summaryrefslogtreecommitdiff
path: root/units
diff options
context:
space:
mode:
Diffstat (limited to 'units')
-rw-r--r--units/.gitignore3
-rw-r--r--units/exit.target17
-rw-r--r--units/ldconfig.service3
-rw-r--r--units/systemd-bus-proxyd.service.m4.in6
-rw-r--r--units/systemd-exit.service.in (renamed from units/user/systemd-consoled.service.in)12
-rw-r--r--units/systemd-hostnamed.service.in2
-rw-r--r--units/systemd-importd.service.in2
-rw-r--r--units/systemd-journal-remote.service.in2
-rw-r--r--units/systemd-journal-upload.service.in2
-rw-r--r--units/systemd-journald.service.in2
-rw-r--r--units/systemd-localed.service.in2
-rw-r--r--units/systemd-logind.service.in2
-rw-r--r--units/systemd-machine-id-commit.service.in2
-rw-r--r--units/systemd-machined.service.in2
-rw-r--r--units/systemd-networkd.service.m4.in2
-rw-r--r--units/systemd-networkd.socket2
-rw-r--r--units/systemd-nspawn@.service.in7
-rw-r--r--units/systemd-resolved.service.m4.in2
-rw-r--r--units/systemd-rfkill.service.in (renamed from units/systemd-rfkill@.service.in)16
-rw-r--r--units/systemd-rfkill.socket19
-rw-r--r--units/systemd-timedated.service.in2
-rw-r--r--units/systemd-timesyncd.service.in2
-rw-r--r--units/systemd-udevd.service.in2
-rw-r--r--units/user/.gitignore1
-rw-r--r--units/user/systemd-bus-proxyd.service.in1
25 files changed, 82 insertions, 33 deletions
diff --git a/units/.gitignore b/units/.gitignore
index d45492d06b..883f51f73c 100644
--- a/units/.gitignore
+++ b/units/.gitignore
@@ -30,6 +30,7 @@
/systemd-fsck@.service
/systemd-machine-id-commit.service
/systemd-halt.service
+/systemd-exit.service
/systemd-hibernate.service
/systemd-hostnamed.service
/systemd-hybrid-sleep.service
@@ -58,7 +59,7 @@
/systemd-resolved.service
/systemd-resolved.service.m4
/systemd-hibernate-resume@.service
-/systemd-rfkill@.service
+/systemd-rfkill.service
/systemd-suspend.service
/systemd-sysctl.service
/systemd-sysusers.service
diff --git a/units/exit.target b/units/exit.target
new file mode 100644
index 0000000000..f5f953d112
--- /dev/null
+++ b/units/exit.target
@@ -0,0 +1,17 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Exit the container
+Documentation=man:systemd.special(7)
+DefaultDependencies=no
+Requires=systemd-exit.service
+After=systemd-exit.service
+AllowIsolate=yes
+
+[Install]
+Alias=ctrl-alt-del.target
diff --git a/units/ldconfig.service b/units/ldconfig.service
index f9691e2f2d..994edd9908 100644
--- a/units/ldconfig.service
+++ b/units/ldconfig.service
@@ -12,7 +12,8 @@ DefaultDependencies=no
Conflicts=shutdown.target
After=systemd-remount-fs.service
Before=sysinit.target shutdown.target systemd-update-done.service
-ConditionNeedsUpdate=/etc
+ConditionNeedsUpdate=|/etc
+ConditionFileNotEmpty=|!/etc/ld.so.cache
[Service]
Type=oneshot
diff --git a/units/systemd-bus-proxyd.service.m4.in b/units/systemd-bus-proxyd.service.m4.in
index ffaf0bdc87..e75cdb1a59 100644
--- a/units/systemd-bus-proxyd.service.m4.in
+++ b/units/systemd-bus-proxyd.service.m4.in
@@ -10,6 +10,7 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
[Service]
ExecStart=@rootlibexecdir@/systemd-bus-proxyd --address=kernel:path=/sys/fs/kdbus/0-system/bus
+ExecReload=@bindir@/busctl --address=unix:path=/run/dbus/system_bus_socket call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus ReloadConfig
NotifyAccess=main
CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP m4_ifdef(`HAVE_SMACK', CAP_MAC_ADMIN )
PrivateTmp=yes
@@ -17,3 +18,8 @@ PrivateDevices=yes
PrivateNetwork=yes
ProtectSystem=full
ProtectHome=yes
+
+# The proxy manages connections of all users, so it needs an elevated file
+# limit. It does proper per-user accounting (indirectly via kdbus), therefore,
+# the effective per-user limits stay the same.
+LimitNOFILE=16384
diff --git a/units/user/systemd-consoled.service.in b/units/systemd-exit.service.in
index fd7938aa8b..2dbfb36b41 100644
--- a/units/user/systemd-consoled.service.in
+++ b/units/systemd-exit.service.in
@@ -6,10 +6,12 @@
# (at your option) any later version.
[Unit]
-Description=Console Manager and Terminal Emulator
+Description=Exit the Session
+Documentation=man:systemd.special(7)
+DefaultDependencies=no
+Requires=shutdown.target
+After=shutdown.target
[Service]
-Type=notify
-Restart=always
-RestartSec=0
-ExecStart=@rootlibexecdir@/systemd-consoled
+Type=oneshot
+ExecStart=@SYSTEMCTL@ --force exit
diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
index cc88ecd0db..b7079e4a7c 100644
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@@ -14,7 +14,7 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/hostnamed
ExecStart=@rootlibexecdir@/systemd-hostnamed
BusName=org.freedesktop.hostname1
CapabilityBoundingSet=CAP_SYS_ADMIN
-WatchdogSec=1min
+WatchdogSec=3min
PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in
index 403f15316d..d3238cf8f5 100644
--- a/units/systemd-importd.service.in
+++ b/units/systemd-importd.service.in
@@ -14,5 +14,5 @@ ExecStart=@rootlibexecdir@/systemd-importd
BusName=org.freedesktop.import1
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE
NoNewPrivileges=yes
-WatchdogSec=1min
+WatchdogSec=3min
KillMode=mixed
diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in
index 4a898d62f3..2928a23021 100644
--- a/units/systemd-journal-remote.service.in
+++ b/units/systemd-journal-remote.service.in
@@ -18,7 +18,7 @@ Group=systemd-journal-remote
PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
-WatchdogSec=10min
+WatchdogSec=3min
[Install]
Also=systemd-journal-remote.socket
diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in
index b2e3c769cc..a757673a62 100644
--- a/units/systemd-journal-upload.service.in
+++ b/units/systemd-journal-upload.service.in
@@ -15,7 +15,7 @@ ExecStart=@rootlibexecdir@/systemd-journal-upload \
User=systemd-journal-upload
PrivateTmp=yes
PrivateDevices=yes
-WatchdogSec=20min
+WatchdogSec=3min
# If there are many split up journal files we need a lot of fds to
# access them all and combine
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index a3540c65d2..41bfde5be3 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -22,7 +22,7 @@ RestartSec=0
NotifyAccess=all
StandardOutput=null
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
-WatchdogSec=1min
+WatchdogSec=3min
FileDescriptorStoreMax=1024
# Increase the default a bit in order to allow many simultaneous
diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in
index bfa097844f..9b13f901a3 100644
--- a/units/systemd-localed.service.in
+++ b/units/systemd-localed.service.in
@@ -14,7 +14,7 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/localed
ExecStart=@rootlibexecdir@/systemd-localed
BusName=org.freedesktop.locale1
CapabilityBoundingSet=
-WatchdogSec=1min
+WatchdogSec=3min
PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index f087e99ce2..ff049134ee 100644
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -24,7 +24,7 @@ Restart=always
RestartSec=0
BusName=org.freedesktop.login1
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
-WatchdogSec=1min
+WatchdogSec=3min
# Increase the default a bit in order to allow many simultaneous
# logins since we keep one fd open per session.
diff --git a/units/systemd-machine-id-commit.service.in b/units/systemd-machine-id-commit.service.in
index cccbf7b626..1f3f5da0f3 100644
--- a/units/systemd-machine-id-commit.service.in
+++ b/units/systemd-machine-id-commit.service.in
@@ -18,5 +18,5 @@ ConditionPathIsMountPoint=/etc/machine-id
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-machine-id-commit
+ExecStart=@rootbindir@/systemd-machine-id-setup --commit
TimeoutSec=30s
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index fb1f383cdc..3710c595ca 100644
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -16,7 +16,7 @@ After=machine.slice
ExecStart=@rootlibexecdir@/systemd-machined
BusName=org.freedesktop.machine1
CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID
-WatchdogSec=1min
+WatchdogSec=3min
# Note that machined cannot be placed in a mount namespace, since it
# needs access to the host's mount namespace in order to implement the
diff --git a/units/systemd-networkd.service.m4.in b/units/systemd-networkd.service.m4.in
index 35be713ade..27d4d58962 100644
--- a/units/systemd-networkd.service.m4.in
+++ b/units/systemd-networkd.service.m4.in
@@ -30,7 +30,7 @@ ExecStart=@rootlibexecdir@/systemd-networkd
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
ProtectSystem=full
ProtectHome=yes
-WatchdogSec=1min
+WatchdogSec=3min
[Install]
WantedBy=multi-user.target
diff --git a/units/systemd-networkd.socket b/units/systemd-networkd.socket
index 8cd7bab67a..2c20935d83 100644
--- a/units/systemd-networkd.socket
+++ b/units/systemd-networkd.socket
@@ -6,7 +6,7 @@
# (at your option) any later version.
[Unit]
-Description=networkd rtnetlink socket
+Description=Network Service Netlink Socket
Documentation=man:systemd-networkd.service(8) man:rtnetlink(7)
ConditionCapability=CAP_NET_ADMIN
DefaultDependencies=no
diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in
index 074b916d38..03349931d9 100644
--- a/units/systemd-nspawn@.service.in
+++ b/units/systemd-nspawn@.service.in
@@ -13,7 +13,7 @@ Before=machines.target
After=network.target
[Service]
-ExecStart=@bindir@/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth --machine=%I
+ExecStart=@bindir@/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth --settings=override --machine=%I
KillMode=mixed
Type=notify
RestartForceExitStatus=133
@@ -35,5 +35,10 @@ DeviceAllow=/dev/net/tun rwm
DeviceAllow=/dev/pts/ptmx rw
DeviceAllow=char-pts rw
+# nspawn itself needs access to /dev/loop-control and /dev/loop, to
+# implement the --image= option. Add these here, too.
+DeviceAllow=/dev/loop-control rw
+DeviceAllow=block-loop rw
+
[Install]
WantedBy=machines.target
diff --git a/units/systemd-resolved.service.m4.in b/units/systemd-resolved.service.m4.in
index dce5402458..c674b27ced 100644
--- a/units/systemd-resolved.service.m4.in
+++ b/units/systemd-resolved.service.m4.in
@@ -23,7 +23,7 @@ ExecStart=@rootlibexecdir@/systemd-resolved
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
ProtectSystem=full
ProtectHome=yes
-WatchdogSec=1min
+WatchdogSec=3min
[Install]
WantedBy=multi-user.target
diff --git a/units/systemd-rfkill@.service.in b/units/systemd-rfkill.service.in
index e53bf5fbba..780a19b996 100644
--- a/units/systemd-rfkill@.service.in
+++ b/units/systemd-rfkill.service.in
@@ -6,18 +6,16 @@
# (at your option) any later version.
[Unit]
-Description=Load/Save RF Kill Switch Status of %I
-Documentation=man:systemd-rfkill@.service(8)
+Description=Load/Save RF Kill Switch Status
+Documentation=man:systemd-rfkill.service(8)
DefaultDependencies=no
-BindsTo=sys-subsystem-rfkill-devices-%i.device
RequiresMountsFor=/var/lib/systemd/rfkill
+BindsTo=sys-devices-virtual-misc-rfkill.device
Conflicts=shutdown.target
-After=systemd-remount-fs.service
-Before=sysinit.target shutdown.target
+After=sys-devices-virtual-misc-rfkill.device systemd-remount-fs.service
+Before=shutdown.target
[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-rfkill load %I
-ExecStop=@rootlibexecdir@/systemd-rfkill save %I
+Type=notify
+ExecStart=@rootlibexecdir@/systemd-rfkill
TimeoutSec=30s
diff --git a/units/systemd-rfkill.socket b/units/systemd-rfkill.socket
new file mode 100644
index 0000000000..20ae2f8adb
--- /dev/null
+++ b/units/systemd-rfkill.socket
@@ -0,0 +1,19 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Load/Save RF Kill Switch Status /dev/rfkill Watch
+Documentation=man:systemd-rfkill.socket(8)
+DefaultDependencies=no
+BindsTo=sys-devices-virtual-misc-rfkill.device
+After=sys-devices-virtual-misc-rfkill.device
+Conflicts=shutdown.target
+Before=shutdown.target
+
+[Socket]
+ListenSpecial=/dev/rfkill
+Writable=yes
diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in
index fe5ccb4601..0c9599db20 100644
--- a/units/systemd-timedated.service.in
+++ b/units/systemd-timedated.service.in
@@ -14,7 +14,7 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/timedated
ExecStart=@rootlibexecdir@/systemd-timedated
BusName=org.freedesktop.timedate1
CapabilityBoundingSet=CAP_SYS_TIME
-WatchdogSec=1min
+WatchdogSec=3min
PrivateTmp=yes
ProtectSystem=yes
ProtectHome=yes
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index 8219c95a08..a856dad709 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -27,7 +27,7 @@ PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
ProtectHome=yes
-WatchdogSec=1min
+WatchdogSec=3min
[Install]
WantedBy=sysinit.target
diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
index e7216d61f2..79f28c87c6 100644
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -23,4 +23,4 @@ RestartSec=0
ExecStart=@rootlibexecdir@/systemd-udevd
MountFlags=slave
KillMode=mixed
-WatchdogSec=1min
+WatchdogSec=3min
diff --git a/units/user/.gitignore b/units/user/.gitignore
index 6111b10ccf..ce9df9e7e1 100644
--- a/units/user/.gitignore
+++ b/units/user/.gitignore
@@ -1,3 +1,2 @@
/systemd-exit.service
/systemd-bus-proxyd.service
-/systemd-consoled.service
diff --git a/units/user/systemd-bus-proxyd.service.in b/units/user/systemd-bus-proxyd.service.in
index e1e399dc32..6f79707b46 100644
--- a/units/user/systemd-bus-proxyd.service.in
+++ b/units/user/systemd-bus-proxyd.service.in
@@ -10,4 +10,5 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
[Service]
ExecStart=@rootlibexecdir@/systemd-bus-proxyd --address=kernel:path=/sys/fs/kdbus/%U-user/bus
+ExecReload=@bindir@/busctl --address=unix:path=/run/user/%U/bus call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus ReloadConfig
NotifyAccess=main