[arch-commits] Commit in prometheus-blackbox-exporter/trunk (2 files)
Jelle van der Waa
jelle at archlinux.org
Wed Aug 28 14:11:12 UTC 2019
Date: Wednesday, August 28, 2019 @ 14:11:12
Author: jelle
Revision: 361322
upgpkg: prometheus-blackbox-exporter 0.14.0-4
Harden blackbox exporter service
Modified:
prometheus-blackbox-exporter/trunk/PKGBUILD
prometheus-blackbox-exporter/trunk/prometheus-blackbox-exporter.service
--------------------------------------+
PKGBUILD | 4 ++--
prometheus-blackbox-exporter.service | 9 +++++++++
2 files changed, 11 insertions(+), 2 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2019-08-28 11:26:41 UTC (rev 361321)
+++ PKGBUILD 2019-08-28 14:11:12 UTC (rev 361322)
@@ -2,7 +2,7 @@
pkgname=prometheus-blackbox-exporter
pkgver=0.14.0
-pkgrel=3
+pkgrel=4
pkgdesc="Allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP"
arch=('x86_64')
url="https://github.com/prometheus/blackbox_exporter"
@@ -11,7 +11,7 @@
makedepends=(go-pie git)
source=(https://github.com/prometheus/blackbox_exporter/archive/v${pkgver}.tar.gz prometheus-blackbox-exporter.service)
sha512sums=('58f379cdeef671376105532450ffb3a6fef0ea071d493fbef40d761c6cbaec47bb49c9c2e5c070f3d0e598396d7ad9b2c5af100c9a69aee04877442c7bdaf120'
- '1d874c5dac3c36cb9e74cf3aa7b91d92560156acfe314179608bc8534ee38bed1f7f01368a5e85fac4d954ff84039f7cc4548803a5a9167baca69163f1ba7514')
+ '3d8c060bda4baf6ae56f162fd6b3f8668bae8e80a7cd40a40cca007fe565c5872142dac8c1821944aa146d52b55720b9cc3e4b3e3ec77f76241f0cdbf01532b3')
check() {
cd blackbox_exporter-$pkgver
Modified: prometheus-blackbox-exporter.service
===================================================================
--- prometheus-blackbox-exporter.service 2019-08-28 11:26:41 UTC (rev 361321)
+++ prometheus-blackbox-exporter.service 2019-08-28 14:11:12 UTC (rev 361322)
@@ -7,5 +7,14 @@
ExecReload=/bin/kill -HUP $MAINPID
DynamicUser=true
+NoNewPrivilieges=true
+ProtectSystem=full
+ProtectKernelModules=true
+ProtectKernelTunables=true
+PrivateTmp=true
+LockPersonality=true
+ProtectHostname=true
+ProtectControlGroups=true
+
[Install]
WantedBy=multi-user.target
More information about the arch-commits
mailing list