]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c31ad02)
timesyncd: enable DynamicUser=
authorYu Watanabe <watanabe.yu+github@gmail.com>
Fri, 6 Oct 2017 07:05:20 +0000 (16:05 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Fri, 6 Oct 2017 07:05:20 +0000 (16:05 +0900)
src/timesync/timesyncd.c patch | blob | blame | history
units/systemd-timesyncd.service.in patch | blob | blame | history

diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c
index d895aa8cc1bd35ebc849bacc9186de7989213141..c026ef79a4adaaab910a6f11126f4317ff61fcd0 100644 (file)
--- a/src/timesync/timesyncd.c
+++ b/src/timesync/timesyncd.c
@@ -69,7 +69,7 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) {
                 }
 
         } else {
-                r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid, false);
+                r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid, true);
                 if (r < 0)
                         return log_error_errno(r, "Failed to create state directory: %m");
 
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index 8d3f46cf5e227942f24a1b7b8567648c9239f177..ed4bc8e552ea8a395cb4c3306bde225d35877333 100644 (file)
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -23,11 +23,10 @@ RestartSec=0
 ExecStart=!!@rootlibexecdir@/systemd-timesyncd
 WatchdogSec=3min
 User=systemd-timesync
+DynamicUser=yes
 CapabilityBoundingSet=CAP_SYS_TIME
 AmbientCapabilities=CAP_SYS_TIME
-PrivateTmp=yes
 PrivateDevices=yes
-ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelTunables=yes
Unnamed repository; edit this file 'description' to name the repository.