summaryrefslogtreecommitdiff
path: root/systemd
diff options
context:
space:
mode:
authorAlex Xu (Hello71) <alex_y_xu@yahoo.ca>2018-09-06 10:57:15 -0400
committerAlex Xu (Hello71) <alex_y_xu@yahoo.ca>2018-09-06 10:57:15 -0400
commit9e7848f6784c12821f82f19170fe9d72912f1587 (patch)
tree2fb8371409fa7ef603703cca0b41e88545aa592e /systemd
parent07812e601aabeedd9c9a678176be2cf28957e4b1 (diff)
downloadrandom-seed-9e7848f6784c12821f82f19170fe9d72912f1587.tar.xz
random-seed-9e7848f6784c12821f82f19170fe9d72912f1587.zip
comment out systemd capability lines
Diffstat (limited to 'systemd')
-rw-r--r--systemd/random-seed-save.service.in18
-rw-r--r--systemd/random-seed.service.in18
2 files changed, 18 insertions, 18 deletions
diff --git a/systemd/random-seed-save.service.in b/systemd/random-seed-save.service.in
index 2785b00..594d28f 100644
--- a/systemd/random-seed-save.service.in
+++ b/systemd/random-seed-save.service.in
@@ -5,12 +5,12 @@ After=systemd-remount-fs.service
[Service]
ExecStart=@sbindir@/random-seed save
-CapabilityBoundingSet=
-NoNewPrivileges=yes
-PrivateDevices=yes
-PrivateNetwork=yes
-ProtectKernelTunables=yes
-ProtectKernelModules=yes
-LockPersonality=yes
-TemporaryFileSystem=/:ro
-BindPaths=@default_seed_dir@
+#CapabilityBoundingSet=
+#NoNewPrivileges=yes
+#PrivateDevices=yes
+#PrivateNetwork=yes
+#ProtectKernelTunables=yes
+#ProtectKernelModules=yes
+#LockPersonality=yes
+#TemporaryFileSystem=/:ro
+#BindPaths=@default_seed_dir@
diff --git a/systemd/random-seed.service.in b/systemd/random-seed.service.in
index 1d88698..3134d47 100644
--- a/systemd/random-seed.service.in
+++ b/systemd/random-seed.service.in
@@ -13,15 +13,15 @@ Type=oneshot
RemainAfterExit=yes
ExecStart=@sbindir@/random-seed load
ExecStop=@sbindir@/random-seed save
-CapabilityBoundingSet=CAP_SYS_ADMIN
-NoNewPrivileges=yes
-PrivateDevices=yes
-PrivateNetwork=yes
-ProtectKernelTunables=yes
-ProtectKernelModules=yes
-LockPersonality=yes
-TemporaryFileSystem=/:ro
-BindPaths=@default_seed_dir@
+#CapabilityBoundingSet=CAP_SYS_ADMIN
+#NoNewPrivileges=yes
+#PrivateDevices=yes
+#PrivateNetwork=yes
+#ProtectKernelTunables=yes
+#ProtectKernelModules=yes
+#LockPersonality=yes
+#TemporaryFileSystem=/:ro
+#BindPaths=@default_seed_dir@
TimeoutSec=30s
[Install]