]> git.ipfire.org Git - thirdparty/systemd.git/blobdiff - units/systemd-timesyncd.service.in
projects / thirdparty / systemd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
machine-id-commit: merge machine-id-commit functionality into machine-id-setup
[thirdparty/systemd.git] / units / systemd-timesyncd.service.in
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index e279d1bc29f054c5f996abc3dc004dde20767c74..a856dad70933d0580ea3c438bf6b37a955e7d536 100644 (file)
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -9,14 +9,25 @@
 Description=Network Time Synchronization
 Documentation=man:systemd-timesyncd.service(8)
 ConditionCapability=CAP_SYS_TIME
-After=systemd-networkd.service
+ConditionVirtualization=!container
+DefaultDependencies=no
+RequiresMountsFor=/var/lib/systemd/clock
+After=systemd-remount-fs.service systemd-tmpfiles-setup.service systemd-sysusers.service
+Before=time-sync.target sysinit.target shutdown.target
+Conflicts=shutdown.target
+Wants=time-sync.target
 
 [Service]
 Type=notify
 Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-timesyncd
-CapabilityBoundingSet=CAP_SYS_TIME
+CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+WatchdogSec=3min
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=sysinit.target
Unnamed repository; edit this file 'description' to name the repository.