service files: Add MemoryDenyWriteExecute

author Pieter Lexis <pieter.lexis@powerdns.com>

Fri, 3 Dec 2021 10:01:00 +0000 (11:01 +0100)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Wed, 7 Dec 2022 09:00:38 +0000 (10:00 +0100)
author Pieter Lexis <pieter.lexis@powerdns.com>
Fri, 3 Dec 2021 10:01:00 +0000 (11:01 +0100)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Wed, 7 Dec 2022 09:00:38 +0000 (10:00 +0100)
diff --git a/pdns/Makefile.am b/pdns/Makefile.am

index 9022aef3b1e760210a9eb09e8248fe3f224962b4..0e02e4efbbf6f77be80e2c9f6672b47ff5b24c25 100644 (file)
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -1793,6 +1793,9 @@ endif
  if !HAVE_SYSTEMD_SYSTEM_CALL_FILTER
         $(AM_V_GEN)perl -ni -e 'print unless /^SystemCallFilter/' $@
  endif
+if !HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE
+       $(AM_V_GEN)perl -ni -e 'print unless /^MemoryDenyWriteExecute/' $@
+endif
  if !HAVE_SYSTEMD_PROTECT_PROC
         $(AM_V_GEN)perl -ni -e 'print unless /^ProtectProc/' $@
  endif
@@ -1879,6 +1882,9 @@ endif
  if !HAVE_SYSTEMD_PROTECT_PROC
         $(AM_V_GEN)perl -ni -e 'print unless /^ProtectProc/' $@
  endif
+if !HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE
+       $(AM_V_GEN)perl -ni -e 'print unless /^MemoryDenyWriteExecute/' $@
+endif
  
  ixfrdist@.service: ixfrdist.service
         $(AM_V_GEN)sed -e 's!/ixfrdist!& --config $(sysconfdir)/ixfrdist-%i.yml!' \
diff --git a/pdns/dnsdistdist/Makefile.am b/pdns/dnsdistdist/Makefile.am

index bb86e2651d2b9ab8341f29530bc223808d00a973..820cd93a899af3cc253b866f1bd12b1a6b63bbfe 100644 (file)
--- a/pdns/dnsdistdist/Makefile.am
+++ b/pdns/dnsdistdist/Makefile.am
@@ -542,6 +542,9 @@ endif
  if !HAVE_SYSTEMD_PROTECT_PROC
         $(AM_V_GEN)perl -ni -e 'print unless /^ProtectProc/' $@
  endif
+if !HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE
+       $(AM_V_GEN)perl -ni -e 'print unless /^MemoryDenyWriteExecute/' $@
+endif
  
  dnsdist@.service: dnsdist.service
         $(AM_V_GEN)sed -e 's!/dnsdist !&--config $(sysconfdir)/dnsdist-%i.conf !' \
diff --git a/pdns/dnsdistdist/dnsdist.service.in b/pdns/dnsdistdist/dnsdist.service.in

index 3ad9def6e8e2bb17adb2ca9214b9a491206ed831..65acb73aa25c0b578b5ec1902320f440cc64399b 100644 (file)
--- a/pdns/dnsdistdist/dnsdist.service.in
+++ b/pdns/dnsdistdist/dnsdist.service.in
@@ -51,6 +51,7 @@ RestrictSUIDSGID=true
  SystemCallArchitectures=native
  SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete
  ProtectProc=invisible
+MemoryDenyWriteExecute=true
  
  [Install]
  WantedBy=multi-user.target
diff --git a/pdns/ixfrdist.service.in b/pdns/ixfrdist.service.in

index 2de29d500c0383540d5eacfb7021bb487b7ef23d..76d0cdd01af0fcb8cd88f20c5cc327264c14a3ad 100644 (file)
--- a/pdns/ixfrdist.service.in
+++ b/pdns/ixfrdist.service.in
@@ -35,6 +35,7 @@ RestrictSUIDSGID=true
  SystemCallArchitectures=native
  SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete
  ProtectProc=invisible
+MemoryDenyWriteExecute=true
  
  [Install]
  WantedBy=multi-user.target
diff --git a/pdns/pdns.service.in b/pdns/pdns.service.in

index 811705e5d0bcced4ecbc1fd28ace5efd24fbba48..27e5701d915225d800dc52724d8c161b3f4f22a0 100644 (file)
--- a/pdns/pdns.service.in
+++ b/pdns/pdns.service.in
@@ -41,6 +41,7 @@ RestrictSUIDSGID=true
  SystemCallArchitectures=native
  SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete
  ProtectProc=invisible
+MemoryDenyWriteExecute=true
  
  [Install]
  WantedBy=multi-user.target
diff --git a/pdns/recursordist/Makefile.am b/pdns/recursordist/Makefile.am

index 023b05e2dd568b4b91fd15e1c676a3b6a2675ef2..3bae24e3ae55372494a924c96cedf6d4d355fbdf 100644 (file)
--- a/pdns/recursordist/Makefile.am
+++ b/pdns/recursordist/Makefile.am
@@ -624,6 +624,9 @@ endif
  if !HAVE_SYSTEMD_PROTECT_PROC
         $(AM_V_GEN)perl -ni -e 'print unless /^ProtectProc/' $@
  endif
+if !HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE
+       $(AM_V_GEN)perl -ni -e 'print unless /^MemoryDenyWriteExecute/' $@
+endif
  
  pdns-recursor@.service: pdns-recursor.service
         $(AM_V_GEN)sed -e 's!/pdns_recursor!& --config-name=%i!' \
diff --git a/pdns/recursordist/pdns-recursor.service.in b/pdns/recursordist/pdns-recursor.service.in

index 625f827bb8c66ba2fdecbf9329daf3ede876b077..3062e83f658b73fdb0a23bb7ca66e9f1ebd5e1f1 100644 (file)
--- a/pdns/recursordist/pdns-recursor.service.in
+++ b/pdns/recursordist/pdns-recursor.service.in
@@ -42,6 +42,7 @@ RestrictSUIDSGID=true
  SystemCallArchitectures=native
  SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete
  ProtectProc=invisible
+MemoryDenyWriteExecute=true
  
  [Install]
  WantedBy=multi-user.target
author	Pieter Lexis <pieter.lexis@powerdns.com>
	Fri, 3 Dec 2021 10:01:00 +0000 (11:01 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Wed, 7 Dec 2022 09:00:38 +0000 (10:00 +0100)
pdns/Makefile.am		patch \| blob \| blame \| history
pdns/dnsdistdist/Makefile.am		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist.service.in		patch \| blob \| blame \| history
pdns/ixfrdist.service.in		patch \| blob \| blame \| history
pdns/pdns.service.in		patch \| blob \| blame \| history
pdns/recursordist/Makefile.am		patch \| blob \| blame \| history
pdns/recursordist/pdns-recursor.service.in		patch \| blob \| blame \| history