summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/rng-tools/rng-tools/rngd.service
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support/rng-tools/rng-tools/rngd.service')
-rw-r--r--meta/recipes-support/rng-tools/rng-tools/rngd.service19
1 files changed, 19 insertions, 0 deletions
diff --git a/meta/recipes-support/rng-tools/rng-tools/rngd.service b/meta/recipes-support/rng-tools/rng-tools/rngd.service
index 084322ac40..0559b97991 100644
--- a/meta/recipes-support/rng-tools/rng-tools/rngd.service
+++ b/meta/recipes-support/rng-tools/rng-tools/rngd.service
@@ -8,6 +8,25 @@ Conflicts=shutdown.target
8[Service] 8[Service]
9EnvironmentFile=-@SYSCONFDIR@/default/rng-tools 9EnvironmentFile=-@SYSCONFDIR@/default/rng-tools
10ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS 10ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS
11CapabilityBoundingSet=CAP_SYS_ADMIN
12IPAddressDeny=any
13LockPersonality=yes
14MemoryDenyWriteExecute=yes
15NoNewPrivileges=yes
16PrivateTmp=yes
17ProtectControlGroups=yes
18ProtectHome=yes
19ProtectHostname=yes
20ProtectKernelModules=yes
21ProtectKernelLogs=yes
22ProtectSystem=strict
23RestrictAddressFamilies=AF_UNIX
24RestrictNamespaces=yes
25RestrictRealtime=yes
26RestrictSUIDSGID=yes
27SystemCallArchitectures=native
28SystemCallErrorNumber=EPERM
29SystemCallFilter=@system-service
11 30
12[Install] 31[Install]
13WantedBy=sysinit.target 32WantedBy=sysinit.target
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-12 05:04:08 +0000