# SPDX-License-Identifier: LGPL-2.1+ # # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. [Unit] Description=Network Time Synchronization Documentation=man:systemd-timesyncd.service(8) ConditionCapability=CAP_SYS_TIME ConditionVirtualization=!container DefaultDependencies=no After=systemd-sysusers.service Before=time-set.target sysinit.target shutdown.target Conflicts=shutdown.target Wants=time-set.target time-sync.target [Service] AmbientCapabilities=CAP_SYS_TIME CapabilityBoundingSet=CAP_SYS_TIME ExecStart=!!/lib/systemd/systemd-timesyncd LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes ProtectHostname=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectKernelLogs=yes ProtectSystem=strict Restart=always RestartSec=0 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes RuntimeDirectory=systemd/timesync StateDirectory=systemd/timesync SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service @clock Type=notify User=systemd-timesync WatchdogSec=3min [Install] WantedBy=sysinit.target Alias=dbus-org.freedesktop.timesync1.service