]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2c19af8)
unit: tighten sandboxing for logind 8839/head
authorYu Watanabe <watanabe.yu+github@gmail.com>
Fri, 27 Apr 2018 09:11:29 +0000 (18:11 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Fri, 27 Apr 2018 09:11:29 +0000 (18:11 +0900)
units/systemd-logind.service.in patch | blob | blame | history

diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index 968b92a45c2b8797d55d2fcc8b1fe569c75b3b72..168fc007b0b00865ec7853c45ee7e24d76cff57f 100644 (file)
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -29,8 +29,8 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CA
 MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
 RestrictNamespaces=yes
-RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
-SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @obsolete @raw-io @reboot @swap
+RestrictAddressFamilies=AF_UNIX AF_NETLINK
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
 SystemCallArchitectures=native
 LockPersonality=yes
 IPAddressDeny=any
Unnamed repository; edit this file 'description' to name the repository.