summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-02-11 18:28:06 +0100
committerLennart Poettering <lennart@poettering.net>2015-02-11 18:28:06 +0100
commita24111cea64e042b49d8b4bca85ce6092845bbec (patch)
tree3139663b6d5a1504789df2c47131161962a20213
parente203dc1076dd5c1485509975a4c63c8328c262f4 (diff)
Revert "units: add SecureBits"
This reverts commit 6a716208b346b742053cfd01e76f76fb27c4ea47. Apparently this doesn't work. http://lists.freedesktop.org/archives/systemd-devel/2015-February/028212.html
Diffstat
-rw-r--r--units/systemd-hostnamed.service.in1
-rw-r--r--units/systemd-importd.service.in1
-rw-r--r--units/systemd-journal-gatewayd.service.in1
-rw-r--r--units/systemd-journal-remote.service.in1
-rw-r--r--units/systemd-journal-upload.service.in1
-rw-r--r--units/systemd-journald.service.in1
-rw-r--r--units/systemd-localed.service.in1
-rw-r--r--units/systemd-logind.service.in1
-rw-r--r--units/systemd-machined.service.in1
-rw-r--r--units/systemd-networkd.service.in1
-rw-r--r--units/systemd-resolved.service.in1
-rw-r--r--units/systemd-timedated.service.in1
-rw-r--r--units/systemd-timesyncd.service.in1
13 files changed, 0 insertions, 13 deletions
diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
index 259b451cbd..cc88ecd0db 100644
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@@ -14,7 +14,6 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/hostnamed
ExecStart=@rootlibexecdir@/systemd-hostnamed
BusName=org.freedesktop.hostname1
CapabilityBoundingSet=CAP_SYS_ADMIN
-SecureBits=noroot noroot-locked
WatchdogSec=1min
PrivateTmp=yes
PrivateDevices=yes
diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in
index 189c763804..26759ea0fb 100644
--- a/units/systemd-importd.service.in
+++ b/units/systemd-importd.service.in
@@ -14,7 +14,6 @@ ExecStart=@rootlibexecdir@/systemd-importd
BusName=org.freedesktop.import1
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
NoNewPrivileges=yes
-SecureBits=noroot noroot-locked
WatchdogSec=1min
PrivateTmp=yes
ProtectSystem=full
diff --git a/units/systemd-journal-gatewayd.service.in b/units/systemd-journal-gatewayd.service.in
index f15a37f9d1..987220e554 100644
--- a/units/systemd-journal-gatewayd.service.in
+++ b/units/systemd-journal-gatewayd.service.in
@@ -11,7 +11,6 @@ Requires=systemd-journal-gatewayd.socket
[Service]
ExecStart=@rootlibexecdir@/systemd-journal-gatewayd
-SecureBits=noroot noroot-locked
User=systemd-journal-gateway
Group=systemd-journal-gateway
SupplementaryGroups=systemd-journal
diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in
index afa35e6e6b..4a898d62f3 100644
--- a/units/systemd-journal-remote.service.in
+++ b/units/systemd-journal-remote.service.in
@@ -13,7 +13,6 @@ Requires=systemd-journal-remote.socket
ExecStart=@rootlibexecdir@/systemd-journal-remote \
--listen-https=-3 \
--output=/var/log/journal/remote/
-SecureBits=noroot noroot-locked
User=systemd-journal-remote
Group=systemd-journal-remote
PrivateTmp=yes
diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in
index f8524ca227..b2e3c769cc 100644
--- a/units/systemd-journal-upload.service.in
+++ b/units/systemd-journal-upload.service.in
@@ -12,7 +12,6 @@ After=network.target
[Service]
ExecStart=@rootlibexecdir@/systemd-journal-upload \
--save-state
-SecureBits=noroot noroot-locked
User=systemd-journal-upload
PrivateTmp=yes
PrivateDevices=yes
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index b48e4ad1aa..a3540c65d2 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -22,7 +22,6 @@ RestartSec=0
NotifyAccess=all
StandardOutput=null
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
-SecureBits=noroot noroot-locked
WatchdogSec=1min
FileDescriptorStoreMax=1024
diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in
index d2fbf301de..bfa097844f 100644
--- a/units/systemd-localed.service.in
+++ b/units/systemd-localed.service.in
@@ -14,7 +14,6 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/localed
ExecStart=@rootlibexecdir@/systemd-localed
BusName=org.freedesktop.locale1
CapabilityBoundingSet=
-SecureBits=noroot noroot-locked
WatchdogSec=1min
PrivateTmp=yes
PrivateDevices=yes
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index 471278aa1b..f087e99ce2 100644
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -24,7 +24,6 @@ Restart=always
RestartSec=0
BusName=org.freedesktop.login1
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
-SecureBits=noroot noroot-locked
WatchdogSec=1min
# Increase the default a bit in order to allow many simultaneous
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index 0cb823e60e..15f34d9db7 100644
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -16,7 +16,6 @@ After=machine.slice
ExecStart=@rootlibexecdir@/systemd-machined
BusName=org.freedesktop.machine1
CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
-SecureBits=noroot noroot-locked
WatchdogSec=1min
PrivateTmp=yes
PrivateDevices=yes
diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
index 057cc8cc46..5a91b8e499 100644
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -23,7 +23,6 @@ Restart=on-failure
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-networkd
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
-SecureBits=noroot noroot-locked
ProtectSystem=full
ProtectHome=yes
WatchdogSec=1min
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
index 00967e3860..b643da9a73 100644
--- a/units/systemd-resolved.service.in
+++ b/units/systemd-resolved.service.in
@@ -21,7 +21,6 @@ Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-resolved
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
-SecureBits=noroot noroot-locked
ProtectSystem=full
ProtectHome=yes
WatchdogSec=1min
diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in
index 9083e28d54..fe5ccb4601 100644
--- a/units/systemd-timedated.service.in
+++ b/units/systemd-timedated.service.in
@@ -14,7 +14,6 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/timedated
ExecStart=@rootlibexecdir@/systemd-timedated
BusName=org.freedesktop.timedate1
CapabilityBoundingSet=CAP_SYS_TIME
-SecureBits=noroot noroot-locked
WatchdogSec=1min
PrivateTmp=yes
ProtectSystem=yes
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index bc7aa26a9b..39edafc8d2 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -23,7 +23,6 @@ Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-timesyncd
CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
-SecureBits=noroot noroot-locked
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-08 09:23:58 +0000