Skip to content

Commit

Permalink
feat: 对org.deepin.ServiceManager1服务进行安全加固
Browse files Browse the repository at this point in the history 
通过配置systemd service,限制进程的权限范围,提升安全性;

Log: 对org.deepin.ServiceManager1服务进行安全加固
Influence: 安全加固
Task: https://pms.uniontech.com/task-view-343075.html
  • Loading branch information
echengqi committed Jun 28, 2024
1 parent e15b893 commit 75453a1
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 0 deletions.
6 changes: 6 additions & 0 deletions misc/[email protected]
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,9 @@ RestartSec=3
@SYSTEMD_SLICE@

@SYSTEMD_INSTALL@

ProtectSystem=strict
InaccessiblePaths=/etc/shadow
ReadWritePaths=-/usr/share/deepin-service-manager/
ReadWritePaths=-/usr/local/lib/deepin-service-manager/
ReadWritePaths=-/usr/local/deepin-service-manager/
6 changes: 6 additions & 0 deletions misc/deepin-service-manager.service.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,9 @@ RestartSec=3
@SYSTEMD_SLICE@

@SYSTEMD_INSTALL@

ProtectSystem=strict
InaccessiblePaths=/etc/shadow
ReadWritePaths=-/usr/share/deepin-service-manager/
ReadWritePaths=-/usr/local/lib/deepin-service-manager/
ReadWritePaths=-/usr/local/deepin-service-manager/
6 changes: 6 additions & 0 deletions misc/[email protected]
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,9 @@ ExecStart=/usr/bin/deepin-service-manager -n %i
@SYSTEMD_SLICE@

@SYSTEMD_INSTALL@

ProtectSystem=strict
InaccessiblePaths=/etc/shadow
ReadWritePaths=-/usr/share/deepin-service-manager/
ReadWritePaths=-/usr/local/lib/deepin-service-manager/
ReadWritePaths=-/usr/local/deepin-service-manager/

0 comments on commit 75453a1

Please sign in to comment.