diff options
Diffstat (limited to 'src/grp-machine/grp-import/systemd-importd')
3 files changed, 5 insertions, 5 deletions
diff --git a/src/grp-machine/grp-import/systemd-importd/Makefile b/src/grp-machine/grp-import/systemd-importd/Makefile index 1f5bae1267..e00f531a0d 100644 --- a/src/grp-machine/grp-import/systemd-importd/Makefile +++ b/src/grp-machine/grp-import/systemd-importd/Makefile @@ -34,9 +34,9 @@ systemd_importd_CFLAGS = \ -D SYSTEMD_EXPORT_PATH=\"$(rootlibexecdir)/systemd-export\" systemd_importd_LDADD = \ - libshared.la + libsystemd-shared.la -dist_rootlibexec_DATA = \ +dist_rootlibexec_DATA += \ src/import/import-pubring.gpg nodist_systemunit_DATA += \ diff --git a/src/grp-machine/grp-import/systemd-importd/importd.c b/src/grp-machine/grp-import/systemd-importd/importd.c index e790c0c475..f032f06fcf 100644 --- a/src/grp-machine/grp-import/systemd-importd/importd.c +++ b/src/grp-machine/grp-import/systemd-importd/importd.c @@ -448,9 +448,7 @@ static int transfer_start(Transfer *t) { safe_close(null_fd); } - fd_cloexec(STDIN_FILENO, false); - fd_cloexec(STDOUT_FILENO, false); - fd_cloexec(STDERR_FILENO, false); + stdio_unset_cloexec(); setenv("SYSTEMD_LOG_TARGET", "console-prefixed", 1); setenv("NOTIFY_SOCKET", "/run/systemd/import/notify", 1); diff --git a/src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in b/src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in index b74ad72cdc..0f5489e7e3 100644 --- a/src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in +++ b/src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in @@ -17,3 +17,5 @@ CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_ NoNewPrivileges=yes WatchdogSec=3min KillMode=mixed +MemoryDenyWriteExecute=yes +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io |