30 lines
1 KiB
Diff
30 lines
1 KiB
Diff
|
From c70950f1e33aba5c58c337e8dfb73d40efed5b5d Mon Sep 17 00:00:00 2001
|
||
|
From: Dylan Van Assche <me@dylanvanassche.be>
|
||
|
Date: Sat, 1 Jun 2024 21:15:15 +0200
|
||
|
Subject: [PATCH 8/8] data: iio-sensor-proxy.service.in: add AF_QIPCRTR
|
||
|
|
||
|
Allow AF_QIPCRTR in lockdown for libssc.
|
||
|
Libssc uses the QMI protocol over QRTR in the kernel.
|
||
|
Systemd limits the address families to UNIX, LOCAL, and NETLINK.
|
||
|
However, QRTR uses its own address family: AF_QIPCRTR.
|
||
|
Add it to the allowed families.
|
||
|
---
|
||
|
data/iio-sensor-proxy.service.in | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/data/iio-sensor-proxy.service.in b/data/iio-sensor-proxy.service.in
|
||
|
index 4bc921b..29ea3c0 100644
|
||
|
--- a/data/iio-sensor-proxy.service.in
|
||
|
+++ b/data/iio-sensor-proxy.service.in
|
||
|
@@ -14,6 +14,6 @@ ProtectControlGroups=true
|
||
|
ProtectHome=true
|
||
|
ProtectKernelModules=true
|
||
|
PrivateTmp=true
|
||
|
-RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
|
||
|
+RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK AF_QIPCRTR
|
||
|
MemoryDenyWriteExecute=true
|
||
|
RestrictRealtime=true
|
||
|
--
|
||
|
2.45.1
|
||
|
|