1service 2# SPDX-License-Identifier: LGPL-2.1-or-later 3# 4# This file is part of systemd. 5# 6# systemd is free software; you can redistribute it and/or modify it 7# under the terms of the GNU Lesser General Public License as published by 8# the Free Software Foundation; either version 2.1 of the License, or 9# (at your option) any later version. 10 11[Unit] 12Description=Network Name Resolution 13Documentation=man:systemd-resolved.service(8) 14Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved 15Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers 16Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients 17DefaultDependencies=no 18After=systemd-sysusers.service systemd-networkd.service 19Before=network.target nss-lookup.target shutdown.target 20Conflicts=shutdown.target 21Wants=nss-lookup.target 22 23[Service] 24Type=notify 25Restart=always 26RestartSec=0 27ExecStart=!!/usr/lib/systemd/systemd-resolved 28WatchdogSec=3min 29User=systemd-resolve 30CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE 31AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE 32PrivateTmp=yes 33PrivateDevices=yes 34ProtectSystem=strict 35ProtectHome=yes 36ProtectControlGroups=yes 37ProtectKernelTunables=yes 38ProtectKernelModules=yes 39MemoryDenyWriteExecute=yes 40RestrictRealtime=yes 41RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 42SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap 43SystemCallArchitectures=native 44LockPersonality=yes 45RuntimeDirectory=systemd/resolve 46RuntimeDirectoryPreserve=yes 47 48[Install] 49WantedBy=multi-user.target 50Alias=dbus-org.freedesktop.resolve1.service 51