chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
units: add SecureBits
[elogind.git]
/
units
/
systemd-resolved.service.in
diff --git
a/units/systemd-resolved.service.in
b/units/systemd-resolved.service.in
index b643da9a73e064a30445510a6992c77cf23fb27b..00967e38603d7310474f832b4a24b5e98ed12fd8 100644
(file)
--- a/
units/systemd-resolved.service.in
+++ b/
units/systemd-resolved.service.in
@@
-21,6
+21,7
@@
Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-resolved
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
+SecureBits=noroot noroot-locked
ProtectSystem=full
ProtectHome=yes
WatchdogSec=1min
~ianmdlvl / elogind.git / blobdiff