Revert "timesyncd: enable DynamicUser="
This reverts commit 48d3e88c18
.
I kept the follow-symlink=false → follow-symlink=true change instact, since
we're likely to have existing installations with a symlink now.
This commit is contained in:
parent
89be857a41
commit
162e0b75f9
|
@ -25,10 +25,11 @@ RestartSec=0
|
||||||
ExecStart=!!@rootlibexecdir@/systemd-timesyncd
|
ExecStart=!!@rootlibexecdir@/systemd-timesyncd
|
||||||
WatchdogSec=3min
|
WatchdogSec=3min
|
||||||
User=systemd-timesync
|
User=systemd-timesync
|
||||||
DynamicUser=yes
|
|
||||||
CapabilityBoundingSet=CAP_SYS_TIME
|
CapabilityBoundingSet=CAP_SYS_TIME
|
||||||
AmbientCapabilities=CAP_SYS_TIME
|
AmbientCapabilities=CAP_SYS_TIME
|
||||||
|
PrivateTmp=yes
|
||||||
PrivateDevices=yes
|
PrivateDevices=yes
|
||||||
|
ProtectSystem=strict
|
||||||
ProtectHome=yes
|
ProtectHome=yes
|
||||||
ProtectControlGroups=yes
|
ProtectControlGroups=yes
|
||||||
ProtectKernelTunables=yes
|
ProtectKernelTunables=yes
|
||||||
|
|
Loading…
Reference in New Issue