network: set DynamicUser= to systemd-networkd.service
This commit is contained in:
parent
0187368cad
commit
d4e9e574ea
|
@ -155,7 +155,7 @@ int manager_connect_bus(Manager *m) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to add network enumerator: %m");
|
return log_error_errno(r, "Failed to add network enumerator: %m");
|
||||||
|
|
||||||
r = sd_bus_request_name_async(m->bus, NULL, "org.freedesktop.network1", 0, NULL, NULL);
|
r = bus_request_name_async_may_reload_dbus(m->bus, NULL, "org.freedesktop.network1", 0, NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to request name: %m");
|
return log_error_errno(r, "Failed to request name: %m");
|
||||||
|
|
||||||
|
|
|
@ -6,9 +6,6 @@
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
g systemd-journal - -
|
g systemd-journal - -
|
||||||
m4_ifdef(`ENABLE_NETWORKD',
|
|
||||||
u systemd-network - "systemd Network Management"
|
|
||||||
)m4_dnl
|
|
||||||
m4_ifdef(`ENABLE_COREDUMP',
|
m4_ifdef(`ENABLE_COREDUMP',
|
||||||
u systemd-coredump - "systemd Core Dumper"
|
u systemd-coredump - "systemd Core Dumper"
|
||||||
)m4_dnl
|
)m4_dnl
|
||||||
|
|
|
@ -17,9 +17,9 @@ d /run/systemd/users 0755 root root -
|
||||||
d /run/systemd/machines 0755 root root -
|
d /run/systemd/machines 0755 root root -
|
||||||
d /run/systemd/shutdown 0755 root root -
|
d /run/systemd/shutdown 0755 root root -
|
||||||
m4_ifdef(`ENABLE_NETWORKD',
|
m4_ifdef(`ENABLE_NETWORKD',
|
||||||
d /run/systemd/netif 0755 systemd-network systemd-network -
|
d /run/systemd/netif 0755 root root -
|
||||||
d /run/systemd/netif/links 0755 systemd-network systemd-network -
|
d /run/systemd/netif/links 0755 root root -
|
||||||
d /run/systemd/netif/leases 0755 systemd-network systemd-network -
|
d /run/systemd/netif/leases 0755 root root -
|
||||||
)m4_dnl
|
)m4_dnl
|
||||||
|
|
||||||
d /run/log 0755 root root -
|
d /run/log 0755 root root -
|
||||||
|
|
|
@ -13,7 +13,7 @@ Documentation=man:systemd-networkd.service(8)
|
||||||
ConditionCapability=CAP_NET_ADMIN
|
ConditionCapability=CAP_NET_ADMIN
|
||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
# systemd-udevd.service can be dropped once tuntap is moved to netlink
|
# systemd-udevd.service can be dropped once tuntap is moved to netlink
|
||||||
After=systemd-udevd.service network-pre.target systemd-sysusers.service systemd-sysctl.service
|
After=systemd-udevd.service network-pre.target systemd-sysctl.service
|
||||||
Before=network.target multi-user.target shutdown.target
|
Before=network.target multi-user.target shutdown.target
|
||||||
Conflicts=shutdown.target
|
Conflicts=shutdown.target
|
||||||
Wants=network.target
|
Wants=network.target
|
||||||
|
@ -25,9 +25,9 @@ RestartSec=0
|
||||||
ExecStart=!!@rootlibexecdir@/systemd-networkd
|
ExecStart=!!@rootlibexecdir@/systemd-networkd
|
||||||
WatchdogSec=3min
|
WatchdogSec=3min
|
||||||
User=systemd-network
|
User=systemd-network
|
||||||
|
DynamicUser=yes
|
||||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
|
||||||
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
|
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
|
||||||
ProtectSystem=strict
|
|
||||||
ProtectHome=yes
|
ProtectHome=yes
|
||||||
ProtectControlGroups=yes
|
ProtectControlGroups=yes
|
||||||
ProtectKernelModules=yes
|
ProtectKernelModules=yes
|
||||||
|
|
Loading…
Reference in New Issue