diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-06-04 18:07:55 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-06-04 18:12:55 +0200 |
commit | 1b8689f94983b47bf190e77ddb03a8fc6af15fb3 (patch) | |
tree | 7bb1324b3b882adaa0b8bf786f8848ccec156a94 /units/systemd-timesyncd.service.in | |
parent | hwdb: fix case-sensitive match (diff) | |
download | systemd-1b8689f94983b47bf190e77ddb03a8fc6af15fb3.tar.xz systemd-1b8689f94983b47bf190e77ddb03a8fc6af15fb3.zip |
core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only
Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit.
With this in place we now have two neat options ProtectSystem= and
ProtectHome= for protecting the OS itself (and optionally its
configuration), and for protecting the user's data.
Diffstat (limited to 'units/systemd-timesyncd.service.in')
-rw-r--r-- | units/systemd-timesyncd.service.in | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in index 030e4a0423..8d898e2fa7 100644 --- a/units/systemd-timesyncd.service.in +++ b/units/systemd-timesyncd.service.in @@ -23,8 +23,8 @@ ExecStart=@rootlibexecdir@/systemd-timesyncd CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER PrivateTmp=yes PrivateDevices=yes -ReadOnlySystem=yes -ProtectedHome=yes +ProtectSystem=full +ProtectHome=yes WatchdogSec=1min [Install] |