]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 162e0b7)
Revert "resolve: enable DynamicUser= for systemd-resolved.service"
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 19 Sep 2018 08:04:33 +0000 (10:04 +0200)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Thu, 20 Sep 2018 14:52:02 +0000 (16:52 +0200)
This reverts commit 0187368cadea183e18c6d575a9d6b7f491a402af.
(systemd.conf.m4 part was already reverted in 5b5d82615011b9827466b7cd5756da35627a1608.)

src/resolve/resolved-bus.c patch | blob | blame | history
test/networkd-test.py patch | blob | blame | history
units/systemd-resolved.service.in patch | blob | blame | history

diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c
index 3859d41029129998d945946522b94988ae5e49b3..75702d593f41a607c759f38b056400f13cb76f15 100644 (file)
--- a/src/resolve/resolved-bus.c
+++ b/src/resolve/resolved-bus.c
@@ -1920,7 +1920,7 @@ int manager_connect_bus(Manager *m) {
         if (r < 0)
                 return log_error_errno(r, "Failed to register dnssd enumerator: %m");
 
-        r = bus_request_name_async_may_reload_dbus(m->bus, NULL, "org.freedesktop.resolve1", 0, NULL);
+        r = sd_bus_request_name_async(m->bus, NULL, "org.freedesktop.resolve1", 0, NULL, NULL);
         if (r < 0)
                 return log_error_errno(r, "Failed to request name: %m");
 
diff --git a/test/networkd-test.py b/test/networkd-test.py
index 131b48f6118db27fabaf8d4b31b22eb7967b1c10..79d6250cdc49137febf6bb6eaf67477e111070f2 100755 (executable)
--- a/test/networkd-test.py
+++ b/test/networkd-test.py
@@ -67,6 +67,7 @@ def setUpModule():
             tmpmounts.append(d)
     if os.path.isdir('/run/systemd/resolve'):
         os.chmod('/run/systemd/resolve', 0o755)
+        shutil.chown('/run/systemd/resolve', 'systemd-resolve', 'systemd-resolve')
 
     # Avoid "Failed to open /dev/tty" errors in containers.
     os.environ['SYSTEMD_LOG_TARGET'] = 'journal'
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
index 9982ecebffa9a049d11e8f326dc502833ca3c0bd..ef5398cbf072850d69d9559fa0718bc569fc7948 100644 (file)
--- a/units/systemd-resolved.service.in
+++ b/units/systemd-resolved.service.in
@@ -14,7 +14,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved
 Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
 Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
 DefaultDependencies=no
-After=systemd-networkd.service
+After=systemd-sysusers.service systemd-networkd.service
 Before=network.target nss-lookup.target shutdown.target
 Conflicts=shutdown.target
 Wants=nss-lookup.target
@@ -26,10 +26,11 @@ RestartSec=0
 ExecStart=!!@rootlibexecdir@/systemd-resolved
 WatchdogSec=3min
 User=systemd-resolve
-DynamicUser=yes
 CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
+PrivateTmp=yes
 PrivateDevices=yes
+ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelTunables=yes
Unnamed repository; edit this file 'description' to name the repository.