File: systemd-add-RestrictAddressFamilies-AF_NETLINK.patch

package info (click to toggle)
lighttpd 1.4.82-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 6,800 kB
  • sloc: ansic: 103,536; perl: 2,720; sh: 783; yacc: 726; makefile: 715
file content (33 lines) | stat: -rw-r--r-- 1,124 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
From e09c2a5dd6041152dd4937c30a230ce600021dc9 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Fri, 12 Sep 2025 20:47:54 -0400
Subject: [PATCH] [systemd] add RestrictAddressFamilies AF_NETLINK
Origin: upstream, https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/e09c2a5dd6041152dd4937c30a230ce600021dc9
Forwarded: not-needed

Add AF_NETLINK to RestrictAddressFamilies for syslog() implementations
on some architectures.

x-ref:
  "needs access to AF_NETLINK sockets"
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114554
---
 doc/systemd/lighttpd.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/systemd/lighttpd.service b/doc/systemd/lighttpd.service
index 1d00878c..4ab3e407 100644
--- a/doc/systemd/lighttpd.service
+++ b/doc/systemd/lighttpd.service
@@ -77,7 +77,7 @@ ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectProc=invisible
 ProtectSystem=full
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
 RestrictNamespaces=yes
 RestrictRealtime=yes
 RestrictSUIDSGID=yes
-- 
2.51.0