blob: 3c290e083ed2376e5bf8d5c04626d4c4f1fb37a4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
[Unit]
Description=Realm and Domain Configuration
Documentation=man:realm(8) man:realmd.conf(5)
[Service]
Type=dbus
BusName=org.freedesktop.realmd
ExecStart=@libexecdir@/realmd
DevicePolicy=closed
KeyringMode=private
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=no
PrivateDevices=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
ProtectSystem=no
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
|
