-server at .service
+++ b/debian/quake3-server at .service
@@ -11,6 +11,7 @@ ExecStart=/usr/games/quake3-server +set com_homepath %i.q3a $DAEMON_OPTS +exec e
Restart=on-failure
RestartPreventExitStatus=72
# hardening
+CapabilityBoundingSet=
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/quake.git
More information about the Pkg-games-commits
mailing list