chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
bus-proxy: drop priviliges if we can
[elogind.git]
/
units
/
systemd-timesyncd.service.in
diff --git
a/units/systemd-timesyncd.service.in
b/units/systemd-timesyncd.service.in
index ec2871455e88fddf5672e0e1efe9cf4d76fcc246..030e4a0423d16b4b2f1f18704493d31576e9852d 100644
(file)
--- a/
units/systemd-timesyncd.service.in
+++ b/
units/systemd-timesyncd.service.in
@@
-11,7
+11,7
@@
Documentation=man:systemd-timesyncd.service(8)
ConditionCapability=CAP_SYS_TIME
DefaultDependencies=off
RequiresMountsFor=/var/lib/systemd/clock
ConditionCapability=CAP_SYS_TIME
DefaultDependencies=off
RequiresMountsFor=/var/lib/systemd/clock
-After=systemd-remount-fs.service
+After=systemd-remount-fs.service
systemd-tmpfiles-setup.service
Before=sysinit.target shutdown.target
Conflicts=shutdown.target
Before=sysinit.target shutdown.target
Conflicts=shutdown.target
@@
-20,9
+20,11
@@
Type=notify
Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-timesyncd
Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-timesyncd
-CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE
+CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE
CAP_FOWNER
PrivateTmp=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateDevices=yes
+ReadOnlySystem=yes
+ProtectedHome=yes
WatchdogSec=1min
[Install]
WatchdogSec=1min
[Install]