units/systemd-portabled: enable NoNewPrivileges=

As with all other daemons we ship.

diff --git a/units/systemd-portabled.service.in b/units/systemd-portabled.service.in
index cad2830b64b3960273c35565c676119b512143c8..d22f2342710d5b92132945dcc4ec6b3a2b3f97ac 100644 (file)
--- a/units/systemd-portabled.service.in
+++ b/units/systemd-portabled.service.in
@@ -20,6 +20,7 @@ ExecStart={{LIBEXECDIR}}/systemd-portabled
 BusName=org.freedesktop.portable1
 CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD
 MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
 ProtectHostname=yes
 ProtectKernelLogs=yes
 RestrictRealtime=yes

diff --git a/units/user/systemd-portabled.service.in b/units/user/systemd-portabled.service.in
index 61aa85ef89567f0ac32b201f147f8aa13b4106be..b0a64f20ffbe9e204fdb3be504744c5beea33aad 100644 (file)
--- a/units/user/systemd-portabled.service.in
+++ b/units/user/systemd-portabled.service.in
@@ -16,6 +16,7 @@ Documentation=man:org.freedesktop.portable1(5)
 ExecStart={{LIBEXECDIR}}/systemd-portabled --user
 BusName=org.freedesktop.portable1
 MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
 RestrictRealtime=yes
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
 SystemCallFilter=@system-service @mount