Merge pull request #49395 from dtzWill/update/upower-0.99.9
upower: 0.99.7 -> 0.99.9, lock down service
This commit is contained in:
commit
1d9481a127
2 changed files with 29 additions and 3 deletions
|
@ -56,6 +56,32 @@ in
|
|||
{ Type = "dbus";
|
||||
BusName = "org.freedesktop.UPower";
|
||||
ExecStart = "@${cfg.package}/libexec/upowerd upowerd";
|
||||
Restart = "on-failure";
|
||||
# Upstream lockdown:
|
||||
# Filesystem lockdown
|
||||
ProtectSystem = "strict";
|
||||
# Needed by keyboard backlight support
|
||||
ProtectKernelTunables = false;
|
||||
ProtectControlGroups = true;
|
||||
ReadWritePaths = "/var/lib/upower";
|
||||
ProtectHome = true;
|
||||
PrivateTmp = true;
|
||||
|
||||
# Network
|
||||
# PrivateNetwork=true would block udev's netlink socket
|
||||
RestrictAddressFamilies = "AF_UNIX AF_NETLINK";
|
||||
|
||||
# Execute Mappings
|
||||
MemoryDenyWriteExecute = true;
|
||||
|
||||
# Modules
|
||||
ProtectKernelModules = true;
|
||||
|
||||
# Real-time
|
||||
RestrictRealtime = true;
|
||||
|
||||
# Privilege escalation
|
||||
NoNewPrivileges = true;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -4,11 +4,11 @@
|
|||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "upower-0.99.7";
|
||||
name = "upower-0.99.9";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://upower.freedesktop.org/releases/${name}.tar.xz";
|
||||
sha256 = "00d4830yvg84brdhz4kn60lr3r8rn2y8gdbhmhxm78i5mgvc5g14";
|
||||
url = https://gitlab.freedesktop.org/upower/upower/uploads/2282c7c0e53fb31816b824c9d1f547e8/upower-0.99.9.tar.xz;
|
||||
sha256 = "046ix7j7hmb7ycv8v54668kjsrgjhzwxn299c1d87vdnkd38kfh1";
|
||||
};
|
||||
|
||||
buildInputs =
|
||||
|
|
Loading…
Reference in a new issue