unit: tighten sandboxing for logind

author: Yu Watanabe <watanabe.yu+github@gmail.com> 2018-04-27 18:11:29 +0900
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2018-04-27 18:11:29 +0900
commit: dea6363533a8190493692941593e9afdfa92685a (patch)
tree: efb21c5b90d021cb5ec2d8bb6ecc18bb8c595abc /units
parent: 2c19af832c0b332a7a00637492d59252244124f8 (diff)
download: systemd-dea6363533a8190493692941593e9afdfa92685a.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index 968b92a45c..168fc007b0 100644
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -29,8 +29,8 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CA
 MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
 RestrictNamespaces=yes
-RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
-SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @obsolete @raw-io @reboot @swap
+RestrictAddressFamilies=AF_UNIX AF_NETLINK
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
 SystemCallArchitectures=native
 LockPersonality=yes
 IPAddressDeny=any
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2018-04-27 18:11:29 +0900
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2018-04-27 18:11:29 +0900
commit	dea6363533a8190493692941593e9afdfa92685a (patch)
tree	efb21c5b90d021cb5ec2d8bb6ecc18bb8c595abc /units
parent	2c19af832c0b332a7a00637492d59252244124f8 (diff)
download	systemd-dea6363533a8190493692941593e9afdfa92685a.tar.gz