Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2018-09-19 10:04:33 +0200
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2018-09-20 16:52:02 +0200
commit62fb7e80fcc45a1530ed58a84980be8cfafa9b3e (patch)
tree6fc24e56256d493048206cb08c6f74778e0b3896
parentRevert "timesyncd: enable DynamicUser=" (diff)
downloadsystemd-62fb7e80fcc45a1530ed58a84980be8cfafa9b3e.tar.gz
systemd-62fb7e80fcc45a1530ed58a84980be8cfafa9b3e.tar.bz2
systemd-62fb7e80fcc45a1530ed58a84980be8cfafa9b3e.zip
Revert "resolve: enable DynamicUser= for systemd-resolved.service"
This reverts commit 0187368cadea183e18c6d575a9d6b7f491a402af. (systemd.conf.m4 part was already reverted in 5b5d82615011b9827466b7cd5756da35627a1608.)
Diffstat
-rw-r--r--src/resolve/resolved-bus.c2
-rwxr-xr-xtest/networkd-test.py1
-rw-r--r--units/systemd-resolved.service.in5
3 files changed, 5 insertions, 3 deletions
diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c
index 3859d4102..75702d593 100644
--- a/src/resolve/resolved-bus.c
+++ b/src/resolve/resolved-bus.c
@@ -1920,7 +1920,7 @@ int manager_connect_bus(Manager *m) {
if (r < 0)
return log_error_errno(r, "Failed to register dnssd enumerator: %m");
- r = bus_request_name_async_may_reload_dbus(m->bus, NULL, "org.freedesktop.resolve1", 0, NULL);
+ r = sd_bus_request_name_async(m->bus, NULL, "org.freedesktop.resolve1", 0, NULL, NULL);
if (r < 0)
return log_error_errno(r, "Failed to request name: %m");
diff --git a/test/networkd-test.py b/test/networkd-test.py
index 131b48f61..79d6250cd 100755
--- a/test/networkd-test.py
+++ b/test/networkd-test.py
@@ -67,6 +67,7 @@ def setUpModule():
tmpmounts.append(d)
if os.path.isdir('/run/systemd/resolve'):
os.chmod('/run/systemd/resolve', 0o755)
+ shutil.chown('/run/systemd/resolve', 'systemd-resolve', 'systemd-resolve')
# Avoid "Failed to open /dev/tty" errors in containers.
os.environ['SYSTEMD_LOG_TARGET'] = 'journal'
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
index 9982ecebf..ef5398cbf 100644
--- a/units/systemd-resolved.service.in
+++ b/units/systemd-resolved.service.in
@@ -14,7 +14,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved
Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
DefaultDependencies=no
-After=systemd-networkd.service
+After=systemd-sysusers.service systemd-networkd.service
Before=network.target nss-lookup.target shutdown.target
Conflicts=shutdown.target
Wants=nss-lookup.target
@@ -26,10 +26,11 @@ RestartSec=0
ExecStart=!!@rootlibexecdir@/systemd-resolved
WatchdogSec=3min
User=systemd-resolve
-DynamicUser=yes
CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
+PrivateTmp=yes
PrivateDevices=yes
+ProtectSystem=strict
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelTunables=yes