importd: run daemon at minimal capabilities
This commit is contained in:
parent
3637713a20
commit
e57565dd5b
|
@ -12,8 +12,9 @@ Documentation=man:systemd-importd.service(8)
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=@rootlibexecdir@/systemd-importd
|
ExecStart=@rootlibexecdir@/systemd-importd
|
||||||
BusName=org.freedesktop.import1
|
BusName=org.freedesktop.import1
|
||||||
|
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
|
||||||
|
NoNewPrivileges=yes
|
||||||
WatchdogSec=1min
|
WatchdogSec=1min
|
||||||
PrivateTmp=yes
|
PrivateTmp=yes
|
||||||
PrivateDevices=yes
|
|
||||||
ProtectSystem=full
|
ProtectSystem=full
|
||||||
ProtectHome=yes
|
ProtectHome=yes
|
||||||
|
|
Loading…
Reference in New Issue