test-string-util: add another test for stripping slashes

[thirdparty/systemd.git] / units / systemd-journald.service.in

diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index 2552102bfca0246e9b190754db7e04cbaf16fb0f..df76fe4226804be7babb3e2ca709e2847f8d746d 100644 (file)
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -1,3 +1,5 @@
+#  SPDX-License-Identifier: LGPL-2.1+
+#
 #  This file is part of systemd.
 #
 #  systemd is free software; you can redistribute it and/or modify it
@@ -19,10 +21,18 @@ Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald
 ExecStart=@rootlibexecdir@/systemd-journald
 Restart=always
 RestartSec=0
-NotifyAccess=all
 StandardOutput=null
+WatchdogSec=3min
+FileDescriptorStoreMax=4224
 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
-FileDescriptorStoreMax=1024
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RestrictNamespaces=yes
+RestrictAddressFamilies=AF_UNIX AF_NETLINK
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
+SystemCallArchitectures=native
+LockPersonality=yes
+IPAddressDeny=any
 
 # Increase the default a bit in order to allow many simultaneous
 # services being run since we keep one fd open per service. Also, when