From: Lennart Poettering Date: Thu, 7 Mar 2019 13:38:11 +0000 (+0100) Subject: units: turn of ProtectHostname= again for services hat need to know about system... X-Git-Tag: v242-rc1~179^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a18449b5bd72308062724e70b9528d989d1f52a1;p=thirdparty%2Fsystemd.git units: turn of ProtectHostname= again for services hat need to know about system hostname changes ProtectHostname= turns off hostname change propagation from host to service. This means for services that care about the hostname and need to be able to notice changes to it it's not suitable (though it is useful for most other cases still). Let's turn it off hence for journald (which logs the current hostname) for networkd (which optionally sends the current hostname to dhcp servers) and resolved (which announces the current hostname via llmnr/mdns). --- diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index 1807d73c685..4684f095c07 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -23,7 +23,6 @@ IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes -ProtectHostname=yes Restart=always RestartSec=0 RestrictAddressFamilies=AF_UNIX AF_NETLINK diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in index 5da0e1e3307..472ef045de9 100644 --- a/units/systemd-networkd.service.in +++ b/units/systemd-networkd.service.in @@ -27,7 +27,6 @@ MemoryDenyWriteExecute=yes NoNewPrivileges=yes ProtectControlGroups=yes ProtectHome=yes -ProtectHostname=yes ProtectKernelModules=yes ProtectSystem=strict Restart=on-failure diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in index eac3f31012c..3144b70063e 100644 --- a/units/systemd-resolved.service.in +++ b/units/systemd-resolved.service.in @@ -30,7 +30,6 @@ PrivateDevices=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes -ProtectHostname=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectSystem=strict