[thirdparty/systemd.git] / units / systemd-timedated.service.in

#  SPDX-License-Identifier: LGPL-2.1+
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Time & Date Service
Documentation=man:systemd-timedated.service(8)
Documentation=man:localtime(5)
Documentation=man:org.freedesktop.timedate1(5)

[Service]
BusName=org.freedesktop.timedate1
CapabilityBoundingSet=CAP_SYS_TIME
DeviceAllow=char-rtc r
ExecStart=@rootlibexecdir@/systemd-timedated
IPAddressDeny=any
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateTmp=yes
ProtectProc=invisible
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
ReadWritePaths=/etc
RestrictAddressFamilies=AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service @clock
@SERVICE_WATCHDOG@
Commit	Line	Data
a7df2d1e ZJS	1	# SPDX-License-Identifier: LGPL-2.1+
a7df2d1e ZJS	2	#
f401e48c LP	3	# This file is part of systemd.
	4	#
	5	# systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	6	# under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	7	# the Free Software Foundation; either version 2.1 of the License, or
f401e48c LP	8	# (at your option) any later version.
f401e48c LP	9
f401e48c LP	10	[Unit]
f401e48c LP	11	Description=Time & Date Service
21006e0e ZJS	12	Documentation=man:systemd-timedated.service(8)
	13	Documentation=man:localtime(5)
	14	Documentation=man:org.freedesktop.timedate1(5)
f401e48c LP	15
f401e48c LP	16	[Service]
f401e48c	17	BusName=org.freedesktop.timedate1
0c28d51a	18	CapabilityBoundingSet=CAP_SYS_TIME
9af28206	19	DeviceAllow=char-rtc r
3ca9940c LP	20	ExecStart=@rootlibexecdir@/systemd-timedated
	21	IPAddressDeny=any
	22	LockPersonality=yes
	23	MemoryDenyWriteExecute=yes
	24	NoNewPrivileges=yes
d99a7052	25	PrivateTmp=yes
24da96a1	26	ProtectProc=invisible
0c28d51a	27	ProtectControlGroups=yes
3ca9940c	28	ProtectHome=yes
99894b86	29	ProtectHostname=yes
24da96a1	30	ProtectKernelLogs=yes
b6c7278c	31	ProtectKernelModules=yes
3ca9940c LP	32	ProtectKernelTunables=yes
	33	ProtectSystem=strict
	34	ReadWritePaths=/etc
0c28d51a	35	RestrictAddressFamilies=AF_UNIX
3ca9940c LP	36	RestrictNamespaces=yes
3ca9940c LP	37	RestrictRealtime=yes
62aa2924	38	RestrictSUIDSGID=yes
7f396e5f	39	SystemCallArchitectures=native
3ca9940c LP	40	SystemCallErrorNumber=EPERM
3ca9940c LP	41	SystemCallFilter=@system-service @clock
21d0dd5a	42	@SERVICE_WATCHDOG@