timesyncd: enable DynamicUser=

2017-10-06 16:05:20 +09:00 · 2017-10-06 16:05:20 +09:00 · 48d3e88c18
parent c31ad02403
commit 48d3e88c18
2 changed files with 2 additions and 3 deletions
--- a/src/timesync/timesyncd.c
+++ b/src/timesync/timesyncd.c
@ -69,7 +69,7 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) {
                }

        } else {
-                r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid, false);
+                r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid, true);
                if (r < 0)
                        return log_error_errno(r, "Failed to create state directory: %m");

--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@ -23,11 +23,10 @@ RestartSec=0
 ExecStart=!!@rootlibexecdir@/systemd-timesyncd
 WatchdogSec=3min
 User=systemd-timesync
+DynamicUser=yes
 CapabilityBoundingSet=CAP_SYS_TIME
 AmbientCapabilities=CAP_SYS_TIME
-PrivateTmp=yes
 PrivateDevices=yes
-ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelTunables=yes