From 0792bb7a9d25a1ab8a5f208f2f5cea8a362dc1c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 10 Jan 2025 17:00:08 +0100 Subject: [PATCH] Revert "units: use PrivateTmp=disconnected instead of 'yes' if DefaultDependencies=no" This reverts commit 1f6e1928488d461d19fd1e4b4d645b0ea5ea8bf5. --- units/systemd-coredump@.service.in | 2 +- units/systemd-oomd.service.in | 2 +- units/systemd-resolved.service.in | 2 +- units/systemd-timesyncd.service.in | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in index c74dc7a5a1..fa3206d07b 100644 --- a/units/systemd-coredump@.service.in +++ b/units/systemd-coredump@.service.in @@ -26,7 +26,7 @@ NoNewPrivileges=yes OOMScoreAdjust=500 PrivateDevices=yes PrivateNetwork=yes -PrivateTmp=disconnected +PrivateTmp=yes ProtectControlGroups=yes ProtectHome=read-only ProtectHostname=yes diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in index 670d5e6140..82bd6245f8 100644 --- a/units/systemd-oomd.service.in +++ b/units/systemd-oomd.service.in @@ -37,7 +37,7 @@ MemoryLow=64M NoNewPrivileges=yes OOMScoreAdjust=-900 PrivateDevices=yes -PrivateTmp=disconnected +PrivateTmp=yes ProtectClock=yes ProtectHome=yes ProtectHostname=yes diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in index e181b2528a..4aa0788ac4 100644 --- a/units/systemd-resolved.service.in +++ b/units/systemd-resolved.service.in @@ -29,7 +29,7 @@ LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes -PrivateTmp=disconnected +PrivateTmp=yes ProtectClock=yes ProtectControlGroups=yes ProtectHome=yes diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in index 835d6327e7..cf233fbffd 100644 --- a/units/systemd-timesyncd.service.in +++ b/units/systemd-timesyncd.service.in @@ -31,7 +31,7 @@ LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes -PrivateTmp=disconnected +PrivateTmp=yes ProtectProc=invisible ProtectControlGroups=yes ProtectHome=yes -- 2.47.1