Add RestrictAddressFamilies to pulseha.service to prevent a CVE

Question

akadata opened this issue 7 years ago · comments

[Unit]
Description=PulseHA Daemon

[Service]
User=pulseha
Group=pulseha
Type=forking
ExecStart=/usr/local/sbin/pulse
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX

[Install]
WantedBy=default.target

Andrew Zak · Answer 1 · Thu Jan 04 2018 18:15:02 GMT+0800 (China Standard Time)

Cheers. Worked into dev branch