mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2025-12-31 18:20:10 +01:00
service: harden the NetworkManager service a bit
Tested with dnsmasq (ipv4.method=shared), openvpn & vpnc. https://bugzilla.gnome.org/show_bug.cgi?id=750598
This commit is contained in:
Lubomir Rintel
parent
1749ad4068
commit
4ffd57f83d
1 changed files with 3 additions and 0 deletions
|
|
@ -11,6 +11,9 @@ ExecStart=@sbindir@/NetworkManager --no-daemon
|
|||
Restart=on-failure
|
||||
# NM doesn't want systemd to kill its children for it
|
||||
KillMode=process
|
||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE
|
||||
ProtectSystem=true
|
||||
ProtectHome=read-only
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue