src/portable/profile/trusted/service.conf


1
2
3
4
5
6
7
8

# The "trusted" profile for services, i.e. no restrictions are applied apart from a private /tmp

[Service]
MountAPIVFS=yes
PrivateTmp=yes
BindPaths=/run
BindReadOnlyPaths=/etc/machine-id
BindReadOnlyPaths=-/etc/resolv.conf