Description=Network Time Synchronization
Documentation=man:systemd-timesyncd.service(8)
ConditionCapability=CAP_SYS_TIME
-DefaultDependencies=off
+ConditionVirtualization=no
+DefaultDependencies=no
RequiresMountsFor=/var/lib/systemd/clock
-After=systemd-remount-fs.service systemd-tmpfiles-setup.service
-Before=sysinit.target shutdown.target
+After=systemd-remount-fs.service systemd-tmpfiles-setup.service systemd-sysusers.service
+Before=time-sync.target sysinit.target shutdown.target
Conflicts=shutdown.target
+Wants=time-sync.target
[Service]
Type=notify
Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-timesyncd
-CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE
+CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
PrivateTmp=yes
PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
WatchdogSec=1min
[Install]