units: turn of ProtectHostname= again for services hat need to know about system hostname changes
ProtectHostname= turns off hostname change propagation from host to service. This means for services that care about the hostname and need to be able to notice changes to it it's not suitable (though it is useful for most other cases still). Let's turn it off hence for journald (which logs the current hostname) for networkd (which optionally sends the current hostname to dhcp servers) and resolved (which announces the current hostname via llmnr/mdns).
This commit is contained in:
Lennart Poettering
parent
8df87b4383
commit
a18449b5bd
|
|
@ -23,7 +23,6 @@ IPAddressDeny=any
|
||||||
LockPersonality=yes
|
LockPersonality=yes
|
||||||
MemoryDenyWriteExecute=yes
|
MemoryDenyWriteExecute=yes
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
ProtectHostname=yes
|
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=0
|
RestartSec=0
|
||||||
RestrictAddressFamilies=AF_UNIX AF_NETLINK
|
RestrictAddressFamilies=AF_UNIX AF_NETLINK
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,6 @@ MemoryDenyWriteExecute=yes
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
ProtectControlGroups=yes
|
ProtectControlGroups=yes
|
||||||
ProtectHome=yes
|
ProtectHome=yes
|
||||||
ProtectHostname=yes
|
|
||||||
ProtectKernelModules=yes
|
ProtectKernelModules=yes
|
||||||
ProtectSystem=strict
|
ProtectSystem=strict
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,6 @@ PrivateDevices=yes
|
||||||
PrivateTmp=yes
|
PrivateTmp=yes
|
||||||
ProtectControlGroups=yes
|
ProtectControlGroups=yes
|
||||||
ProtectHome=yes
|
ProtectHome=yes
|
||||||
ProtectHostname=yes
|
|
||||||
ProtectKernelModules=yes
|
ProtectKernelModules=yes
|
||||||
ProtectKernelTunables=yes
|
ProtectKernelTunables=yes
|
||||||
ProtectSystem=strict
|
ProtectSystem=strict
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue