picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

importd: run daemon at minimal capabilities

This commit is contained in:
Lennart Poettering 2015-01-22 18:55:08 +01:00
parent 3637713a20
commit e57565dd5b
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
units/systemd-importd.service.in
View File

@ -12,8 +12,9 @@ Documentation=man:systemd-importd.service(8)
[Service]
ExecStart=@rootlibexecdir@/systemd-importd
BusName=org.freedesktop.import1
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
NoNewPrivileges=yes
WatchdogSec=1min
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
ProtectHome=yes