Revert "timesyncd: enable DynamicUser="

This reverts commit 48d3e88c18258d423c3953372ec4a2e638ab0422. I kept the follow-symlink=false → follow-symlink=true change instact, since we're likely to have existing installations with a symlink now.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2018-09-19 10:00:09 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2018-09-19 10:00:09 +0200
commit: 162e0b75f9c9f698f94c228c2f9148120f03e9a2 (patch)
tree: 59b777a896f8cbc136e2718cb727b250949a9422 /units/systemd-timesyncd.service.in
parent: Revert "unit: drop After=systemd-sysusers.service from timesyncd" (diff)
download: systemd-162e0b75f9c9f698f94c228c2f9148120f03e9a2.tar.xz
systemd-162e0b75f9c9f698f94c228c2f9148120f03e9a2.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index 7478906ae5..12f918dd11 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -25,10 +25,11 @@ RestartSec=0
 ExecStart=!!@rootlibexecdir@/systemd-timesyncd
 WatchdogSec=3min
 User=systemd-timesync
-DynamicUser=yes
 CapabilityBoundingSet=CAP_SYS_TIME
 AmbientCapabilities=CAP_SYS_TIME
+PrivateTmp=yes
 PrivateDevices=yes
+ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelTunables=yes
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2018-09-19 10:00:09 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2018-09-19 10:00:09 +0200
commit	162e0b75f9c9f698f94c228c2f9148120f03e9a2 (patch)
tree	59b777a896f8cbc136e2718cb727b250949a9422 /units/systemd-timesyncd.service.in
parent	Revert "unit: drop After=systemd-sysusers.service from timesyncd" (diff)
download	systemd-162e0b75f9c9f698f94c228c2f9148120f03e9a2.tar.xz systemd-162e0b75f9c9f698f94c228c2f9148120f03e9a2.zip