+# SPDX-License-Identifier: LGPL-2.1+
+#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
Description=udev Kernel Device Manager
Documentation=man:systemd-udevd.service(8) man:udev(7)
DefaultDependencies=no
-Wants=systemd-udevd-control.socket systemd-udevd-kernel.socket
-After=systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-sysusers.service
+After=systemd-sysusers.service systemd-hwdb-update.service
Before=sysinit.target
ConditionPathIsReadWrite=/sys
Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-udevd
-MountFlags=slave
KillMode=mixed
WatchdogSec=3min
TasksMax=infinity
+PrivateMounts=yes
+ProtectHostname=yes
+MemoryDenyWriteExecute=yes
+RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallFilter=@system-service @module @raw-io
+SystemCallErrorNumber=EPERM
+SystemCallArchitectures=native
+LockPersonality=yes
+IPAddressDeny=any