Adding upstream version 1.9.14.upstream/1.9.14

Signed-off-by: Daniel Baumann <daniel@debian.org>

1 files changed, 36 insertions, 0 deletions

diff --git a/contrib/Fedora/haveged.service b/contrib/Fedora/haveged.service
new file mode 100644
index 0000000..abb9cfc
--- /dev/null
+++ b/contrib/Fedora/haveged.service
@@ -0,0 +1,36 @@
+[Unit]
+Description=Entropy Daemon based on the HAVEGE algorithm
+Documentation=man:haveged(8) http://www.issihosts.com/haveged/
+DefaultDependencies=no
+After=systemd-tmpfiles-setup-dev.service
+Before=sysinit.target shutdown.target systemd-journald.service
+
+[Service]
+ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground
+Restart=always
+SuccessExitStatus=137 143
+
+SecureBits=noroot-locked
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
+# We can *not* set PrivateTmp=true as it can cause an ordering cycle.
+PrivateTmp=false
+PrivateDevices=true
+# We can *not* set PrivateNetwork=true to allow command mode (chroot when included in initramfs)
+#PrivateNetwork=true
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+RestrictNamespaces=true
+RestrictRealtime=true
+
+LockPersonality=true
+MemoryDenyWriteExecute=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@mount
+SystemCallErrorNumber=EPERM
+
+[Install]
+WantedBy=sysinit.target