diff options
| author |   Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-11-14 17:03:33 +0100 |
|---|---|---|
| committer |   Evgeny Vereshchagin <evvers@ya.ru> | 2018-11-15 17:48:01 +0300 |
| commit | 28f38a76345b7548700d2337dd8b9a8c3f5b0643 (patch) | |
| tree | 423206040e42d17d57c0433de1e5b403abfe929f /units | |
| parent | basic/json: silence gcc warning about limited range of data type (diff) | |
| download | systemd-28f38a76345b7548700d2337dd8b9a8c3f5b0643.tar.gz systemd-28f38a76345b7548700d2337dd8b9a8c3f5b0643.tar.bz2 systemd-28f38a76345b7548700d2337dd8b9a8c3f5b0643.zip | |
Revert "units: lock down logind with fs namespacing options"
Diffstat (limited to 'units')
| -rw-r--r-- | units/systemd-logind.service.in | 10 |
1 files changed, 1 insertions, 9 deletions
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in index 6886fa9bf..38a7f269a 100644 --- a/units/systemd-logind.service.in +++ b/units/systemd-logind.service.in @@ -21,26 +21,18 @@ After=dbus.socket [Service] BusName=org.freedesktop.login1 -CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG ExecStart=@rootlibexecdir@/systemd-logind FileDescriptorStoreMax=512 IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes -PrivateTmp=yes -ProtectControlGroups=yes -ProtectHome=yes -ProtectKernelModules=yes -ProtectSystem=strict -ReadWritePaths=/etc Restart=always RestartSec=0 RestrictAddressFamilies=AF_UNIX AF_NETLINK RestrictNamespaces=yes RestrictRealtime=yes -RuntimeDirectory=systemd/sessions systemd/seats systemd/users -RuntimeDirectoryPreserve=yes SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service |