From: Yu Watanabe Date: Fri, 27 Apr 2018 09:11:29 +0000 (+0900) Subject: unit: tighten sandboxing for logind X-Git-Tag: v239~345^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F8839%2Fhead;p=thirdparty%2Fsystemd.git unit: tighten sandboxing for logind --- diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in index 968b92a45c2..168fc007b0b 100644 --- a/units/systemd-logind.service.in +++ b/units/systemd-logind.service.in @@ -29,8 +29,8 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CA MemoryDenyWriteExecute=yes RestrictRealtime=yes RestrictNamespaces=yes -RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 -SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @obsolete @raw-io @reboot @swap +RestrictAddressFamilies=AF_UNIX AF_NETLINK +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap SystemCallArchitectures=native LockPersonality=yes IPAddressDeny=any