summaryrefslogtreecommitdiff
path: root/src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in
diff options
context:
space:
mode:
authorLuke Shumaker <lukeshu@sbcglobal.net>2016-09-14 18:33:57 -0400
committerLuke Shumaker <lukeshu@sbcglobal.net>2016-09-14 18:33:57 -0400
commit3c72c8d3ee67388336aca58c5afa3fb93a9c24c0 (patch)
treed072df7fee0f5906fad88c08398b2fe887cbc064 /src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in
parente51613a3291342c6006edda8783755fb8994fd75 (diff)
parent6ba6ca19507add38549e07058c57489a8cd98cd1 (diff)
Merge branch 'notsystemd/postmove' into notsystemd/master
# Conflicts: # src/grp-journal/systemd-journald/Makefile # src/grp-login/systemd-logind/Makefile # src/grp-machine/grp-import/systemd-export/Makefile # src/grp-machine/grp-import/systemd-import/Makefile # src/grp-machine/grp-import/systemd-pull/Makefile # src/grp-machine/systemd-machined/Makefile # src/grp-network/libnetworkd-core/Makefile # src/grp-resolve/libbasic-dns/Makefile # src/grp-resolve/systemd-resolved/Makefile # src/grp-utils/systemd-path/Makefile # src/libshared/src/Makefile # src/libsystemd-network/include/systemd-network/sd-ndisc.h # src/libsystemd/Makefile # src/libsystemd/src/test.mk # src/libudev/Makefile # src/systemd-dbus1-generator/Makefile # src/systemd-nspawn/nspawn.c Signed-off-by: Luke Shumaker <lukeshu@sbcglobal.net>
Diffstat (limited to 'src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in')
-rw-r--r--src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in b/src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in
index b74ad72cdc..0f5489e7e3 100644
--- a/src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in
+++ b/src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in
@@ -17,3 +17,5 @@ CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_
NoNewPrivileges=yes
WatchdogSec=3min
KillMode=mixed
+MemoryDenyWriteExecute=yes
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-12 22:34:19 +0000