Switch to my new Ublue CLI tool
This commit is contained in:
Gerald Pinder
48
usr-framework/etc/systemd/system/frpintd.service
Normal file
48
usr-framework/etc/systemd/system/frpintd.service
Normal file
@@ -0,0 +1,48 @@
|
||||
[Unit]
|
||||
Description=Fingerprint Authentication Daemon
|
||||
Documentation=man:fprintd(1)
|
||||
|
||||
[Service]
|
||||
Type=dbus
|
||||
BusName=net.reactivated.Fprint
|
||||
ExecStart=/usr/libexec/fprintd
|
||||
|
||||
# Filesystem lockdown
|
||||
ProtectSystem=strict
|
||||
ProtectKernelTunables=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectControlGroups=true
|
||||
# This always corresponds to /var/lib/fprint
|
||||
StateDirectory=fprint
|
||||
StateDirectoryMode=0700
|
||||
ProtectHome=true
|
||||
PrivateTmp=true
|
||||
|
||||
SystemCallFilter=@system-service
|
||||
|
||||
# Network
|
||||
RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
|
||||
|
||||
# Execute Mappings
|
||||
MemoryDenyWriteExecute=true
|
||||
|
||||
# Modules
|
||||
ProtectKernelModules=true
|
||||
|
||||
# Real-time
|
||||
RestrictRealtime=true
|
||||
|
||||
# Privilege escalation
|
||||
NoNewPrivileges=true
|
||||
|
||||
# Protect clock, allow USB and SPI device access
|
||||
ProtectClock=yes
|
||||
DeviceAllow=char-usb_device rw
|
||||
DeviceAllow=char-spi rw
|
||||
DeviceAllow=char-hidraw rw
|
||||
|
||||
# Allow tuning USB parameters (wakeup and persist)
|
||||
ReadWritePaths=/sys/devices
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user