summaryrefslogtreecommitdiff
path: root/units/systemd-timesyncd.service.in
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-06-03 23:41:44 +0200
committerLennart Poettering <lennart@poettering.net>2014-06-03 23:57:51 +0200
commit417116f23432073162ebfcb286a7800846482eed (patch)
tree8e6076d15760c8079deb32eff461e0cc3168fa61 /units/systemd-timesyncd.service.in
parent85b5673b337048fa881a5afb1d00d1a7b95950fb (diff)
downloadsystemd-417116f23432073162ebfcb286a7800846482eed.tar.gz
core: add new ReadOnlySystem= and ProtectedHome= settings for service units
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
Diffstat (limited to 'units/systemd-timesyncd.service.in')
-rw-r--r--units/systemd-timesyncd.service.in2
1 files changed, 2 insertions, 0 deletions
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index cbde3ff67a..030e4a0423 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -23,6 +23,8 @@ ExecStart=@rootlibexecdir@/systemd-timesyncd
CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
PrivateTmp=yes
PrivateDevices=yes
+ReadOnlySystem=yes
+ProtectedHome=yes
WatchdogSec=1min
[Install]