diff options
Diffstat (limited to 'units/systemd-resolved.service.m4.in')
| -rw-r--r-- | units/systemd-resolved.service.m4.in | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/units/systemd-resolved.service.m4.in b/units/systemd-resolved.service.m4.in index 8e1c1dea79..4a94f747e2 100644 --- a/units/systemd-resolved.service.m4.in +++ b/units/systemd-resolved.service.m4.in @@ -27,6 +27,8 @@ CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRI ProtectSystem=full ProtectHome=yes WatchdogSec=3min +MemoryDenyWriteExecute=yes +SystemCallFilter=~@clock @module @mount @obsolete @raw-io ptrace [Install] WantedBy=multi-user.target |