summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-05-15 18:55:19 +0200
committerLennart Poettering <lennart@poettering.net>2014-05-15 18:55:19 +0200
commite3ad07d21c3592525ee2f4760ea114bbaa9752a9 (patch)
tree50ff74b6eec60e71c46923c75e44b1074a080d87
parent679be2a74241a70028438217bace423a1a45faa6 (diff)
timesyncd: limit capabilities to CAP_SYS_TIME
-rw-r--r--units/systemd-timesyncd.service.in1
1 files changed, 1 insertions, 0 deletions
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index 21015c64b1..e279d1bc29 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -16,6 +16,7 @@ Type=notify
Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-timesyncd
+CapabilityBoundingSet=CAP_SYS_TIME
[Install]
WantedBy=multi-user.target