core: enable PrivateNetwork= for a number of our long running services where this is useful
This commit is contained in:
parent
7181dbdb2e
commit
f21a71a907
|
@ -15,3 +15,4 @@ WatchdogSec=1min
|
|||
CapabilityBoundingSet=CAP_IPC_OWNER
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
PrivateNetwork=yes
|
||||
|
|
|
@ -17,3 +17,4 @@ NotifyAccess=main
|
|||
CapabilityBoundingSet=CAP_IPC_OWNER
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
PrivateNetwork=yes
|
||||
|
|
|
@ -17,3 +17,4 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
|
|||
WatchdogSec=1min
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
PrivateNetwork=yes
|
||||
|
|
|
@ -14,6 +14,9 @@ ExecStart=@rootlibexecdir@/systemd-journal-gatewayd
|
|||
User=systemd-journal-gateway
|
||||
Group=systemd-journal-gateway
|
||||
SupplementaryGroups=systemd-journal
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
PrivateNetwork=yes
|
||||
|
||||
[Install]
|
||||
Also=systemd-journal-gatewayd.socket
|
||||
|
|
|
@ -17,3 +17,4 @@ CapabilityBoundingSet=
|
|||
WatchdogSec=1min
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
PrivateNetwork=yes
|
||||
|
|
|
@ -19,3 +19,4 @@ CapabilityBoundingSet=CAP_KILL
|
|||
WatchdogSec=1min
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
PrivateNetwork=yes
|
||||
|
|
|
@ -20,6 +20,7 @@ Restart=always
|
|||
RestartSec=0
|
||||
ExecStart=@rootlibexecdir@/systemd-networkd
|
||||
WatchdogSec=1min
|
||||
PrivateTmp=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
Loading…
Reference in New Issue