Update Systemd security settings

PackageKit · Mar 7, 2024 · 7eade14 · 7eade14
1 parent f1e4ad6
commit 7eade14
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/data/packagekit.service.in b/data/packagekit.service.in
@@ -11,3 +11,24 @@ Type=dbus
 BusName=org.freedesktop.PackageKit
 User=@PACKAGEKIT_USER@
 ExecStart=@libexecdir@/packagekitd
+DevicePolicy=closed
+KeyringMode=private
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=no
+PrivateDevices=yes
+PrivateTmp=true
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectProc=invisible
+ProtectSystem=no
+RemoveIPC=yes
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native