chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
units: make use of PrivateTmp=yes and PrivateDevices=yes for all our long-running...
[elogind.git] / units / systemd-hostnamed.service.in
diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
index be22a3ad01833b6b026a0d0dd4efe912d2a139d3..c8bf8480c9762520b286ef0452da4daa2a1eb2bd 100644 (file)
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@@ -13,4 +13,7 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/hostnamed
 [Service]
 ExecStart=@rootlibexecdir@/systemd-hostnamed
 BusName=org.freedesktop.hostname1
-CapabilityBoundingSet=CAP_SYS_ADMIN
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
+WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
Unnamed repository; edit this file 'description' to name the repository.