[thirdparty/systemd.git] / units / systemd-timesyncd.service.in

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Network Time Synchronization
Documentation=man:systemd-timesyncd.service(8)
ConditionCapability=CAP_SYS_TIME
ConditionVirtualization=!container
DefaultDependencies=no
RequiresMountsFor=/var/lib/systemd/clock
After=systemd-remount-fs.service systemd-tmpfiles-setup.service systemd-sysusers.service
Before=time-sync.target sysinit.target shutdown.target
Conflicts=shutdown.target
Wants=time-sync.target

[Service]
Type=notify
Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-timesyncd
WatchdogSec=3min
CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
ReadWritePaths=/var/lib/systemd

[Install]
WantedBy=sysinit.target
Commit	Line	Data
a91df40e KS	1	# This file is part of systemd.
	2	#
	3	# systemd is free software; you can redistribute it and/or modify it
	4	# under the terms of the GNU Lesser General Public License as published by
	5	# the Free Software Foundation; either version 2.1 of the License, or
	6	# (at your option) any later version.
	7
	8	[Unit]
	9	Description=Network Time Synchronization
	10	Documentation=man:systemd-timesyncd.service(8)
	11	ConditionCapability=CAP_SYS_TIME
4b16233e	12	ConditionVirtualization=!container
689d781b	13	DefaultDependencies=no
ece6e766	14	RequiresMountsFor=/var/lib/systemd/clock
ecde7065	15	After=systemd-remount-fs.service systemd-tmpfiles-setup.service systemd-sysusers.service
689d781b	16	Before=time-sync.target sysinit.target shutdown.target
ece6e766	17	Conflicts=shutdown.target
55152b6e	18	Wants=time-sync.target
a91df40e KS	19
	20	[Service]
	21	Type=notify
	22	Restart=always
	23	RestartSec=0
	24	ExecStart=@rootlibexecdir@/systemd-timesyncd
0c28d51a	25	WatchdogSec=3min
d636d376	26	CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
a349eb10 LP	27	PrivateTmp=yes
a349eb10 LP	28	PrivateDevices=yes
c7fb922d	29	ProtectSystem=strict
1b8689f9	30	ProtectHome=yes
0c28d51a LP	31	ProtectControlGroups=yes
0c28d51a LP	32	ProtectKernelTunables=yes
b6c7278c	33	ProtectKernelModules=yes
40652ca4	34	MemoryDenyWriteExecute=yes
0c28d51a	35	RestrictRealtime=yes
3c19d0b4	36	RestrictNamespaces=yes
0c28d51a	37	RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
6489ccfe	38	SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
7f396e5f	39	SystemCallArchitectures=native
c7fb922d	40	ReadWritePaths=/var/lib/systemd
a91df40e KS	41
a91df40e KS	42	[Install]
ece6e766	43	WantedBy=sysinit.target