Merge remote-tracking branch 'intrigeri/bug12939-systemd-no-new-privileges'

Conflicts: contrib/dist/tor.service.in
2024-11-10 13:13:44 +01:00 · 2014-09-03 13:29:43 -04:00 · 2014-09-03 13:29:43 -04:00 · 54348201f7
commit 54348201f7
parent f58cdb3be7 a8dd279fa5
2 changed files with 5 additions and 0 deletions
--- a/changes/bug12939-systemd-no-new-privileges
+++ b/changes/bug12939-systemd-no-new-privileges
@ -0,0 +1,4 @@
+  o Distribution:
+    - systemd unit file: ensures that the process and all its children
+      can never gain new privileges.
+      Patch by intrigeri; resolves ticket 12939.
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@ -22,6 +22,7 @@ InaccessibleDirectories = /home
 ReadOnlyDirectories = /
 ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
 ReadWriteDirectories = @LOCALSTATEDIR@/log/tor
+NoNewPrivileges = yes

 [Install]
 WantedBy = multi-user.target