units: make use of PrivateTmp=yes and PrivateDevices=yes for all our long-running daemons

author: Lennart Poettering <lennart@poettering.net> 2014-03-19 16:45:28 +0100
committer: Lennart Poettering <lennart@poettering.net> 2014-03-19 19:09:00 +0100
commit: d99a70529637d44cdd8f6ade3b981ea33f09d90d (patch)
tree: 8a6633cb6e978c21820e0a621a12d29fe169bfee /units/systemd-machined.service.in
parent: 7973ca1927e1f3bac9438f3529458c9ff868905d (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index 2679dced88..2be1dcf4ea 100644
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -17,3 +17,5 @@ ExecStart=@rootlibexecdir@/systemd-machined
 BusName=org.freedesktop.machine1
 CapabilityBoundingSet=CAP_KILL
 WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
author	Lennart Poettering <lennart@poettering.net>	2014-03-19 16:45:28 +0100
committer	Lennart Poettering <lennart@poettering.net>	2014-03-19 19:09:00 +0100
commit	d99a70529637d44cdd8f6ade3b981ea33f09d90d (patch)
tree	8a6633cb6e978c21820e0a621a12d29fe169bfee /units/systemd-machined.service.in
parent	7973ca1927e1f3bac9438f3529458c9ff868905d (diff)