libuuid uses
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP)
to get MAC address for time based UUIDs, but there is
RestrictAddressFamilies=AF_UNIX
in uuidd service file ...
Fixes: https://github.com/util-linux/util-linux/issues/1704
Signed-off-by: Karel Zak <kzak@redhat.com>
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
-RestrictAddressFamilies=AF_UNIX
MemoryDenyWriteExecute=yes
ReadWritePaths=/var/lib/libuuid/
SystemCallFilter=@default @file-system @basic-io @system-service @signal @io-event @network-io