[Unit]
Description=Daemon for generating UUIDs
+Documentation=man:uuidd(8)
Requires=uuidd.socket
[Service]
-ExecStart=@usrsbin_execdir@/uuidd --socket-activation
+ExecStart=@usrsbin_execdir@/uuidd --socket-activation --cont-clock
Restart=no
User=uuidd
Group=uuidd
+ProtectSystem=strict
+ProtectHome=yes
+PrivateDevices=yes
+PrivateUsers=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+MemoryDenyWriteExecute=yes
+ReadWritePaths=/var/lib/libuuid/
+SystemCallFilter=@default @file-system @basic-io @system-service @signal @io-event @network-io
[Install]
Also=uuidd.socket