diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-03-19 23:08:39 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-03-19 23:25:28 +0100 |
| commit | f21a71a907a1b1289faec94559f4a1c111ea1d13 (patch) | |
| tree | cc394761abfebfae95915282b0c8e7355170ac2a | |
| parent | 7181dbdb2e3112858d62bdaea4f0ad2ed685ccba (diff) | |
core: enable PrivateNetwork= for a number of our long running services where this is useful
| -rw-r--r-- | units/systemd-bus-driverd.service.in | 1 | ||||
| -rw-r--r-- | units/systemd-bus-proxyd@.service.in | 1 | ||||
| -rw-r--r-- | units/systemd-hostnamed.service.in | 1 | ||||
| -rw-r--r-- | units/systemd-journal-gatewayd.service.in | 3 | ||||
| -rw-r--r-- | units/systemd-localed.service.in | 1 | ||||
| -rw-r--r-- | units/systemd-machined.service.in | 1 | ||||
| -rw-r--r-- | units/systemd-networkd.service.in | 1 |
7 files changed, 9 insertions, 0 deletions
diff --git a/units/systemd-bus-driverd.service.in b/units/systemd-bus-driverd.service.in index 52264862c1..5df2a9551f 100644 --- a/units/systemd-bus-driverd.service.in +++ b/units/systemd-bus-driverd.service.in @@ -15,3 +15,4 @@ WatchdogSec=1min CapabilityBoundingSet=CAP_IPC_OWNER PrivateTmp=yes PrivateDevices=yes +PrivateNetwork=yes diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.in index 1a6458ac57..fafd4ce033 100644 --- a/units/systemd-bus-proxyd@.service.in +++ b/units/systemd-bus-proxyd@.service.in @@ -17,3 +17,4 @@ NotifyAccess=main CapabilityBoundingSet=CAP_IPC_OWNER PrivateTmp=yes PrivateDevices=yes +PrivateNetwork=yes diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in index c8bf8480c9..44812592e2 100644 --- a/units/systemd-hostnamed.service.in +++ b/units/systemd-hostnamed.service.in @@ -17,3 +17,4 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE WatchdogSec=1min PrivateTmp=yes PrivateDevices=yes +PrivateNetwork=yes diff --git a/units/systemd-journal-gatewayd.service.in b/units/systemd-journal-gatewayd.service.in index a01ce8da45..e8e571e692 100644 --- a/units/systemd-journal-gatewayd.service.in +++ b/units/systemd-journal-gatewayd.service.in @@ -14,6 +14,9 @@ ExecStart=@rootlibexecdir@/systemd-journal-gatewayd User=systemd-journal-gateway Group=systemd-journal-gateway SupplementaryGroups=systemd-journal +PrivateTmp=yes +PrivateDevices=yes +PrivateNetwork=yes [Install] Also=systemd-journal-gatewayd.socket diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in index 6fb05655ca..ae1c5e59d1 100644 --- a/units/systemd-localed.service.in +++ b/units/systemd-localed.service.in @@ -17,3 +17,4 @@ CapabilityBoundingSet= WatchdogSec=1min PrivateTmp=yes PrivateDevices=yes +PrivateNetwork=yes diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in index 2be1dcf4ea..1a27c6e421 100644 --- a/units/systemd-machined.service.in +++ b/units/systemd-machined.service.in @@ -19,3 +19,4 @@ CapabilityBoundingSet=CAP_KILL WatchdogSec=1min PrivateTmp=yes PrivateDevices=yes +PrivateNetwork=yes diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in index ca40691f5e..793381f894 100644 --- a/units/systemd-networkd.service.in +++ b/units/systemd-networkd.service.in @@ -20,6 +20,7 @@ Restart=always RestartSec=0 ExecStart=@rootlibexecdir@/systemd-networkd WatchdogSec=1min +PrivateTmp=yes [Install] WantedBy=multi-user.target |