Add a timeout to early-boot-blocking.serviceearly-boot-fw-timeout

This lets the user boot their system after 60 seconds if the early boot
firewall were to break horribly and stall forever. If the timeout is
reached, the service will show as `failed` by systemd.

The downside of this is that the user risks leakage, but this is
preferable to not being able to boot.

2 files changed, 5 insertions, 0 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d89cf4eec2..2184e816d8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,6 +32,9 @@ Line wrap the file at 100 chars.                                              Th
 #### Linux
 - Change "Go back" keyboard shortcut from `Esc` to `Alt + Left Arrow` or `Alt + [`.
 - Use Wayland by default on Linux if available, otherwise fall back to X11.
+- Add a 60 second timeout to `mullvad-early-boot-blocking.service`. If this service fails badly,
+  we allow the user to boot, at the risk of potentially leaking some traffic before the daemon
+  starts up.
 
 #### macOS
 - Change "Go back" keyboard shortcut from `Esc` to `Cmd + Left Arrow` or `Cmd + [`.
diff --git a/dist-assets/linux/mullvad-early-boot-blocking.service b/dist-assets/linux/mullvad-early-boot-blocking.service
index 466eebb796..20c8992673 100644
--- a/dist-assets/linux/mullvad-early-boot-blocking.service
+++ b/dist-assets/linux/mullvad-early-boot-blocking.service
@@ -11,6 +11,8 @@ Before=basic.target mullvad-daemon.service
 [Service]
 Type=oneshot
 ExecStart=/usr/bin/mullvad-daemon --initialize-early-boot-firewall
+# Ensure we can still boot if the service gets stuck for whatever reason.
+TimeoutStartSec=60
 
 [Install]
 WantedBy=mullvad-daemon.service