units: don't enable per-service IP firewall by default

author Michal Sekletar <msekleta@redhat.com>

Fri, 12 Oct 2018 14:50:09 +0000 (14:50 +0000)

committer Lukas Nykryn <lnykryn@redhat.com>

Mon, 29 Oct 2018 09:41:47 +0000 (10:41 +0100)
author Michal Sekletar <msekleta@redhat.com>
Fri, 12 Oct 2018 14:50:09 +0000 (14:50 +0000)
committer Lukas Nykryn <lnykryn@redhat.com>
Mon, 29 Oct 2018 09:41:47 +0000 (10:41 +0100)
diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in

index 215696ecd1ec216bda052b11164511a39e7d0ef9..68a68a5055845631f363f4010df2eb5062cd40e0 100644 (file)
--- a/units/systemd-coredump@.service.in
+++ b/units/systemd-coredump@.service.in
@@ -37,5 +37,4 @@ SystemCallFilter=@system-service
  SystemCallErrorNumber=EPERM
  SystemCallArchitectures=native
  LockPersonality=yes
-IPAddressDeny=any
  StateDirectory=systemd/coredump
diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in

index da74b4fe8b2ba38190572082a8d8757e1f7d6174..4e5470dd2964abfca1e05467c0dc6093b0c06e09 100644 (file)
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@@ -33,5 +33,4 @@ SystemCallFilter=@system-service sethostname
  SystemCallErrorNumber=EPERM
  SystemCallArchitectures=native
  LockPersonality=yes
-IPAddressDeny=any
  ReadWritePaths=/etc
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in

index 8f5021d0de08fbe8dba8c847cc336ff81aaf5251..2d5fd0120dfce873788f9e18c97e70c26a2f2300 100644 (file)
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -33,7 +33,6 @@ SystemCallFilter=@system-service
  SystemCallErrorNumber=EPERM
  SystemCallArchitectures=native
  LockPersonality=yes
-IPAddressDeny=any
  
  # Increase the default a bit in order to allow many simultaneous
  # services being run since we keep one fd open per service. Also, when
diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in

index a24e61a0cdd16f5863ea80b43615a827cc5e4670..ce043db154a956b73182b255c29fde567cc682c7 100644 (file)
--- a/units/systemd-localed.service.in
+++ b/units/systemd-localed.service.in
@@ -33,5 +33,4 @@ SystemCallFilter=@system-service
  SystemCallErrorNumber=EPERM
  SystemCallArchitectures=native
  LockPersonality=yes
-IPAddressDeny=any
  ReadWritePaths=/etc
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in

index 5e090bcf238bd4d47fa579e07f827794528b840b..6953fac55ba5fe0eaa66b917e5fb9cf47913abf4 100644 (file)
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -34,7 +34,6 @@ SystemCallFilter=@system-service
  SystemCallErrorNumber=EPERM
  SystemCallArchitectures=native
  LockPersonality=yes
-IPAddressDeny=any
  FileDescriptorStoreMax=512
  
  # Increase the default a bit in order to allow many simultaneous
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in

index 1200a90a61aa66236670274592aca37857261da5..dec2c4b0dcd64bdd2aebe7fb6c7d329023595e3a 100644 (file)
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -27,7 +27,6 @@ SystemCallFilter=@system-service @mount
  SystemCallErrorNumber=EPERM
  SystemCallArchitectures=native
  LockPersonality=yes
-IPAddressDeny=any
  
  # Note that machined cannot be placed in a mount namespace, since it
  # needs access to the host's mount namespace in order to implement the
diff --git a/units/systemd-portabled.service.in b/units/systemd-portabled.service.in

index a868f61dbac6e0f9f2c5ad6a98fc19e744d39c56..64f14071e838724018b2db1b0bece3b154ec033b 100644 (file)
--- a/units/systemd-portabled.service.in
+++ b/units/systemd-portabled.service.in
@@ -23,4 +23,3 @@ RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
  SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @obsolete @raw-io @reboot @swap
  SystemCallArchitectures=native
  LockPersonality=yes
-IPAddressDeny=any
diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in

index 906bb4326cae9f8ab35b02ecd2258e29f1c992bb..662b39557a14ef1f12d775635cdea76d079477fa 100644 (file)
--- a/units/systemd-timedated.service.in
+++ b/units/systemd-timedated.service.in
@@ -31,5 +31,4 @@ SystemCallFilter=@system-service @clock
  SystemCallErrorNumber=EPERM
  SystemCallArchitectures=native
  LockPersonality=yes
-IPAddressDeny=any
  ReadWritePaths=/etc
diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in

index 6a3814e5d92607a397b88bb55015a6be47bc75ff..fd9ead3bb82800d2d6ab38bd86f4938c062a3258 100644 (file)
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -33,4 +33,3 @@ SystemCallFilter=@system-service @module @raw-io
  SystemCallErrorNumber=EPERM
  SystemCallArchitectures=native
  LockPersonality=yes
-IPAddressDeny=any
author	Michal Sekletar <msekleta@redhat.com>
	Fri, 12 Oct 2018 14:50:09 +0000 (14:50 +0000)
committer	Lukas Nykryn <lnykryn@redhat.com>
	Mon, 29 Oct 2018 09:41:47 +0000 (10:41 +0100)
units/systemd-coredump@.service.in		patch \| blob \| blame \| history
units/systemd-hostnamed.service.in		patch \| blob \| blame \| history
units/systemd-journald.service.in		patch \| blob \| blame \| history
units/systemd-localed.service.in		patch \| blob \| blame \| history
units/systemd-logind.service.in		patch \| blob \| blame \| history
units/systemd-machined.service.in		patch \| blob \| blame \| history
units/systemd-portabled.service.in		patch \| blob \| blame \| history
units/systemd-timedated.service.in		patch \| blob \| blame \| history
units/systemd-udevd.service.in		patch \| blob \| blame \| history