summaryrefslogtreecommitdiff
path: root/units/systemd-journal-upload.service.in
diff options
context:
space:
mode:
Diffstat (limited to 'units/systemd-journal-upload.service.in')
-rw-r--r--units/systemd-journal-upload.service.in12
1 files changed, 9 insertions, 3 deletions
diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in
index 1f488ff425..c709543af5 100644
--- a/units/systemd-journal-upload.service.in
+++ b/units/systemd-journal-upload.service.in
@@ -11,13 +11,19 @@ Documentation=man:systemd-journal-upload(8)
After=network.target
[Service]
-ExecStart=@rootlibexecdir@/systemd-journal-upload \
- --save-state
+ExecStart=@rootlibexecdir@/systemd-journal-upload --save-state
User=systemd-journal-upload
SupplementaryGroups=systemd-journal
+WatchdogSec=3min
PrivateTmp=yes
PrivateDevices=yes
-WatchdogSec=3min
+ProtectSystem=full
+ProtectHome=yes
+ProtectControlGroups=yes
+ProtectKernelTunables=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
# If there are many split up journal files we need a lot of fds to
# access them all and combine