DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 16:45:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

examples: improve chronyd service

Browse Source 
Allow writing logfiles (enabled by logdir or -l option) to /var/log and
don't require /var/spool to exist.
This commit is contained in:
Miroslav Lichvar
2021-10-04 10:54:40 +02:00
parent 83f96efdfd
commit 76a905d652
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
examples/chronyd.service
View File

@@ -33,7 +33,7 @@ ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
ProtectSystem=strict
ReadWritePaths=/run /var/lib/chrony
ReadWritePaths=/run /var/lib/chrony -/var/log
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=yes
RestrictSUIDSGID=yes
@@ -42,7 +42,7 @@ SystemCallFilter=~@cpu-emulation @debug @module @mount @obsolete @raw-io @reboot
# Adjust restrictions for /usr/sbin/sendmail (mailonchange directive)
NoNewPrivileges=no
ReadWritePaths=/var/spool
ReadWritePaths=-/var/spool
RestrictAddressFamilies=AF_NETLINK
[Install]