File harden_fwupd-offline-update.service.patch of Package fwupd
Index: fwupd-1.7.2/data/fwupd-offline-update.service.in =================================================================== --- fwupd-1.7.2.orig/data/fwupd-offline-update.service.in +++ fwupd-1.7.2/data/fwupd-offline-update.service.in @@ -8,6 +8,16 @@ After=sysinit.target system-update-pre.t Before=shutdown.target system-update.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=oneshot ExecStart=@libexecdir@/fwupd/fwupdoffline FailureAction=reboot




