Merge pull request #31746 from yuwata/network-unit-hide-boot-and-efi

unit: do not trigger automount for /boot and/or /efi
2026-04-14 00:14:32 +09:00 · 2024-03-13 20:40:07 +08:00
parent 8fb8c037b3 6f9148bab9
commit dd48b6c38f
1 changed files with 2 additions and 1 deletions
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -26,6 +26,8 @@ CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_N
 DeviceAllow=char-* rw
 ExecStart=!!{{LIBEXECDIR}}/systemd-networkd
 FileDescriptorStoreMax=512
+ImportCredential=network.wireguard.*
+InaccessiblePaths=-/boot -/efi
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
@@ -50,7 +52,6 @@ SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service
 Type=notify-reload
 User=systemd-network
-ImportCredential=network.wireguard.*
 {{SERVICE_WATCHDOG}}

 [Install]