[thirdparty/systemd.git] / units / systemd-timesyncd.service.in

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Network Time Synchronization
Documentation=man:systemd-timesyncd.service(8)
ConditionCapability=CAP_SYS_TIME
ConditionVirtualization=!container
DefaultDependencies=no
RequiresMountsFor=/var/lib/systemd/timesync/clock
After=systemd-remount-fs.service systemd-sysusers.service
Before=time-sync.target sysinit.target shutdown.target
Conflicts=shutdown.target
Wants=time-sync.target

[Service]
Type=notify
Restart=always
RestartSec=0
ExecStart=!!@rootlibexecdir@/systemd-timesyncd
WatchdogSec=3min
User=systemd-timesync
CapabilityBoundingSet=CAP_SYS_TIME
AmbientCapabilities=CAP_SYS_TIME
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
StateDirectory=systemd/timesync

[Install]
WantedBy=sysinit.target
Commit	Line	Data
a91df40e KS	1	# This file is part of systemd.
	2	#
	3	# systemd is free software; you can redistribute it and/or modify it
	4	# under the terms of the GNU Lesser General Public License as published by
	5	# the Free Software Foundation; either version 2.1 of the License, or
	6	# (at your option) any later version.
	7
	8	[Unit]
	9	Description=Network Time Synchronization
	10	Documentation=man:systemd-timesyncd.service(8)
	11	ConditionCapability=CAP_SYS_TIME
4b16233e	12	ConditionVirtualization=!container
689d781b	13	DefaultDependencies=no
53d133ea	14	RequiresMountsFor=/var/lib/systemd/timesync/clock
87a85e25	15	After=systemd-remount-fs.service systemd-sysusers.service
689d781b	16	Before=time-sync.target sysinit.target shutdown.target
ece6e766	17	Conflicts=shutdown.target
55152b6e	18	Wants=time-sync.target
a91df40e KS	19
	20	[Service]
	21	Type=notify
	22	Restart=always
	23	RestartSec=0
87a85e25	24	ExecStart=!!@rootlibexecdir@/systemd-timesyncd
0c28d51a	25	WatchdogSec=3min
87a85e25 YW	26	User=systemd-timesync
	27	CapabilityBoundingSet=CAP_SYS_TIME
	28	AmbientCapabilities=CAP_SYS_TIME
a349eb10 LP	29	PrivateTmp=yes
a349eb10 LP	30	PrivateDevices=yes
c7fb922d	31	ProtectSystem=strict
1b8689f9	32	ProtectHome=yes
0c28d51a LP	33	ProtectControlGroups=yes
0c28d51a LP	34	ProtectKernelTunables=yes
b6c7278c	35	ProtectKernelModules=yes
40652ca4	36	MemoryDenyWriteExecute=yes
0c28d51a	37	RestrictRealtime=yes
3c19d0b4	38	RestrictNamespaces=yes
0c28d51a	39	RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
6489ccfe	40	SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
7f396e5f	41	SystemCallArchitectures=native
53d133ea	42	StateDirectory=systemd/timesync
a91df40e KS	43
a91df40e KS	44	[Install]
ece6e766	45	WantedBy=sysinit.target