]> git.ipfire.org Git - thirdparty/systemd.git/blobdiff - units/systemd-localed.service.in
projects / thirdparty / systemd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
units: further lock down our long-running services
[thirdparty/systemd.git] / units / systemd-localed.service.in
diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in
index 1f3151c2b5a763faab3404503d7428e39ba32f47..df829e11644f1a6025154a150cc47928238d8ac3 100644 (file)
--- a/units/systemd-localed.service.in
+++ b/units/systemd-localed.service.in
@@ -13,12 +13,16 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/localed
 [Service]
 ExecStart=@rootlibexecdir@/systemd-localed
 BusName=org.freedesktop.locale1
-CapabilityBoundingSet=
 WatchdogSec=3min
+CapabilityBoundingSet=
 PrivateTmp=yes
 PrivateDevices=yes
 PrivateNetwork=yes
 ProtectSystem=yes
 ProtectHome=yes
+ProtectControlGroups=yes
+ProtectKernelTunables=yes
 MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RestrictAddressFamilies=AF_UNIX
 SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io
Unnamed repository; edit this file 'description' to name the repository.