]> git.ipfire.org Git - thirdparty/systemd.git/blobdiff - units/systemd-journal-remote.service.in
projects / thirdparty / systemd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
document udev escaped string in udev(7)
[thirdparty/systemd.git] / units / systemd-journal-remote.service.in
diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in
index 29a99aaec1ae0281d6a0dc4499db93528c26fa25..82befc9912742ac756c3c593d8013046686a8b76 100644 (file)
--- a/units/systemd-journal-remote.service.in
+++ b/units/systemd-journal-remote.service.in
@@ -21,17 +21,22 @@ NoNewPrivileges=yes
 PrivateDevices=yes
 PrivateNetwork=yes
 PrivateTmp=yes
+ProtectProc=invisible
+ProtectClock=yes
 ProtectControlGroups=yes
 ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectSystem=strict
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 RestrictNamespaces=yes
 RestrictRealtime=yes
+RestrictSUIDSGID=yes
 SystemCallArchitectures=native
 User=systemd-journal-remote
-WatchdogSec=3min
+@SERVICE_WATCHDOG@
 
 # If there are many split up journal files we need a lot of fds to access them
 # all in parallel.
Unnamed repository; edit this file 'description' to name the repository.