diff options
Diffstat (limited to 'units/systemd-resolved.service.in')
| -rw-r--r-- | units/systemd-resolved.service.in | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in index 9982ecebff..ef5398cbf0 100644 --- a/units/systemd-resolved.service.in +++ b/units/systemd-resolved.service.in @@ -14,7 +14,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients DefaultDependencies=no -After=systemd-networkd.service +After=systemd-sysusers.service systemd-networkd.service Before=network.target nss-lookup.target shutdown.target Conflicts=shutdown.target Wants=nss-lookup.target @@ -26,10 +26,11 @@ RestartSec=0 ExecStart=!!@rootlibexecdir@/systemd-resolved WatchdogSec=3min User=systemd-resolve -DynamicUser=yes CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE +PrivateTmp=yes PrivateDevices=yes +ProtectSystem=strict ProtectHome=yes ProtectControlGroups=yes ProtectKernelTunables=yes |