units: turn on ProtectProc= wherever suitable

author: Lennart Poettering <lennart@poettering.net> 2020-08-06 14:50:38 +0200
committer: Lennart Poettering <lennart@poettering.net> 2020-08-24 20:11:14 +0200
commit: 24da96a1bdd6fef2e23d7c23581d572209f8cca7 (patch)
tree: e92747a7b8c7e130bc77dcef28b69d69da594659 /units/systemd-networkd.service.in
parent: ed125c936cad0b71f7186e4df39eebf929ee1cbe (diff)
download: systemd-24da96a1bdd6fef2e23d7c23581d572209f8cca7.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
index 2673146841..6ccbb5a95d 100644
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -26,13 +26,15 @@ ExecStart=!!@rootlibexecdir@/systemd-networkd
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
+ProtectProc=invisible
 ProtectClock=yes
 ProtectControlGroups=yes
 ProtectHome=yes
-ProtectKernelModules=yes
 ProtectKernelLogs=yes
+ProtectKernelModules=yes
 ProtectSystem=strict
 Restart=on-failure
+RestartKillSignal=SIGUSR2
 RestartSec=0
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET AF_ALG
 RestrictNamespaces=yes
@@ -44,7 +46,6 @@ SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service
 Type=notify
-RestartKillSignal=SIGUSR2
 User=systemd-network
 @SERVICE_WATCHDOG@
author	Lennart Poettering <lennart@poettering.net>	2020-08-06 14:50:38 +0200
committer	Lennart Poettering <lennart@poettering.net>	2020-08-24 20:11:14 +0200
commit	24da96a1bdd6fef2e23d7c23581d572209f8cca7 (patch)
tree	e92747a7b8c7e130bc77dcef28b69d69da594659 /units/systemd-networkd.service.in
parent	ed125c936cad0b71f7186e4df39eebf929ee1cbe (diff)
download	systemd-24da96a1bdd6fef2e23d7c23581d572209f8cca7.tar.gz