From bff8f2543b27d44d8b245eb78ad7e47607d4a53f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Sep 2017 19:45:40 +0200
Subject: units: set LockPersonality= for all our long-running services (#6819)

Let's lock things down. Also, using it is the only way how to properly
test this to the fullest extent.
---
 units/systemd-hostnamed.service.in | 1 +
 1 file changed, 1 insertion(+)

(limited to 'units/systemd-hostnamed.service.in')

diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
index d29e9ff81b..9bb5ad8cac 100644
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@@ -29,4 +29,5 @@ RestrictNamespaces=yes
 RestrictAddressFamilies=AF_UNIX
 SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
 SystemCallArchitectures=native
+LockPersonality=yes
 ReadWritePaths=/etc
-- 
cgit v1.2.1