chiark / gitweb /
timesyncd: limit capabilities to CAP_SYS_TIME
authorLennart Poettering <lennart@poettering.net>
Thu, 15 May 2014 16:55:19 +0000 (18:55 +0200)
committerLennart Poettering <lennart@poettering.net>
Thu, 15 May 2014 16:55:19 +0000 (18:55 +0200)
units/systemd-timesyncd.service.in

index 21015c6..e279d1b 100644 (file)
@@ -16,6 +16,7 @@ Type=notify
 Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-timesyncd
 Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-timesyncd
+CapabilityBoundingSet=CAP_SYS_TIME
 
 [Install]
 WantedBy=multi-user.target
 
 [Install]
 WantedBy=multi-user.target