summaryrefslogtreecommitdiffstats
path: root/units/systemd-journal-remote.service.in
diff options
context:
space:
mode:
Diffstat (limited to 'units/systemd-journal-remote.service.in')
-rw-r--r--units/systemd-journal-remote.service.in6
1 files changed, 5 insertions, 1 deletions
diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in
index 753dd6c158..5404bf1c03 100644
--- a/units/systemd-journal-remote.service.in
+++ b/units/systemd-journal-remote.service.in
@@ -18,13 +18,17 @@ WatchdogSec=3min
PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
-ProtectSystem=full
+ProtectSystem=strict
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelTunables=yes
+ProtectKernelModules=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
+RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+SystemCallArchitectures=native
+ReadWritePaths=/var/log/journal/remote
[Install]
Also=systemd-journal-remote.socket
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 19:58:56 +0100