chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
core: don't include /boot in effect of ProtectSystem=
[elogind.git] / units / systemd-timesyncd.service.in
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index af91d63670cf81173f37b3a3b3d5a1b7dee3d03a..8d898e2fa767a0f687b865d6a768061df44107c0 100644 (file)
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -20,9 +20,11 @@ Type=notify
 Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-timesyncd
-CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE
+CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
 PrivateTmp=yes
 PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
 WatchdogSec=1min
 
 [Install]
Unnamed repository; edit this file 'description' to name the repository.