morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

importd: run daemon at minimal capabilities

Browse Source
This commit is contained in:
Lennart Poettering
2015-01-22 18:55:08 +01:00
parent 3637713a20
commit e57565dd5b
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
units/systemd-importd.service.in
View File

@@ -12,8 +12,9 @@ Documentation=man:systemd-importd.service(8)
[Service]
ExecStart=@rootlibexecdir@/systemd-importd
BusName=org.freedesktop.import1
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
NoNewPrivileges=yes
WatchdogSec=1min
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
ProtectHome=yes