chiark / gitweb /
core: enable PrivateNetwork= for a number of our long running services where this...
authorLennart Poettering <lennart@poettering.net>
Wed, 19 Mar 2014 22:08:39 +0000 (23:08 +0100)
committerLennart Poettering <lennart@poettering.net>
Wed, 19 Mar 2014 22:25:28 +0000 (23:25 +0100)
units/systemd-bus-driverd.service.in
units/systemd-bus-proxyd@.service.in
units/systemd-hostnamed.service.in
units/systemd-journal-gatewayd.service.in
units/systemd-localed.service.in
units/systemd-machined.service.in
units/systemd-networkd.service.in

index 5226486..5df2a95 100644 (file)
@@ -15,3 +15,4 @@ WatchdogSec=1min
 CapabilityBoundingSet=CAP_IPC_OWNER
 PrivateTmp=yes
 PrivateDevices=yes
+PrivateNetwork=yes
index 1a6458a..fafd4ce 100644 (file)
@@ -17,3 +17,4 @@ NotifyAccess=main
 CapabilityBoundingSet=CAP_IPC_OWNER
 PrivateTmp=yes
 PrivateDevices=yes
+PrivateNetwork=yes
index c8bf848..4481259 100644 (file)
@@ -17,3 +17,4 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
 WatchdogSec=1min
 PrivateTmp=yes
 PrivateDevices=yes
+PrivateNetwork=yes
index a01ce8d..e8e571e 100644 (file)
@@ -14,6 +14,9 @@ ExecStart=@rootlibexecdir@/systemd-journal-gatewayd
 User=systemd-journal-gateway
 Group=systemd-journal-gateway
 SupplementaryGroups=systemd-journal
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateNetwork=yes
 
 [Install]
 Also=systemd-journal-gatewayd.socket
index 6fb0565..ae1c5e5 100644 (file)
@@ -17,3 +17,4 @@ CapabilityBoundingSet=
 WatchdogSec=1min
 PrivateTmp=yes
 PrivateDevices=yes
+PrivateNetwork=yes
index 2be1dcf..1a27c6e 100644 (file)
@@ -19,3 +19,4 @@ CapabilityBoundingSet=CAP_KILL
 WatchdogSec=1min
 PrivateTmp=yes
 PrivateDevices=yes
+PrivateNetwork=yes
index ca40691..793381f 100644 (file)
@@ -20,6 +20,7 @@ Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-networkd
 WatchdogSec=1min
+PrivateTmp=yes
 
 [Install]
 WantedBy=multi-user.target