[arch-commits] Commit in mailman3/trunk (PKGBUILD mailman3.service)
David Runge
dvzrv at archlinux.org
Sat Feb 1 23:24:30 UTC 2020
Date: Saturday, February 1, 2020 @ 23:24:29
Author: dvzrv
Revision: 561200
upgpkg: mailman3 3.3.0-5: Adding further address families (AF_{NETLINK,UNIX}) to RestrictAddressFamilies in mailman3.service, as they are not used by the application. Removing @privileged from the reverse SystemCallFilter in mailman3.service, as it prevents the REST API (using gunicorn) to start.
Modified:
mailman3/trunk/PKGBUILD
mailman3/trunk/mailman3.service
------------------+
PKGBUILD | 4 ++--
mailman3.service | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-02-01 20:10:03 UTC (rev 561199)
+++ PKGBUILD 2020-02-01 23:24:29 UTC (rev 561200)
@@ -3,7 +3,7 @@
_name=mailman
pkgname=mailman3
pkgver=3.3.0
-pkgrel=4
+pkgrel=5
pkgdesc="The GNU mailing list manager"
arch=('any')
url="https://www.list.org/"
@@ -39,7 +39,7 @@
"${pkgname}.tmpfiles")
sha512sums=('63cf30c102751c1cae086f4c046767c2d817ad57097bd60bc838ead19c4e29ed1bc5d4cc2c1eef40f41787daf60d8b98033f64064d6ad4567a9552b5fb2cabd8'
'SKIP'
- '31e578df554f866655986ba19f9f51a0eb7e9fb46b934e3e050c27935011af22d38148732f792b68b832871828534a9083bb096e0d30f0308476bdf6cc1859aa'
+ '6d1fbb52f72a93c66cc8018d83cbdde1878a3a759743f54252d711c027a732e942d2154a4ef62d011844373c66706dc91fc85757239ddcd07f77782d31b78d60'
'734e0cdf1198f6609a5e41312c48c5c4e492ba5b9acc3af4cd302a6ed148933396333077932e25aedfc50ff3f68b1d4898137193bdadaf71e23045ec8e96be10'
'5d7ccba8cf1262ab052078f2188ded15e43e1201302c7c24ce763efef9789ec99d8ea9a19e8fbd9bc5a38f47a162fe5cf4b0ade284894cb57af66350f23507bc'
'e610060021d6f2ebeb4ffb5b37d448efdd44154ace6f228a316e9712799dc620611953401f705bb76d1046b769b6e8316c9b1d143e535110e383a7762d866669'
Modified: mailman3.service
===================================================================
--- mailman3.service 2020-02-01 20:10:03 UTC (rev 561199)
+++ mailman3.service 2020-02-01 23:24:29 UTC (rev 561200)
@@ -25,13 +25,13 @@
ProtectKernelLogs=true
ProtectKernelModules=true
RemoveIPC=true
-RestrictAddressFamilies=~AF_PACKET
+RestrictAddressFamilies=~AF_PACKET AF_NETLINK AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
-SystemCallFilter=~@privileged @resources
+SystemCallFilter=~@resources
ReadWritePaths=/var/lock/mailman /var/spool/mailman
ReadOnlyPaths=/etc/mailman.cfg -/etc/mailman.d
RuntimeDirectory=mailman
More information about the arch-commits
mailing list