]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 24e4b4a)
units: add SystemCallErrorNumber=EPERM to systemd-portabled.service
authorLennart Poettering <lennart@poettering.net>
Sun, 7 Jul 2019 15:28:57 +0000 (17:28 +0200)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Mon, 8 Jul 2019 04:47:04 +0000 (13:47 +0900)
We use that on all other services, and hence should here too. Otherwise
the service will be killed with SIGSYS when doing something not
whitelisted, which is a bit crass.

units/systemd-portabled.service.in patch | blob | blame | history

diff --git a/units/systemd-portabled.service.in b/units/systemd-portabled.service.in
index a8eab94d02e524738f58210bf200afee034e6033..c88d3597b7a47ac3f40cbc12edad4d21e15914ac 100644 (file)
--- a/units/systemd-portabled.service.in
+++ b/units/systemd-portabled.service.in
@@ -22,6 +22,7 @@ ProtectHostname=yes
 RestrictRealtime=yes
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
 SystemCallFilter=@system-service @mount
+SystemCallErrorNumber=EPERM
 SystemCallArchitectures=native
 LockPersonality=yes
 IPAddressDeny=any
Unnamed repository; edit this file 'description' to name the repository.