mirror of
https://gitlab.postmarketos.org/postmarketOS/pmaports.git
synced 2025-07-23 14:55:14 +03:00
46 lines
928 B
Desktop File
46 lines
928 B
Desktop File
[Unit]
|
|
Description=Fingerprint Authentication Daemon
|
|
Documentation=man:fprintd(1)
|
|
|
|
[Service]
|
|
Type=dbus
|
|
BusName=net.reactivated.Fprint
|
|
ExecStart=/usr/libexec/fprintd
|
|
|
|
# Filesystem lockdown
|
|
ProtectSystem=strict
|
|
ProtectKernelTunables=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
# This always corresponds to /var/lib/fprint
|
|
StateDirectory=fprint
|
|
StateDirectoryMode=0700
|
|
ProtectHome=true
|
|
PrivateTmp=true
|
|
|
|
SystemCallFilter=@system-service
|
|
|
|
# Network
|
|
RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
|
|
|
|
# Execute Mappings
|
|
MemoryDenyWriteExecute=true
|
|
|
|
# Modules
|
|
ProtectKernelModules=true
|
|
|
|
# Real-time
|
|
RestrictRealtime=true
|
|
|
|
# Privilege escalation
|
|
NoNewPrivileges=true
|
|
|
|
# Protect clock, allow USB and SPI device access
|
|
ProtectClock=yes
|
|
DeviceAllow=char-usb_device rw
|
|
DeviceAllow=char-spi rw
|
|
DeviceAllow=char-hidraw rw
|
|
DeviceAllow=/dev/cros_fp rw
|
|
|
|
# Allow tuning USB parameters (wakeup and persist)
|
|
ReadWritePaths=/sys/devices
|