+# SPDX-License-Identifier: LGPL-2.1+
+#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
Description=udev Kernel Device Manager
Documentation=man:systemd-udevd.service(8) man:udev(7)
DefaultDependencies=no
-Wants=systemd-udevd-control.socket systemd-udevd-kernel.socket
-After=systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-sysusers.service
+After=systemd-sysusers.service systemd-hwdb-update.service
Before=sysinit.target
ConditionPathIsReadWrite=/sys
KillMode=mixed
WatchdogSec=3min
TasksMax=infinity
-MountFlags=slave
+PrivateMounts=yes
+ProtectHostname=yes
MemoryDenyWriteExecute=yes
+RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
RestrictRealtime=yes
-RestrictAddressFamilies=AF_UNIX AF_NETLINK
+RestrictSUIDSGID=yes
+SystemCallFilter=@system-service @module @raw-io
+SystemCallErrorNumber=EPERM
+SystemCallArchitectures=native
+LockPersonality=yes
+IPAddressDeny=any