This is the rough status of all .service unit files in Fedora. Type=oneshot and Type=idle are excluded from the analysis.
The source code to generate this page is at https://pagure.io/analyze-protections. Pull requests welcome.
Note: this is a work in progress.
https://in.waw.pl/~zbyszek/fedora/protections/protections.html
simple 518 41.1% forking 367 29.1% oneshot 228 18.1% notify 86 6.8% dbus 48 3.8% idle 13 1.0%
none 667 65.5% user 258 25.3% private-tmp 104 10.2% access-restrictions 80 7.9% protect 50 4.9%
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=mysql
(no protections found)
CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
ProtectHome=read-only
ProtectSystem=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=accumulo
User=accumulo
User=accumulo
User=accumulo
User=accumulo
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=yes
(no protections found)
(no protections found)
(no protections found)
User=amandabackup
User=amandabackup
(no protections found)
User=amavis
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
User=amavis
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=yes
User=asterisk
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=ident
(no protections found)
(no protections found)
User=autossh
(no protections found)
(no protections found)
SystemCallArchitectures=native
SystemCallArchitectures=native
PrivateTmp=yes
PrivateDevices=yes
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
PrivateNetwork=yes
RestrictAddressFamilies=AF_UNIX
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
PrivateTmp=yes
PrivateDevices=yes
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
CapabilityBoundingSet=CAP_SYS_ADMIN
PrivateNetwork=yes
RestrictAddressFamilies=AF_UNIX
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
SystemCallArchitectures=native
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
RestrictAddressFamilies=AF_UNIX AF_NETLINK
PrivateTmp=yes
PrivateDevices=yes
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
PrivateNetwork=yes
RestrictAddressFamilies=AF_UNIX
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectSystem=strict
PrivateTmp=yes
PrivateDevices=yes
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_NET_RAW CAP_NET_BIND_SERVICE
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
(no protections found)
User=%i
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=backuppc
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=beanstalkd
(no protections found)
User=bip
(no protections found)
(no protections found)
(no protections found)
User=bitlbee
User=bitten-slave
(no protections found)
(no protections found)
(no protections found)
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
ProtectHome=true
ProtectSystem=full
(no protections found)
(no protections found)
User=boinc
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=bzflag
(no protections found)
User=caddy
PrivateTmp=true
ProtectHome=true
ProtectSystem=strict
User=canna
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=carbon-c-relay
User=cassandra
(no protections found)
PrivateTmp=true
PrivateDevices=yes
ProtectHome=true
ProtectSystem=full
(no protections found)
PrivateTmp=true
PrivateDevices=yes
ProtectHome=true
ProtectSystem=full
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
PrivateTmp=true
PrivateDevices=yes
ProtectHome=true
ProtectSystem=full
PrivateTmp=true
PrivateDevices=yes
ProtectHome=true
ProtectSystem=full
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=%i
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
(no protections found)
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_AUDIT_CONTROL
ProtectHome=true
ProtectSystem=true
User=clamilt
PrivateTmp=yes
PrivateDevices=yes
CapabilityBoundingSet=CAP_KILL
(no protections found)
PrivateTmp=true
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=xrootd
User=xrootd
User=xrootd
User=xrootd
(no protections found)
(no protections found)
PrivateTmp=yes
User=cockpit-ws
(no protections found)
(no protections found)
User=colord
PrivateTmp=yes
(no protections found)
(no protections found)
(no protections found)
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SYS_TIME CAP_SYS_MODULE
ProtectHome=true
ProtectSystem=full
(no protections found)
(no protections found)
User=copr
User=copr
User=copr
User=copr
User=copr-dist-git
User=copr-fe
(no protections found)
(no protections found)
(no protections found)
User=coroqnetd
User=couchdb
(no protections found)
(no protections found)
User=crossfire
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=lp
(no protections found)
User=custodia
ProtectHome=true
ProtectSystem=full
(no protections found)
(no protections found)
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
RestrictNamespaces=net
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
(no protections found)
(no protections found)
(no protections found)
User=ddclient
User=deluge
User=deluge
(no protections found)
(no protections found)
(no protections found)
User=derby
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=nobody
User=nobody
(no protections found)
User=dlrn
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=true
PrivateDevices=true
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ProtectHome=true
ProtectSystem=full
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=dpmmgr
User=dpmmgr
User=domoticz
PrivateTmp=true
ProtectSystem=full
User=dpmmgr
(no protections found)
User=dspam
PrivateTmp=true
User=ejabberd
PrivateTmp=true
CapabilityBoundingSet=CAP_DAC_OVERRIDE
ProtectHome=true
ProtectSystem=full
User=elasticsearch
ProtectHome=yes
ProtectSystem=yes
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=epmd
PrivateTmp=true
User=epmd
PrivateTmp=true
User=erlpmd
PrivateTmp=true
User=etcd
(no protections found)
PrivateTmp=true
User=ez-ipupd
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
User=fbubble
(no protections found)
(no protections found)
User=fedmsg
User=fedmsg
User=fedmsg
User=fedmsg
User=fedmsg
User=fedmsg
User=fedmsg
User=fedmsg
(no protections found)
(no protections found)
(no protections found)
User=mail
(no protections found)
User=nobody
User=firebird
(no protections found)
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=flow-tools
PrivateDevices=Yes
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=fsniper
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictAddressFamilies=AF_NETLINK AF_UNIX
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectSystem=full
(no protections found)
(no protections found)
(no protections found)
User=_gapd
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=gearmand
User=geoclue
(no protections found)
User=nobody
(no protections found)
User=glite
User=glite
User=glite
User=glite
User=glite
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=gmediaserver
(no protections found)
(no protections found)
User=gnokii
User=gns3
(no protections found)
PrivateTmp=true
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_KILL CAP_DAC_OVERRIDE
ProtectHome=true
ProtectSystem=full
(no protections found)
(no protections found)
User=graphite-api
(no protections found)
(no protections found)
PrivateTmp=true
User=groonga
(no protections found)
(no protections found)
(no protections found)
User=guacd
User=hdfs
User=hdfs
User=hdfs
User=hdfs
User=hdfs
User=mapred
User=yarn
User=yarn
User=yarn
User=yarn
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=heketi
PrivateTmp=true
(no protections found)
User=hsqldb
User=apache
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=icecc
(no protections found)
User=ices
(no protections found)
(no protections found)
User=iguanair
PrivateTmp=true
MemoryDenyWriteExecute=true
RestrictRealtime=true
RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectSystem=true
User=iipsrv
(no protections found)
(no protections found)
(no protections found)
User=inadyn
(no protections found)
(no protections found)
PrivateTmp=yes
PrivateDevices=yes
SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
SystemCallArchitectures=native
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
(no protections found)
(no protections found)
User=ip-sentinel
PrivateTmp=yes
User=ods
PrivateTmp=yes
User=ods
PrivateTmp=yes
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=ircd
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=jabber
User=jabber
User=jabber
User=jabber
(no protections found)
User=jetty
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=Fedora-kgb
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=koschei
User=koschei
User=koschei
User=koschei
User=koschei
User=koschei
User=koschei
User=koschei
User=kresd
(no protections found)
User=kube
User=kube
User=kube
(no protections found)
(no protections found)
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
(no protections found)
User=lfcmgr
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=liquidwar
User=nobody
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=yes
RestrictAddressFamilies=AF_INET AF_INET6 AF_PACKET AF_NETLINK AF_UNIX
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
(no protections found)
PrivateTmp=yes
(no protections found)
(no protections found)
User=daemon
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=mysql
PrivateTmp=true
User=mysql
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=true
PrivateDevices=true
RestrictNamespaces=true
MemoryDenyWriteExecute=true
RestrictRealtime=true
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
User=minetest
(no protections found)
(no protections found)
(no protections found)
User=mirrormanager
User=mldonkey
PrivateTmp=true
PrivateDevices=true
PrivateNetwork=true
ProtectSystem=true
User=mogilefsd
User=mogstored
User=moksha
(no protections found)
(no protections found)
User=mongodb
PrivateTmp=true
User=mongodb
PrivateTmp=true
(no protections found)
(no protections found)
User=monotone
User=mosquitto
User=apache
User=mpdscribble
(no protections found)
(no protections found)
(no protections found)
User=munge
User=mumble-server
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=full
(no protections found)
User=myproxy
PrivateTmp=true
PrivateTmp=true
User=nagios
(no protections found)
PrivateTmp=true
(no protections found)
PrivateTmp=true
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=nagios
(no protections found)
(no protections found)
User=netdump
(no protections found)
User=neutron
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
PrivateTmp=true
PrivateTmp=yes
PrivateDevices=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_NET_BIND_SERVICE CAP_KILL
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=full
User=nobody
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=ldap
User=ldap
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=nrpe
PrivateTmp=true
(no protections found)
(no protections found)
PrivateTmp=true
(no protections found)
User=nobody
(no protections found)
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=nobody
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateDevices=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=onionbalance
PrivateTmp=yes
PrivateDevices=yes
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN CAP_FOWNER
ProtectHome=yes
ProtectSystem=full
User=opendkim
User=opendmarc
User=openerp
(no protections found)
(no protections found)
(no protections found)
User=geekotest
User=geekotest
User=geekotest
User=geekotest
User=_openqa-worker
User=_openqa-worker
User=_openqa-worker
User=_openqa-worker
User=opensips
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=true
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
ProtectHome=true
ProtectSystem=true
PrivateTmp=true
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
ProtectHome=true
ProtectSystem=true
(no protections found)
(no protections found)
(no protections found)
User=openxcap
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
User=orthanc
(no protections found)
(no protections found)
(no protections found)
User=ovirtagent
(no protections found)
(no protections found)
(no protections found)
User=ow
User=ow
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=git
User=git
User=git
User=git
User=postfix
User=git
User=git
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=true
PrivateDevices=true
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ProtectHome=true
ProtectSystem=full
PrivateTmp=true
PrivateDevices=true
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ProtectHome=true
ProtectSystem=full
PrivateTmp=true
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ProtectHome=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=true
User=pgbouncer
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=pkiuser
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=true
PrivateDevices=true
CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE
ProtectSystem=true
User=postgres
User=postgres
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=proxysql
(no protections found)
(no protections found)
(no protections found)
User=apache
User=apache
User=apache
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=%i
User=qdrouterd
(no protections found)
(no protections found)
User=qpidd
User=qpidd
User=quassel
(no protections found)
User=rabbitmq
(no protections found)
(no protections found)
User=radicale
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=redis
User=redis
PrivateTmp=yes
(no protections found)
PrivateTmp=true
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=dpmmgr
(no protections found)
User=nocpulse
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=yes
CapabilityBoundingSet=CAP_SYS_NICE CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SYS_CHROOT CAP_SETGID CAP_SETUID
PrivateNetwork=yes
User=rtpproxy
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=saned
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=sphinx
(no protections found)
User=sems
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=shairport-sync
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=sidc
(no protections found)
(no protections found)
(no protections found)
User=sip
(no protections found)
User=sks
User=sks
User=skydns
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=sa-milt
User=spampd
(no protections found)
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=True
PrivateTmp=True
(no protections found)
PrivateTmp=yes
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
PrivateNetwork=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectSystem=full
(no protections found)
(no protections found)
PrivateTmp=true
PrivateDevices=true
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN CAP_SETGID CAP_SETUID
ProtectHome=true
ProtectSystem=full
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_KILL CAP_NET_ADMIN CAP_SYS_NICE CAP_FOWNER CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND
(no protections found)
(no protections found)
(no protections found)
User=statsdpl
User=statsd
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=true
PrivateTmp=true
(no protections found)
(no protections found)
PrivateTmp=yes
(no protections found)
PrivateTmp=true
(no protections found)
(no protections found)
User=synapse
User=fedmsg
User=%i
ProtectHome=read-only
ProtectSystem=full
User=%i
(no protections found)
(no protections found)
(no protections found)
User=systemd-journal-gateway
PrivateTmp=yes
PrivateDevices=yes
SystemCallArchitectures=native
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
PrivateNetwork=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
User=systemd-journal-remote
PrivateTmp=yes
PrivateDevices=yes
SystemCallArchitectures=native
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
PrivateNetwork=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
User=systemd-journal-upload
PrivateTmp=yes
PrivateDevices=yes
SystemCallArchitectures=native
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
User=tang
User=tarantool
(no protections found)
(no protections found)
User=taskd
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=teeworlds
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=@thermostat.system.user@
(no protections found)
PrivateTmp=yes
CapabilityBoundingSet=CAP_SYS_TIME
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=tomcat
User=tomcat
PrivateTmp=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH
ProtectHome=yes
ProtectSystem=full
PrivateTmp=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH
ProtectHome=yes
ProtectSystem=full
User=tss
User=transmission
(no protections found)
User=tryton
(no protections found)
PrivateTmp=true
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=daemon
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=uucp
User=uuidd
(no protections found)
PrivateTmp=true
User=varnish
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=<USER>
User=nobody
User=vnstat
User=voms
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=webpastesimple
PrivateDevices=yes
User=wesnothd
(no protections found)
(no protections found)
User=wildfly
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=xfs
(no protections found)
(no protections found)
(no protections found)
(no protections found)
User=xttpd
(no protections found)
(no protections found)
(no protections found)
PrivateTmp=true
PrivateTmp=true
PrivateTmp=true
PrivateTmp=true
User=zabbix
User=zabbixsrv
User=zabbixsrv
User=zabbixsrv
User=zabbixsrv
User=zabbixsrv
(no protections found)
User=znc
(no protections found)
(no protections found)