diff options
Diffstat (limited to 'units/systemd-journald.service.in')
| -rw-r--r-- | units/systemd-journald.service.in | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index 41bfde5be3..58808d4f8c 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -24,6 +24,8 @@ StandardOutput=null CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE WatchdogSec=3min FileDescriptorStoreMax=1024 +MemoryDenyWriteExecute=yes +SystemCallFilter=~@clock @module @mount @obsolete @raw-io ptrace # Increase the default a bit in order to allow many simultaneous # services being run since we keep one fd open per service. Also, when |