mirror of
https://github.com/systemd/systemd
synced 2024-10-02 22:37:25 +00:00
units: make use of PrivateTmp=yes and PrivateDevices=yes for all our long-running daemons
This commit is contained in:
parent
7973ca1927
commit
d99a705296
|
@ -13,3 +13,5 @@ ExecStart=@rootlibexecdir@/systemd-bus-driverd
|
|||
BusName=org.freedesktop.DBus
|
||||
WatchdogSec=1min
|
||||
CapabilityBoundingSet=CAP_IPC_OWNER
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
|
|
|
@ -15,3 +15,5 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
|
|||
ExecStart=@rootlibexecdir@/systemd-bus-proxyd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||
NotifyAccess=main
|
||||
CapabilityBoundingSet=CAP_IPC_OWNER
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
|
|
|
@ -15,3 +15,5 @@ ExecStart=@rootlibexecdir@/systemd-hostnamed
|
|||
BusName=org.freedesktop.hostname1
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
|
||||
WatchdogSec=1min
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
|
|
|
@ -15,3 +15,5 @@ ExecStart=@rootlibexecdir@/systemd-localed
|
|||
BusName=org.freedesktop.locale1
|
||||
CapabilityBoundingSet=
|
||||
WatchdogSec=1min
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
|
|
|
@ -17,3 +17,5 @@ ExecStart=@rootlibexecdir@/systemd-machined
|
|||
BusName=org.freedesktop.machine1
|
||||
CapabilityBoundingSet=CAP_KILL
|
||||
WatchdogSec=1min
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
|
|
|
@ -15,3 +15,4 @@ ExecStart=@rootlibexecdir@/systemd-timedated
|
|||
BusName=org.freedesktop.timedate1
|
||||
CapabilityBoundingSet=CAP_SYS_TIME
|
||||
WatchdogSec=1min
|
||||
PrivateTmp=yes
|
||||
|
|
Loading…
Reference in a new issue