summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--units/systemd-bus-driverd.service.in2
-rw-r--r--units/systemd-bus-proxyd@.service.in2
-rw-r--r--units/systemd-hostnamed.service.in2
-rw-r--r--units/systemd-localed.service.in2
-rw-r--r--units/systemd-machined.service.in2
-rw-r--r--units/systemd-timedated.service.in1
6 files changed, 11 insertions, 0 deletions
diff --git a/units/systemd-bus-driverd.service.in b/units/systemd-bus-driverd.service.in
index 0bda4037c3..52264862c1 100644
--- a/units/systemd-bus-driverd.service.in
+++ b/units/systemd-bus-driverd.service.in
@@ -13,3 +13,5 @@ ExecStart=@rootlibexecdir@/systemd-bus-driverd
BusName=org.freedesktop.DBus
WatchdogSec=1min
CapabilityBoundingSet=CAP_IPC_OWNER
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.in
index 1bdb459f79..1a6458ac57 100644
--- a/units/systemd-bus-proxyd@.service.in
+++ b/units/systemd-bus-proxyd@.service.in
@@ -15,3 +15,5 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
ExecStart=@rootlibexecdir@/systemd-bus-proxyd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NotifyAccess=main
CapabilityBoundingSet=CAP_IPC_OWNER
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
index 3f5ef75c0b..c8bf8480c9 100644
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@@ -15,3 +15,5 @@ ExecStart=@rootlibexecdir@/systemd-hostnamed
BusName=org.freedesktop.hostname1
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in
index 1951123a03..6fb05655ca 100644
--- a/units/systemd-localed.service.in
+++ b/units/systemd-localed.service.in
@@ -15,3 +15,5 @@ ExecStart=@rootlibexecdir@/systemd-localed
BusName=org.freedesktop.locale1
CapabilityBoundingSet=
WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index 2679dced88..2be1dcf4ea 100644
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -17,3 +17,5 @@ ExecStart=@rootlibexecdir@/systemd-machined
BusName=org.freedesktop.machine1
CapabilityBoundingSet=CAP_KILL
WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in
index f7fb6577c0..5c90290cde 100644
--- a/units/systemd-timedated.service.in
+++ b/units/systemd-timedated.service.in
@@ -15,3 +15,4 @@ ExecStart=@rootlibexecdir@/systemd-timedated
BusName=org.freedesktop.timedate1
CapabilityBoundingSet=CAP_SYS_TIME
WatchdogSec=1min
+PrivateTmp=yes