On 14 December 2016 at 09:32, Reindl Harald <[email protected]> wrote: > RestrictAddressFamilies=AF_NETLINK
Great, that was the pointer I needed, thanks. I'm currently setting this in the service file: NoNewPrivileges=yes PrivateTmp=yes PrivateUsers=yes ProtectControlGroups=yes ProtectHome=yes ProtectKernelModules=yes RestrictAddressFamilies=AF_NETLINK AF_UNIX Are there other important settings I've missed? fwupd does access the hardware and write the odd file to the filesystem so there didn't seem any other super useful flags. Thanks. Richard _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
