diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-01-22 18:55:08 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-01-22 18:55:08 +0100 |
commit | e57565dd5bae380122ba1b6c34cbba1d44f44d1f (patch) | |
tree | 28a2417479ea8bbb69a9c5367da38d3aa212829d /units | |
parent | 3637713a2006320a8844adc6de5cd134444bb329 (diff) |
importd: run daemon at minimal capabilities
Diffstat (limited to 'units')
-rw-r--r-- | units/systemd-importd.service.in | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in index b9cb97e6b9..26759ea0fb 100644 --- a/units/systemd-importd.service.in +++ b/units/systemd-importd.service.in @@ -12,8 +12,9 @@ Documentation=man:systemd-importd.service(8) [Service] ExecStart=@rootlibexecdir@/systemd-importd BusName=org.freedesktop.import1 +CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP +NoNewPrivileges=yes WatchdogSec=1min PrivateTmp=yes -PrivateDevices=yes ProtectSystem=full ProtectHome=yes |