From 6168ae5840bf206b1d1f88d5173fb292230f56a8 Mon Sep 17 00:00:00 2001 From: Kevin Kuehler Date: Wed, 13 Nov 2019 16:56:23 -0800 Subject: units: set ProtectKernelLogs=yes on relevant units We set ProtectKernelLogs=yes on all long running services except for udevd, since it accesses /dev/kmsg, and journald, since it calls syslog and accesses /dev/kmsg. --- units/systemd-hostnamed.service.in | 1 + 1 file changed, 1 insertion(+) (limited to 'units/systemd-hostnamed.service.in') diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in index 1fbbafdd6f..1365d749ca 100644 --- a/units/systemd-hostnamed.service.in +++ b/units/systemd-hostnamed.service.in @@ -27,6 +27,7 @@ ProtectControlGroups=yes ProtectHome=yes ProtectKernelModules=yes ProtectKernelTunables=yes +ProtectKernelLogs=yes ProtectSystem=strict ReadWritePaths=/etc RestrictAddressFamilies=AF_UNIX -- cgit v1.2.1