chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
7181dbd
)
core: enable PrivateNetwork= for a number of our long running services where this...
author
Lennart Poettering
<lennart@poettering.net>
Wed, 19 Mar 2014 22:08:39 +0000
(23:08 +0100)
committer
Lennart Poettering
<lennart@poettering.net>
Wed, 19 Mar 2014 22:25:28 +0000
(23:25 +0100)
units/systemd-bus-driverd.service.in
patch
|
blob
|
history
units/systemd-bus-proxyd@.service.in
patch
|
blob
|
history
units/systemd-hostnamed.service.in
patch
|
blob
|
history
units/systemd-journal-gatewayd.service.in
patch
|
blob
|
history
units/systemd-localed.service.in
patch
|
blob
|
history
units/systemd-machined.service.in
patch
|
blob
|
history
units/systemd-networkd.service.in
patch
|
blob
|
history
diff --git
a/units/systemd-bus-driverd.service.in
b/units/systemd-bus-driverd.service.in
index
5226486
..
5df2a95
100644
(file)
--- a/
units/systemd-bus-driverd.service.in
+++ b/
units/systemd-bus-driverd.service.in
@@
-15,3
+15,4
@@
WatchdogSec=1min
CapabilityBoundingSet=CAP_IPC_OWNER
PrivateTmp=yes
PrivateDevices=yes
+PrivateNetwork=yes
diff --git
a/units/systemd-bus-proxyd@.service.in
b/units/systemd-bus-proxyd@.service.in
index
1a6458a
..
fafd4ce
100644
(file)
--- a/
units/systemd-bus-proxyd@.service.in
+++ b/
units/systemd-bus-proxyd@.service.in
@@
-17,3
+17,4
@@
NotifyAccess=main
CapabilityBoundingSet=CAP_IPC_OWNER
PrivateTmp=yes
PrivateDevices=yes
+PrivateNetwork=yes
diff --git
a/units/systemd-hostnamed.service.in
b/units/systemd-hostnamed.service.in
index
c8bf848
..
4481259
100644
(file)
--- a/
units/systemd-hostnamed.service.in
+++ b/
units/systemd-hostnamed.service.in
@@
-17,3
+17,4
@@
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
WatchdogSec=1min
PrivateTmp=yes
PrivateDevices=yes
+PrivateNetwork=yes
diff --git
a/units/systemd-journal-gatewayd.service.in
b/units/systemd-journal-gatewayd.service.in
index
a01ce8d
..
e8e571e
100644
(file)
--- a/
units/systemd-journal-gatewayd.service.in
+++ b/
units/systemd-journal-gatewayd.service.in
@@
-14,6
+14,9
@@
ExecStart=@rootlibexecdir@/systemd-journal-gatewayd
User=systemd-journal-gateway
Group=systemd-journal-gateway
SupplementaryGroups=systemd-journal
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateNetwork=yes
[Install]
Also=systemd-journal-gatewayd.socket
diff --git
a/units/systemd-localed.service.in
b/units/systemd-localed.service.in
index
6fb0565
..
ae1c5e5
100644
(file)
--- a/
units/systemd-localed.service.in
+++ b/
units/systemd-localed.service.in
@@
-17,3
+17,4
@@
CapabilityBoundingSet=
WatchdogSec=1min
PrivateTmp=yes
PrivateDevices=yes
+PrivateNetwork=yes
diff --git
a/units/systemd-machined.service.in
b/units/systemd-machined.service.in
index
2be1dcf
..
1a27c6e
100644
(file)
--- a/
units/systemd-machined.service.in
+++ b/
units/systemd-machined.service.in
@@
-19,3
+19,4
@@
CapabilityBoundingSet=CAP_KILL
WatchdogSec=1min
PrivateTmp=yes
PrivateDevices=yes
+PrivateNetwork=yes
diff --git
a/units/systemd-networkd.service.in
b/units/systemd-networkd.service.in
index
ca40691
..
793381f
100644
(file)
--- a/
units/systemd-networkd.service.in
+++ b/
units/systemd-networkd.service.in
@@
-20,6
+20,7
@@
Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-networkd
WatchdogSec=1min
+PrivateTmp=yes
[Install]
WantedBy=multi-user.target
~ianmdlvl / elogind.git / commitdiff