# The "trusted" profile for services, i.e. no restrictions are applied apart from a private /tmp

[Service]
MountAPIVFS=yes
PrivateTmp=yes
BindPaths=/run
BindReadOnlyPaths=/etc/machine-id
BindReadOnlyPaths=-/etc/resolv.conf