mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-06-05 07:37:47 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Allow /dev/tpmrm0 on older systemd versions ()

Browse source 
Older systemd versions require a specific device allow for the tpm to be accessed.
This commit is contained in:
Firstyear 2024-02-27 12:13:31 +10:00 committed by GitHub
parent adb575947f
commit 7b490d73dc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 5 additions and 0 deletions
platform
debian/systemd
kanidm-unixd.service
opensuse
kanidm-unixd.service

2
platform/debian/systemd/kanidm-unixd.service
View file

@ -35,6 +35,8 @@ NoNewPrivileges=true
PrivateTmp=true PrivateTmp=true
# We have to disable this to allow tpmrm0 access for tpm binding. # We have to disable this to allow tpmrm0 access for tpm binding.
PrivateDevices=false PrivateDevices=false
# Older versions of systemd require this to be explicitly allowed.
DeviceAllow=/dev/tpmrm0 rw
ProtectHostname=true ProtectHostname=true
ProtectClock=true ProtectClock=true
ProtectKernelTunables=true ProtectKernelTunables=true

3
platform/opensuse/kanidm-unixd.service
View file

@ -35,6 +35,9 @@ NoNewPrivileges=true
PrivateTmp=true PrivateTmp=true
# We have to disable this to allow tpmrm0 access for tpm binding. # We have to disable this to allow tpmrm0 access for tpm binding.
PrivateDevices=false PrivateDevices=false
# Older versions of systemd require this to be explicitly allowed.
DeviceAllow=/dev/tpmrm0 rw
ProtectHostname=true ProtectHostname=true
ProtectClock=true ProtectClock=true
ProtectKernelTunables=true ProtectKernelTunables=true