summaryrefslogtreecommitdiff
path: root/units/systemd-coredump@.service.in
diff options
context:
space:
mode:
Diffstat (limited to 'units/systemd-coredump@.service.in')
-rw-r--r--units/systemd-coredump@.service.in27
1 files changed, 14 insertions, 13 deletions
diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in
index 215696ecd1..ffcb5f36ca 100644
--- a/units/systemd-coredump@.service.in
+++ b/units/systemd-coredump@.service.in
@@ -18,24 +18,25 @@ Before=shutdown.target
[Service]
ExecStart=-@rootlibexecdir@/systemd-coredump
+IPAddressDeny=any
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
Nice=9
+NoNewPrivileges=yes
OOMScoreAdjust=500
-RuntimeMaxSec=5min
-PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
-ProtectSystem=strict
-ProtectHome=yes
+PrivateTmp=yes
ProtectControlGroups=yes
-ProtectKernelTunables=yes
+ProtectHome=yes
ProtectKernelModules=yes
-MemoryDenyWriteExecute=yes
-RestrictRealtime=yes
-RestrictNamespaces=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX
-SystemCallFilter=@system-service
-SystemCallErrorNumber=EPERM
-SystemCallArchitectures=native
-LockPersonality=yes
-IPAddressDeny=any
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RuntimeMaxSec=5min
StateDirectory=systemd/coredump
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
View Lorry Controller Status