fail2ban.service systemd unit template: don't add user site directory to python system path (avoids accessing of `/root/.local` directory, prevents SE linux audit warning at daemon startup, gh-2688)

author: sebres <serg.brester@sebres.de> 2020-04-15 17:35:04 +0200
committer: sebres <serg.brester@sebres.de> 2020-04-15 17:35:04 +0200
commit: 7e3061e7ace0e973378a17de04a2692142e1a6c1 (patch)
tree: 3f1df30aec1896dc408e3a0adfbf8999ccd142bd /files
parent: 136781d627aa70ab88f3fac3b6df398c21dc7387 (diff)
download: fail2ban-7e3061e7ace0e973378a17de04a2692142e1a6c1.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/files/fail2ban.service.in b/files/fail2ban.service.in
index 5e540545..9a245c61 100644
--- a/files/fail2ban.service.in
+++ b/files/fail2ban.service.in
@@ -6,6 +6,7 @@ PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftabl
 
 [Service]
 Type=simple
+Environment="PYTHONNOUSERSITE=1"
 ExecStartPre=/bin/mkdir -p /run/fail2ban
 ExecStart=@BINDIR@/fail2ban-server -xf start
 # if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
author	sebres <serg.brester@sebres.de>	2020-04-15 17:35:04 +0200
committer	sebres <serg.brester@sebres.de>	2020-04-15 17:35:04 +0200
commit	7e3061e7ace0e973378a17de04a2692142e1a6c1 (patch)
tree	3f1df30aec1896dc408e3a0adfbf8999ccd142bd /files
parent	136781d627aa70ab88f3fac3b6df398c21dc7387 (diff)
download	fail2ban-7e3061e7ace0e973378a17de04a2692142e1a6c1.tar.gz