diff options
Diffstat (limited to 'units/systemd-networkd.service.in')
-rw-r--r-- | units/systemd-networkd.service.in | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in index 218e5c4d3f..3f0ad77b7d 100644 --- a/units/systemd-networkd.service.in +++ b/units/systemd-networkd.service.in @@ -20,9 +20,11 @@ Wants=network.target Type=notify Restart=on-failure RestartSec=0 -ExecStart=@rootlibexecdir@/systemd-networkd +ExecStart=!!@rootlibexecdir@/systemd-networkd WatchdogSec=3min -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER +User=systemd-network +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW ProtectSystem=strict ProtectHome=yes ProtectControlGroups=yes @@ -32,7 +34,8 @@ RestrictRealtime=yes RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap SystemCallArchitectures=native -ReadWritePaths=/run/systemd +RuntimeDirectory=systemd/netif +RuntimeDirectoryPreserve=yes [Install] WantedBy=multi-user.target |