diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-06-04 18:07:55 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-06-04 18:12:55 +0200 |
commit | 1b8689f94983b47bf190e77ddb03a8fc6af15fb3 (patch) | |
tree | 7bb1324b3b882adaa0b8bf786f8848ccec156a94 /units/systemd-networkd.service.in | |
parent | 4c02dd7153f970244950b5e00f7bdfea8d2ff0be (diff) |
core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only
Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit.
With this in place we now have two neat options ProtectSystem= and
ProtectHome= for protecting the OS itself (and optionally its
configuration), and for protecting the user's data.
Diffstat (limited to 'units/systemd-networkd.service.in')
-rw-r--r-- | units/systemd-networkd.service.in | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in index a928999205..373ac4e0fd 100644 --- a/units/systemd-networkd.service.in +++ b/units/systemd-networkd.service.in @@ -20,8 +20,8 @@ Restart=always RestartSec=0 ExecStart=@rootlibexecdir@/systemd-networkd CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER -ReadOnlySystem=yes -ProtectedHome=yes +ProtectSystem=full +ProtectHome=yes WatchdogSec=1min [Install] |