diff options
author | Lennart Poettering <lennart@poettering.net> | 2017-02-09 11:22:08 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2017-02-09 16:12:03 +0100 |
commit | 6489ccfe48bb21a43694b60173a49d140b4fb91f (patch) | |
tree | 075be235e4b9a36b844dca405f848b738462191a /units/systemd-journald.service.in | |
parent | 924453c22599cc246746a0233b2f52a27ade0819 (diff) | |
download | systemd-6489ccfe48bb21a43694b60173a49d140b4fb91f.tar.gz |
units: make use of @reboot and @swap in our long-running service SystemCallFilter= settings
Tighten security up a bit more.
Diffstat (limited to 'units/systemd-journald.service.in')
-rw-r--r-- | units/systemd-journald.service.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index adabedd977..64253f59d4 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -28,7 +28,7 @@ MemoryDenyWriteExecute=yes RestrictRealtime=yes RestrictNamespaces=yes RestrictAddressFamilies=AF_UNIX AF_NETLINK -SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap SystemCallArchitectures=native # Increase the default a bit in order to allow many simultaneous |