chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
machined: make sure GetMachineAddresses() is available for unprivileged processes
[elogind.git] / units / systemd-timesyncd.service.in
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index e279d1bc29f054c5f996abc3dc004dde20767c74..1d1f4860a8ee046d6f39f6b3731e96ed15d68edb 100644 (file)
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -16,7 +16,10 @@ Type=notify
 Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-timesyncd
-CapabilityBoundingSet=CAP_SYS_TIME
+CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP
+PrivateTmp=yes
+PrivateDevices=yes
+WatchdogSec=1min
 
 [Install]
 WantedBy=multi-user.target
Unnamed repository; edit this file 'description' to name the repository.