diff options
Diffstat (limited to 'units')
| -rw-r--r-- | units/.gitignore | 3 | ||||
| -rw-r--r-- | units/systemd-hostnamed.service.in | 2 | ||||
| -rw-r--r-- | units/systemd-importd.service.in | 2 | ||||
| -rw-r--r-- | units/systemd-journal-remote.service.in | 2 | ||||
| -rw-r--r-- | units/systemd-journal-upload.service.in | 2 | ||||
| -rw-r--r-- | units/systemd-journald.service.in | 2 | ||||
| -rw-r--r-- | units/systemd-localed.service.in | 2 | ||||
| -rw-r--r-- | units/systemd-logind.service.in | 2 | ||||
| -rw-r--r-- | units/systemd-machine-id-commit.service.in | 2 | ||||
| -rw-r--r-- | units/systemd-machined.service.in | 2 | ||||
| -rw-r--r-- | units/systemd-networkd.service.m4.in | 2 | ||||
| -rw-r--r-- | units/systemd-networkd.socket | 4 | ||||
| -rw-r--r-- | units/systemd-nspawn@.service.in | 6 | ||||
| -rw-r--r-- | units/systemd-resolved.service.m4.in | 2 | ||||
| -rw-r--r-- | units/systemd-rfkill.service.in (renamed from units/systemd-rfkill@.service.in) | 16 | ||||
| -rw-r--r-- | units/systemd-rfkill.socket | 19 | ||||
| -rw-r--r-- | units/systemd-timedated.service.in | 2 | ||||
| -rw-r--r-- | units/systemd-timesyncd.service.in | 2 | ||||
| -rw-r--r-- | units/systemd-udevd.service.in | 2 | ||||
| -rw-r--r-- | units/tmp.mount.m4 (renamed from units/tmp.mount) | 3 | ||||
| -rw-r--r-- | units/user/exit.target | 3 |
21 files changed, 53 insertions, 29 deletions
diff --git a/units/.gitignore b/units/.gitignore index 049371884a..c89740df05 100644 --- a/units/.gitignore +++ b/units/.gitignore @@ -59,7 +59,7 @@ /systemd-resolved.service /systemd-resolved.service.m4 /systemd-hibernate-resume@.service -/systemd-rfkill@.service +/systemd-rfkill.service /systemd-suspend.service /systemd-sysctl.service /systemd-sysusers.service @@ -78,4 +78,5 @@ /systemd-update-utmp.service /systemd-user-sessions.service /systemd-vconsole-setup.service +/tmp.mount /user@.service diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in index cc88ecd0db..b7079e4a7c 100644 --- a/units/systemd-hostnamed.service.in +++ b/units/systemd-hostnamed.service.in @@ -14,7 +14,7 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/hostnamed ExecStart=@rootlibexecdir@/systemd-hostnamed BusName=org.freedesktop.hostname1 CapabilityBoundingSet=CAP_SYS_ADMIN -WatchdogSec=1min +WatchdogSec=3min PrivateTmp=yes PrivateDevices=yes PrivateNetwork=yes diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in index 403f15316d..d3238cf8f5 100644 --- a/units/systemd-importd.service.in +++ b/units/systemd-importd.service.in @@ -14,5 +14,5 @@ ExecStart=@rootlibexecdir@/systemd-importd BusName=org.freedesktop.import1 CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE NoNewPrivileges=yes -WatchdogSec=1min +WatchdogSec=3min KillMode=mixed diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in index 4a898d62f3..2928a23021 100644 --- a/units/systemd-journal-remote.service.in +++ b/units/systemd-journal-remote.service.in @@ -18,7 +18,7 @@ Group=systemd-journal-remote PrivateTmp=yes PrivateDevices=yes PrivateNetwork=yes -WatchdogSec=10min +WatchdogSec=3min [Install] Also=systemd-journal-remote.socket diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in index b2e3c769cc..a757673a62 100644 --- a/units/systemd-journal-upload.service.in +++ b/units/systemd-journal-upload.service.in @@ -15,7 +15,7 @@ ExecStart=@rootlibexecdir@/systemd-journal-upload \ User=systemd-journal-upload PrivateTmp=yes PrivateDevices=yes -WatchdogSec=20min +WatchdogSec=3min # If there are many split up journal files we need a lot of fds to # access them all and combine diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index a3540c65d2..41bfde5be3 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -22,7 +22,7 @@ RestartSec=0 NotifyAccess=all StandardOutput=null CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE -WatchdogSec=1min +WatchdogSec=3min FileDescriptorStoreMax=1024 # Increase the default a bit in order to allow many simultaneous diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in index bfa097844f..9b13f901a3 100644 --- a/units/systemd-localed.service.in +++ b/units/systemd-localed.service.in @@ -14,7 +14,7 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/localed ExecStart=@rootlibexecdir@/systemd-localed BusName=org.freedesktop.locale1 CapabilityBoundingSet= -WatchdogSec=1min +WatchdogSec=3min PrivateTmp=yes PrivateDevices=yes PrivateNetwork=yes diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in index f087e99ce2..ff049134ee 100644 --- a/units/systemd-logind.service.in +++ b/units/systemd-logind.service.in @@ -24,7 +24,7 @@ Restart=always RestartSec=0 BusName=org.freedesktop.login1 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG -WatchdogSec=1min +WatchdogSec=3min # Increase the default a bit in order to allow many simultaneous # logins since we keep one fd open per session. diff --git a/units/systemd-machine-id-commit.service.in b/units/systemd-machine-id-commit.service.in index cccbf7b626..1f3f5da0f3 100644 --- a/units/systemd-machine-id-commit.service.in +++ b/units/systemd-machine-id-commit.service.in @@ -18,5 +18,5 @@ ConditionPathIsMountPoint=/etc/machine-id [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-machine-id-commit +ExecStart=@rootbindir@/systemd-machine-id-setup --commit TimeoutSec=30s diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in index fb1f383cdc..3710c595ca 100644 --- a/units/systemd-machined.service.in +++ b/units/systemd-machined.service.in @@ -16,7 +16,7 @@ After=machine.slice ExecStart=@rootlibexecdir@/systemd-machined BusName=org.freedesktop.machine1 CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID -WatchdogSec=1min +WatchdogSec=3min # Note that machined cannot be placed in a mount namespace, since it # needs access to the host's mount namespace in order to implement the diff --git a/units/systemd-networkd.service.m4.in b/units/systemd-networkd.service.m4.in index 35be713ade..27d4d58962 100644 --- a/units/systemd-networkd.service.m4.in +++ b/units/systemd-networkd.service.m4.in @@ -30,7 +30,7 @@ ExecStart=@rootlibexecdir@/systemd-networkd CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER ProtectSystem=full ProtectHome=yes -WatchdogSec=1min +WatchdogSec=3min [Install] WantedBy=multi-user.target diff --git a/units/systemd-networkd.socket b/units/systemd-networkd.socket index 8cd7bab67a..9e4e9dd338 100644 --- a/units/systemd-networkd.socket +++ b/units/systemd-networkd.socket @@ -6,7 +6,7 @@ # (at your option) any later version. [Unit] -Description=networkd rtnetlink socket +Description=Network Service Netlink Socket Documentation=man:systemd-networkd.service(8) man:rtnetlink(7) ConditionCapability=CAP_NET_ADMIN DefaultDependencies=no @@ -14,7 +14,7 @@ Before=sockets.target [Socket] ReceiveBuffer=8M -ListenNetlink=route 273 +ListenNetlink=route 1361 PassCredentials=yes [Install] diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in index 6b86e0a7f7..2e79adff44 100644 --- a/units/systemd-nspawn@.service.in +++ b/units/systemd-nspawn@.service.in @@ -35,5 +35,11 @@ DeviceAllow=/dev/net/tun rwm DeviceAllow=/dev/pts/ptmx rw DeviceAllow=char-pts rw +# nspawn itself needs access to /dev/loop-control and /dev/loop, to +# implement the --image= option. Add these here, too. +DeviceAllow=/dev/loop-control rw +DeviceAllow=block-loop rw +DeviceAllow=block-blkext rw + [Install] WantedBy=machines.target diff --git a/units/systemd-resolved.service.m4.in b/units/systemd-resolved.service.m4.in index dce5402458..c674b27ced 100644 --- a/units/systemd-resolved.service.m4.in +++ b/units/systemd-resolved.service.m4.in @@ -23,7 +23,7 @@ ExecStart=@rootlibexecdir@/systemd-resolved CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER ProtectSystem=full ProtectHome=yes -WatchdogSec=1min +WatchdogSec=3min [Install] WantedBy=multi-user.target diff --git a/units/systemd-rfkill@.service.in b/units/systemd-rfkill.service.in index e53bf5fbba..780a19b996 100644 --- a/units/systemd-rfkill@.service.in +++ b/units/systemd-rfkill.service.in @@ -6,18 +6,16 @@ # (at your option) any later version. [Unit] -Description=Load/Save RF Kill Switch Status of %I -Documentation=man:systemd-rfkill@.service(8) +Description=Load/Save RF Kill Switch Status +Documentation=man:systemd-rfkill.service(8) DefaultDependencies=no -BindsTo=sys-subsystem-rfkill-devices-%i.device RequiresMountsFor=/var/lib/systemd/rfkill +BindsTo=sys-devices-virtual-misc-rfkill.device Conflicts=shutdown.target -After=systemd-remount-fs.service -Before=sysinit.target shutdown.target +After=sys-devices-virtual-misc-rfkill.device systemd-remount-fs.service +Before=shutdown.target [Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-rfkill load %I -ExecStop=@rootlibexecdir@/systemd-rfkill save %I +Type=notify +ExecStart=@rootlibexecdir@/systemd-rfkill TimeoutSec=30s diff --git a/units/systemd-rfkill.socket b/units/systemd-rfkill.socket new file mode 100644 index 0000000000..20ae2f8adb --- /dev/null +++ b/units/systemd-rfkill.socket @@ -0,0 +1,19 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load/Save RF Kill Switch Status /dev/rfkill Watch +Documentation=man:systemd-rfkill.socket(8) +DefaultDependencies=no +BindsTo=sys-devices-virtual-misc-rfkill.device +After=sys-devices-virtual-misc-rfkill.device +Conflicts=shutdown.target +Before=shutdown.target + +[Socket] +ListenSpecial=/dev/rfkill +Writable=yes diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in index fe5ccb4601..0c9599db20 100644 --- a/units/systemd-timedated.service.in +++ b/units/systemd-timedated.service.in @@ -14,7 +14,7 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/timedated ExecStart=@rootlibexecdir@/systemd-timedated BusName=org.freedesktop.timedate1 CapabilityBoundingSet=CAP_SYS_TIME -WatchdogSec=1min +WatchdogSec=3min PrivateTmp=yes ProtectSystem=yes ProtectHome=yes diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in index 8219c95a08..a856dad709 100644 --- a/units/systemd-timesyncd.service.in +++ b/units/systemd-timesyncd.service.in @@ -27,7 +27,7 @@ PrivateTmp=yes PrivateDevices=yes ProtectSystem=full ProtectHome=yes -WatchdogSec=1min +WatchdogSec=3min [Install] WantedBy=sysinit.target diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in index e7216d61f2..79f28c87c6 100644 --- a/units/systemd-udevd.service.in +++ b/units/systemd-udevd.service.in @@ -23,4 +23,4 @@ RestartSec=0 ExecStart=@rootlibexecdir@/systemd-udevd MountFlags=slave KillMode=mixed -WatchdogSec=1min +WatchdogSec=3min diff --git a/units/tmp.mount b/units/tmp.mount.m4 index 00a0d28722..6402200c62 100644 --- a/units/tmp.mount +++ b/units/tmp.mount.m4 @@ -19,3 +19,6 @@ What=tmpfs Where=/tmp Type=tmpfs Options=mode=1777,strictatime +m4_ifdef(`HAVE_SMACK', +SmackFileSystemRootLabel=* +)m4_dnl diff --git a/units/user/exit.target b/units/user/exit.target index b0ad24c488..e8148b78c7 100644 --- a/units/user/exit.target +++ b/units/user/exit.target @@ -12,6 +12,3 @@ DefaultDependencies=no Requires=systemd-exit.service After=systemd-exit.service AllowIsolate=yes - -[Install] -Alias=ctrl-alt-del.target |