summaryrefslogtreecommitdiffstats
path: root/units/systemd-timesyncd.service.in
diff options
context:
space:
mode:
authorYu Watanabe <watanabe.yu+github@gmail.com>2017-08-10 09:07:08 +0200
committerYu Watanabe <watanabe.yu+github@gmail.com>2017-08-26 18:41:12 +0200
commit87a85e25a2ebcc1e519249d0513e34bb20ceed49 (patch)
tree99dc382c2f72af872afef5e7ae8bdfabaa04901a /units/systemd-timesyncd.service.in
parentunits: make use of !! ExecStart= prefix in systemd-networkd.service (diff)
downloadsystemd-87a85e25a2ebcc1e519249d0513e34bb20ceed49.tar.xz
systemd-87a85e25a2ebcc1e519249d0513e34bb20ceed49.zip
units: make use of !! ExecStart= prefix in systemd-timesyncd.service
Let's make use of !! to run timesyncd with ambient capabilities on systems supporting them.
Diffstat (limited to 'units/systemd-timesyncd.service.in')
-rw-r--r--units/systemd-timesyncd.service.in8
1 files changed, 5 insertions, 3 deletions
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index 8d328bb80a..e25d86d655 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -12,7 +12,7 @@ ConditionCapability=CAP_SYS_TIME
ConditionVirtualization=!container
DefaultDependencies=no
RequiresMountsFor=/var/lib/systemd/clock
-After=systemd-remount-fs.service systemd-tmpfiles-setup.service systemd-sysusers.service
+After=systemd-remount-fs.service systemd-sysusers.service
Before=time-sync.target sysinit.target shutdown.target
Conflicts=shutdown.target
Wants=time-sync.target
@@ -21,9 +21,11 @@ Wants=time-sync.target
Type=notify
Restart=always
RestartSec=0
-ExecStart=@rootlibexecdir@/systemd-timesyncd
+ExecStart=!!@rootlibexecdir@/systemd-timesyncd
WatchdogSec=3min
-CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
+User=systemd-timesync
+CapabilityBoundingSet=CAP_SYS_TIME
+AmbientCapabilities=CAP_SYS_TIME
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict