Merge pull request #14017 from poettering/analyze-calendar-tweaks

[thirdparty/systemd.git] / units / systemd-timesyncd.service.in

diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index 03ade45d0868e57e74614320b3e1e34df13adf23..1a866fcc7a8ea8e76f5db17ebe7545097d8dfd7e 100644 (file)
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -14,9 +14,9 @@ ConditionCapability=CAP_SYS_TIME
 ConditionVirtualization=!container
 DefaultDependencies=no
 After=systemd-remount-fs.service systemd-sysusers.service
-Before=time-sync.target sysinit.target shutdown.target
+Before=time-set.target sysinit.target shutdown.target
 Conflicts=shutdown.target
-Wants=time-sync.target
+Wants=time-set.target time-sync.target
 
 [Service]
 AmbientCapabilities=CAP_SYS_TIME
@@ -29,6 +29,7 @@ PrivateDevices=yes
 PrivateTmp=yes
 ProtectControlGroups=yes
 ProtectHome=yes
+ProtectHostname=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectSystem=strict
@@ -37,6 +38,7 @@ RestartSec=0
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 RestrictNamespaces=yes
 RestrictRealtime=yes
+RestrictSUIDSGID=yes
 RuntimeDirectory=systemd/timesync
 StateDirectory=systemd/timesync
 SystemCallArchitectures=native
@@ -44,7 +46,7 @@ SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service @clock
 Type=notify
 User=systemd-timesync
-WatchdogSec=3min
+@SERVICE_WATCHDOG@
 
 [Install]
 WantedBy=sysinit.target