diff options
author | Lennart Poettering <lennart@poettering.net> | 2017-09-14 19:45:40 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-09-14 19:45:40 +0200 |
commit | bff8f2543b27d44d8b245eb78ad7e47607d4a53f (patch) | |
tree | 23266740f828edf52ca033fd99a4f80b14e7eeea /units/systemd-hostnamed.service.in | |
parent | Merge pull request #6820 from keszybz/sysusers-doc-update (diff) | |
download | systemd-bff8f2543b27d44d8b245eb78ad7e47607d4a53f.tar.xz systemd-bff8f2543b27d44d8b245eb78ad7e47607d4a53f.zip |
units: set LockPersonality= for all our long-running services (#6819)
Let's lock things down. Also, using it is the only way how to properly
test this to the fullest extent.
Diffstat (limited to 'units/systemd-hostnamed.service.in')
-rw-r--r-- | units/systemd-hostnamed.service.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in index d29e9ff81b..9bb5ad8cac 100644 --- a/units/systemd-hostnamed.service.in +++ b/units/systemd-hostnamed.service.in @@ -29,4 +29,5 @@ RestrictNamespaces=yes RestrictAddressFamilies=AF_UNIX SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap SystemCallArchitectures=native +LockPersonality=yes ReadWritePaths=/etc |