From 2a16b9d559ea1d81195b8b09bf42ddfe5e9a3d5f Mon Sep 17 00:00:00 2001 From: Justin Ludwig Date: Sun, 8 Mar 2020 20:14:16 -0700 Subject: [PATCH] relax execmem restrictions for feeder service tls Signed-off-by: Justin Ludwig --- feeder/etc/feeder.service | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/feeder/etc/feeder.service b/feeder/etc/feeder.service index 8fbaf8f..bd4876f 100644 --- a/feeder/etc/feeder.service +++ b/feeder/etc/feeder.service @@ -13,7 +13,9 @@ Restart=always # HARDENING LockPersonality=yes -MemoryDenyWriteExecute=yes +# listening for TLS connections requires write+execute memory +# see https://github.com/pyca/pyopenssl/issues/873 +# MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes PrivateTmp=yes -- 2.26.2