Difference between revisions of "/lib/systemd/system/systemd-resolved.service"
Jump to navigation
Jump to search
↑ https://wiki.ubuntu.com/DebuggingSystemd
Tags: Mobile web edit, Mobile edit |
|||
| Line 22: | Line 22: | ||
Conflicts=shutdown.target | Conflicts=shutdown.target | ||
Wants=nss-lookup.target | Wants=nss-lookup.target | ||
| + | </pre> | ||
| − | [Service] | + | [Service] |
| − | AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE | + | AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE |
| − | CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE | + | CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE |
| − | ExecStart=!!/lib/systemd/systemd-resolved | + | ExecStart=!!/lib/systemd/systemd-resolved |
| − | LockPersonality=yes | + | LockPersonality=yes |
| − | MemoryDenyWriteExecute=yes | + | MemoryDenyWriteExecute=yes |
| − | NoNewPrivileges=yes | + | NoNewPrivileges=yes |
| − | PrivateDevices=yes | + | PrivateDevices=yes |
| − | PrivateTmp=yes | + | PrivateTmp=yes |
| − | ProtectControlGroups=yes | + | ProtectControlGroups=yes |
| − | ProtectHome=yes | + | ProtectHome=yes |
| − | ProtectKernelModules=yes | + | ProtectKernelModules=yes |
| − | ProtectKernelTunables=yes | + | ProtectKernelTunables=yes |
| − | ProtectKernelLogs=yes | + | ProtectKernelLogs=yes |
| − | ProtectSystem=strict | + | ProtectSystem=strict |
| − | Restart=always | + | Restart=always |
| − | RestartSec=0 | + | RestartSec=0 |
| − | RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 | + | RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 |
| − | RestrictNamespaces=yes | + | RestrictNamespaces=yes |
| − | RestrictRealtime=yes | + | RestrictRealtime=yes |
| − | RestrictSUIDSGID=yes | + | RestrictSUIDSGID=yes |
| − | RuntimeDirectory=systemd/resolve | + | RuntimeDirectory=systemd/resolve |
| − | RuntimeDirectoryPreserve=yes | + | RuntimeDirectoryPreserve=yes |
| − | SystemCallArchitectures=native | + | SystemCallArchitectures=native |
| − | SystemCallErrorNumber=EPERM | + | SystemCallErrorNumber=EPERM |
| − | SystemCallFilter=@system-service | + | SystemCallFilter=@system-service |
| − | Type=notify | + | Type=notify |
| − | User=systemd-resolve | + | User=systemd-resolve |
| − | WatchdogSec=3min | + | WatchdogSec=3min |
| + | <pre> | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
Latest revision as of 07:56, 24 October 2023
/lib/systemd/system/systemd-resolved.service
# SPDX-License-Identifier: LGPL-2.1+ # # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. [Unit] Description=Network Name Resolution Documentation=man:systemd-resolved.service(8) Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients DefaultDependencies=no After=systemd-sysusers.service systemd-networkd.service Before=network.target nss-lookup.target shutdown.target Conflicts=shutdown.target Wants=nss-lookup.target
[Service] AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE ExecStart=!!/lib/systemd/systemd-resolved LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectKernelLogs=yes ProtectSystem=strict Restart=always RestartSec=0 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes RuntimeDirectory=systemd/resolve RuntimeDirectoryPreserve=yes SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service Type=notify User=systemd-resolve WatchdogSec=3min
[Install] WantedBy=multi-user.target Alias=dbus-org.freedesktop.resolve1.service
See also[edit]
- Systemd:
systemctl,systemd-journald,journalctlsystemd-cat,systemd-logind,systemd-networkd:networkctl,systemd-timesyncd,systemd-resolved,systemd-udevd[1],Systemd-logind: loginctl,hostnamectl,udevadm,systemd-run,portablectl,systemd-nspawn, systemd resource management, Timer (systemd), systemd logs,/etc/systemd/, systemd services,systemd-mount,/run/systemd/,.service,/usr/lib/systemd/,/usr/lib/systemd/system/,/usr/lib/systemd/system/systemd-resolved.service,/lib/systemd/, machinectl, systemd-oomd, systemd-analyze
Advertising:
