diff options
| author | Lennart Poettering <lennart@poettering.net> | 2023-01-05 15:35:20 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-01-05 18:52:15 +0100 |
| commit | 116687f26778c5d8f1fceb9b0ebba363a10597bc (patch) | |
| tree | 3514cb8fb28d72896aa6b5434486e4a39b3c23de /units | |
| parent | ea575e176aac9fa8f430bb30a3e8abd8da767a10 (diff) | |
| download | systemd-116687f26778c5d8f1fceb9b0ebba363a10597bc.tar.gz | |
resolved: read DNS conf also from creds and kernel cmdline
Note that this drops ProtectProc=invisible from
systemd-resolved.service.
This is done because othewise access to the booted "kernel" command line is not
necessarily available. That's because in containers we want to read
/proc/1/cmdline for that.
Fixes: #24103
Diffstat (limited to 'units')
| -rw-r--r-- | units/systemd-resolved.service.in | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in index 621fe34224..b4227ffd42 100644 --- a/units/systemd-resolved.service.in +++ b/units/systemd-resolved.service.in @@ -30,7 +30,6 @@ MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes PrivateTmp=yes -ProtectProc=invisible ProtectClock=yes ProtectControlGroups=yes ProtectHome=yes @@ -51,6 +50,8 @@ SystemCallErrorNumber=EPERM SystemCallFilter=@system-service Type=notify User=systemd-resolve +LoadCredential=network.dns +LoadCredential=network.search_domains {{SERVICE_WATCHDOG}} [Install] |