diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2017-08-10 16:07:08 +0900 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2017-08-27 01:41:12 +0900 |
| commit | 87a85e25a2ebcc1e519249d0513e34bb20ceed49 (patch) | |
| tree | 99dc382c2f72af872afef5e7ae8bdfabaa04901a /units/systemd-timesyncd.service.in | |
| parent | c61f302d3c35c2ed2fbc89acd4eff323531fecbf (diff) | |
| download | systemd-87a85e25a2ebcc1e519249d0513e34bb20ceed49.tar.gz | |
units: make use of !! ExecStart= prefix in systemd-timesyncd.service
Let's make use of !! to run timesyncd with ambient capabilities on
systems supporting them.
Diffstat (limited to 'units/systemd-timesyncd.service.in')
| -rw-r--r-- | units/systemd-timesyncd.service.in | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in index 8d328bb80a..e25d86d655 100644 --- a/units/systemd-timesyncd.service.in +++ b/units/systemd-timesyncd.service.in @@ -12,7 +12,7 @@ ConditionCapability=CAP_SYS_TIME ConditionVirtualization=!container DefaultDependencies=no RequiresMountsFor=/var/lib/systemd/clock -After=systemd-remount-fs.service systemd-tmpfiles-setup.service systemd-sysusers.service +After=systemd-remount-fs.service systemd-sysusers.service Before=time-sync.target sysinit.target shutdown.target Conflicts=shutdown.target Wants=time-sync.target @@ -21,9 +21,11 @@ Wants=time-sync.target Type=notify Restart=always RestartSec=0 -ExecStart=@rootlibexecdir@/systemd-timesyncd +ExecStart=!!@rootlibexecdir@/systemd-timesyncd WatchdogSec=3min -CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER +User=systemd-timesync +CapabilityBoundingSet=CAP_SYS_TIME +AmbientCapabilities=CAP_SYS_TIME PrivateTmp=yes PrivateDevices=yes ProtectSystem=strict |