summaryrefslogtreecommitdiffstats
path: root/units/systemd-journal-remote.service.in
diff options
context:
space:
mode:
Diffstat (limited to 'units/systemd-journal-remote.service.in')
-rw-r--r--units/systemd-journal-remote.service.in23
1 files changed, 12 insertions, 11 deletions
diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in
index fa8682cd28..29a99aaec1 100644
--- a/units/systemd-journal-remote.service.in
+++ b/units/systemd-journal-remote.service.in
@@ -14,23 +14,24 @@ Requires=systemd-journal-remote.socket
[Service]
ExecStart=@rootlibexecdir@/systemd-journal-remote --listen-https=-3 --output=/var/log/journal/remote/
-User=systemd-journal-remote
-WatchdogSec=3min
-PrivateTmp=yes
+LockPersonality=yes
+LogsDirectory=journal/remote
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
PrivateDevices=yes
PrivateNetwork=yes
-ProtectSystem=strict
-ProtectHome=yes
+PrivateTmp=yes
ProtectControlGroups=yes
-ProtectKernelTunables=yes
+ProtectHome=yes
ProtectKernelModules=yes
-MemoryDenyWriteExecute=yes
-RestrictRealtime=yes
-RestrictNamespaces=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
SystemCallArchitectures=native
-LockPersonality=yes
-LogsDirectory=journal/remote
+User=systemd-journal-remote
+WatchdogSec=3min
# If there are many split up journal files we need a lot of fds to access them
# all in parallel.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 18:26:35 +0100