From 417116f23432073162ebfcb286a7800846482eed Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 3 Jun 2014 23:41:44 +0200 Subject: core: add new ReadOnlySystem= and ProtectedHome= settings for service units ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data. --- units/systemd-timesyncd.service.in | 2 ++ 1 file changed, 2 insertions(+) (limited to 'units/systemd-timesyncd.service.in') diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in index cbde3ff67a..030e4a0423 100644 --- a/units/systemd-timesyncd.service.in +++ b/units/systemd-timesyncd.service.in @@ -23,6 +23,8 @@ ExecStart=@rootlibexecdir@/systemd-timesyncd CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER PrivateTmp=yes PrivateDevices=yes +ReadOnlySystem=yes +ProtectedHome=yes WatchdogSec=1min [Install] -- cgit v1.2.3-54-g00ecf