]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
units: turn of ProtectHostname= again for services hat need to know about system... 11922/head
authorLennart Poettering <lennart@poettering.net>
Thu, 7 Mar 2019 13:38:11 +0000 (14:38 +0100)
committerLennart Poettering <lennart@poettering.net>
Fri, 8 Mar 2019 14:49:10 +0000 (15:49 +0100)
ProtectHostname= turns off hostname change propagation from host to
service. This means for services that care about the hostname and need
to be able to notice changes to it it's not suitable (though it is
useful for most other cases still).

Let's turn it off hence for journald (which logs the current hostname)
for networkd (which optionally sends the current hostname to dhcp
servers) and resolved (which announces the current hostname via
llmnr/mdns).

units/systemd-journald.service.in
units/systemd-networkd.service.in
units/systemd-resolved.service.in

index 1807d73c68586297776b2053816670ce56f79e45..4684f095c0778f4d21d376bab2c6c1e36dba9bab 100644 (file)
@@ -23,7 +23,6 @@ IPAddressDeny=any
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
-ProtectHostname=yes
 Restart=always
 RestartSec=0
 RestrictAddressFamilies=AF_UNIX AF_NETLINK
 Restart=always
 RestartSec=0
 RestrictAddressFamilies=AF_UNIX AF_NETLINK
index 5da0e1e3307e720e6558d22b6b95fe322a702cce..472ef045de9e5cce5f421ef27a2ff4643a0be22b 100644 (file)
@@ -27,7 +27,6 @@ MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 ProtectControlGroups=yes
 ProtectHome=yes
 NoNewPrivileges=yes
 ProtectControlGroups=yes
 ProtectHome=yes
-ProtectHostname=yes
 ProtectKernelModules=yes
 ProtectSystem=strict
 Restart=on-failure
 ProtectKernelModules=yes
 ProtectSystem=strict
 Restart=on-failure
index eac3f31012ca8f59b1dfc41f26aaf0bd495f4fb4..3144b70063ee3acc4bd4a1fb704e7824143b1d23 100644 (file)
@@ -30,7 +30,6 @@ PrivateDevices=yes
 PrivateTmp=yes
 ProtectControlGroups=yes
 ProtectHome=yes
 PrivateTmp=yes
 ProtectControlGroups=yes
 ProtectHome=yes
-ProtectHostname=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectSystem=strict
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectSystem=strict