Overview

File harden_promtail.service.patch of Package loki

Index: loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/clients/aws/ec2/promtail.service
===================================================================
--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/docs/sources/clients/aws/ec2/promtail.service
+++ loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/clients/aws/ec2/promtail.service
@@ -1,6 +1,18 @@
 [Unit]
 Description=Promtail
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
 User=root
 WorkingDirectory=/opt/promtail/
 ExecStartPre=/bin/sleep 30
openSUSE Build Service is sponsored by
Places