units: turn on ProtectProc= wherever suitable

author: Lennart Poettering <lennart@poettering.net> 2020-08-06 14:50:38 +0200
committer: Lennart Poettering <lennart@poettering.net> 2020-08-24 20:11:14 +0200
commit: 24da96a1bdd6fef2e23d7c23581d572209f8cca7 (patch)
tree: e92747a7b8c7e130bc77dcef28b69d69da594659 /units/systemd-journal-gatewayd.service.in
parent: ed125c936cad0b71f7186e4df39eebf929ee1cbe (diff)
download: systemd-24da96a1bdd6fef2e23d7c23581d572209f8cca7.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/units/systemd-journal-gatewayd.service.in b/units/systemd-journal-gatewayd.service.in
index 8071395e68..2436f2a2cf 100644
--- a/units/systemd-journal-gatewayd.service.in
+++ b/units/systemd-journal-gatewayd.service.in
@@ -19,12 +19,13 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 PrivateDevices=yes
 PrivateNetwork=yes
+ProtectProc=invisible
 ProtectControlGroups=yes
 ProtectHome=yes
 ProtectHostname=yes
+ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
-ProtectKernelLogs=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 RestrictNamespaces=yes
 RestrictRealtime=yes
author	Lennart Poettering <lennart@poettering.net>	2020-08-06 14:50:38 +0200
committer	Lennart Poettering <lennart@poettering.net>	2020-08-24 20:11:14 +0200
commit	24da96a1bdd6fef2e23d7c23581d572209f8cca7 (patch)
tree	e92747a7b8c7e130bc77dcef28b69d69da594659 /units/systemd-journal-gatewayd.service.in
parent	ed125c936cad0b71f7186e4df39eebf929ee1cbe (diff)
download	systemd-24da96a1bdd6fef2e23d7c23581d572209f8cca7.tar.gz