summaryrefslogtreecommitdiff
path: root/data/templates/chrony
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/chrony')
-rw-r--r--data/templates/chrony/chrony.conf.j23
-rw-r--r--data/templates/chrony/override.conf.j25
2 files changed, 5 insertions, 3 deletions
diff --git a/data/templates/chrony/chrony.conf.j2 b/data/templates/chrony/chrony.conf.j2
index b3bfc8c0c..711bbbec7 100644
--- a/data/templates/chrony/chrony.conf.j2
+++ b/data/templates/chrony/chrony.conf.j2
@@ -40,8 +40,9 @@ user {{ user }}
{% for address in allow_client.address %}
allow {{ address }}
{% endfor %}
-{% endif %}
+{% else %}
deny all
+{% endif %}
{% if listen_address is vyos_defined or interface is vyos_defined %}
# NTP should listen on configured addresses only
diff --git a/data/templates/chrony/override.conf.j2 b/data/templates/chrony/override.conf.j2
index 9eaea7608..0ab8f0824 100644
--- a/data/templates/chrony/override.conf.j2
+++ b/data/templates/chrony/override.conf.j2
@@ -5,6 +5,7 @@ ConditionPathExists={{ config_file }}
After=vyos-router.service
[Service]
+User=root
EnvironmentFile=
ExecStart=
ExecStart={{ vrf_command }}/usr/sbin/chronyd -F 1 -f {{ config_file }}
@@ -13,5 +14,5 @@ PIDFile={{ config_file | replace('.conf', '.pid') }}
Restart=always
RestartSec=10
# Required for VRF support
-ProtectControlGroups=No
-
+ProcSubset=all
+ProtectControlGroups=no
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-03 20:51:16 +0000