chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
units: turn on --network-veth by default for systemd-nspawn@.service
[elogind.git] / units / systemd-machined.service.in
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index a23dca92b5e5e2b3f8712d6a56d3913ddb525849..15f34d9db74de85d18dbf78973b5933050a59e49 100644 (file)
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -14,8 +14,11 @@ After=machine.slice
 
 [Service]
 ExecStart=@rootlibexecdir@/systemd-machined
-Restart=always
-RestartSec=0
 BusName=org.freedesktop.machine1
-CapabilityBoundingSet=CAP_KILL
+CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
 WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateNetwork=yes
+ProtectSystem=full
+ProtectHome=yes
Unnamed repository; edit this file 'description' to name the repository.