From 6d231ecdd092a82a250f4d89f6d9dae22ffbad41 Mon Sep 17 00:00:00 2001 From: computezrmle <57127745+computezrmle@users.noreply.github.com> Date: Sat, 28 Dec 2024 09:39:20 +0100 Subject: [PATCH 1/3] Update boinc-client.service.in --- client/scripts/boinc-client.service.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/scripts/boinc-client.service.in b/client/scripts/boinc-client.service.in index 3382bdc9272..338be00a742 100644 --- a/client/scripts/boinc-client.service.in +++ b/client/scripts/boinc-client.service.in @@ -7,9 +7,9 @@ After=vboxdrv.service network-online.target [Service] Type=simple ProtectHome=true -ProtectSystem=full +ProtectSystem=strict ProtectControlGroups=true -ReadWritePaths=-/var/lib/boinc -/etc/boinc-client +ReadWritePaths=-/var/lib/boinc -/etc/boinc-client -/tmp Nice=10 User=boinc WorkingDirectory=/var/lib/boinc From 1a6a6fd2fcba96b0caf44d40b5b5ef5d9509bd5b Mon Sep 17 00:00:00 2001 From: computezrmle <57127745+computezrmle@users.noreply.github.com> Date: Sun, 29 Dec 2024 07:34:21 +0100 Subject: [PATCH 2/3] Update linux_package_integration_tests.py Add '-/tmp' to 'ReadWritePaths'. --- tests/linux_package_integration_tests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/linux_package_integration_tests.py b/tests/linux_package_integration_tests.py index 34dbdde3084..b0c1e599dd6 100644 --- a/tests/linux_package_integration_tests.py +++ b/tests/linux_package_integration_tests.py @@ -148,7 +148,7 @@ def test_user(self): def test_selected_values_from_boinc_client_service_file(self): ts = testset.TestSet("Test selected values from the '/usr/lib/systemd/system/boinc-client.service' file") data = self._get_key_value_pairs_from_file("/usr/lib/systemd/system/boinc-client.service") - ts.expect_equal(data["ReadWritePaths"], "-/var/lib/boinc -/etc/boinc-client", "Test 'ReadWritePaths' is correctly set") + ts.expect_equal(data["ReadWritePaths"], "-/var/lib/boinc -/etc/boinc-client -/tmp", "Test 'ReadWritePaths' is correctly set") ts.expect_equal(data["User"], "boinc", "Test 'User' is correctly set") ts.expect_equal(data["WorkingDirectory"], "/var/lib/boinc", "Test 'WorkingDirectory' is correctly set") ts.expect_equal(data["ExecStart"], "/usr/local/bin/boinc", "Test 'ExecStart' is correctly set") From cd3ad4e337475e901daa7e20bddcd90079499fa4 Mon Sep 17 00:00:00 2001 From: computezrmle <57127745+computezrmle@users.noreply.github.com> Date: Sun, 29 Dec 2024 09:08:19 +0100 Subject: [PATCH 3/3] Update linux_package_integration_tests.py Add test for 'ProtectSystem=strict'. --- tests/linux_package_integration_tests.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/linux_package_integration_tests.py b/tests/linux_package_integration_tests.py index b0c1e599dd6..aacde6486c3 100644 --- a/tests/linux_package_integration_tests.py +++ b/tests/linux_package_integration_tests.py @@ -148,6 +148,7 @@ def test_user(self): def test_selected_values_from_boinc_client_service_file(self): ts = testset.TestSet("Test selected values from the '/usr/lib/systemd/system/boinc-client.service' file") data = self._get_key_value_pairs_from_file("/usr/lib/systemd/system/boinc-client.service") + ts.expect_equal(data["ProtectSystem"], "strict", "Test 'ProtectSystem' is correctly set") ts.expect_equal(data["ReadWritePaths"], "-/var/lib/boinc -/etc/boinc-client -/tmp", "Test 'ReadWritePaths' is correctly set") ts.expect_equal(data["User"], "boinc", "Test 'User' is correctly set") ts.expect_equal(data["WorkingDirectory"], "/var/lib/boinc", "Test 'WorkingDirectory' is correctly set")