units/systemd-timesyncd.service.in

   1 #  This file is part of systemd.
   2 #
   3 #  systemd is free software; you can redistribute it and/or modify it
   4 #  under the terms of the GNU Lesser General Public License as published by
   5 #  the Free Software Foundation; either version 2.1 of the License, or
   6 #  (at your option) any later version.
   7
   8 [Unit]
   9 Description=Network Time Synchronization
  10 Documentation=man:systemd-timesyncd.service(8)
  11 ConditionCapability=CAP_SYS_TIME
  12 ConditionVirtualization=!container
  13 DefaultDependencies=no
  14 RequiresMountsFor=/var/lib/systemd/timesync/clock
  15 After=systemd-remount-fs.service systemd-sysusers.service
  16 Before=time-sync.target sysinit.target shutdown.target
  17 Conflicts=shutdown.target
  18 Wants=time-sync.target
  19
  20 [Service]
  21 Type=notify
  22 Restart=always
  23 RestartSec=0
  24 ExecStart=!!@rootlibexecdir@/systemd-timesyncd
  25 WatchdogSec=3min
  26 User=systemd-timesync
  27 CapabilityBoundingSet=CAP_SYS_TIME
  28 AmbientCapabilities=CAP_SYS_TIME
  29 PrivateTmp=yes
  30 PrivateDevices=yes
  31 ProtectSystem=strict
  32 ProtectHome=yes
  33 ProtectControlGroups=yes
  34 ProtectKernelTunables=yes
  35 ProtectKernelModules=yes
  36 MemoryDenyWriteExecute=yes
  37 RestrictRealtime=yes
  38 RestrictNamespaces=yes
  39 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
  40 SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
  41 SystemCallArchitectures=native
  42 StateDirectory=systemd/timesync
  43
  44 [Install]
  45 WantedBy=sysinit.target