Revert "timesyncd: enable DynamicUser="

author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Wed, 19 Sep 2018 08:00:09 +0000 (10:00 +0200)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Wed, 19 Sep 2018 08:00:09 +0000 (10:00 +0200)
author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 19 Sep 2018 08:00:09 +0000 (10:00 +0200)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 19 Sep 2018 08:00:09 +0000 (10:00 +0200)
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in

index 7478906ae5db08c8859d1ac483c72182cc99a44b..12f918dd11b4be271ec5d1be78e19afa31edc072 100644 (file)
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -25,10 +25,11 @@ RestartSec=0
  ExecStart=!!@rootlibexecdir@/systemd-timesyncd
  WatchdogSec=3min
  User=systemd-timesync
-DynamicUser=yes
  CapabilityBoundingSet=CAP_SYS_TIME
  AmbientCapabilities=CAP_SYS_TIME
+PrivateTmp=yes
  PrivateDevices=yes
+ProtectSystem=strict
  ProtectHome=yes
  ProtectControlGroups=yes
  ProtectKernelTunables=yes
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Wed, 19 Sep 2018 08:00:09 +0000 (10:00 +0200)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Wed, 19 Sep 2018 08:00:09 +0000 (10:00 +0200)