From 28a99b8b66ed8874502f528bb44289254c05267c Mon Sep 17 00:00:00 2001
From: Robert Scheck <robert@fedoraproject.org>
Date: Mon, 15 May 2023 21:54:37 +0200
Subject: [PATCH] Drop systemd.unit options unsupported in systemd-239-68.el8_7.4
---
units/systemd-networkd.service.in | 8 ++------
units/systemd-timesyncd.service.in | 4 ----
2 files changed, 2 insertions(+), 10 deletions(-)
diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
index d8b935a..a123f98 100644
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -20,23 +20,19 @@ Wants=systemd-networkd.socket network.target
[Service]
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
-BusName=org.freedesktop.network1
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
DeviceAllow=char-* rw
ExecStart=!!{{ROOTLIBEXECDIR}}/systemd-networkd
+ExecReload=networkctl reload
FileDescriptorStoreMax=512
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
-ProtectProc=invisible
-ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
-ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectSystem=strict
Restart=on-failure
-RestartKillSignal=SIGUSR2
RestartSec=0
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET
RestrictNamespaces=yes
@@ -47,7 +43,7 @@ RuntimeDirectoryPreserve=yes
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service
-Type=notify-reload
+Type=notify
User=systemd-network
{{SERVICE_WATCHDOG}}
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index c606461..5ae8dc5 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -20,7 +20,6 @@ Wants=time-set.target
[Service]
AmbientCapabilities=CAP_SYS_TIME
-BusName=org.freedesktop.timesync1
CapabilityBoundingSet=CAP_SYS_TIME
# Turn off DNSSEC validation for hostname look-ups, since those need the
# correct time to work, but we likely won't acquire that without NTP. Let's
@@ -32,11 +31,8 @@ MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
-ProtectProc=invisible
ProtectControlGroups=yes
ProtectHome=yes
-ProtectHostname=yes
-ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
--
2.31.1