diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-02-13 01:35:27 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-02-13 01:40:50 +0100 |
| commit | d3b1c5083359faa6cfca81810cf87ef70d0290f6 (patch) | |
| tree | cfff30a9ffb6cfc83b8a23c39685ef19ba8b3a67 /src/core/user.conf | |
| parent | 624b5a636f2e0003a67025274d7afe9ebc55423b (diff) | |
core: add a system-wide SystemCallArchitectures= setting
This is useful to prohibit execution of non-native processes on systems,
for example 32bit binaries on 64bit systems, this lowering the attack
service on incorrect syscall and ioctl 32→64bit mappings.
Diffstat (limited to 'src/core/user.conf')
| -rw-r--r-- | src/core/user.conf | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/core/user.conf b/src/core/user.conf index 923ca66991..f19ac75286 100644 --- a/src/core/user.conf +++ b/src/core/user.conf @@ -12,6 +12,8 @@ #LogTarget=console #LogColor=yes #LogLocation=no +#SystemCallArchitectures= +#TimerSlackNSec= #DefaultStandardOutput=inherit #DefaultStandardError=inherit #DefaultTimeoutStartSec=90s @@ -19,3 +21,20 @@ #DefaultRestartSec=100ms #DefaultStartLimitInterval=10s #DefaultStartLimitBurst=5 +#DefaultEnvironment= +#DefaultLimitCPU= +#DefaultLimitFSIZE= +#DefaultLimitDATA= +#DefaultLimitSTACK= +#DefaultLimitCORE= +#DefaultLimitRSS= +#DefaultLimitNOFILE= +#DefaultLimitAS= +#DefaultLimitNPROC= +#DefaultLimitMEMLOCK= +#DefaultLimitLOCKS= +#DefaultLimitSIGPENDING= +#DefaultLimitMSGQUEUE= +#DefaultLimitNICE= +#DefaultLimitRTPRIO= +#DefaultLimitRTTIME= |