resolve: enable DynamicUser= for systemd-resolved.service

author: Yu Watanabe <watanabe.yu+github@gmail.com> 2018-05-20 01:18:21 +0900
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2018-05-22 22:32:25 +0900
commit: 0187368cadea183e18c6d575a9d6b7f491a402af (patch)
tree: 6491f530693650c44a45b757f43efbb7a04e836a /units/systemd-resolved.service.in
parent: fdff1da299c4d3dbe9a62cb64fe9b4a3023877b8 (diff)
download: systemd-0187368cadea183e18c6d575a9d6b7f491a402af.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
index a939f7259c..7b92735f19 100644
--- a/units/systemd-resolved.service.in
+++ b/units/systemd-resolved.service.in
@@ -14,7 +14,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved
 Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
 Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
 DefaultDependencies=no
-After=systemd-sysusers.service systemd-networkd.service
+After=systemd-networkd.service
 Before=network.target nss-lookup.target shutdown.target
 Conflicts=shutdown.target
 Wants=nss-lookup.target
@@ -26,11 +26,10 @@ RestartSec=0
 ExecStart=!!@rootlibexecdir@/systemd-resolved
 WatchdogSec=3min
 User=systemd-resolve
+DynamicUser=yes
 CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
-PrivateTmp=yes
 PrivateDevices=yes
-ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelTunables=yes
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2018-05-20 01:18:21 +0900
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2018-05-22 22:32:25 +0900
commit	0187368cadea183e18c6d575a9d6b7f491a402af (patch)
tree	6491f530693650c44a45b757f43efbb7a04e836a /units/systemd-resolved.service.in
parent	fdff1da299c4d3dbe9a62cb64fe9b4a3023877b8 (diff)
download	systemd-0187368cadea183e18c6d575a9d6b7f491a402af.tar.gz