[thirdparty/systemd.git] / units / systemd-timesyncd.service.in

#  SPDX-License-Identifier: LGPL-2.1+
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Network Time Synchronization
Documentation=man:systemd-timesyncd.service(8)
ConditionCapability=CAP_SYS_TIME
ConditionVirtualization=!container
DefaultDependencies=no
After=systemd-remount-fs.service systemd-sysusers.service
Before=time-sync.target sysinit.target shutdown.target
Conflicts=shutdown.target
Wants=time-sync.target

[Service]
Type=notify
Restart=always
RestartSec=0
ExecStart=!!@rootlibexecdir@/systemd-timesyncd
WatchdogSec=3min
User=systemd-timesync
DynamicUser=yes
CapabilityBoundingSet=CAP_SYS_TIME
AmbientCapabilities=CAP_SYS_TIME
PrivateDevices=yes
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RuntimeDirectory=systemd/timesync
SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
LockPersonality=yes
StateDirectory=systemd/timesync

[Install]
WantedBy=sysinit.target
Commit	Line	Data
a7df2d1e ZJS	1	# SPDX-License-Identifier: LGPL-2.1+
a7df2d1e ZJS	2	#
a91df40e KS	3	# This file is part of systemd.
	4	#
	5	# systemd is free software; you can redistribute it and/or modify it
	6	# under the terms of the GNU Lesser General Public License as published by
	7	# the Free Software Foundation; either version 2.1 of the License, or
	8	# (at your option) any later version.
	9
	10	[Unit]
	11	Description=Network Time Synchronization
	12	Documentation=man:systemd-timesyncd.service(8)
	13	ConditionCapability=CAP_SYS_TIME
4b16233e	14	ConditionVirtualization=!container
689d781b	15	DefaultDependencies=no
87a85e25	16	After=systemd-remount-fs.service systemd-sysusers.service
689d781b	17	Before=time-sync.target sysinit.target shutdown.target
ece6e766	18	Conflicts=shutdown.target
55152b6e	19	Wants=time-sync.target
a91df40e KS	20
	21	[Service]
	22	Type=notify
	23	Restart=always
	24	RestartSec=0
87a85e25	25	ExecStart=!!@rootlibexecdir@/systemd-timesyncd
0c28d51a	26	WatchdogSec=3min
87a85e25	27	User=systemd-timesync
48d3e88c	28	DynamicUser=yes
87a85e25 YW	29	CapabilityBoundingSet=CAP_SYS_TIME
87a85e25 YW	30	AmbientCapabilities=CAP_SYS_TIME
a349eb10	31	PrivateDevices=yes
1b8689f9	32	ProtectHome=yes
0c28d51a LP	33	ProtectControlGroups=yes
0c28d51a LP	34	ProtectKernelTunables=yes
b6c7278c	35	ProtectKernelModules=yes
40652ca4	36	MemoryDenyWriteExecute=yes
0c28d51a	37	RestrictRealtime=yes
3c19d0b4	38	RestrictNamespaces=yes
0c28d51a	39	RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
2dd79846	40	RuntimeDirectory=systemd/timesync
6489ccfe	41	SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
7f396e5f	42	SystemCallArchitectures=native
bff8f254	43	LockPersonality=yes
53d133ea	44	StateDirectory=systemd/timesync
a91df40e KS	45
a91df40e KS	46	[Install]
ece6e766	47	WantedBy=sysinit.target