mirrors/xrdp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Simplify allowed system calls for xrdp

Browse Source 
- The command 'systemd-analyze syscall-filter' shows that the group
  @system-service added to the xrdp-service SystemCallFilter
  actually includes all of the other listed groups and individual
  services.  Consequently this line can be simplified to just specify
  @system-service.

- (reversion) The SystemCallErrorNumber setting in xrdp.service has been
  removed so that unauthorized system calls cause an immediate process exit.

(cherry picked from commit e0e9177f5e)
This commit is contained in:
matt335672 2024-03-22 11:38:42 +00:00
parent 252243ab6c
commit f688e680c9
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
instfiles/xrdp.service.in
View File

@ -10,9 +10,7 @@ EnvironmentFile=-@sysconfdir@/sysconfig/xrdp
EnvironmentFile=-@sysconfdir@/default/xrdp
ExecStart=@sbindir@/xrdp $XRDP_OPTIONS --nodaemon
SystemCallArchitectures=native
SystemCallFilter=@basic-io @file-system @io-event @ipc @network-io @process
SystemCallFilter=@signal @system-service ioctl madvise sysinfo uname
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service
[Install]
WantedBy=multi-user.target