[Pkg-mpd-commits] [pkg-mpd] 11/13: Protect /usr when running under systemd (closes: #771634)
Florian Schlichting
fsfs at moszumanska.debian.org
Sat Mar 21 00:29:53 UTC 2015
This is an automated email from the git hooks/post-receive script.
fsfs pushed a commit to branch master
in repository pkg-mpd.
commit a04030a487268aad9476e055be7e964ff86e46c0
Author: Florian Schlichting <fsfs at debian.org>
Date: Fri Mar 20 21:39:17 2015 +0100
Protect /usr when running under systemd (closes: #771634)
---
debian/patches/protect_system.patch | 16 ++++++++++++++++
debian/patches/series | 1 +
2 files changed, 17 insertions(+)
diff --git a/debian/patches/protect_system.patch b/debian/patches/protect_system.patch
new file mode 100644
index 0000000..38753a7
--- /dev/null
+++ b/debian/patches/protect_system.patch
@@ -0,0 +1,16 @@
+Description: Protect /usr when running under systemd
+Author: Florian Schlichting <fsfs at debian.org>
+Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771634
+
+--- a/systemd/mpd.service.in
++++ b/systemd/mpd.service.in
+@@ -19,6 +19,9 @@
+ # assign a real-time budget
+ ControlGroupAttribute=cpu.rt_runtime_us 500000
+
++# disallow writing to /usr, /bin, /sbin, ...
++ProtectSystem=yes
++
+ [Install]
+ WantedBy=multi-user.target
+ Also=mpd.socket
diff --git a/debian/patches/series b/debian/patches/series
index 8e7b00c..beb51ba 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
systemd_honor_MPDCONF.patch
typo.patch
also-dis_en_able-socket.patch
+protect_system.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mpd/pkg-mpd.git
More information about the Pkg-mpd-commits
mailing list