Add RestrictAddressFamilies to pulseha.service to prevent a CVE
akadata opened this issue · comments
Andrew Smalley commented
[Unit]
Description=PulseHA Daemon
[Service]
User=pulseha
Group=pulseha
Type=forking
ExecStart=/usr/local/sbin/pulse
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
[Install]
WantedBy=default.target
http://0pointer.net/blog/avoiding-cve-2016-8655-with-systemd.html
Andrew Zak commented
Cheers. Worked into dev branch