timesyncd: enable DynamicUser=

author: Yu Watanabe <watanabe.yu+github@gmail.com> 2017-10-06 09:05:20 +0200
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2017-10-06 09:05:20 +0200
commit: 48d3e88c18258d423c3953372ec4a2e638ab0422 (patch)
tree: 623f2f4ab2177226dc19164db6cdafe6483a17dc /units/systemd-timesyncd.service.in
parent: mkdir: introduce follow_symlink flag to mkdir_safe{,_label}() (diff)
download: systemd-48d3e88c18258d423c3953372ec4a2e638ab0422.tar.xz
systemd-48d3e88c18258d423c3953372ec4a2e638ab0422.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index 8d3f46cf5e..ed4bc8e552 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -23,11 +23,10 @@ RestartSec=0
 ExecStart=!!@rootlibexecdir@/systemd-timesyncd
 WatchdogSec=3min
 User=systemd-timesync
+DynamicUser=yes
 CapabilityBoundingSet=CAP_SYS_TIME
 AmbientCapabilities=CAP_SYS_TIME
-PrivateTmp=yes
 PrivateDevices=yes
-ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelTunables=yes
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2017-10-06 09:05:20 +0200
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2017-10-06 09:05:20 +0200
commit	48d3e88c18258d423c3953372ec4a2e638ab0422 (patch)
tree	623f2f4ab2177226dc19164db6cdafe6483a17dc /units/systemd-timesyncd.service.in
parent	mkdir: introduce follow_symlink flag to mkdir_safe{,_label}() (diff)
download	systemd-48d3e88c18258d423c3953372ec4a2e638ab0422.tar.xz systemd-48d3e88c18258d423c3953372ec4a2e638ab0422.zip