mirror of
https://github.com/systemd/systemd
synced 2024-10-06 16:21:34 +00:00
unit: do not trigger automount for /boot and/or /efi
ProtectSystem=full remounts /boot and/or /efi read-only, but that
may trigger automount for the paths and delay the service being started.
===
systemd[1]: boot.automount: Got automount request for /boot, triggered by 720 ((networkd))
===
The service does not need to access the paths, so let's hide them.
Follow-up for f90eb08627
.
Fixes #31742.
This commit is contained in:
parent
7d6efb777e
commit
6f9148bab9
|
@ -27,6 +27,7 @@ DeviceAllow=char-* rw
|
|||
ExecStart=!!{{LIBEXECDIR}}/systemd-networkd
|
||||
FileDescriptorStoreMax=512
|
||||
ImportCredential=network.wireguard.*
|
||||
InaccessiblePaths=-/boot -/efi
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
NoNewPrivileges=yes
|
||||
|
|
Loading…
Reference in a new issue