upd: add more sandboxing directives to gigi-proxy.service
authorLucas Werkmeister <mail@lucaswerkmeister.de>
Wed, 18 Jan 2017 13:06:39 +0000 (14:06 +0100)
committerLucas Werkmeister <mail@lucaswerkmeister.de>
Thu, 19 Jan 2017 10:28:04 +0000 (11:28 +0100)
commita9405c7e4b3aaa670f4b53da18c0b15448c87c2c
tree1d6d78c4984d69697e7d3ebe41884cdf19f57e66
parentcd8500a5faf420aace24ee253a4f2407eb85588d
upd: add more sandboxing directives to gigi-proxy.service

Most notably, the set of permitted syscalls excludes fork and many file
system commands like unlink or rmdir.

Change-Id: I87827f6ed0025570288611cf257c6e3a01769593
debian/cacert-gigi-testing.install
debian/cacert-gigi.install
debian/gigi-proxy.service
debian/gigi-proxy.service.d/SystemCallFilter.conf [new file with mode: 0644]