Blame data/fprintd.service.in
|
Packit Service |
f1aff6 |
[Unit]
|
|
Packit Service |
f1aff6 |
Description=Fingerprint Authentication Daemon
|
|
Packit Service |
f1aff6 |
Documentation=man:fprintd(1)
|
|
Packit Service |
f1aff6 |
|
|
Packit Service |
f1aff6 |
[Service]
|
|
Packit Service |
f1aff6 |
Type=dbus
|
|
Packit Service |
f1aff6 |
BusName=net.reactivated.Fprint
|
|
Packit Service |
f1aff6 |
ExecStart=@libexecdir@/fprintd
|
|
Packit Service |
f1aff6 |
|
|
Packit Service |
f1aff6 |
# Filesystem lockdown
|
|
Packit Service |
f1aff6 |
ProtectSystem=strict
|
|
Packit Service |
f1aff6 |
ProtectKernelTunables=true
|
|
Packit Service |
f1aff6 |
ProtectControlGroups=true
|
|
Packit Service |
f1aff6 |
# This always corresponds to /var/lib/fprint
|
|
Packit Service |
f1aff6 |
StateDirectory=fprint
|
|
Packit Service |
f1aff6 |
ProtectHome=true
|
|
Packit Service |
f1aff6 |
PrivateTmp=true
|
|
Packit Service |
f1aff6 |
|
|
Packit Service |
f1aff6 |
# Network
|
|
Packit Service |
f1aff6 |
PrivateNetwork=true
|
|
Packit Service |
f1aff6 |
RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
|
|
Packit Service |
f1aff6 |
|
|
Packit Service |
f1aff6 |
# Execute Mappings
|
|
Packit Service |
f1aff6 |
MemoryDenyWriteExecute=true
|
|
Packit Service |
f1aff6 |
|
|
Packit Service |
f1aff6 |
# Modules
|
|
Packit Service |
f1aff6 |
ProtectKernelModules=true
|
|
Packit Service |
f1aff6 |
|
|
Packit Service |
f1aff6 |
# Real-time
|
|
Packit Service |
f1aff6 |
RestrictRealtime=true
|
|
Packit Service |
f1aff6 |
|
|
Packit Service |
f1aff6 |
# Privilege escalation
|
|
Packit Service |
f1aff6 |
NoNewPrivileges=true
|