diff options
-rw-r--r-- | .SRCINFO | 6 | ||||
-rw-r--r-- | PKGBUILD | 6 | ||||
-rw-r--r-- | bandwidthd.service | 28 | ||||
-rw-r--r-- | bandwidthd.tmpfiles | 4 |
4 files changed, 35 insertions, 9 deletions
@@ -1,7 +1,7 @@ pkgbase = bandwidthd pkgdesc = Daemon for graphing traffic of subnet machines pkgver = 2.0.2.r1.0307fbba56 - pkgrel = 5 + pkgrel = 6 epoch = 1 url = https://github.com/neatbasis/bandwidthd arch = x86_64 @@ -32,13 +32,13 @@ pkgbase = bandwidthd sha256sums = 88c38a18b7bda6f3496dda3030ba118f8c461447dea426c13245099ae37a6d86 sha256sums = be5fa230311258f14d4af6a00496443bfbc1a148a77f237bb4a0b663947e090a sha256sums = fc38a5623e66d82dec2efd28d2729e76e8f3b6056fb2bc2462a1ea1549f68807 - sha256sums = f3a9ade36279f86e897d3842a8cb22a5a56db419b12f1689557b2d03ea765e58 + sha256sums = 89c13a354ec9f9d913d82d21989bfbc90de6c15eff98697f7043142ae02f0fbf sha256sums = ab93801ae0b05129aaf62a49c065fdb62b7ae16d88d8b956164c2f416df5da81 sha256sums = cd7b1ffff5dd9490ab69d777e459d79c229d5fef2e71a811df29f6c11e6acde4 sha256sums = 31780d5d9c67158277a0edeeb672c594af97f96678222107db47ab4b2ede43b2 sha256sums = 90e0fec629c87d2465ca311acedf0ca4ccf5d77ddf60a8db1f5095cc8c41a748 sha256sums = d734cea9710691a1658b9996e35cd407e85b542aa0961aec57fc49281516aa5d - sha256sums = 21886618648cbd5ac499328740e3d1185537d3ad81cfceeaeb3167c468fa4e41 + sha256sums = 6c9e5bf89ecb580261a5a68ac240bd80ee43a7516c79023864acacbd8cee0ae2 pkgname = bandwidthd @@ -5,7 +5,7 @@ _repouser=neatbasis _reponame=bandwidthd _rev=0307fbba56a39a6e65ebadf488ad87979c64fdef pkgver=2.0.2.r1.${_rev:0:10} -pkgrel=5 +pkgrel=6 epoch=1 pkgdesc="Daemon for graphing traffic of subnet machines" arch=(x86_64) @@ -33,13 +33,13 @@ sha256sums=('7e8ebf7e2eeb5266af904a8f7188b11d5a13ebb0343022c2a118b86f48a952e4' '88c38a18b7bda6f3496dda3030ba118f8c461447dea426c13245099ae37a6d86' 'be5fa230311258f14d4af6a00496443bfbc1a148a77f237bb4a0b663947e090a' 'fc38a5623e66d82dec2efd28d2729e76e8f3b6056fb2bc2462a1ea1549f68807' - 'f3a9ade36279f86e897d3842a8cb22a5a56db419b12f1689557b2d03ea765e58' + '89c13a354ec9f9d913d82d21989bfbc90de6c15eff98697f7043142ae02f0fbf' 'ab93801ae0b05129aaf62a49c065fdb62b7ae16d88d8b956164c2f416df5da81' 'cd7b1ffff5dd9490ab69d777e459d79c229d5fef2e71a811df29f6c11e6acde4' '31780d5d9c67158277a0edeeb672c594af97f96678222107db47ab4b2ede43b2' '90e0fec629c87d2465ca311acedf0ca4ccf5d77ddf60a8db1f5095cc8c41a748' 'd734cea9710691a1658b9996e35cd407e85b542aa0961aec57fc49281516aa5d' - '21886618648cbd5ac499328740e3d1185537d3ad81cfceeaeb3167c468fa4e41') + '6c9e5bf89ecb580261a5a68ac240bd80ee43a7516c79023864acacbd8cee0ae2') backup=('etc/bandwidthd/bandwidthd.conf' 'etc/bandwidthd/bandwidthd-webui.conf') diff --git a/bandwidthd.service b/bandwidthd.service index b9bf7c9734b4..24d3d370caa5 100644 --- a/bandwidthd.service +++ b/bandwidthd.service @@ -7,8 +7,34 @@ User=bandwidthd Group=bandwidthd CapabilityBoundingSet=CAP_NET_RAW AmbientCapabilities=CAP_NET_RAW +RestrictAddressFamilies=AF_UNIX AF_PACKET +RestrictNamespaces=true +PrivateDevices=true +NoNewPrivileges=true +PrivateTmp=true +ProtectClock=true +ProtectControlGroups=true +ProtectHome=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +StateDirectory=bandwidthd +RuntimeDirectory=bandwidthd +ConfigurationDirectory=bandwidthd +RestrictSUIDSGID=true +SystemCallArchitectures=native +RestrictRealtime=true +LockPersonality=true +MemoryDenyWriteExecute=true +RemoveIPC=true +UMask=066 +ProtectHostname=true +IPAddressDeny=any +SystemCallFilter=@system-service +SystemCallFilter=~@privileged ExecStart=/usr/bin/bandwidthd -D -c /etc/bandwidthd/bandwidthd.conf -PIDFile=/run/bandwidthd/bandwidthd.pid +PIDFile=bandwidthd/bandwidthd.pid [Install] WantedBy=multi-user.target diff --git a/bandwidthd.tmpfiles b/bandwidthd.tmpfiles index 8f846983a5b4..e83cc711d128 100644 --- a/bandwidthd.tmpfiles +++ b/bandwidthd.tmpfiles @@ -1,4 +1,4 @@ -d /var/lib/bandwidthd 0755 bandwidthd bandwidthd - +d /var/lib/bandwidthd 0700 bandwidthd bandwidthd - Z /var/lib/bandwidthd - bandwidthd bandwidthd - -d /run/bandwidthd 0755 bandwidthd bandwidthd - +d /run/bandwidthd 0700 bandwidthd bandwidthd - Z /run/bandwidthd - bandwidthd bandwidthd - |