faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

examples: don't set ProcSubset=pid in systemd unit files

Browse source 
This option seems to break detection of the FIPS mode, which is needed
by gnutls.
This commit is contained in:
Miroslav Lichvar 2023-06-15 15:23:40 +02:00
parent 2aefadd129
commit bc76291750
3 changed files with 0 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
examples/chrony-wait.service
View file

@ -25,7 +25,6 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes MemoryDenyWriteExecute=yes
PrivateDevices=yes PrivateDevices=yes
PrivateUsers=yes PrivateUsers=yes
ProcSubset=pid
ProtectClock=yes ProtectClock=yes
ProtectControlGroups=yes ProtectControlGroups=yes
ProtectHome=yes ProtectHome=yes

1
examples/chronyd-restricted.service
View file

@ -36,7 +36,6 @@ PrivateDevices=yes
PrivateTmp=yes PrivateTmp=yes
# This breaks adjtimex() # This breaks adjtimex()
#PrivateUsers=yes #PrivateUsers=yes
ProcSubset=pid
ProtectControlGroups=yes ProtectControlGroups=yes
ProtectHome=yes ProtectHome=yes
ProtectHostname=yes ProtectHostname=yes

1
examples/chronyd.service
View file

@ -24,7 +24,6 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes MemoryDenyWriteExecute=yes
NoNewPrivileges=yes NoNewPrivileges=yes
PrivateTmp=yes PrivateTmp=yes
ProcSubset=pid
ProtectControlGroups=yes ProtectControlGroups=yes
ProtectHome=yes ProtectHome=yes
ProtectHostname=yes ProtectHostname=yes