units: turn on ProtectKernelModules= for most long-running services

author: Lennart Poettering <lennart@poettering.net> 2017-02-09 11:09:50 +0100
committer: Lennart Poettering <lennart@poettering.net> 2017-02-09 16:12:03 +0100
commit: b6c7278c38b5c240d8435ab6293838ee5de827cb (patch)
tree: 6bc091bdabe57219ce6a0868df34528e66651395 /units/systemd-networkd.service.m4.in
parent: c7fb922d6250543ba5462fa7a6ff03cc8f628e94 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/units/systemd-networkd.service.m4.in b/units/systemd-networkd.service.m4.in
index 153ddeb323..d33deb97b6 100644
--- a/units/systemd-networkd.service.m4.in
+++ b/units/systemd-networkd.service.m4.in
@@ -31,6 +31,7 @@ CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_N
 ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
+ProtectKernelModules=yes
 MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET
author	Lennart Poettering <lennart@poettering.net>	2017-02-09 11:09:50 +0100
committer	Lennart Poettering <lennart@poettering.net>	2017-02-09 16:12:03 +0100
commit	b6c7278c38b5c240d8435ab6293838ee5de827cb (patch)
tree	6bc091bdabe57219ce6a0868df34528e66651395 /units/systemd-networkd.service.m4.in
parent	c7fb922d6250543ba5462fa7a6ff03cc8f628e94 (diff)