[thirdparty/systemd.git] / units / systemd-resolved.service.m4.in

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Network Name Resolution
Documentation=man:systemd-resolved.service(8)
Documentation=http://www.freedesktop.org/wiki/Software/systemd/resolved
Documentation=http://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
Documentation=http://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
After=systemd-networkd.service network.target
Before=network-online.target nss-lookup.target
Wants=nss-lookup.target

# On kdbus systems we pull in the busname explicitly, because it
# carries policy that allows the daemon to acquire its name.
Wants=org.freedesktop.resolve1.busname
After=org.freedesktop.resolve1.busname

[Service]
Type=notify
Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-resolved
WatchdogSec=3min
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_NET_RAW CAP_NET_BIND_SERVICE
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
ReadWritePaths=/run/systemd

[Install]
WantedBy=multi-user.target
Alias=dbus-org.freedesktop.resolve1.service
Commit	Line	Data
ee9b9875 TG	1	# This file is part of systemd.
	2	#
	3	# systemd is free software; you can redistribute it and/or modify it
	4	# under the terms of the GNU Lesser General Public License as published by
	5	# the Free Software Foundation; either version 2.1 of the License, or
	6	# (at your option) any later version.
ee9b9875	7
091a364c TG	8	[Unit]
	9	Description=Network Name Resolution
	10	Documentation=man:systemd-resolved.service(8)
45bd4854 LP	11	Documentation=http://www.freedesktop.org/wiki/Software/systemd/resolved
	12	Documentation=http://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
	13	Documentation=http://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
1dff3202	14	After=systemd-networkd.service network.target
3e060555 YW	15	Before=network-online.target nss-lookup.target
3e060555 YW	16	Wants=nss-lookup.target
091a364c	17
78ad7cf1 LP	18	# On kdbus systems we pull in the busname explicitly, because it
	19	# carries policy that allows the daemon to acquire its name.
	20	Wants=org.freedesktop.resolve1.busname
	21	After=org.freedesktop.resolve1.busname
	22
091a364c TG	23	[Service]
	24	Type=notify
	25	Restart=always
	26	RestartSec=0
	27	ExecStart=@rootlibexecdir@/systemd-resolved
0c28d51a	28	WatchdogSec=3min
b30bf55d	29	CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_NET_RAW CAP_NET_BIND_SERVICE
0c28d51a LP	30	PrivateTmp=yes
0c28d51a LP	31	PrivateDevices=yes
c7fb922d	32	ProtectSystem=strict
1b8689f9	33	ProtectHome=yes
0c28d51a LP	34	ProtectControlGroups=yes
0c28d51a LP	35	ProtectKernelTunables=yes
b6c7278c	36	ProtectKernelModules=yes
40652ca4	37	MemoryDenyWriteExecute=yes
0c28d51a LP	38	RestrictRealtime=yes
0c28d51a LP	39	RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
6489ccfe	40	SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
7f396e5f	41	SystemCallArchitectures=native
c7fb922d	42	ReadWritePaths=/run/systemd
091a364c TG	43
	44	[Install]
	45	WantedBy=multi-user.target
4d1f490c	46	Alias=dbus-org.freedesktop.resolve1.service