mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
Revert "resolve: enable DynamicUser= for systemd-resolved.service"
This reverts commit 0187368cad
.
(systemd.conf.m4 part was already reverted in 5b5d82615011b9827466b7cd5756da35627a1608.)
This commit is contained in:
parent
162e0b75f9
commit
62fb7e80fc
@ -1920,7 +1920,7 @@ int manager_connect_bus(Manager *m) {
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to register dnssd enumerator: %m");
|
||||
|
||||
r = bus_request_name_async_may_reload_dbus(m->bus, NULL, "org.freedesktop.resolve1", 0, NULL);
|
||||
r = sd_bus_request_name_async(m->bus, NULL, "org.freedesktop.resolve1", 0, NULL, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to request name: %m");
|
||||
|
||||
|
@ -67,6 +67,7 @@ def setUpModule():
|
||||
tmpmounts.append(d)
|
||||
if os.path.isdir('/run/systemd/resolve'):
|
||||
os.chmod('/run/systemd/resolve', 0o755)
|
||||
shutil.chown('/run/systemd/resolve', 'systemd-resolve', 'systemd-resolve')
|
||||
|
||||
# Avoid "Failed to open /dev/tty" errors in containers.
|
||||
os.environ['SYSTEMD_LOG_TARGET'] = 'journal'
|
||||
|
@ -14,7 +14,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved
|
||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
|
||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
|
||||
DefaultDependencies=no
|
||||
After=systemd-networkd.service
|
||||
After=systemd-sysusers.service systemd-networkd.service
|
||||
Before=network.target nss-lookup.target shutdown.target
|
||||
Conflicts=shutdown.target
|
||||
Wants=nss-lookup.target
|
||||
@ -26,10 +26,11 @@ RestartSec=0
|
||||
ExecStart=!!@rootlibexecdir@/systemd-resolved
|
||||
WatchdogSec=3min
|
||||
User=systemd-resolve
|
||||
DynamicUser=yes
|
||||
CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
|
||||
AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
ProtectSystem=strict
|
||||
ProtectHome=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelTunables=yes
|
||||
|
Loading…
Reference in New Issue
Block a user