X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=units%2Fsystemd-resolved.service.in;h=00967e38603d7310474f832b4a24b5e98ed12fd8;hb=6a716208b346b742053cfd01e76f76fb27c4ea47;hp=787fde2c44ff8c4094e6e2223ae626290df2a06b;hpb=417116f23432073162ebfcb286a7800846482eed;p=elogind.git

diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
index 787fde2c4..00967e386 100644
--- a/units/systemd-resolved.service.in
+++ b/units/systemd-resolved.service.in
@@ -10,14 +10,21 @@ Description=Network Name Resolution
 Documentation=man:systemd-resolved.service(8)
 After=systemd-networkd.service network.service
 
+# On kdbus systems we pull in the busname explicitly, because it
+# carries policy that allows the daemon to acquire its name.
+Wants=org.freedesktop.resolve1.busname
+After=org.freedesktop.resolve1.busname
+
 [Service]
 Type=notify
 Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-resolved
 CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
-ReadOnlySystem=yes
-ProtectedHome=yes
+SecureBits=noroot noroot-locked
+ProtectSystem=full
+ProtectHome=yes
+WatchdogSec=1min
 
 [Install]
 WantedBy=multi-user.target