diff options
Diffstat (limited to 'units')
| -rw-r--r-- | units/.gitignore | 1 | ||||
| -rw-r--r-- | units/system.slice | 2 | ||||
| -rw-r--r-- | units/systemd-networkd.socket | 4 | ||||
| -rw-r--r-- | units/systemd-nspawn@.service.in | 7 | ||||
| -rw-r--r-- | units/tmp.mount.m4 (renamed from units/tmp.mount) | 0 | ||||
| -rw-r--r-- | units/user/exit.target | 3 |
6 files changed, 11 insertions, 6 deletions
diff --git a/units/.gitignore b/units/.gitignore index 883f51f73c..c89740df05 100644 --- a/units/.gitignore +++ b/units/.gitignore @@ -78,4 +78,5 @@ /systemd-update-utmp.service /systemd-user-sessions.service /systemd-vconsole-setup.service +/tmp.mount /user@.service diff --git a/units/system.slice b/units/system.slice index c0e3df9d0f..841f049b58 100644 --- a/units/system.slice +++ b/units/system.slice @@ -10,5 +10,5 @@ Description=System Slice Documentation=man:systemd.special(7) DefaultDependencies=no Before=slices.target -Wants=-.slice +Requires=-.slice After=-.slice diff --git a/units/systemd-networkd.socket b/units/systemd-networkd.socket index 8cd7bab67a..9e4e9dd338 100644 --- a/units/systemd-networkd.socket +++ b/units/systemd-networkd.socket @@ -6,7 +6,7 @@ # (at your option) any later version. [Unit] -Description=networkd rtnetlink socket +Description=Network Service Netlink Socket Documentation=man:systemd-networkd.service(8) man:rtnetlink(7) ConditionCapability=CAP_NET_ADMIN DefaultDependencies=no @@ -14,7 +14,7 @@ Before=sockets.target [Socket] ReceiveBuffer=8M -ListenNetlink=route 273 +ListenNetlink=route 1361 PassCredentials=yes [Install] diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in index 6b86e0a7f7..eb10343ac6 100644 --- a/units/systemd-nspawn@.service.in +++ b/units/systemd-nspawn@.service.in @@ -20,6 +20,7 @@ RestartForceExitStatus=133 SuccessExitStatus=133 Slice=machine.slice Delegate=yes +TasksMax=8192 # Enforce a strict device policy, similar to the one nspawn configures # when it allocates its own scope unit. Make sure to keep these @@ -35,5 +36,11 @@ DeviceAllow=/dev/net/tun rwm DeviceAllow=/dev/pts/ptmx rw DeviceAllow=char-pts rw +# nspawn itself needs access to /dev/loop-control and /dev/loop, to +# implement the --image= option. Add these here, too. +DeviceAllow=/dev/loop-control rw +DeviceAllow=block-loop rw +DeviceAllow=block-blkext rw + [Install] WantedBy=machines.target diff --git a/units/tmp.mount b/units/tmp.mount.m4 index 00a0d28722..00a0d28722 100644 --- a/units/tmp.mount +++ b/units/tmp.mount.m4 diff --git a/units/user/exit.target b/units/user/exit.target index b0ad24c488..e8148b78c7 100644 --- a/units/user/exit.target +++ b/units/user/exit.target @@ -12,6 +12,3 @@ DefaultDependencies=no Requires=systemd-exit.service After=systemd-exit.service AllowIsolate=yes - -[Install] -Alias=ctrl-alt-del.target |