]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b6887d7)
units: set RestrictNamespaces=yes to networkd and resolved
authorYu Watanabe <watanabe.yu+github@gmail.com>
Thu, 10 May 2018 15:17:38 +0000 (00:17 +0900)
committerLennart Poettering <lennart@poettering.net>
Fri, 11 May 2018 05:50:31 +0000 (22:50 -0700)
Closes #8949.

units/systemd-networkd.service.in patch | blob | blame | history
units/systemd-resolved.service.in patch | blob | blame | history

diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
index 63ee735415151a68846e4a5601ae3f610e59b088..d05b33472203f253e3abf5a660024a68c73d8d18 100644 (file)
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -33,6 +33,7 @@ ProtectControlGroups=yes
 ProtectKernelModules=yes
 MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
+RestrictNamespaces=yes
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET
 SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
 SystemCallArchitectures=native
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
index c4c7f1feef9a5a9e2cd89c0b9b2ae1c58929d92d..a939f7259cddd8a626c80d0aa6076295f6b6f9dd 100644 (file)
--- a/units/systemd-resolved.service.in
+++ b/units/systemd-resolved.service.in
@@ -37,6 +37,7 @@ ProtectKernelTunables=yes
 ProtectKernelModules=yes
 MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
+RestrictNamespaces=yes
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
 SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
 SystemCallArchitectures=native
Unnamed repository; edit this file 'description' to name the repository.