From 0cbeddf0a209ef5cb7ab0804e9ec40b811245112 Mon Sep 17 00:00:00 2001
From: Michael Prokop <mprokop@sipwise.com>
Date: Fri, 12 Feb 2021 14:44:42 +0100
Subject: [PATCH] TT#110904 TT#76552 Fix systemd hardening for rand() access

We need readonly access to /dev/urandom, otherwise the rand()
calls might fail, as seen in kamailio-config-tests.

Change-Id: Id132191994ae5fe74ec3ebb7d34a4a5d50769dbc
Thanks: Victor Seva for reporting
---
 debian/ngcp-mediator.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/ngcp-mediator.service b/debian/ngcp-mediator.service
index 8eed2cc..6f54278 100644
--- a/debian/ngcp-mediator.service
+++ b/debian/ngcp-mediator.service
@@ -75,6 +75,7 @@ PrivateNetwork=false
 # Control access to specific device nodes by the executed processes
 DevicePolicy=strict
 DeviceAllow=/dev/null rw
+DeviceAllow=/dev/urandom r
 
 # Maximum number of bytes of memory that may be locked into RAM
 LimitMEMLOCK=0