core: add new ReadOnlySystem= and ProtectedHome= settings for service units

[elogind.git] / units / systemd-udevd.service.in

diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
index 2fe7822fe9e4ca77172f1d46402da0afd4c0501c..82275f052f7428c4e28e55265b4e541c460ac423 100644 (file)
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -8,11 +8,11 @@
 [Unit]
 Description=udev Kernel Device Manager
 Documentation=man:systemd-udevd.service(8) man:udev(7)
+DefaultDependencies=no
 Wants=systemd-udevd-control.socket systemd-udevd-kernel.socket
 After=systemd-udevd-control.socket systemd-udevd-kernel.socket
-Before=basic.target
-DefaultDependencies=no
-ConditionCapability=CAP_MKNOD
+Before=sysinit.target
+ConditionPathIsReadWrite=/sys
 
 [Service]
 Type=notify
@@ -21,3 +21,6 @@ Sockets=systemd-udevd-control.socket systemd-udevd-kernel.socket
 Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-udevd
+MountFlags=slave
+ReadOnlySystem=yes
+ProtectedHome=yes