diff options
Diffstat (limited to 'units/systemd-journal-upload.service.in')
| -rw-r--r-- | units/systemd-journal-upload.service.in | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in index d8fd243620..b9eab21542 100644 --- a/units/systemd-journal-upload.service.in +++ b/units/systemd-journal-upload.service.in @@ -18,13 +18,16 @@ SupplementaryGroups=systemd-journal WatchdogSec=3min PrivateTmp=yes PrivateDevices=yes -ProtectSystem=full +ProtectSystem=strict ProtectHome=yes ProtectControlGroups=yes ProtectKernelTunables=yes +ProtectKernelModules=yes MemoryDenyWriteExecute=yes RestrictRealtime=yes +RestrictNamespaces=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +SystemCallArchitectures=native # If there are many split up journal files we need a lot of fds to # access them all and combine |