From 6168ae5840bf206b1d1f88d5173fb292230f56a8 Mon Sep 17 00:00:00 2001
From: Kevin Kuehler <keur@xcf.berkeley.edu>
Date: Wed, 13 Nov 2019 16:56:23 -0800
Subject: units: set ProtectKernelLogs=yes on relevant units

We set ProtectKernelLogs=yes on all long running services except for
udevd, since it accesses /dev/kmsg, and journald, since it calls syslog
and accesses /dev/kmsg.
---
 units/systemd-networkd.service.in | 1 +
 1 file changed, 1 insertion(+)

(limited to 'units/systemd-networkd.service.in')

diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
index ed985f64fa..01931665a4 100644
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -29,6 +29,7 @@ NoNewPrivileges=yes
 ProtectControlGroups=yes
 ProtectHome=yes
 ProtectKernelModules=yes
+ProtectKernelLogs=yes
 ProtectSystem=strict
 Restart=on-failure
 RestartSec=0
-- 
cgit v1.2.1