diff options
Diffstat (limited to 'units/systemd-timesyncd.service.in')
| -rw-r--r-- | units/systemd-timesyncd.service.in | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in index 7478906ae5..12f918dd11 100644 --- a/units/systemd-timesyncd.service.in +++ b/units/systemd-timesyncd.service.in @@ -25,10 +25,11 @@ RestartSec=0 ExecStart=!!@rootlibexecdir@/systemd-timesyncd WatchdogSec=3min User=systemd-timesync -DynamicUser=yes CapabilityBoundingSet=CAP_SYS_TIME AmbientCapabilities=CAP_SYS_TIME +PrivateTmp=yes PrivateDevices=yes +ProtectSystem=strict ProtectHome=yes ProtectControlGroups=yes ProtectKernelTunables=yes |