summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-03-19 16:45:28 +0100
committerLennart Poettering <lennart@poettering.net>2014-03-19 19:09:00 +0100
commitd99a70529637d44cdd8f6ade3b981ea33f09d90d (patch)
tree8a6633cb6e978c21820e0a621a12d29fe169bfee
parent7973ca1927e1f3bac9438f3529458c9ff868905d (diff)
units: make use of PrivateTmp=yes and PrivateDevices=yes for all our long-running daemons
-rw-r--r--units/systemd-bus-driverd.service.in2
-rw-r--r--units/systemd-bus-proxyd@.service.in2
-rw-r--r--units/systemd-hostnamed.service.in2
-rw-r--r--units/systemd-localed.service.in2
-rw-r--r--units/systemd-machined.service.in2
-rw-r--r--units/systemd-timedated.service.in1
6 files changed, 11 insertions, 0 deletions
diff --git a/units/systemd-bus-driverd.service.in b/units/systemd-bus-driverd.service.in
index 0bda4037c3..52264862c1 100644
--- a/units/systemd-bus-driverd.service.in
+++ b/units/systemd-bus-driverd.service.in
@@ -13,3 +13,5 @@ ExecStart=@rootlibexecdir@/systemd-bus-driverd
BusName=org.freedesktop.DBus
WatchdogSec=1min
CapabilityBoundingSet=CAP_IPC_OWNER
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.in
index 1bdb459f79..1a6458ac57 100644
--- a/units/systemd-bus-proxyd@.service.in
+++ b/units/systemd-bus-proxyd@.service.in
@@ -15,3 +15,5 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
ExecStart=@rootlibexecdir@/systemd-bus-proxyd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NotifyAccess=main
CapabilityBoundingSet=CAP_IPC_OWNER
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
index 3f5ef75c0b..c8bf8480c9 100644
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@@ -15,3 +15,5 @@ ExecStart=@rootlibexecdir@/systemd-hostnamed
BusName=org.freedesktop.hostname1
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in
index 1951123a03..6fb05655ca 100644
--- a/units/systemd-localed.service.in
+++ b/units/systemd-localed.service.in
@@ -15,3 +15,5 @@ ExecStart=@rootlibexecdir@/systemd-localed
BusName=org.freedesktop.locale1
CapabilityBoundingSet=
WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index 2679dced88..2be1dcf4ea 100644
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -17,3 +17,5 @@ ExecStart=@rootlibexecdir@/systemd-machined
BusName=org.freedesktop.machine1
CapabilityBoundingSet=CAP_KILL
WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in
index f7fb6577c0..5c90290cde 100644
--- a/units/systemd-timedated.service.in
+++ b/units/systemd-timedated.service.in
@@ -15,3 +15,4 @@ ExecStart=@rootlibexecdir@/systemd-timedated
BusName=org.freedesktop.timedate1
CapabilityBoundingSet=CAP_SYS_TIME
WatchdogSec=1min
+PrivateTmp=yes