diff options
Diffstat (limited to 'units/systemd-logind.service.in')
-rw-r--r-- | units/systemd-logind.service.in | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in index 5e090bcf23..38a7f269ac 100644 --- a/units/systemd-logind.service.in +++ b/units/systemd-logind.service.in @@ -20,23 +20,24 @@ Wants=dbus.socket After=dbus.socket [Service] -ExecStart=@rootlibexecdir@/systemd-logind -Restart=always -RestartSec=0 BusName=org.freedesktop.login1 -WatchdogSec=3min CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG +ExecStart=@rootlibexecdir@/systemd-logind +FileDescriptorStoreMax=512 +IPAddressDeny=any +LockPersonality=yes MemoryDenyWriteExecute=yes -RestrictRealtime=yes -RestrictNamespaces=yes +NoNewPrivileges=yes +Restart=always +RestartSec=0 RestrictAddressFamilies=AF_UNIX AF_NETLINK -SystemCallFilter=@system-service -SystemCallErrorNumber=EPERM +RestrictNamespaces=yes +RestrictRealtime=yes SystemCallArchitectures=native -LockPersonality=yes -IPAddressDeny=any -FileDescriptorStoreMax=512 +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +WatchdogSec=3min -# Increase the default a bit in order to allow many simultaneous -# logins since we keep one fd open per session. -LimitNOFILE=16384 +# Increase the default a bit in order to allow many simultaneous logins since +# we keep one fd open per session. +LimitNOFILE=@HIGH_RLIMIT_NOFILE@ |