/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-monitor

  • Committer: Teddy Hogeborn
  • Date: 2016-03-04 22:07:35 UTC
  • Revision ID: teddy@recompile.se-20160304220735-4xeeqt5p4nhw5cuh
Restrict the Mandos server daemon in the systemd service file.

* mandos.service ([Service]/ProtectSystem): Set to "full".
 ([Service]/PrivateTmp, [Service]/PrivateDevices,
  [Service]/ProtectHome): Set to "yes".
 ([Service]/CapabilityBoundingSet): Set to "CAP_SETUID
                                    CAP_DAC_OVERRIDE CAP_NET_RAW".

Show diffs side-by-side

added added

removed removed

Lines of Context:
40
40
 
41
41
from dbus.mainloop.glib import DBusGMainLoop
42
42
try:
43
 
    from gi.repository import GObject
 
43
    import gobject
44
44
except ImportError:
45
 
    import gobject as GObject
 
45
    from gi.repository import GObject as gobject
46
46
 
47
47
import dbus
48
48
 
172
172
        """
173
173
        if flag and self._update_timer_callback_tag is None:
174
174
            # Will update the shown timer value every second
175
 
            self._update_timer_callback_tag = (GObject.timeout_add
 
175
            self._update_timer_callback_tag = (gobject.timeout_add
176
176
                                               (1000,
177
177
                                                self.update_timer))
178
178
        elif not (flag or self._update_timer_callback_tag is None):
179
 
            GObject.source_remove(self._update_timer_callback_tag)
 
179
            gobject.source_remove(self._update_timer_callback_tag)
180
180
            self._update_timer_callback_tag = None
181
181
    
182
182
    def checker_completed(self, exitstatus, condition, command):
309
309
            self.update_hook()
310
310
    
311
311
    def update_timer(self):
312
 
        """called by GObject. Will indefinitely loop until
313
 
        GObject.source_remove() on tag is called"""
 
312
        """called by gobject. Will indefinitely loop until
 
313
        gobject.source_remove() on tag is called"""
314
314
        self.update()
315
315
        return True             # Keep calling this
316
316
    
317
317
    def delete(self, **kwargs):
318
318
        if self._update_timer_callback_tag is not None:
319
 
            GObject.source_remove(self._update_timer_callback_tag)
 
319
            gobject.source_remove(self._update_timer_callback_tag)
320
320
            self._update_timer_callback_tag = None
321
321
        for match in self.match_objects:
322
322
            match.remove()
465
465
                              "q: Quit  ?: Help"))
466
466
        
467
467
        self.busname = domain + '.Mandos'
468
 
        self.main_loop = GObject.MainLoop()
 
468
        self.main_loop = gobject.MainLoop()
469
469
    
470
470
    def client_not_found(self, fingerprint, address):
471
471
        self.log_message("Client with address {} and fingerprint {}"
640
640
                            path=path)
641
641
        
642
642
        self.refresh()
643
 
        self._input_callback_tag = (GObject.io_add_watch
 
643
        self._input_callback_tag = (gobject.io_add_watch
644
644
                                    (sys.stdin.fileno(),
645
 
                                     GObject.IO_IN,
 
645
                                     gobject.IO_IN,
646
646
                                     self.process_input))
647
647
        self.main_loop.run()
648
648
        # Main loop has finished, we should close everything now
649
 
        GObject.source_remove(self._input_callback_tag)
 
649
        gobject.source_remove(self._input_callback_tag)
650
650
        self.screen.stop()
651
651
    
652
652
    def stop(self):