From e3ad07d21c3592525ee2f4760ea114bbaa9752a9 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 15 May 2014 18:55:19 +0200
Subject: [PATCH] timesyncd: limit capabilities to CAP_SYS_TIME

---
 units/systemd-timesyncd.service.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index 21015c64b..e279d1bc2 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -16,6 +16,7 @@ Type=notify
 Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-timesyncd
+CapabilityBoundingSet=CAP_SYS_TIME
 
 [Install]
 WantedBy=multi-user.target
-- 
2.30.2