## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC ## See the file COPYING for copying conditions. ## similar file by package apparmor-profile-everything (AAE): ## /lib/systemd/system/sdwdate-aae.service [Unit] Description=Secure Distributed Web Date Documentation=https://www.whonix.org/wiki/sdwdate ConditionPathExists=!/run/qubes/this-is-templatevm ConditionPathExists=!/run/qubes-service/no-sdwdate ## systemd-nspawn does not allow clock to be changed inside the container. ## Quote https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html ## The host's network interfaces and the system clock may not be changed from within the container. ## https://forums.whonix.org/t/bootclockrandomization-always-moving-clock-plus-or-5-seconds/2200/10 ConditionVirtualization=!systemd-nspawn After=network.target Wants=network.target After=rinetd.service After=bootclockrandomization.service After=tor.service After=tor@default.service ## TODO: This can be removed if gets improved to start early enough. After=privleapd.service Conflicts=systemd-timesyncd.service [Service] Type=notify User=sdwdate Group=sdwdate ExecStart=/usr/libexec/sdwdate/sdwdate SuccessExitStatus=143 TimeoutSec=30 WatchdogSec=200m Restart=always ## user `sdwdate` legacy home folder migration ## Allow time for sdwdate.postinst usermod to change sdwdate home update. RestartSec=10s AmbientCapabilities=CAP_SYS_TIME CapabilityBoundingSet=CAP_SYS_TIME ## Sandboxing. ## https://forums.whonix.org/t/apply-systemd-sandboxing-by-default-to-some-services/7590/50 ProtectSystem=strict ReadWriteDirectories=/run/sdwdate/ /var/lib/sdwdate/ ProtectHome=true ProtectKernelTunables=true ProtectKernelModules=true ProtectControlGroups=true ProtectKernelLogs=true ProtectHostname=true ProtectProc=invisible ProcSubset=pid PrivateTmp=true ## PrivateUsers=true PrivateDevices=true NoNewPrivileges=true LockPersonality=true RestrictRealtime=true RestrictSUIDSGID=true RestrictAddressFamilies=AF_UNIX AF_INET RestrictNamespaces=true SystemCallArchitectures=native ## Split into multiple lines to fix lintian warning very-long-line-length-in-source-file. SystemCallFilter=\ wait4 select futex read stat close openat fstat lseek mmap rt_sigaction \ getdents64 mprotect ioctl recvfrom munmap brk rt_sigprocmask fcntl \ getpid write access socket sendto dup2 clone execve getrandom geteuid \ getgid madvise getuid getegid readlink pipe rt_sigreturn connect pipe2 \ prlimit64 set_robust_list dup arch_prctl lstat set_tid_address sysinfo \ sigaltstack rt_sigsuspend shutdown timer_settime mkdir timer_create statfs \ getcwd setpgid setsockopt uname bind getpgrp getppid getpeername chdir poll \ getsockname fadvise64 clock_settime kill getsockopt unlink epoll_create1 \ utimensat mremap prctl sendmsg newfstatat pread64 vfork close_range clone3 \ get_mempolicy set_mempolicy faccessat readlinkat mkdirat dup3 ppoll pselect6 \ unlinkat _llseek send waitpid recv _newselect getpriority faccessat2 epoll_wait \ epoll_ctl tgkill timerfd_create timerfd_settime open [Install] WantedBy=multi-user.target