examples: improve chronyd service
Allow writing logfiles (enabled by logdir or -l option) to /var/log and don't require /var/spool to exist.
This commit is contained in:
Miroslav Lichvar
parent
83f96efdfd
commit
76a905d652
1 changed files with 2 additions and 2 deletions
|
|
@ -33,7 +33,7 @@ ProtectKernelModules=yes
|
|||
ProtectKernelTunables=yes
|
||||
ProtectProc=invisible
|
||||
ProtectSystem=strict
|
||||
ReadWritePaths=/run /var/lib/chrony
|
||||
ReadWritePaths=/run /var/lib/chrony -/var/log
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||
RestrictNamespaces=yes
|
||||
RestrictSUIDSGID=yes
|
||||
|
|
@ -42,7 +42,7 @@ SystemCallFilter=~@cpu-emulation @debug @module @mount @obsolete @raw-io @reboot
|
|||
|
||||
# Adjust restrictions for /usr/sbin/sendmail (mailonchange directive)
|
||||
NoNewPrivileges=no
|
||||
ReadWritePaths=/var/spool
|
||||
ReadWritePaths=-/var/spool
|
||||
RestrictAddressFamilies=AF_NETLINK
|
||||
|
||||
[Install]
|
||||
|
|
|
|||
Loading…
Reference in a new issue