[Unit] | |
Description=Test for SystemCallFilter in system mode with User set | |
[Service] | |
ExecStart=/bin/sh -c 'echo "Foo bar"' | |
Type=oneshot | |
User=nfsnobody | |
SystemCallFilter=~read write open execve ioperm | |
SystemCallFilter=ioctl | |
SystemCallFilter=read write open execve | |
SystemCallFilter=~ioperm |