[arch-commits] Commit in alertmanager/trunk (PKGBUILD alertmanager.service)
Jelle van der Waa
jelle at archlinux.org
Fri Sep 13 21:51:55 UTC 2019
Date: Friday, September 13, 2019 @ 21:51:54
Author: jelle
Revision: 362610
upgpkg: alertmanager 0.18.0-3
Add more hardening to alertmanager
Modified:
alertmanager/trunk/PKGBUILD
alertmanager/trunk/alertmanager.service
----------------------+
PKGBUILD | 4 ++--
alertmanager.service | 9 +++++++++
2 files changed, 11 insertions(+), 2 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2019-09-13 21:19:44 UTC (rev 362609)
+++ PKGBUILD 2019-09-13 21:51:54 UTC (rev 362610)
@@ -2,7 +2,7 @@
pkgname=alertmanager
pkgver=0.18.0
-pkgrel=2
+pkgrel=3
pkgdesc="Service which handles alerts sent by client applications such as the Prometheus server"
url="https://github.com/prometheus/alertmanager"
arch=(x86_64)
@@ -12,7 +12,7 @@
backup=('etc/alertmanager/alertmanager.yml')
source=($pkgname-$pkgver.tar.gz::https://github.com/prometheus/alertmanager/archive/v${pkgver}.tar.gz alertmanager.service alertmanager.sysusers)
sha512sums=('59faec308abaac3d2b59198fef25109b208de1a807b38803dc10722ff0caf1bac9d9795005fefb3b4e2acda62be136bfcafe7b9702ae52565021a424f99fa730'
- '3d99e1781488bba6cab6e13b0ec7f441efd1070b3deaad648fefd11ae18e28da8bea46af30b3459bb0935fd786c2e4045c5cd15d8ab3fb638c6827ba4e2fac92'
+ 'e814d4aca46c2e243a2fe137b2ca102d5adfc18a5d4ab1d316ae593e60a256f8f7f699eb2d8c28b74e6f26fd17b682df927517db4819b167ab0269aa3f76894e'
'469f321f40b0dd6e1cc6d0791032c476449bb2ab2364d57b06d0e0309d09710be8751ded64d84e29dd6e28e96b71ef69e2bee6c71282500a9074a9d7ada8bdf0')
build() {
Modified: alertmanager.service
===================================================================
--- alertmanager.service 2019-09-13 21:19:44 UTC (rev 362609)
+++ alertmanager.service 2019-09-13 21:51:54 UTC (rev 362610)
@@ -13,7 +13,16 @@
ProtectHome=true
ProtectSystem=full
ProtectHostname=true
+ProtectControlGroups=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
LockPersonality=true
+PrivateTmp=true
+PrivateDevices=True
+RestrictRealtime=true
+CapabilityBoundingSet=
+SystemCallArchitectures=native
+MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
More information about the arch-commits
mailing list