Revert "units: add SecureBits"

This reverts commit 6a716208b346b742053cfd01e76f76fb27c4ea47.

Apparently this doesn't work.

http://lists.freedesktop.org/archives/systemd-devel/2015-February/028212.html

diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
index 259b451cbdf49405d75c74a14caee4bfad52d611..cc88ecd0db28b79958e3ea8952cc6319e0706206 100644 (file)
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@@ -14,7 +14,6 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/hostnamed
 ExecStart=@rootlibexecdir@/systemd-hostnamed
 BusName=org.freedesktop.hostname1
 CapabilityBoundingSet=CAP_SYS_ADMIN
-SecureBits=noroot noroot-locked
 WatchdogSec=1min
 PrivateTmp=yes
 PrivateDevices=yes

diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in
index 189c7638044370d7b1986adfe4c736e399bb51b2..26759ea0fb47ba970f1fbb5aeeee516ea7098e93 100644 (file)
--- a/units/systemd-importd.service.in
+++ b/units/systemd-importd.service.in
@@ -14,7 +14,6 @@ ExecStart=@rootlibexecdir@/systemd-importd
 BusName=org.freedesktop.import1
 CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
 NoNewPrivileges=yes
-SecureBits=noroot noroot-locked
 WatchdogSec=1min
 PrivateTmp=yes
 ProtectSystem=full

diff --git a/units/systemd-journal-gatewayd.service.in b/units/systemd-journal-gatewayd.service.in
index f15a37f9d1750b6addb17fd4ed12feffcbfdcb33..987220e554208dbf6a0a2eaa4b06d6453a7f8899 100644 (file)
--- a/units/systemd-journal-gatewayd.service.in
+++ b/units/systemd-journal-gatewayd.service.in
@@ -11,7 +11,6 @@ Requires=systemd-journal-gatewayd.socket
 
 [Service]
 ExecStart=@rootlibexecdir@/systemd-journal-gatewayd
-SecureBits=noroot noroot-locked
 User=systemd-journal-gateway
 Group=systemd-journal-gateway
 SupplementaryGroups=systemd-journal

diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in
index afa35e6e6b7dcadf416988b7d1bb2a56797da4e1..4a898d62f3597d25e2266502659979368d8a200a 100644 (file)
--- a/units/systemd-journal-remote.service.in
+++ b/units/systemd-journal-remote.service.in
@@ -13,7 +13,6 @@ Requires=systemd-journal-remote.socket
 ExecStart=@rootlibexecdir@/systemd-journal-remote \
           --listen-https=-3 \
           --output=/var/log/journal/remote/
-SecureBits=noroot noroot-locked
 User=systemd-journal-remote
 Group=systemd-journal-remote
 PrivateTmp=yes

diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in
index f8524ca2271996fe51a956b876b77bf5fe730870..b2e3c769cce8db0fa333ec5ee5079f2b755eb94b 100644 (file)
--- a/units/systemd-journal-upload.service.in
+++ b/units/systemd-journal-upload.service.in
@@ -12,7 +12,6 @@ After=network.target
 [Service]
 ExecStart=@rootlibexecdir@/systemd-journal-upload \
           --save-state
-SecureBits=noroot noroot-locked
 User=systemd-journal-upload
 PrivateTmp=yes
 PrivateDevices=yes

diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index b48e4ad1aaf4f3175a077ec99ce90ab41c8ec6f7..a3540c65d2e70085ecd4fa242f93ab176c1a58a9 100644 (file)
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -22,7 +22,6 @@ RestartSec=0
 NotifyAccess=all
 StandardOutput=null
 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
-SecureBits=noroot noroot-locked
 WatchdogSec=1min
 FileDescriptorStoreMax=1024
 

diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in
index d2fbf301de88b4de6e67991a796317eaddb43850..bfa097844ff925304c4deabb48c88a74dbd02d4f 100644 (file)
--- a/units/systemd-localed.service.in
+++ b/units/systemd-localed.service.in
@@ -14,7 +14,6 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/localed
 ExecStart=@rootlibexecdir@/systemd-localed
 BusName=org.freedesktop.locale1
 CapabilityBoundingSet=
-SecureBits=noroot noroot-locked
 WatchdogSec=1min
 PrivateTmp=yes
 PrivateDevices=yes

diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index 471278aa1b8798bc3bfe80c10fedb26b671f390e..f087e99ce2e75f7470199c676af72ef1570243f8 100644 (file)
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -24,7 +24,6 @@ Restart=always
 RestartSec=0
 BusName=org.freedesktop.login1
 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
-SecureBits=noroot noroot-locked
 WatchdogSec=1min
 
 # Increase the default a bit in order to allow many simultaneous

diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index 0cb823e60e48a339f6952bf2f902ccc7cd668f59..15f34d9db74de85d18dbf78973b5933050a59e49 100644 (file)
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -16,7 +16,6 @@ After=machine.slice
 ExecStart=@rootlibexecdir@/systemd-machined
 BusName=org.freedesktop.machine1
 CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
-SecureBits=noroot noroot-locked
 WatchdogSec=1min
 PrivateTmp=yes
 PrivateDevices=yes

diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
index 057cc8cc46345cfb4e83d24a20db8b8a31131eac..5a91b8e499bb8a09d6aa7de1949781f11fd8379a 100644 (file)
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -23,7 +23,6 @@ Restart=on-failure
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-networkd
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
-SecureBits=noroot noroot-locked
 ProtectSystem=full
 ProtectHome=yes
 WatchdogSec=1min

diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
index 00967e38603d7310474f832b4a24b5e98ed12fd8..b643da9a73e064a30445510a6992c77cf23fb27b 100644 (file)
--- a/units/systemd-resolved.service.in
+++ b/units/systemd-resolved.service.in
@@ -21,7 +21,6 @@ Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-resolved
 CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
-SecureBits=noroot noroot-locked
 ProtectSystem=full
 ProtectHome=yes
 WatchdogSec=1min

diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in
index 9083e28d54dcfd4a71b8492437a3a545d4689c91..fe5ccb4601110205e730f46756a093b63576fef5 100644 (file)
--- a/units/systemd-timedated.service.in
+++ b/units/systemd-timedated.service.in
@@ -14,7 +14,6 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/timedated
 ExecStart=@rootlibexecdir@/systemd-timedated
 BusName=org.freedesktop.timedate1
 CapabilityBoundingSet=CAP_SYS_TIME
-SecureBits=noroot noroot-locked
 WatchdogSec=1min
 PrivateTmp=yes
 ProtectSystem=yes

diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index bc7aa26a9b7279782a36ba147032719b3f7c9f07..39edafc8d295d7b92536002144cdeac4f5dcb899 100644 (file)
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -23,7 +23,6 @@ Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-timesyncd
 CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
-SecureBits=noroot noroot-locked
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full