summaryrefslogtreecommitdiffstats
path: root/units/systemd-udevd.service.in
diff options
context:
space:
mode:
Diffstat (limited to 'units/systemd-udevd.service.in')
-rw-r--r--units/systemd-udevd.service.in2
1 files changed, 2 insertions, 0 deletions
diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
index 3579de4a68..e9dbe85ef4 100644
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -16,6 +16,7 @@ Before=sysinit.target
ConditionPathIsReadWrite=/sys
[Service]
+CapabilityBoundingSet=~CAP_SYS_TIME CAP_WAKE_ALARM
Delegate=pids
Type=notify
# Note that udev will reset the value internally for its workers
@@ -34,6 +35,7 @@ RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallFilter=@system-service @module @raw-io bpf
+SystemCallFilter=~@clock
SystemCallErrorNumber=EPERM
SystemCallArchitectures=native
LockPersonality=yes
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 06:32:11 +0100