X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=units%2Fsystemd-timesyncd.service.in;h=39edafc8d295d7b92536002144cdeac4f5dcb899;hp=af91d63670cf81173f37b3a3b3d5a1b7dee3d03a;hb=66f311206e908a5b6f21e66fad73e1e5ea3e31d6;hpb=52ffb444cbab6fe5680901682f804c051ca624be

diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index af91d6367..39edafc8d 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -9,20 +9,24 @@
 Description=Network Time Synchronization
 Documentation=man:systemd-timesyncd.service(8)
 ConditionCapability=CAP_SYS_TIME
-DefaultDependencies=off
+ConditionVirtualization=no
+DefaultDependencies=no
 RequiresMountsFor=/var/lib/systemd/clock
-After=systemd-remount-fs.service systemd-tmpfiles-setup.service
-Before=sysinit.target shutdown.target
+After=systemd-remount-fs.service systemd-tmpfiles-setup.service systemd-sysusers.service
+Before=time-sync.target sysinit.target shutdown.target
 Conflicts=shutdown.target
+Wants=time-sync.target
 
 [Service]
 Type=notify
 Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-timesyncd
-CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE
+CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
 PrivateTmp=yes
 PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
 WatchdogSec=1min
 
 [Install]