unit: do not trigger automount for /boot and/or /efi

ProtectSystem=full remounts /boot and/or /efi read-only, but that may trigger automount for the paths and delay the service being started. === systemd[1]: boot.automount: Got automount request for /boot, triggered by 720 ((networkd)) === The service does not need to access the paths, so let's hide them. Follow-up for f90eb08627. Fixes #31742.
2024-07-09 04:26:06 +00:00 · 2024-03-13 10:15:23 +09:00 · 2024-03-13 10:15:23 +09:00 · 6f9148bab9
commit 6f9148bab9
parent 7d6efb777e
1 changed files with 1 additions and 0 deletions
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@ -27,6 +27,7 @@ DeviceAllow=char-* rw
 ExecStart=!!{{LIBEXECDIR}}/systemd-networkd
 FileDescriptorStoreMax=512
 ImportCredential=network.wireguard.*
+InaccessiblePaths=-/boot -/efi
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes