Overview

File harden_dde-filemanager-daemon.service.patch of Package deepin-file-manager

diff -Nur dde-file-manager-6.5.7/src/apps/dde-file-manager-daemon/dbusservice/dde-filemanager-daemon.service dde-file-manager-6.5.7-new/src/apps/dde-file-manager-daemon/dbusservice/dde-filemanager-daemon.service
--- dde-file-manager-6.5.7/src/apps/dde-file-manager-daemon/dbusservice/dde-filemanager-daemon.service	2024-10-12 14:52:42.000000000 +0800
+++ dde-file-manager-6.5.7-new/src/apps/dde-file-manager-daemon/dbusservice/dde-filemanager-daemon.service	2024-11-06 15:25:31.096550150 +0800
@@ -3,6 +3,17 @@
 After=local-fs.target udisks2.service usec-boot-unlock.service dde-dconfig-daemon.service
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=dbus
 BusName=org.deepin.Filemanager.Daemon
 ExecStart=/usr/bin/dde-file-manager-daemon
openSUSE Build Service is sponsored by
Places