diff options
Diffstat (limited to 'units')
| -rw-r--r-- | units/getty@.service.m4 | 6 | ||||
| -rw-r--r-- | units/systemd-nspawn@.service.in | 11 | ||||
| -rw-r--r-- | units/user/graphical-session.target | 13 |
3 files changed, 21 insertions, 9 deletions
diff --git a/units/getty@.service.m4 b/units/getty@.service.m4 index 46164ab9d8..5b82c13fc5 100644 --- a/units/getty@.service.m4 +++ b/units/getty@.service.m4 @@ -20,6 +20,12 @@ After=rc-local.service Before=getty.target IgnoreOnIsolate=yes +# IgnoreOnIsolate causes issues with sulogin, if someone isolates +# rescue.target or starts rescue.service from multi-user.target or +# graphical.target. +Conflicts=rescue.service +Before=rescue.service + # On systems without virtual consoles, don't start any getty. Note # that serial gettys are covered by serial-getty@.service, not this # unit. diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in index ea28941507..c8141639b6 100644 --- a/units/systemd-nspawn@.service.in +++ b/units/systemd-nspawn@.service.in @@ -20,20 +20,13 @@ RestartForceExitStatus=133 SuccessExitStatus=133 Slice=machine.slice Delegate=yes -TasksMax=8192 +TasksMax=16384 # Enforce a strict device policy, similar to the one nspawn configures # when it allocates its own scope unit. Make sure to keep these # policies in sync if you change them! -DevicePolicy=strict -DeviceAllow=/dev/null rwm -DeviceAllow=/dev/zero rwm -DeviceAllow=/dev/full rwm -DeviceAllow=/dev/random rwm -DeviceAllow=/dev/urandom rwm -DeviceAllow=/dev/tty rwm +DevicePolicy=closed DeviceAllow=/dev/net/tun rwm -DeviceAllow=/dev/pts/ptmx rw DeviceAllow=char-pts rw # nspawn itself needs access to /dev/loop-control and /dev/loop, to diff --git a/units/user/graphical-session.target b/units/user/graphical-session.target new file mode 100644 index 0000000000..00d16230b7 --- /dev/null +++ b/units/user/graphical-session.target @@ -0,0 +1,13 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Current graphical user session +Documentation=man:systemd.special(7) +Requires=basic.target +RefuseManualStart=yes +StopWhenUnneeded=yes |