X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=units%2Fsystemd-importd.service.in;fp=units%2Fsystemd-importd.service.in;h=26759ea0fb47ba970f1fbb5aeeee516ea7098e93;hp=b9cb97e6b96fee3910772ed1cfb25b10afa21a58;hb=e57565dd5bae380122ba1b6c34cbba1d44f44d1f;hpb=3637713a2006320a8844adc6de5cd134444bb329

diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in
index b9cb97e6b..26759ea0f 100644
--- a/units/systemd-importd.service.in
+++ b/units/systemd-importd.service.in
@@ -12,8 +12,9 @@ Documentation=man:systemd-importd.service(8)
 [Service]
 ExecStart=@rootlibexecdir@/systemd-importd
 BusName=org.freedesktop.import1
+CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
+NoNewPrivileges=yes
 WatchdogSec=1min
 PrivateTmp=yes
-PrivateDevices=yes
 ProtectSystem=full
 ProtectHome=yes