faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

examples: improve systemd unit files

Browse source 
Add the PrivateTmp, ProtectHome, and ProtectSystem directives to better
secure the system from chronyd. It's taken from the Debian chrony
package.
This commit is contained in:
Miroslav Lichvar 2017-01-30 15:07:48 +01:00
parent d96f49f67d
commit 7b7eb0a6e5
2 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
examples/chrony-wait.service
View file

@ -1,5 +1,6 @@
[Unit] [Unit]
Description=Wait for chrony to synchronize system clock Description=Wait for chrony to synchronize system clock
Documentation=man:chronyc(1)
After=chronyd.service After=chronyd.service
Requires=chronyd.service Requires=chronyd.service
Before=time-sync.target Before=time-sync.target

3
examples/chronyd.service
View file

@ -10,6 +10,9 @@ Type=forking
PIDFile=/var/run/chronyd.pid PIDFile=/var/run/chronyd.pid
EnvironmentFile=-/etc/sysconfig/chronyd EnvironmentFile=-/etc/sysconfig/chronyd
ExecStart=/usr/sbin/chronyd $OPTIONS ExecStart=/usr/sbin/chronyd $OPTIONS
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target