diff options
-rw-r--r-- | units/systemd-bus-driverd.service.in | 2 | ||||
-rw-r--r-- | units/systemd-bus-proxyd@.service.in | 2 | ||||
-rw-r--r-- | units/systemd-hostnamed.service.in | 2 | ||||
-rw-r--r-- | units/systemd-localed.service.in | 2 | ||||
-rw-r--r-- | units/systemd-machined.service.in | 2 | ||||
-rw-r--r-- | units/systemd-timedated.service.in | 1 |
6 files changed, 11 insertions, 0 deletions
diff --git a/units/systemd-bus-driverd.service.in b/units/systemd-bus-driverd.service.in index 0bda4037c3..52264862c1 100644 --- a/units/systemd-bus-driverd.service.in +++ b/units/systemd-bus-driverd.service.in @@ -13,3 +13,5 @@ ExecStart=@rootlibexecdir@/systemd-bus-driverd BusName=org.freedesktop.DBus WatchdogSec=1min CapabilityBoundingSet=CAP_IPC_OWNER +PrivateTmp=yes +PrivateDevices=yes diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.in index 1bdb459f79..1a6458ac57 100644 --- a/units/systemd-bus-proxyd@.service.in +++ b/units/systemd-bus-proxyd@.service.in @@ -15,3 +15,5 @@ Description=Legacy D-Bus Protocol Compatibility Daemon ExecStart=@rootlibexecdir@/systemd-bus-proxyd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx NotifyAccess=main CapabilityBoundingSet=CAP_IPC_OWNER +PrivateTmp=yes +PrivateDevices=yes diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in index 3f5ef75c0b..c8bf8480c9 100644 --- a/units/systemd-hostnamed.service.in +++ b/units/systemd-hostnamed.service.in @@ -15,3 +15,5 @@ ExecStart=@rootlibexecdir@/systemd-hostnamed BusName=org.freedesktop.hostname1 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE WatchdogSec=1min +PrivateTmp=yes +PrivateDevices=yes diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in index 1951123a03..6fb05655ca 100644 --- a/units/systemd-localed.service.in +++ b/units/systemd-localed.service.in @@ -15,3 +15,5 @@ ExecStart=@rootlibexecdir@/systemd-localed BusName=org.freedesktop.locale1 CapabilityBoundingSet= WatchdogSec=1min +PrivateTmp=yes +PrivateDevices=yes diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in index 2679dced88..2be1dcf4ea 100644 --- a/units/systemd-machined.service.in +++ b/units/systemd-machined.service.in @@ -17,3 +17,5 @@ ExecStart=@rootlibexecdir@/systemd-machined BusName=org.freedesktop.machine1 CapabilityBoundingSet=CAP_KILL WatchdogSec=1min +PrivateTmp=yes +PrivateDevices=yes diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in index f7fb6577c0..5c90290cde 100644 --- a/units/systemd-timedated.service.in +++ b/units/systemd-timedated.service.in @@ -15,3 +15,4 @@ ExecStart=@rootlibexecdir@/systemd-timedated BusName=org.freedesktop.timedate1 CapabilityBoundingSet=CAP_SYS_TIME WatchdogSec=1min +PrivateTmp=yes |