This unit is provided by:
Options
-
[Install] -
[Service]-
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE ~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE ~CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_MKNOD CAP_SYS_ADMIN ~CAP_SYS_BOOT CAP_SYS_CHROOT CAP_SYS_MODULE CAP_SYS_PACCT ~CAP_SYS_PTRACE CAP_SYS_RAWIO CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM
-
ConfigurationDirectory=chrony -
DeviceAllow=char-pps rw char-ptp rw char-rtc rw -
DevicePolicy=closed -
EnvironmentFile=-/etc/default/chrony -
ExecStart=!/usr/sbin/chronyd $DAEMON_OPTS -
LockPersonalityIntroduced in systemd 235=yes -
LogsDirectory=chrony -
LogsDirectoryMode=0750 -
MemoryDenyWriteExecuteIntroduced in systemd 231=yes -
NoNewPrivilegesIntroduced in systemd 239=yes no -
PIDFile=/run/chrony/chronyd.pid -
PrivateTmp=yes -
ProcSubsetIntroduced in systemd 247=pid -
ProtectControlGroupsIntroduced in systemd 232=yes -
ProtectHomeIntroduced in systemd 214=yes -
ProtectHostnameIntroduced in systemd 242=yes -
ProtectKernelLogsIntroduced in systemd 244=yes -
ProtectKernelModulesIntroduced in systemd 232=yes -
ProtectKernelTunablesIntroduced in systemd 232=yes -
ProtectProcIntroduced in systemd 247=invisible -
ProtectSystemIntroduced in systemd 214=strict -
ReadWritePaths=/run -/var/spool -
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK -
RestrictNamespacesIntroduced in systemd 233=yes -
RestrictSUIDSGIDIntroduced in systemd 242=yes -
RuntimeDirectory=chrony -
RuntimeDirectoryMode=0700 -
RuntimeDirectoryPreserve=restart -
StateDirectory=chrony -
StateDirectoryMode=0750 -
SystemCallArchitectures=native -
SystemCallFilter=~@cpu-emulation @debug @module @mount @obsolete @raw-io @reboot @swap -
Type=forking -
User=_chrony
-
-
[Unit]-
After=network.target -
Before=time-sync.target -
ConditionCapability=CAP_SYS_TIME -
Conflicts=openntpd.service ntp.service ntpsec.service -
Description=chrony, an NTP client/server -
Documentation=man:chronyd(8) man:chronyc(1) man:chrony.conf(5) -
Wants=time-sync.target
-
Additionnal notes
Nothing here.