From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Wed, 19 Sep 2018 08:00:09 +0000 (+0200)
Subject: Revert "timesyncd: enable DynamicUser="
X-Git-Tag: v240~627^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=162e0b75f9c9f698f94c228c2f9148120f03e9a2;p=thirdparty%2Fsystemd.git

Revert "timesyncd: enable DynamicUser="

This reverts commit 48d3e88c18258d423c3953372ec4a2e638ab0422.

I kept the follow-symlink=false → follow-symlink=true change instact, since
we're likely to have existing installations with a symlink now.
---

diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index 7478906ae5d..12f918dd11b 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -25,10 +25,11 @@ RestartSec=0
 ExecStart=!!@rootlibexecdir@/systemd-timesyncd
 WatchdogSec=3min
 User=systemd-timesync
-DynamicUser=yes
 CapabilityBoundingSet=CAP_SYS_TIME
 AmbientCapabilities=CAP_SYS_TIME
+PrivateTmp=yes
 PrivateDevices=yes
+ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelTunables=yes