portable: Set DelegateNamespaces=no for all portable profiles

We don't want to delegate any namespaces to portable services, so
let's explicitly set DelegateNamespaces=no in the portable profiles.

diff --git a/src/portable/profile/default/service.conf b/src/portable/profile/default/service.conf
index 35dfd778f28648b01228142c3312eb6669745daf..2cb54d84c3c9a9e4cf8db925c1b2c78f82aa1aa9 100644 (file)
--- a/src/portable/profile/default/service.conf
+++ b/src/portable/profile/default/service.conf
@@ -24,6 +24,7 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
 RestrictNamespaces=yes
+DelegateNamespaces=no
 SystemCallFilter=@system-service
 SystemCallErrorNumber=EPERM
 SystemCallArchitectures=native

diff --git a/src/portable/profile/nonetwork/service.conf b/src/portable/profile/nonetwork/service.conf
index e8d2a9bb1a1e5642f15d8fe4df5629668bddae72..29b7d6f62209eaddfeb7505709ff4e1efae1b4b9 100644 (file)
--- a/src/portable/profile/nonetwork/service.conf
+++ b/src/portable/profile/nonetwork/service.conf
@@ -22,6 +22,7 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
 RestrictNamespaces=yes
+DelegateNamespaces=no
 SystemCallFilter=@system-service
 SystemCallErrorNumber=EPERM
 SystemCallArchitectures=native

diff --git a/src/portable/profile/strict/service.conf b/src/portable/profile/strict/service.conf
index aa5bcfbb08e6098ef83dd86fdba4e8f7eb25fbe7..8e7d3300e2e5aa6adedb2b94479d205e950ef4e2 100644 (file)
--- a/src/portable/profile/strict/service.conf
+++ b/src/portable/profile/strict/service.conf
@@ -20,6 +20,7 @@ NoNewPrivileges=yes
 MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
 RestrictNamespaces=yes
+DelegateNamespaces=no
 SystemCallFilter=@system-service
 SystemCallErrorNumber=EPERM
 SystemCallArchitectures=native