]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cc9cc1b)
units: also change portabled's syscall filter to a whitelist
authorLennart Poettering <lennart@poettering.net>
Mon, 12 Nov 2018 18:21:09 +0000 (19:21 +0100)
committerLennart Poettering <lennart@poettering.net>
Tue, 13 Nov 2018 09:38:17 +0000 (10:38 +0100)
units/systemd-portabled.service.in patch | blob | blame | history

diff --git a/units/systemd-portabled.service.in b/units/systemd-portabled.service.in
index a868f61dbac6e0f9f2c5ad6a98fc19e744d39c56..a44cdb30a42f673b7327d2d82fd19f47d16ef049 100644 (file)
--- a/units/systemd-portabled.service.in
+++ b/units/systemd-portabled.service.in
@@ -20,7 +20,7 @@ CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_C
 MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
-SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @obsolete @raw-io @reboot @swap
+SystemCallFilter=@system-service @mount
 SystemCallArchitectures=native
 LockPersonality=yes
 IPAddressDeny=any
Unnamed repository; edit this file 'description' to name the repository.