chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
core: add new ReadOnlySystem= and ProtectedHome= settings for service units
[elogind.git]
/
units
/
systemd-timesyncd.service.in
diff --git
a/units/systemd-timesyncd.service.in
b/units/systemd-timesyncd.service.in
index cbde3ff67aa9ef08d471db3abb436be4f7abbbc0..030e4a0423d16b4b2f1f18704493d31576e9852d 100644
(file)
--- a/
units/systemd-timesyncd.service.in
+++ b/
units/systemd-timesyncd.service.in
@@
-23,6
+23,8
@@
ExecStart=@rootlibexecdir@/systemd-timesyncd
CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
PrivateTmp=yes
PrivateDevices=yes
+ReadOnlySystem=yes
+ProtectedHome=yes
WatchdogSec=1min
[Install]
~ianmdlvl / elogind.git / blobdiff