Hello. On 2020/02/24 6:27, Topi Miettinen wrote: > Enable many hardening features provided by systemd for tomoyo-auditd. > > Signed-off-by: Topi Miettinen <toiwo****@gmail*****> > --- > Include.make | 1 + > Makefile | 1 + > usr_lib_systemd_system/Makefile | 7 ++++ > usr_lib_systemd_system/tomoyo-auditd.service | 39 ++++++++++++++++++++ > 4 files changed, 48 insertions(+) > create mode 100644 usr_lib_systemd_system/Makefile > create mode 100644 usr_lib_systemd_system/tomoyo-auditd.service Thank you for a patch, but I can't apply this patch because this service file requires more recent systemd versions. I get following errors on systemd-219-67.el7_7.3.x86_64: Unknown lvalue 'IPAddressDeny' in section 'Service' Unknown lvalue 'LockPersonality' in section 'Service' Unknown lvalue 'MemoryDenyWriteExecute' in section 'Service' Unknown lvalue 'PrivateUsers' in section 'Service' Unknown lvalue 'ProtectControlGroups' in section 'Service' Unknown lvalue 'ProtectHostname' in section 'Service' Unknown lvalue 'ProtectKernelLogs' in section 'Service' Unknown lvalue 'ProtectKernelModules' in section 'Service' Unknown lvalue 'ProtectKernelTunables' in section 'Service' Failed to parse protect system value, ignoring: strict Unknown lvalue 'RestrictNamespaces' in section 'Service' Unknown lvalue 'RestrictRealtime' in section 'Service' Unknown lvalue 'RestrictSUIDSGID' in section 'Service'
TOMOYO
Fork