From f2563c582c45847c0f3c6175075785a0ffd0f3dd Mon Sep 17 00:00:00 2001 From: Archi Date: Wed, 27 Sep 2023 13:48:00 +0200 Subject: [PATCH] Closes #3014 AF_UNIX is apparently needed on arch AF_NETLINK will be mandatory since .NET 8, but based on my research even .NET 7 uses it in some conditions, so it makes sense to patch it right away as our previous settings were too restrictive, even if it did in fact work --- .../overlay/variant-base/linux/ArchiSteamFarm@.service | 2 +- .../variant-specific/generic-netf/ArchiSteamFarm@.service | 2 +- .../overlay/variant-specific/generic/ArchiSteamFarm@.service | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ArchiSteamFarm/overlay/variant-base/linux/ArchiSteamFarm@.service b/ArchiSteamFarm/overlay/variant-base/linux/ArchiSteamFarm@.service index 820032dd51d1f..80342d0cf5c98 100644 --- a/ArchiSteamFarm/overlay/variant-base/linux/ArchiSteamFarm@.service +++ b/ArchiSteamFarm/overlay/variant-base/linux/ArchiSteamFarm@.service @@ -30,7 +30,7 @@ ProtectProc=invisible ProtectSystem=strict ReadWritePaths=/home/%i/ArchiSteamFarm /tmp RemoveIPC=yes -RestrictAddressFamilies=AF_INET AF_INET6 +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes diff --git a/ArchiSteamFarm/overlay/variant-specific/generic-netf/ArchiSteamFarm@.service b/ArchiSteamFarm/overlay/variant-specific/generic-netf/ArchiSteamFarm@.service index ea22c48801af0..f8fda0b80bd05 100644 --- a/ArchiSteamFarm/overlay/variant-specific/generic-netf/ArchiSteamFarm@.service +++ b/ArchiSteamFarm/overlay/variant-specific/generic-netf/ArchiSteamFarm@.service @@ -30,7 +30,7 @@ ProtectProc=invisible ProtectSystem=strict ReadWritePaths=/home/%i/ArchiSteamFarm /tmp RemoveIPC=yes -RestrictAddressFamilies=AF_INET AF_INET6 +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes diff --git a/ArchiSteamFarm/overlay/variant-specific/generic/ArchiSteamFarm@.service b/ArchiSteamFarm/overlay/variant-specific/generic/ArchiSteamFarm@.service index c82e01dc92053..215b7fc36274e 100644 --- a/ArchiSteamFarm/overlay/variant-specific/generic/ArchiSteamFarm@.service +++ b/ArchiSteamFarm/overlay/variant-specific/generic/ArchiSteamFarm@.service @@ -30,7 +30,7 @@ ProtectProc=invisible ProtectSystem=strict ReadWritePaths=/home/%i/ArchiSteamFarm /tmp RemoveIPC=yes -RestrictAddressFamilies=AF_INET AF_INET6 +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes