mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-03-12 08:58:20 +03:00
d7e9a9a06c
Otherwise, IPv6 enable/disable setting may be changed after resolved is started. (cherry picked from commit 6e6b59ed00332e4d8061b2f0f6bc0945d4fced64) (cherry picked from commit ae2c69e8e61032417ce712ec95df5629c5799d37) (cherry picked from commit 7bca13344f54b0cc810a1ed4559f5104acab23a4) (cherry picked from commit ba530d08bcabc3a0f4a3265243d7777119fef19e)
59 lines
1.8 KiB
SYSTEMD
59 lines
1.8 KiB
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Network Name Resolution
|
|
Documentation=man:systemd-resolved.service(8)
|
|
Documentation=man:org.freedesktop.resolve1(5)
|
|
Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
|
|
Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
|
|
|
|
DefaultDependencies=no
|
|
After=systemd-sysctl.service systemd-sysusers.service
|
|
Before=sysinit.target network.target nss-lookup.target shutdown.target initrd-switch-root.target
|
|
Conflicts=shutdown.target initrd-switch-root.target
|
|
Wants=nss-lookup.target
|
|
|
|
[Service]
|
|
AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
|
|
BusName=org.freedesktop.resolve1
|
|
CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
|
|
ExecStart=!!{{ROOTLIBEXECDIR}}/systemd-resolved
|
|
LockPersonality=yes
|
|
MemoryDenyWriteExecute=yes
|
|
NoNewPrivileges=yes
|
|
PrivateDevices=yes
|
|
PrivateTmp=yes
|
|
ProtectProc=invisible
|
|
ProtectClock=yes
|
|
ProtectControlGroups=yes
|
|
ProtectHome=yes
|
|
ProtectKernelLogs=yes
|
|
ProtectKernelModules=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectSystem=strict
|
|
Restart=always
|
|
RestartSec=0
|
|
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
|
|
RestrictNamespaces=yes
|
|
RestrictRealtime=yes
|
|
RestrictSUIDSGID=yes
|
|
RuntimeDirectory=systemd/resolve
|
|
RuntimeDirectoryPreserve=yes
|
|
SystemCallArchitectures=native
|
|
SystemCallErrorNumber=EPERM
|
|
SystemCallFilter=@system-service
|
|
Type=notify
|
|
User=systemd-resolve
|
|
{{SERVICE_WATCHDOG}}
|
|
|
|
[Install]
|
|
WantedBy=sysinit.target
|
|
Alias=dbus-org.freedesktop.resolve1.service
|