sandboxing: Restrict SystemCallFilter= further
The sandboxing added in !22 (merged) sets a very unrestrictive SystemCallFilter=
(just enough to get ReadWritePaths=
/ReadOnlyPaths=
working inescapably). It would be good to tighten this further in data/accounts-daemon.service.in
.
This could be complicated by the fact that accounts-service
runs processes like usermod
as subprocesses, and they might require unusual system calls.