2 files changed, 6 insertions, 2 deletions

diff --git a/src/grp-timedate/systemd-timedated/systemd-timedated.service.in b/src/grp-timedate/systemd-timedated/systemd-timedated.service.in
index bc1795d747..e8c4d5ed4b 100644
--- a/src/grp-timedate/systemd-timedated/systemd-timedated.service.in
+++ b/src/grp-timedate/systemd-timedated/systemd-timedated.service.in
@@ -13,10 +13,14 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/timedated
 [Service]
 ExecStart=@rootlibexecdir@/systemd-timedated
 BusName=org.freedesktop.timedate1
-CapabilityBoundingSet=CAP_SYS_TIME
 WatchdogSec=3min
+CapabilityBoundingSet=CAP_SYS_TIME
 PrivateTmp=yes
 ProtectSystem=yes
 ProtectHome=yes
+ProtectControlGroups=yes
+ProtectKernelTunables=yes
 MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RestrictAddressFamilies=AF_UNIX
 SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io
diff --git a/src/grp-timedate/systemd-timedated/timedated.c b/src/grp-timedate/systemd-timedated/timedated.c
index bddaf71cb0..9984a5b4f3 100644
--- a/src/grp-timedate/systemd-timedated/timedated.c
+++ b/src/grp-timedate/systemd-timedated/timedated.c
@@ -637,7 +637,7 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error
                 return r;
 
         c->use_ntp = enabled;
-        log_info("Set NTP to %s", enabled ? "enabled" : "disabled");
+        log_info("Set NTP to %sd", enable_disable(enabled));
 
         (void) sd_bus_emit_properties_changed(sd_bus_message_get_bus(m), "/org/freedesktop/timedate1", "org.freedesktop.timedate1", "NTP", NULL);