diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-03-19 16:45:28 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-03-19 19:09:00 +0100 |
commit | d99a70529637d44cdd8f6ade3b981ea33f09d90d (patch) | |
tree | 8a6633cb6e978c21820e0a621a12d29fe169bfee /units | |
parent | update TODO (diff) | |
download | systemd-d99a70529637d44cdd8f6ade3b981ea33f09d90d.tar.xz systemd-d99a70529637d44cdd8f6ade3b981ea33f09d90d.zip |
units: make use of PrivateTmp=yes and PrivateDevices=yes for all our long-running daemons
Diffstat (limited to 'units')
-rw-r--r-- | units/systemd-bus-driverd.service.in | 2 | ||||
-rw-r--r-- | units/systemd-bus-proxyd@.service.in | 2 | ||||
-rw-r--r-- | units/systemd-hostnamed.service.in | 2 | ||||
-rw-r--r-- | units/systemd-localed.service.in | 2 | ||||
-rw-r--r-- | units/systemd-machined.service.in | 2 | ||||
-rw-r--r-- | units/systemd-timedated.service.in | 1 |
6 files changed, 11 insertions, 0 deletions
diff --git a/units/systemd-bus-driverd.service.in b/units/systemd-bus-driverd.service.in index 0bda4037c3..52264862c1 100644 --- a/units/systemd-bus-driverd.service.in +++ b/units/systemd-bus-driverd.service.in @@ -13,3 +13,5 @@ ExecStart=@rootlibexecdir@/systemd-bus-driverd BusName=org.freedesktop.DBus WatchdogSec=1min CapabilityBoundingSet=CAP_IPC_OWNER +PrivateTmp=yes +PrivateDevices=yes diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.in index 1bdb459f79..1a6458ac57 100644 --- a/units/systemd-bus-proxyd@.service.in +++ b/units/systemd-bus-proxyd@.service.in @@ -15,3 +15,5 @@ Description=Legacy D-Bus Protocol Compatibility Daemon ExecStart=@rootlibexecdir@/systemd-bus-proxyd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx NotifyAccess=main CapabilityBoundingSet=CAP_IPC_OWNER +PrivateTmp=yes +PrivateDevices=yes diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in index 3f5ef75c0b..c8bf8480c9 100644 --- a/units/systemd-hostnamed.service.in +++ b/units/systemd-hostnamed.service.in @@ -15,3 +15,5 @@ ExecStart=@rootlibexecdir@/systemd-hostnamed BusName=org.freedesktop.hostname1 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE WatchdogSec=1min +PrivateTmp=yes +PrivateDevices=yes diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in index 1951123a03..6fb05655ca 100644 --- a/units/systemd-localed.service.in +++ b/units/systemd-localed.service.in @@ -15,3 +15,5 @@ ExecStart=@rootlibexecdir@/systemd-localed BusName=org.freedesktop.locale1 CapabilityBoundingSet= WatchdogSec=1min +PrivateTmp=yes +PrivateDevices=yes diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in index 2679dced88..2be1dcf4ea 100644 --- a/units/systemd-machined.service.in +++ b/units/systemd-machined.service.in @@ -17,3 +17,5 @@ ExecStart=@rootlibexecdir@/systemd-machined BusName=org.freedesktop.machine1 CapabilityBoundingSet=CAP_KILL WatchdogSec=1min +PrivateTmp=yes +PrivateDevices=yes diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in index f7fb6577c0..5c90290cde 100644 --- a/units/systemd-timedated.service.in +++ b/units/systemd-timedated.service.in @@ -15,3 +15,4 @@ ExecStart=@rootlibexecdir@/systemd-timedated BusName=org.freedesktop.timedate1 CapabilityBoundingSet=CAP_SYS_TIME WatchdogSec=1min +PrivateTmp=yes |