From 0187368cadea183e18c6d575a9d6b7f491a402af Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 20 May 2018 01:18:21 +0900
Subject: [PATCH] resolve: enable DynamicUser= for systemd-resolved.service

---
 src/resolve/resolved-bus.c        | 2 +-
 sysusers.d/systemd.conf.m4        | 3 ---
 units/systemd-resolved.service.in | 5 ++---
 3 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c
index 0060a1caba..b98f862be0 100644
--- a/src/resolve/resolved-bus.c
+++ b/src/resolve/resolved-bus.c
@@ -1918,7 +1918,7 @@ int manager_connect_bus(Manager *m) {
         if (r < 0)
                 return log_error_errno(r, "Failed to register dnssd enumerator: %m");
 
-        r = sd_bus_request_name_async(m->bus, NULL, "org.freedesktop.resolve1", 0, NULL, NULL);
+        r = bus_request_name_async_may_reload_dbus(m->bus, NULL, "org.freedesktop.resolve1", 0, NULL);
         if (r < 0)
                 return log_error_errno(r, "Failed to request name: %m");
 
diff --git a/sysusers.d/systemd.conf.m4 b/sysusers.d/systemd.conf.m4
index 82e23ca5a8..0e9919b7c2 100644
--- a/sysusers.d/systemd.conf.m4
+++ b/sysusers.d/systemd.conf.m4
@@ -9,9 +9,6 @@ g systemd-journal   - -
 m4_ifdef(`ENABLE_NETWORKD',
 u systemd-network   - "systemd Network Management"
 )m4_dnl
-m4_ifdef(`ENABLE_RESOLVE',
-u systemd-resolve   - "systemd Resolver"
-)m4_dnl
 m4_ifdef(`ENABLE_COREDUMP',
 u systemd-coredump  - "systemd Core Dumper"
 )m4_dnl
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
index a939f7259c..7b92735f19 100644
--- a/units/systemd-resolved.service.in
+++ b/units/systemd-resolved.service.in
@@ -14,7 +14,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved
 Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
 Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
 DefaultDependencies=no
-After=systemd-sysusers.service systemd-networkd.service
+After=systemd-networkd.service
 Before=network.target nss-lookup.target shutdown.target
 Conflicts=shutdown.target
 Wants=nss-lookup.target
@@ -26,11 +26,10 @@ RestartSec=0
 ExecStart=!!@rootlibexecdir@/systemd-resolved
 WatchdogSec=3min
 User=systemd-resolve
+DynamicUser=yes
 CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
-PrivateTmp=yes
 PrivateDevices=yes
-ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelTunables=yes