| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- # SPDX-License-Identifier: LGPL-2.1+
- #
- # This file is part of systemd.
- #
- # systemd is free software; you can redistribute it and/or modify it
- # under the terms of the GNU Lesser General Public License as published by
- # the Free Software Foundation; either version 2.1 of the License, or
- # (at your option) any later version.
- [Unit]
- Description=Network Name Resolution
- Documentation=man:systemd-resolved.service(8)
- Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved
- Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
- Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
- DefaultDependencies=no
- After=systemd-sysusers.service systemd-networkd.service
- Before=network.target nss-lookup.target shutdown.target
- Conflicts=shutdown.target
- Wants=nss-lookup.target
- [Service]
- AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
- CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
- ExecStart=!!/lib/systemd/systemd-resolved
- LockPersonality=yes
- MemoryDenyWriteExecute=yes
- NoNewPrivileges=yes
- PrivateDevices=yes
- PrivateTmp=yes
- ProtectControlGroups=yes
- ProtectHome=yes
- ProtectKernelModules=yes
- ProtectKernelTunables=yes
- ProtectKernelLogs=yes
- ProtectSystem=strict
- Restart=always
- RestartSec=0
- RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
- RestrictNamespaces=yes
- RestrictRealtime=yes
- RestrictSUIDSGID=yes
- RuntimeDirectory=systemd/resolve
- RuntimeDirectoryPreserve=yes
- SystemCallArchitectures=native
- SystemCallErrorNumber=EPERM
- SystemCallFilter=@system-service
- Type=notify
- User=systemd-resolve
- WatchdogSec=3min
- [Install]
- WantedBy=multi-user.target
- Alias=dbus-org.freedesktop.resolve1.service
|
