unit: do not trigger automount for /boot and/or /efi

ProtectSystem=full remounts /boot and/or /efi read-only, but that
may trigger automount for the paths and delay the service being started.
===
systemd[1]: boot.automount: Got automount request for /boot, triggered by 720 ((networkd))
===
The service does not need to access the paths, so let's hide them.

Follow-up for f90eb086270f0aea8efcbff5a5e4c338d178cfd4.

Fixes #31742.

diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
index 099e7211e63c8e6f56e0a5a4917be1c7494dff79..bfbc0b193e143b368d643482ab0237c86533e628 100644 (file)
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -27,6 +27,7 @@ DeviceAllow=char-* rw
 ExecStart=!!{{LIBEXECDIR}}/systemd-networkd
 FileDescriptorStoreMax=512
 ImportCredential=network.wireguard.*
+InaccessiblePaths=-/boot -/efi
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes