From 62aa29247c3d74bcec0607c347f2be23cd90675d Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 20 Mar 2019 19:52:20 +0100
Subject: units: turn on RestrictSUIDSGID= in most of our long-running daemons

---
 units/systemd-logind.service.in | 1 +
 1 file changed, 1 insertion(+)

(limited to 'units/systemd-logind.service.in')

diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index 9c8938ec4a..3eef95c661 100644
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -40,6 +40,7 @@ RestartSec=0
 RestrictAddressFamilies=AF_UNIX AF_NETLINK
 RestrictNamespaces=yes
 RestrictRealtime=yes
+RestrictSUIDSGID=yes
 RuntimeDirectory=systemd/sessions systemd/seats systemd/users systemd/inhibit systemd/shutdown
 RuntimeDirectoryPreserve=yes
 SystemCallArchitectures=native
-- 
cgit v1.2.1