summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-01-22 18:55:08 +0100
committerLennart Poettering <lennart@poettering.net>2015-01-22 18:55:08 +0100
commite57565dd5bae380122ba1b6c34cbba1d44f44d1f (patch)
tree28a2417479ea8bbb69a9c5367da38d3aa212829d
parent3637713a2006320a8844adc6de5cd134444bb329 (diff)
importd: run daemon at minimal capabilities
-rw-r--r--units/systemd-importd.service.in3
1 files changed, 2 insertions, 1 deletions
diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in
index b9cb97e6b9..26759ea0fb 100644
--- a/units/systemd-importd.service.in
+++ b/units/systemd-importd.service.in
@@ -12,8 +12,9 @@ Documentation=man:systemd-importd.service(8)
[Service]
ExecStart=@rootlibexecdir@/systemd-importd
BusName=org.freedesktop.import1
+CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
+NoNewPrivileges=yes
WatchdogSec=1min
PrivateTmp=yes
-PrivateDevices=yes
ProtectSystem=full
ProtectHome=yes