fprintd.service.in 533 Bytes
Newer Older
Colin Walters's avatar
Colin Walters committed
1 2 3 4 5 6 7 8
[Unit]
Description=Fingerprint Authentication Daemon
Documentation=man:fprintd(1)

[Service]
Type=dbus
BusName=net.reactivated.Fprint
ExecStart=@libexecdir@/fprintd
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

# Filesystem lockdown
ProtectSystem=strict
ProtectKernelTunables=true
ProtectControlGroups=true
ReadWritePaths=@localstatedir@/lib/fprint
ProtectHome=true
PrivateTmp=true

# Network
PrivateNetwork=true

# Execute Mappings
MemoryDenyWriteExecute=true

# Modules
ProtectKernelModules=true

# Real-time
RestrictRealtime=true
29 30 31

# Privilege escalation
NoNewPrivileges=true