projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| a7df2d1e ZJS |
1 | # SPDX-License-Identifier: LGPL-2.1+ |
| 2 | # | |
| 7640a5de LP |
3 | # This file is part of systemd. |
| 4 | # | |
| 5 | # systemd is free software; you can redistribute it and/or modify it | |
| 5430f7f2 LP |
6 | # under the terms of the GNU Lesser General Public License as published by |
| 7 | # the Free Software Foundation; either version 2.1 of the License, or | |
| 7640a5de LP |
8 | # (at your option) any later version. |
| 9 | ||
| 7640a5de LP |
10 | [Unit] |
| 11 | Description=Hostname Service | |
| 29f4f511 | 12 | Documentation=man:systemd-hostnamed.service(8) man:hostname(5) man:machine-info(5) |
| 16a5d412 | 13 | Documentation=https://www.freedesktop.org/wiki/Software/systemd/hostnamed |
| 7640a5de LP |
14 | |
| 15 | [Service] | |
| 7640a5de | 16 | BusName=org.freedesktop.hostname1 |
| 0c28d51a | 17 | CapabilityBoundingSet=CAP_SYS_ADMIN |
| 3ca9940c LP |
18 | ExecStart=@rootlibexecdir@/systemd-hostnamed |
| 19 | IPAddressDeny=any | |
| 20 | LockPersonality=yes | |
| 21 | MemoryDenyWriteExecute=yes | |
| 22 | NoNewPrivileges=yes | |
| d99a7052 | 23 | PrivateDevices=yes |
| f21a71a9 | 24 | PrivateNetwork=yes |
| 3ca9940c | 25 | PrivateTmp=yes |
| 0c28d51a | 26 | ProtectControlGroups=yes |
| 3ca9940c | 27 | ProtectHome=yes |
| b6c7278c | 28 | ProtectKernelModules=yes |
| 3ca9940c | 29 | ProtectKernelTunables=yes |
| 6168ae58 | 30 | ProtectKernelLogs=yes |
| 3ca9940c LP |
31 | ProtectSystem=strict |
| 32 | ReadWritePaths=/etc | |
| 0c28d51a | 33 | RestrictAddressFamilies=AF_UNIX |
| 3ca9940c LP |
34 | RestrictNamespaces=yes |
| 35 | RestrictRealtime=yes | |
| 62aa2924 | 36 | RestrictSUIDSGID=yes |
| 7f396e5f | 37 | SystemCallArchitectures=native |
| 3ca9940c LP |
38 | SystemCallErrorNumber=EPERM |
| 39 | SystemCallFilter=@system-service sethostname | |
| 21d0dd5a | 40 | @SERVICE_WATCHDOG@ |