units: add SecureBits

No setuid programs are expected to be executed, so add SecureBits=noroot noroot-locked to unit files.
author: Topi Miettinen <toiwoton@gmail.com> 2015-02-11 17:32:14 +0100
committer: Lennart Poettering <lennart@poettering.net> 2015-02-11 17:33:36 +0100
commit: 6a716208b346b742053cfd01e76f76fb27c4ea47 (patch)
tree: 15ea908b54df5b082e80a5f1835210d9e3b13a1d /units/systemd-hostnamed.service.in
parent: man: fix typo (diff)
download: systemd-6a716208b346b742053cfd01e76f76fb27c4ea47.tar.xz
systemd-6a716208b346b742053cfd01e76f76fb27c4ea47.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
index cc88ecd0db..259b451cbd 100644
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@@ -14,6 +14,7 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/hostnamed
 ExecStart=@rootlibexecdir@/systemd-hostnamed
 BusName=org.freedesktop.hostname1
 CapabilityBoundingSet=CAP_SYS_ADMIN
+SecureBits=noroot noroot-locked
 WatchdogSec=1min
 PrivateTmp=yes
 PrivateDevices=yes
author	Topi Miettinen <toiwoton@gmail.com>	2015-02-11 17:32:14 +0100
committer	Lennart Poettering <lennart@poettering.net>	2015-02-11 17:33:36 +0100
commit	6a716208b346b742053cfd01e76f76fb27c4ea47 (patch)
tree	15ea908b54df5b082e80a5f1835210d9e3b13a1d /units/systemd-hostnamed.service.in
parent	man: fix typo (diff)
download	systemd-6a716208b346b742053cfd01e76f76fb27c4ea47.tar.xz systemd-6a716208b346b742053cfd01e76f76fb27c4ea47.zip