master

分支 (23)

标签 (21)

管理

管理

master

openEuler-24.03-LTS

openEuler-24.03-LTS-Next

openEuler-24.03-LTS-SP1

openEuler-24.09

openEuler-22.03-LTS-SP3

openEuler-22.03-LTS-Next

openEuler-22.03-LTS-SP4

openEuler-23.09

openEuler-22.03-LTS-SP2

openEuler-20.03-LTS-SP3

openEuler-20.03-LTS-SP4

openEuler-22.03-LTS

openEuler-20.03-LTS-SP1

openEuler-22.03-LTS-SP1

openEuler-23.03

openEuler-22.09

openEuler-21.03

openEuler-21.09

openEuler-20.09

openEuler-24.03-LTS-SP1-release

openEuler-22.03-LTS-SP4-release

openEuler-24.09-release

openEuler-24.03-LTS-release

openEuler-22.03-LTS-SP3-release

openEuler-23.09-rc5

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

rng-tools
/
rng-tools-service-harden.patch

--- rng-tools-6.17/rngd.service.orig	2024-10-05 07:37:16.071162500 +0800
+++ rng-tools-6.17/rngd.service	2024-10-05 07:41:25.726337400 +0800
@@ -1,11 +1,24 @@
 [Unit]
 Description=Hardware RNG Entropy Gatherer Daemon
 ConditionVirtualization=!container
+ConditionKernelCommandLine=!fips=1

 # The "-f" option is required for the systemd service rngd to work with Type=simple
 [Service]
 Type=simple
-ExecStart=/usr/sbin/rngd -f
+EnvironmentFile=/etc/sysconfig/rngd
+ExecStart=/usr/sbin/rngd -f $RNGD_ARGS
+NoNewPrivileges=true
+PrivateNetwork=true
+PrivateTmp=true
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true

 [Install]
 WantedBy=multi-user.target