From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 6 Oct 2017 07:05:20 +0000 (+0900)
Subject: timesyncd: enable DynamicUser=
X-Git-Tag: v236~340^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48d3e88c18258d423c3953372ec4a2e638ab0422;p=thirdparty%2Fsystemd.git

timesyncd: enable DynamicUser=
---

diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c
index d895aa8cc1b..c026ef79a4a 100644
--- a/src/timesync/timesyncd.c
+++ b/src/timesync/timesyncd.c
@@ -69,7 +69,7 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) {
                 }
 
         } else {
-                r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid, false);
+                r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid, true);
                 if (r < 0)
                         return log_error_errno(r, "Failed to create state directory: %m");
 
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index 8d3f46cf5e2..ed4bc8e552e 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -23,11 +23,10 @@ RestartSec=0
 ExecStart=!!@rootlibexecdir@/systemd-timesyncd
 WatchdogSec=3min
 User=systemd-timesync
+DynamicUser=yes
 CapabilityBoundingSet=CAP_SYS_TIME
 AmbientCapabilities=CAP_SYS_TIME
-PrivateTmp=yes
 PrivateDevices=yes
-ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelTunables=yes