Merge tag 'systemd/v231-1.parabola1' into systemd/parabola

author: Luke Shumaker <lukeshu@sbcglobal.net> 2016-09-13 20:39:58 -0400
committer: Luke Shumaker <lukeshu@sbcglobal.net> 2016-09-13 20:39:58 -0400
commit: b3ec0a0674f4e499bcb6d2469acdf9d2d574c3d6 (patch)
tree: 374687545d464bb1e57991cf73b654a7fa0b83ba /units/systemd-journald.service.in
parent: f6e7ffdf3fe8e3ed5e659f747946461350ade5a8 (diff)
parent: ae8150ecbd54765622aadf288100440d71a10ccd (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index 41bfde5be3..08ace8ae44 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -24,6 +24,8 @@ StandardOutput=null
 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
 WatchdogSec=3min
 FileDescriptorStoreMax=1024
+MemoryDenyWriteExecute=yes
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io
 
 # Increase the default a bit in order to allow many simultaneous
 # services being run since we keep one fd open per service. Also, when
author	Luke Shumaker <lukeshu@sbcglobal.net>	2016-09-13 20:39:58 -0400
committer	Luke Shumaker <lukeshu@sbcglobal.net>	2016-09-13 20:39:58 -0400
commit	b3ec0a0674f4e499bcb6d2469acdf9d2d574c3d6 (patch)
tree	374687545d464bb1e57991cf73b654a7fa0b83ba /units/systemd-journald.service.in
parent	f6e7ffdf3fe8e3ed5e659f747946461350ade5a8 (diff)
parent	ae8150ecbd54765622aadf288100440d71a10ccd (diff)