core: enable PrivateNetwork= for a number of our long running services where this is useful

2014-03-19 23:08:39 +01:00 · 2014-03-19 23:08:39 +01:00 · f21a71a907
parent 7181dbdb2e
commit f21a71a907
7 changed files with 9 additions and 0 deletions
--- a/units/systemd-bus-driverd.service.in
+++ b/units/systemd-bus-driverd.service.in
@ -15,3 +15,4 @@ WatchdogSec=1min
 CapabilityBoundingSet=CAP_IPC_OWNER
 PrivateTmp=yes
 PrivateDevices=yes
+PrivateNetwork=yes
--- a/units/systemd-bus-proxyd@.service.in
+++ b/units/systemd-bus-proxyd@.service.in
@ -17,3 +17,4 @@ NotifyAccess=main
 CapabilityBoundingSet=CAP_IPC_OWNER
 PrivateTmp=yes
 PrivateDevices=yes
+PrivateNetwork=yes
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@ -17,3 +17,4 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
 WatchdogSec=1min
 PrivateTmp=yes
 PrivateDevices=yes
+PrivateNetwork=yes
--- a/units/systemd-journal-gatewayd.service.in
+++ b/units/systemd-journal-gatewayd.service.in
@ -14,6 +14,9 @@ ExecStart=@rootlibexecdir@/systemd-journal-gatewayd
 User=systemd-journal-gateway
 Group=systemd-journal-gateway
 SupplementaryGroups=systemd-journal
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateNetwork=yes

 [Install]
 Also=systemd-journal-gatewayd.socket
--- a/units/systemd-localed.service.in
+++ b/units/systemd-localed.service.in
@ -17,3 +17,4 @@ CapabilityBoundingSet=
 WatchdogSec=1min
 PrivateTmp=yes
 PrivateDevices=yes
+PrivateNetwork=yes
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@ -19,3 +19,4 @@ CapabilityBoundingSet=CAP_KILL
 WatchdogSec=1min
 PrivateTmp=yes
 PrivateDevices=yes
+PrivateNetwork=yes
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@ -20,6 +20,7 @@ Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-networkd
 WatchdogSec=1min
+PrivateTmp=yes

 [Install]
 WantedBy=multi-user.target