chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
7973ca1
)
units: make use of PrivateTmp=yes and PrivateDevices=yes for all our long-running...
author
Lennart Poettering
<lennart@poettering.net>
Wed, 19 Mar 2014 15:45:28 +0000
(16:45 +0100)
committer
Lennart Poettering
<lennart@poettering.net>
Wed, 19 Mar 2014 18:09:00 +0000
(19:09 +0100)
units/systemd-bus-driverd.service.in
patch
|
blob
|
history
units/systemd-bus-proxyd@.service.in
patch
|
blob
|
history
units/systemd-hostnamed.service.in
patch
|
blob
|
history
units/systemd-localed.service.in
patch
|
blob
|
history
units/systemd-machined.service.in
patch
|
blob
|
history
units/systemd-timedated.service.in
patch
|
blob
|
history
diff --git
a/units/systemd-bus-driverd.service.in
b/units/systemd-bus-driverd.service.in
index 0bda4037c3800624cd3035417cd16749a09f949a..52264862c174cec1c37b48fb3387ae7284ceafc9 100644
(file)
--- a/
units/systemd-bus-driverd.service.in
+++ b/
units/systemd-bus-driverd.service.in
@@
-13,3
+13,5
@@
ExecStart=@rootlibexecdir@/systemd-bus-driverd
BusName=org.freedesktop.DBus
WatchdogSec=1min
CapabilityBoundingSet=CAP_IPC_OWNER
BusName=org.freedesktop.DBus
WatchdogSec=1min
CapabilityBoundingSet=CAP_IPC_OWNER
+PrivateTmp=yes
+PrivateDevices=yes
diff --git
a/units/systemd-bus-proxyd@.service.in
b/units/systemd-bus-proxyd@.service.in
index 1bdb459f796b9b14c397fc7bc4ce80cac686774f..1a6458ac5795f0192bb7980ada7b837051c96eff 100644
(file)
--- a/
units/systemd-bus-proxyd@.service.in
+++ b/
units/systemd-bus-proxyd@.service.in
@@
-15,3
+15,5
@@
Description=Legacy D-Bus Protocol Compatibility Daemon
ExecStart=@rootlibexecdir@/systemd-bus-proxyd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NotifyAccess=main
CapabilityBoundingSet=CAP_IPC_OWNER
ExecStart=@rootlibexecdir@/systemd-bus-proxyd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NotifyAccess=main
CapabilityBoundingSet=CAP_IPC_OWNER
+PrivateTmp=yes
+PrivateDevices=yes
diff --git
a/units/systemd-hostnamed.service.in
b/units/systemd-hostnamed.service.in
index 3f5ef75c0b57e9627748117eb02832eba689d314..c8bf8480c9762520b286ef0452da4daa2a1eb2bd 100644
(file)
--- a/
units/systemd-hostnamed.service.in
+++ b/
units/systemd-hostnamed.service.in
@@
-15,3
+15,5
@@
ExecStart=@rootlibexecdir@/systemd-hostnamed
BusName=org.freedesktop.hostname1
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
WatchdogSec=1min
BusName=org.freedesktop.hostname1
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
diff --git
a/units/systemd-localed.service.in
b/units/systemd-localed.service.in
index 1951123a0346382d3a36530ef038adf81adbfac7..6fb05655ca1e00faa4718f2df65104400fb4d088 100644
(file)
--- a/
units/systemd-localed.service.in
+++ b/
units/systemd-localed.service.in
@@
-15,3
+15,5
@@
ExecStart=@rootlibexecdir@/systemd-localed
BusName=org.freedesktop.locale1
CapabilityBoundingSet=
WatchdogSec=1min
BusName=org.freedesktop.locale1
CapabilityBoundingSet=
WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
diff --git
a/units/systemd-machined.service.in
b/units/systemd-machined.service.in
index 2679dced882f263c7de7e3d96de4c5b180489fc4..2be1dcf4eac48f8ad19d87a70dcc17e18e1406d0 100644
(file)
--- a/
units/systemd-machined.service.in
+++ b/
units/systemd-machined.service.in
@@
-17,3
+17,5
@@
ExecStart=@rootlibexecdir@/systemd-machined
BusName=org.freedesktop.machine1
CapabilityBoundingSet=CAP_KILL
WatchdogSec=1min
BusName=org.freedesktop.machine1
CapabilityBoundingSet=CAP_KILL
WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
diff --git
a/units/systemd-timedated.service.in
b/units/systemd-timedated.service.in
index f7fb6577c0ab56d59a62ac152d51d7d89ac03aed..5c90290cde3c8a4cebced7b213619421cd592e85 100644
(file)
--- a/
units/systemd-timedated.service.in
+++ b/
units/systemd-timedated.service.in
@@
-15,3
+15,4
@@
ExecStart=@rootlibexecdir@/systemd-timedated
BusName=org.freedesktop.timedate1
CapabilityBoundingSet=CAP_SYS_TIME
WatchdogSec=1min
BusName=org.freedesktop.timedate1
CapabilityBoundingSet=CAP_SYS_TIME
WatchdogSec=1min
+PrivateTmp=yes