chiark / gitweb /
~ianmdlvl / elogind.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7973ca1)
units: make use of PrivateTmp=yes and PrivateDevices=yes for all our long-running...
authorLennart Poettering <lennart@poettering.net>
Wed, 19 Mar 2014 15:45:28 +0000 (16:45 +0100)
committerLennart Poettering <lennart@poettering.net>
Wed, 19 Mar 2014 18:09:00 +0000 (19:09 +0100)
units/systemd-bus-driverd.service.in patch | blob | history
units/systemd-bus-proxyd@.service.in patch | blob | history
units/systemd-hostnamed.service.in patch | blob | history
units/systemd-localed.service.in patch | blob | history
units/systemd-machined.service.in patch | blob | history
units/systemd-timedated.service.in patch | blob | history

diff --git a/units/systemd-bus-driverd.service.in b/units/systemd-bus-driverd.service.in
index 0bda4037c3800624cd3035417cd16749a09f949a..52264862c174cec1c37b48fb3387ae7284ceafc9 100644 (file)
--- a/units/systemd-bus-driverd.service.in
+++ b/units/systemd-bus-driverd.service.in
@@ -13,3 +13,5 @@ ExecStart=@rootlibexecdir@/systemd-bus-driverd
 BusName=org.freedesktop.DBus
 WatchdogSec=1min
 CapabilityBoundingSet=CAP_IPC_OWNER
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.in
index 1bdb459f796b9b14c397fc7bc4ce80cac686774f..1a6458ac5795f0192bb7980ada7b837051c96eff 100644 (file)
--- a/units/systemd-bus-proxyd@.service.in
+++ b/units/systemd-bus-proxyd@.service.in
@@ -15,3 +15,5 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
 ExecStart=@rootlibexecdir@/systemd-bus-proxyd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 NotifyAccess=main
 CapabilityBoundingSet=CAP_IPC_OWNER
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
index 3f5ef75c0b57e9627748117eb02832eba689d314..c8bf8480c9762520b286ef0452da4daa2a1eb2bd 100644 (file)
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@@ -15,3 +15,5 @@ ExecStart=@rootlibexecdir@/systemd-hostnamed
 BusName=org.freedesktop.hostname1
 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
 WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in
index 1951123a0346382d3a36530ef038adf81adbfac7..6fb05655ca1e00faa4718f2df65104400fb4d088 100644 (file)
--- a/units/systemd-localed.service.in
+++ b/units/systemd-localed.service.in
@@ -15,3 +15,5 @@ ExecStart=@rootlibexecdir@/systemd-localed
 BusName=org.freedesktop.locale1
 CapabilityBoundingSet=
 WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index 2679dced882f263c7de7e3d96de4c5b180489fc4..2be1dcf4eac48f8ad19d87a70dcc17e18e1406d0 100644 (file)
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -17,3 +17,5 @@ ExecStart=@rootlibexecdir@/systemd-machined
 BusName=org.freedesktop.machine1
 CapabilityBoundingSet=CAP_KILL
 WatchdogSec=1min
+PrivateTmp=yes
+PrivateDevices=yes
diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in
index f7fb6577c0ab56d59a62ac152d51d7d89ac03aed..5c90290cde3c8a4cebced7b213619421cd592e85 100644 (file)
--- a/units/systemd-timedated.service.in
+++ b/units/systemd-timedated.service.in
@@ -15,3 +15,4 @@ ExecStart=@rootlibexecdir@/systemd-timedated
 BusName=org.freedesktop.timedate1
 CapabilityBoundingSet=CAP_SYS_TIME
 WatchdogSec=1min
+PrivateTmp=yes
Unnamed repository; edit this file 'description' to name the repository.