Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/mail-filter
diff options
context:
space:
mode:
authorCraig Andrews <candrews@integralblue.com>2016-06-29 16:58:13 -0400
committerMike Gilbert <floppym@gentoo.org>2016-08-08 19:04:32 -0400
commit5818e1f7fde117921cbb487e9044bb15f337079c (patch)
tree088a37d11979042949f84299451adfa76d11c90b /mail-filter
parentperl-core/Test-Simple: Remove old. (diff)
downloadgentoo-5818e1f7fde117921cbb487e9044bb15f337079c.tar.gz
gentoo-5818e1f7fde117921cbb487e9044bb15f337079c.tar.bz2
gentoo-5818e1f7fde117921cbb487e9044bb15f337079c.zip
mail-filter/amavisd-new-2.11.0-r2: additional systemd hardening
Gentoo-bug: 587540 Closes: https://github.com/gentoo/gentoo/pull/1797
Diffstat (limited to 'mail-filter')
-rw-r--r--mail-filter/amavisd-new/amavisd-new-2.11.0-r2.ebuild (renamed from mail-filter/amavisd-new/amavisd-new-2.11.0-r1.ebuild)0
-rw-r--r--mail-filter/amavisd-new/files/amavisd.service9
2 files changed, 9 insertions, 0 deletions
diff --git a/mail-filter/amavisd-new/amavisd-new-2.11.0-r1.ebuild b/mail-filter/amavisd-new/amavisd-new-2.11.0-r2.ebuild
index d83e555c47ad..d83e555c47ad 100644
--- a/mail-filter/amavisd-new/amavisd-new-2.11.0-r1.ebuild
+++ b/mail-filter/amavisd-new/amavisd-new-2.11.0-r2.ebuild
diff --git a/mail-filter/amavisd-new/files/amavisd.service b/mail-filter/amavisd-new/files/amavisd.service
index 2a56e443eedd..c53c38ac1632 100644
--- a/mail-filter/amavisd-new/files/amavisd.service
+++ b/mail-filter/amavisd-new/files/amavisd.service
@@ -6,8 +6,17 @@ Wants=clamd.service
After=network.target
[Service]
+User=amavis
+Group=amavis
ExecStart=/usr/sbin/amavisd -c /etc/amavisd.conf foreground
ExecReload=/usr/sbin/amavisd -c /etc/amavisd.conf reload
+PrivateTmp=true
+CapabilityBoundingSet=
+ProtectSystem=full
+NoNewPrivileges=true
+PrivateDevices=true
+ProtectHome=true
+MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target