From bff8f2543b27d44d8b245eb78ad7e47607d4a53f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Sep 2017 19:45:40 +0200
Subject: units: set LockPersonality= for all our long-running services (#6819)

Let's lock things down. Also, using it is the only way how to properly
test this to the fullest extent.
---
 units/systemd-udevd.service.in | 1 +
 1 file changed, 1 insertion(+)

(limited to 'units/systemd-udevd.service.in')

diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
index 3b92c6a866..d3d13ed7cf 100644
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -28,3 +28,4 @@ MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
 SystemCallArchitectures=native
+LockPersonality=yes
-- 
cgit v1.2.1