diff options
| author | Lennart Poettering <lennart@poettering.net> | 2012-05-15 15:05:17 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2012-05-15 15:25:40 +0200 |
| commit | e13acf74dd4418bc7c913ad111eb75dd4cbaf82d (patch) | |
| tree | 3487468adbc21bc3a4ba19d41085a114138c7493 /rtkit-daemon.service.in | |
| parent | 25cde0b63914984ffcdd7df1cfaa803f5d7317b7 (diff) | |
systemd: secure rtkit service a bit
Diffstat (limited to 'rtkit-daemon.service.in')
| -rw-r--r-- | rtkit-daemon.service.in | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/rtkit-daemon.service.in b/rtkit-daemon.service.in index 5b82a82..3dfefa6 100644 --- a/rtkit-daemon.service.in +++ b/rtkit-daemon.service.in @@ -23,6 +23,9 @@ ExecStart=@LIBEXECDIR@/rtkit-daemon Type=dbus BusName=org.freedesktop.RealtimeKit1 NotifyAccess=main +CapabilityBoundingSet=CAP_SYS_NICE CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SYS_CHROOT CAP_SETGID CAP_SETUID +PrivateTmp=yes +PrivateNetwork=yes # Work around the fact that the Linux currently doesn't assign any RT # budget to CPU control groups that have none configured explicitly |