Overview

File harden_ckb-next-daemon.service.patch of Package ckb-next

Index: ckb-next-0.4.4/linux/systemd/ckb-next-daemon.service.in
===================================================================
--- ckb-next-0.4.4.orig/linux/systemd/ckb-next-daemon.service.in
+++ ckb-next-0.4.4/linux/systemd/ckb-next-daemon.service.in
@@ -5,6 +5,19 @@
 Description=Corsair Keyboards and Mice Daemon
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+# Fixes https://github.com/ckb-next/ckb-next/issues/740
+DeviceAllow=char-usb_device rw
+DeviceAllow=/dev/uinput rw
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
 ExecStart=@CMAKE_INSTALL_LIBEXECDIR@/ckb-next-daemon
 Restart=on-failure
openSUSE Build Service is sponsored by
Places