]> git.ipfire.org Git - thirdparty/systemd.git/blobdiff - units/systemd-logind.service.in
projects / thirdparty / systemd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
units: deny access to block devices
[thirdparty/systemd.git] / units / systemd-logind.service.in
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index 8a7262776f9236ad697278099593c1dbe2ac9903..1b37290d4f5a2ad3853434e550429149407e87f5 100644 (file)
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -22,6 +22,11 @@ After=dbus.socket
 [Service]
 BusName=org.freedesktop.login1
 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG CAP_LINUX_IMMUTABLE
+DeviceAllow=char-/dev/console rw
+DeviceAllow=char-drm rw
+DeviceAllow=char-input rw
+DeviceAllow=char-tty rw
+DeviceAllow=char-vcs rw
 ExecStart=@rootlibexecdir@/systemd-logind
 FileDescriptorStoreMax=512
 IPAddressDeny=any
Unnamed repository; edit this file 'description' to name the repository.