[amavisd-new] Service unit files hardening

Juan Orti jorti at fedoraproject.org
Mon May 12 09:25:10 UTC 2014 

commit 0fcfaa5af9aa7529ba357a7d49fe7cf6a2a72323
Author: Juan Orti Alcaine <j.orti.alcaine at gmail.com>
Date:   Mon May 12 11:24:54 2014 +0200

    Service unit files hardening

 amavisd-clean-quarantine.service |    4 ++++
 amavisd-clean-tmp.service        |    4 ++++
 amavisd-new.spec                 |    5 ++++-
 amavisd-snmp.service             |    1 +
 4 files changed, 13 insertions(+), 1 deletions(-)
---
diff --git a/amavisd-clean-quarantine.service b/amavisd-clean-quarantine.service
index 62c01cd..2bb8b3f 100644
--- a/amavisd-clean-quarantine.service
+++ b/amavisd-clean-quarantine.service
@@ -5,4 +5,8 @@ Description=Clean amavisd quarantine folder
 Type=oneshot
 User=amavis
 Group=amavis
+PrivateTmp=true
+PrivateDevices=true
+PrivateNetwork=true
+NoNewPrivileges=true
 ExecStart=/usr/sbin/tmpwatch -d 720 /var/spool/amavisd/quarantine
diff --git a/amavisd-clean-tmp.service b/amavisd-clean-tmp.service
index ff5073f..70fcffc 100644
--- a/amavisd-clean-tmp.service
+++ b/amavisd-clean-tmp.service
@@ -5,4 +5,8 @@ Description=Clean amavisd tmp folder
 Type=oneshot
 User=amavis
 Group=amavis
+PrivateTmp=true
+PrivateDevices=true
+PrivateNetwork=true
+NoNewPrivileges=true
 ExecStart=/usr/sbin/tmpwatch 24 /var/spool/amavisd/tmp
diff --git a/amavisd-new.spec b/amavisd-new.spec
index c5ae3cf..b1a0a5a 100644
--- a/amavisd-new.spec
+++ b/amavisd-new.spec
@@ -3,7 +3,7 @@
 Summary:        Email filter with virus scanner and spamassassin support
 Name:           amavisd-new
 Version:        2.9.0
-Release:        1%{?prerelease:.%{prerelease}}%{?dist}
+Release:        2%{?prerelease:.%{prerelease}}%{?dist}
 # LDAP schema is GFDL, some helpers are BSD, core is GPLv2+
 License:        GPLv2+ and BSD and GFDL
 Group:          Applications/System
@@ -231,6 +231,9 @@ systemctl start amavisd-clean-quarantine.timer >/dev/null 2>&1 || :
 %{_sbindir}/amavisd-snmp-subagent
 
 %changelog
+* Mon May 12 2014 Juan Orti Alcaine <jorti at fedoraproject.org> 2.9.0-2
+- Service unit files hardening
+
 * Sun May 11 2014 Juan Orti Alcaine <jorti at fedoraproject.org> 2.9.0-1
 - Update to version 2.9.0
 - Rework amavisd-conf.patch
diff --git a/amavisd-snmp.service b/amavisd-snmp.service
index 955b88c..94b3537 100644
--- a/amavisd-snmp.service
+++ b/amavisd-snmp.service
@@ -10,6 +10,7 @@ PIDFile=/var/run/amavisd/amavisd-snmp-subagent.pid
 ExecStart=/usr/sbin/amavisd-snmp-subagent -D /var/spool/amavisd/db -P /var/run/amavisd/amavisd-snmp-subagent.pid
 Restart=on-failure
 PrivateTmp=true
+PrivateDevices=true
 NoNewPrivileges=true
 
 [Install]

More information about the scm-commits mailing list