diff options
author | sebres <serg.brester@sebres.de> | 2020-04-15 17:35:04 +0200 |
---|---|---|
committer | sebres <serg.brester@sebres.de> | 2020-04-15 17:35:04 +0200 |
commit | 7e3061e7ace0e973378a17de04a2692142e1a6c1 (patch) | |
tree | 3f1df30aec1896dc408e3a0adfbf8999ccd142bd /files | |
parent | 136781d627aa70ab88f3fac3b6df398c21dc7387 (diff) | |
download | fail2ban-7e3061e7ace0e973378a17de04a2692142e1a6c1.tar.gz |
fail2ban.service systemd unit template: don't add user site directory to python system path (avoids accessing of `/root/.local` directory, prevents SE linux audit warning at daemon startup, gh-2688)
Diffstat (limited to 'files')
-rw-r--r-- | files/fail2ban.service.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/files/fail2ban.service.in b/files/fail2ban.service.in index 5e540545..9a245c61 100644 --- a/files/fail2ban.service.in +++ b/files/fail2ban.service.in @@ -6,6 +6,7 @@ PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftabl [Service] Type=simple +Environment="PYTHONNOUSERSITE=1" ExecStartPre=/bin/mkdir -p /run/fail2ban ExecStart=@BINDIR@/fail2ban-server -xf start # if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local |