From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 13 Mar 2024 01:15:23 +0000 (+0900)
Subject: unit: do not trigger automount for /boot and/or /efi
X-Git-Tag: v256-rc1~553^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F31746%2Fhead;p=thirdparty%2Fsystemd.git

unit: do not trigger automount for /boot and/or /efi

ProtectSystem=full remounts /boot and/or /efi read-only, but that
may trigger automount for the paths and delay the service being started.
===
systemd[1]: boot.automount: Got automount request for /boot, triggered by 720 ((networkd))
===
The service does not need to access the paths, so let's hide them.

Follow-up for f90eb086270f0aea8efcbff5a5e4c338d178cfd4.

Fixes #31742.
---

diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
index 099e7211e63..bfbc0b193e1 100644
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -27,6 +27,7 @@ DeviceAllow=char-* rw
 ExecStart=!!{{LIBEXECDIR}}/systemd-networkd
 FileDescriptorStoreMax=512
 ImportCredential=network.wireguard.*
+InaccessiblePaths=-/boot -/efi
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes