summaryrefslogtreecommitdiffstats
path: root/units/systemd-timesyncd.service.in
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2017-09-14 19:45:40 +0200
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2017-09-14 19:45:40 +0200
commitbff8f2543b27d44d8b245eb78ad7e47607d4a53f (patch)
tree23266740f828edf52ca033fd99a4f80b14e7eeea /units/systemd-timesyncd.service.in
parentMerge pull request #6820 from keszybz/sysusers-doc-update (diff)
downloadsystemd-bff8f2543b27d44d8b245eb78ad7e47607d4a53f.tar.xz
systemd-bff8f2543b27d44d8b245eb78ad7e47607d4a53f.zip
units: set LockPersonality= for all our long-running services (#6819)
Let's lock things down. Also, using it is the only way how to properly test this to the fullest extent.
Diffstat (limited to 'units/systemd-timesyncd.service.in')
-rw-r--r--units/systemd-timesyncd.service.in1
1 files changed, 1 insertions, 0 deletions
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index a6e14d24d1..8d3f46cf5e 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -38,6 +38,7 @@ RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
+LockPersonality=yes
StateDirectory=systemd/timesync
[Install]