[thirdparty/systemd.git] / units / systemd-timesyncd.service.in

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Network Time Synchronization
Documentation=man:systemd-timesyncd.service(8)
ConditionCapability=CAP_SYS_TIME
ConditionVirtualization=!container
DefaultDependencies=no
After=systemd-remount-fs.service systemd-sysusers.service
Before=time-sync.target sysinit.target shutdown.target
Conflicts=shutdown.target
Wants=time-sync.target

[Service]
Type=notify
Restart=always
RestartSec=0
ExecStart=!!@rootlibexecdir@/systemd-timesyncd
WatchdogSec=3min
User=systemd-timesync
CapabilityBoundingSet=CAP_SYS_TIME
AmbientCapabilities=CAP_SYS_TIME
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
StateDirectory=systemd/timesync

[Install]
WantedBy=sysinit.target
Commit	Line	Data
a91df40e KS	1	# This file is part of systemd.
	2	#
	3	# systemd is free software; you can redistribute it and/or modify it
	4	# under the terms of the GNU Lesser General Public License as published by
	5	# the Free Software Foundation; either version 2.1 of the License, or
	6	# (at your option) any later version.
	7
	8	[Unit]
	9	Description=Network Time Synchronization
	10	Documentation=man:systemd-timesyncd.service(8)
	11	ConditionCapability=CAP_SYS_TIME
4b16233e	12	ConditionVirtualization=!container
689d781b	13	DefaultDependencies=no
87a85e25	14	After=systemd-remount-fs.service systemd-sysusers.service
689d781b	15	Before=time-sync.target sysinit.target shutdown.target
ece6e766	16	Conflicts=shutdown.target
55152b6e	17	Wants=time-sync.target
a91df40e KS	18
	19	[Service]
	20	Type=notify
	21	Restart=always
	22	RestartSec=0
87a85e25	23	ExecStart=!!@rootlibexecdir@/systemd-timesyncd
0c28d51a	24	WatchdogSec=3min
87a85e25 YW	25	User=systemd-timesync
	26	CapabilityBoundingSet=CAP_SYS_TIME
	27	AmbientCapabilities=CAP_SYS_TIME
a349eb10 LP	28	PrivateTmp=yes
a349eb10 LP	29	PrivateDevices=yes
c7fb922d	30	ProtectSystem=strict
1b8689f9	31	ProtectHome=yes
0c28d51a LP	32	ProtectControlGroups=yes
0c28d51a LP	33	ProtectKernelTunables=yes
b6c7278c	34	ProtectKernelModules=yes
40652ca4	35	MemoryDenyWriteExecute=yes
0c28d51a	36	RestrictRealtime=yes
3c19d0b4	37	RestrictNamespaces=yes
0c28d51a	38	RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
6489ccfe	39	SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
7f396e5f	40	SystemCallArchitectures=native
53d133ea	41	StateDirectory=systemd/timesync
a91df40e KS	42
a91df40e KS	43	[Install]
ece6e766	44	WantedBy=sysinit.target