diff options
| author |   Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-09-19 10:04:33 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-09-20 16:52:02 +0200 |
| commit | 62fb7e80fcc45a1530ed58a84980be8cfafa9b3e (patch) | |
| tree | 6fc24e56256d493048206cb08c6f74778e0b3896 /units | |
| parent | Revert "timesyncd: enable DynamicUser=" (diff) | |
| download | systemd-62fb7e80fcc45a1530ed58a84980be8cfafa9b3e.tar.gz systemd-62fb7e80fcc45a1530ed58a84980be8cfafa9b3e.tar.bz2 systemd-62fb7e80fcc45a1530ed58a84980be8cfafa9b3e.zip | |
Revert "resolve: enable DynamicUser= for systemd-resolved.service"
This reverts commit 0187368cadea183e18c6d575a9d6b7f491a402af.
(systemd.conf.m4 part was already reverted in 5b5d82615011b9827466b7cd5756da35627a1608.)
Diffstat (limited to 'units')
| -rw-r--r-- | units/systemd-resolved.service.in | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in index 9982ecebf..ef5398cbf 100644 --- a/units/systemd-resolved.service.in +++ b/units/systemd-resolved.service.in @@ -14,7 +14,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients DefaultDependencies=no -After=systemd-networkd.service +After=systemd-sysusers.service systemd-networkd.service Before=network.target nss-lookup.target shutdown.target Conflicts=shutdown.target Wants=nss-lookup.target @@ -26,10 +26,11 @@ RestartSec=0 ExecStart=!!@rootlibexecdir@/systemd-resolved WatchdogSec=3min User=systemd-resolve -DynamicUser=yes CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE +PrivateTmp=yes PrivateDevices=yes +ProtectSystem=strict ProtectHome=yes ProtectControlGroups=yes ProtectKernelTunables=yes |