core: add new ReadOnlySystem= and ProtectedHome= settings for service units

ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
author: Lennart Poettering <lennart@poettering.net> 2014-06-03 23:41:44 +0200
committer: Lennart Poettering <lennart@poettering.net> 2014-06-03 23:57:51 +0200
commit: 417116f23432073162ebfcb286a7800846482eed (patch)
tree: 8e6076d15760c8079deb32eff461e0cc3168fa61 /units/systemd-logind.service.in
parent: 85b5673b337048fa881a5afb1d00d1a7b95950fb (diff)
download: systemd-417116f23432073162ebfcb286a7800846482eed.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index c6cbd1c8df..68803fb381 100644
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -25,6 +25,8 @@ RestartSec=0
 BusName=org.freedesktop.login1
 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
 WatchdogSec=1min
+ReadOnlySystem=yes
+ProtectedHome=yes
 
 # Increase the default a bit in order to allow many simultaneous
 # logins since we keep one fd open per session.
author	Lennart Poettering <lennart@poettering.net>	2014-06-03 23:41:44 +0200
committer	Lennart Poettering <lennart@poettering.net>	2014-06-03 23:57:51 +0200
commit	417116f23432073162ebfcb286a7800846482eed (patch)
tree	8e6076d15760c8079deb32eff461e0cc3168fa61 /units/systemd-logind.service.in
parent	85b5673b337048fa881a5afb1d00d1a7b95950fb (diff)
download	systemd-417116f23432073162ebfcb286a7800846482eed.tar.gz