system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-01 07:34:28 +00:00
Code Issues Projects Releases Wiki Activity

unit/network: use ProtectSystem=strict again

Browse Source 
Now, networkd accesses the state directory through the file descriptor
passed from systemd-networkd-persistent-storage.service.
Hence, the networkd itself does not need to access the state directory
through its path, and we can use more stronger mode for ProtectSystem=.
This commit is contained in:
Yu Watanabe 2024-03-14 02:28:06 +09:00
parent bfd8f70cb8
commit a9e7894d38
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
units/systemd-networkd.service.in
View File

@ -27,7 +27,6 @@ DeviceAllow=char-* rw
ExecStart=!!{{LIBEXECDIR}}/systemd-networkd
FileDescriptorStoreMax=512
ImportCredential=network.wireguard.*
InaccessiblePaths=-/boot -/efi
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
@ -37,7 +36,7 @@ ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectSystem=full
ProtectSystem=strict
Restart=on-failure
RestartKillSignal=SIGUSR2
RestartSec=0