DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 17:35:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

examples: don't set ProcSubset=pid in systemd unit files

Browse Source 
This option seems to break detection of the FIPS mode, which is needed
by gnutls.
This commit is contained in:
Miroslav Lichvar
2023-06-15 15:23:40 +02:00
parent 2aefadd129
commit bc76291750
3 changed files with 0 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
examples/chrony-wait.service
View File

@@ -25,7 +25,6 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes MemoryDenyWriteExecute=yes
PrivateDevices=yes PrivateDevices=yes
PrivateUsers=yes PrivateUsers=yes
ProcSubset=pid
ProtectClock=yes ProtectClock=yes
ProtectControlGroups=yes ProtectControlGroups=yes
ProtectHome=yes ProtectHome=yes

1
examples/chronyd-restricted.service
View File

@@ -36,7 +36,6 @@ PrivateDevices=yes
PrivateTmp=yes PrivateTmp=yes
# This breaks adjtimex() # This breaks adjtimex()
#PrivateUsers=yes #PrivateUsers=yes
ProcSubset=pid
ProtectControlGroups=yes ProtectControlGroups=yes
ProtectHome=yes ProtectHome=yes
ProtectHostname=yes ProtectHostname=yes

1
examples/chronyd.service
View File

@@ -24,7 +24,6 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes MemoryDenyWriteExecute=yes
NoNewPrivileges=yes NoNewPrivileges=yes
PrivateTmp=yes PrivateTmp=yes
ProcSubset=pid
ProtectControlGroups=yes ProtectControlGroups=yes
ProtectHome=yes ProtectHome=yes
ProtectHostname=yes ProtectHostname=yes