1# SPDX-License-Identifier: LGPL-2.1-or-later 2# 3# This file is part of systemd. 4# 5# systemd is free software; you can redistribute it and/or modify it 6# under the terms of the GNU Lesser General Public License as published by 7# the Free Software Foundation; either version 2.1 of the License, or 8# (at your option) any later version. 9 10[Unit] 11Description=User Database Manager 12Documentation=man:systemd-userdbd.service(8) 13Requires=systemd-userdbd.socket 14After=systemd-userdbd.socket 15Before=sysinit.target 16DefaultDependencies=no 17 18[Service] 19CapabilityBoundingSet=CAP_DAC_READ_SEARCH 20ExecStart={{ROOTLIBEXECDIR}}/systemd-userdbd 21IPAddressDeny=any 22LimitNOFILE={{HIGH_RLIMIT_NOFILE}} 23LockPersonality=yes 24MemoryDenyWriteExecute=yes 25NoNewPrivileges=yes 26PrivateDevices=yes 27ProtectProc=invisible 28ProtectControlGroups=yes 29ProtectHome=yes 30ProtectHostname=yes 31ProtectKernelLogs=yes 32ProtectKernelModules=yes 33ProtectSystem=strict 34RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 35RestrictNamespaces=yes 36RestrictRealtime=yes 37RestrictSUIDSGID=yes 38SystemCallArchitectures=native 39SystemCallErrorNumber=EPERM 40SystemCallFilter=@system-service 41Type=notify 42{{SERVICE_WATCHDOG}} 43 44[Install] 45Also=systemd-userdbd.socket 46