faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

examples: improve chronyd service

Browse source 
Allow writing logfiles (enabled by logdir or -l option) to /var/log and
don't require /var/spool to exist.
This commit is contained in:
Miroslav Lichvar 2021-10-04 10:54:40 +02:00
parent 83f96efdfd
commit 76a905d652
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
examples/chronyd.service
View file

@ -33,7 +33,7 @@ ProtectKernelModules=yes
ProtectKernelTunables=yes ProtectKernelTunables=yes
ProtectProc=invisible ProtectProc=invisible
ProtectSystem=strict ProtectSystem=strict
ReadWritePaths=/run /var/lib/chrony ReadWritePaths=/run /var/lib/chrony -/var/log
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=yes RestrictNamespaces=yes
RestrictSUIDSGID=yes RestrictSUIDSGID=yes
@ -42,7 +42,7 @@ SystemCallFilter=~@cpu-emulation @debug @module @mount @obsolete @raw-io @reboot
# Adjust restrictions for /usr/sbin/sendmail (mailonchange directive) # Adjust restrictions for /usr/sbin/sendmail (mailonchange directive)
NoNewPrivileges=no NoNewPrivileges=no
ReadWritePaths=/var/spool ReadWritePaths=-/var/spool
RestrictAddressFamilies=AF_NETLINK RestrictAddressFamilies=AF_NETLINK
[Install] [Install]