mirror of
https://github.com/systemd/systemd
synced 2024-10-06 16:21:34 +00:00
resolve: enable DynamicUser= for systemd-resolved.service
This commit is contained in:
parent
fdff1da299
commit
0187368cad
|
@ -1918,7 +1918,7 @@ int manager_connect_bus(Manager *m) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to register dnssd enumerator: %m");
|
return log_error_errno(r, "Failed to register dnssd enumerator: %m");
|
||||||
|
|
||||||
r = sd_bus_request_name_async(m->bus, NULL, "org.freedesktop.resolve1", 0, NULL, NULL);
|
r = bus_request_name_async_may_reload_dbus(m->bus, NULL, "org.freedesktop.resolve1", 0, NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to request name: %m");
|
return log_error_errno(r, "Failed to request name: %m");
|
||||||
|
|
||||||
|
|
|
@ -9,9 +9,6 @@ g systemd-journal - -
|
||||||
m4_ifdef(`ENABLE_NETWORKD',
|
m4_ifdef(`ENABLE_NETWORKD',
|
||||||
u systemd-network - "systemd Network Management"
|
u systemd-network - "systemd Network Management"
|
||||||
)m4_dnl
|
)m4_dnl
|
||||||
m4_ifdef(`ENABLE_RESOLVE',
|
|
||||||
u systemd-resolve - "systemd Resolver"
|
|
||||||
)m4_dnl
|
|
||||||
m4_ifdef(`ENABLE_COREDUMP',
|
m4_ifdef(`ENABLE_COREDUMP',
|
||||||
u systemd-coredump - "systemd Core Dumper"
|
u systemd-coredump - "systemd Core Dumper"
|
||||||
)m4_dnl
|
)m4_dnl
|
||||||
|
|
|
@ -14,7 +14,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved
|
||||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
|
Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
|
||||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
|
Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
|
||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
After=systemd-sysusers.service systemd-networkd.service
|
After=systemd-networkd.service
|
||||||
Before=network.target nss-lookup.target shutdown.target
|
Before=network.target nss-lookup.target shutdown.target
|
||||||
Conflicts=shutdown.target
|
Conflicts=shutdown.target
|
||||||
Wants=nss-lookup.target
|
Wants=nss-lookup.target
|
||||||
|
@ -26,11 +26,10 @@ RestartSec=0
|
||||||
ExecStart=!!@rootlibexecdir@/systemd-resolved
|
ExecStart=!!@rootlibexecdir@/systemd-resolved
|
||||||
WatchdogSec=3min
|
WatchdogSec=3min
|
||||||
User=systemd-resolve
|
User=systemd-resolve
|
||||||
|
DynamicUser=yes
|
||||||
CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
|
CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
|
||||||
AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
|
AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
|
||||||
PrivateTmp=yes
|
|
||||||
PrivateDevices=yes
|
PrivateDevices=yes
|
||||||
ProtectSystem=strict
|
|
||||||
ProtectHome=yes
|
ProtectHome=yes
|
||||||
ProtectControlGroups=yes
|
ProtectControlGroups=yes
|
||||||
ProtectKernelTunables=yes
|
ProtectKernelTunables=yes
|
||||||
|
|
Loading…
Reference in a new issue