/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2016-03-04 22:07:35 UTC
  • Revision ID: teddy@recompile.se-20160304220735-4xeeqt5p4nhw5cuh
Restrict the Mandos server daemon in the systemd service file.

* mandos.service ([Service]/ProtectSystem): Set to "full".
 ([Service]/PrivateTmp, [Service]/PrivateDevices,
  [Service]/ProtectHome): Set to "yes".
 ([Service]/CapabilityBoundingSet): Set to "CAP_SETUID
                                    CAP_DAC_OVERRIDE CAP_NET_RAW".

Show diffs side-by-side

added added

removed removed

Lines of Context:
40
40
OPTIMIZE=-Os -fno-strict-aliasing
41
41
LANGUAGE=-std=gnu11
42
42
htmldir=man
43
 
version=1.7.6
 
43
version=1.7.3
44
44
SED=sed
45
45
 
46
46
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
75
75
##
76
76
 
77
77
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
78
 
TMPFILES=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
79
78
 
80
79
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
81
80
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
338
337
        elif install --directory --mode=u=rwx $(STATEDIR); then \
339
338
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
340
339
        fi
341
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
342
 
                install --mode=u=rwx,go=r tmpfiles.d-mandos.conf \
343
 
                        $(TMPFILES)/mandos.conf; \
344
 
        fi
345
340
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
346
341
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
347
342
                mandos-ctl
410
405
        install --mode=u=rwxs,go=rx \
411
406
                --target-directory=$(LIBDIR)/mandos/plugins.d \
412
407
                plugins.d/plymouth
413
 
        install --mode=u=rwx,go=rx \
 
408
        install --mode=u=rwxs,go=rx \
414
409
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
415
410
                plugin-helpers/mandos-client-iprouteadddel
416
411
        install initramfs-tools-hook \