mirror of
https://github.com/systemd/systemd.git
synced 2024-12-12 03:33:44 +08:00
a18449b5bd
ProtectHostname= turns off hostname change propagation from host to service. This means for services that care about the hostname and need to be able to notice changes to it it's not suitable (though it is useful for most other cases still). Let's turn it off hence for journald (which logs the current hostname) for networkd (which optionally sends the current hostname to dhcp servers) and resolved (which announces the current hostname via llmnr/mdns).
56 lines
1.9 KiB
SYSTEMD
56 lines
1.9 KiB
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1+
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Network Service
|
|
Documentation=man:systemd-networkd.service(8)
|
|
ConditionCapability=CAP_NET_ADMIN
|
|
DefaultDependencies=no
|
|
# systemd-udevd.service can be dropped once tuntap is moved to netlink
|
|
After=systemd-udevd.service network-pre.target systemd-sysusers.service systemd-sysctl.service
|
|
Before=network.target multi-user.target shutdown.target
|
|
Conflicts=shutdown.target
|
|
Wants=network.target
|
|
|
|
[Service]
|
|
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
|
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
|
|
ExecStart=!!@rootlibexecdir@/systemd-networkd
|
|
LockPersonality=yes
|
|
MemoryDenyWriteExecute=yes
|
|
NoNewPrivileges=yes
|
|
ProtectControlGroups=yes
|
|
ProtectHome=yes
|
|
ProtectKernelModules=yes
|
|
ProtectSystem=strict
|
|
Restart=on-failure
|
|
RestartSec=0
|
|
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET
|
|
RestrictNamespaces=yes
|
|
RestrictRealtime=yes
|
|
RuntimeDirectory=systemd/netif
|
|
RuntimeDirectoryPreserve=yes
|
|
SystemCallArchitectures=native
|
|
SystemCallErrorNumber=EPERM
|
|
SystemCallFilter=@system-service
|
|
Type=notify
|
|
User=systemd-network
|
|
WatchdogSec=3min
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
Also=systemd-networkd.socket
|
|
Alias=dbus-org.freedesktop.network1.service
|
|
|
|
# We want to enable systemd-networkd-wait-online.service whenever this service
|
|
# is enabled. systemd-networkd-wait-online.service has
|
|
# WantedBy=network-online.target, so enabling it only has an effect if
|
|
# network-online.target itself is enabled or pulled in by some other unit.
|
|
Also=systemd-networkd-wait-online.service
|