From 73cd25615367ff1f9a19fdfd38017f68a12a354d Mon Sep 17 00:00:00 2001 From: Gary Lin Date: Tue, 7 Feb 2023 15:34:09 +0800 Subject: [PATCH] Make /etc/pki/pesign/ writeable The default NSS database for the pesign daemon is stored in /etc/pki/pesign/. Make it writeable after hardening the service. Signed-off-by: Gary Lin --- src/pesign.service.in | 1 + 1 file changed, 1 insertion(+) Index: pesign-116/src/pesign.service.in =================================================================== --- pesign-116.orig/src/pesign.service.in +++ pesign-116/src/pesign.service.in @@ -18,6 +18,7 @@ RestrictRealtime=true # end of automatic additions PIDFile=@@RUNDIR@@/pesign.pid ExecStart=/usr/bin/pesign --daemonize --nofork +ReadWritePaths=/etc/pki/pesign/ [Install] WantedBy=multi-user.target