summaryrefslogtreecommitdiff
path: root/units/systemd-logind.service.in
AgeCommit message (Collapse)Author
2015-02-11Revert "units: add SecureBits"Lennart Poettering
This reverts commit 6a716208b346b742053cfd01e76f76fb27c4ea47. Apparently this doesn't work. http://lists.freedesktop.org/archives/systemd-devel/2015-February/028212.html
2015-02-11units: add SecureBitsTopi Miettinen
No setuid programs are expected to be executed, so add SecureBits=noroot noroot-locked to unit files.
2014-11-21Revert "systemd-logind.service: set Type=notify"Lennart Poettering
This reverts commit a4962513c555fe3ac4b5bebf97a71701361a45b0. logind.service is a D-Bus service, hence we should use the dbus name as indication that we are up. Type=dbus is implied if BusName= is specified, as it is in this case. This removes a warning that is printed because a BusName= is specified for a Type=notify unit.
2014-11-19systemd-logind.service: set Type=notifyDave Reisner
The code already calls sd_notify("READY=1"), so we may as well take advantage of the startup behavior in the unit. The same was done for the journal in a87a38c20.
2014-10-09logind: mount per-user tmpfs with 'smackfsroot=*' for smack enabled systemsLukasz Skalski
2014-06-04remove ReadOnlySystem and ProtectedHome from udevd and logindKay Sievers
logind needs access to /run/user/, udevd fails during early boot with these settings
2014-06-03core: add new ReadOnlySystem= and ProtectedHome= settings for service unitsLennart Poettering
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
2014-02-14units: systemd-logind fails hard without dbusZbigniew Jędrzejewski-Szmek
That is, without --enable-kdbus and kdbus running. With --enable-kdbus things are more complicated, because dbus might be necessary, if kdbus is missing at runtime. If it is not necessary, the socket will be started, which is not imporant, but not the service.
2013-12-11event: hook up sd-event with the service watchdog logicLennart Poettering
Adds a new call sd_event_set_watchdog() that can be used to hook up the event loop with the watchdog supervision logic of systemd. If enabled and $WATCHDOG_USEC is set the event loop will ping the invoking systemd daemon right after coming back from epoll_wait() but not more often than $WATCHDOG_USEC/4. The epoll_wait() will sleep no longer than $WATCHDOG_USEC/4*3, to make sure the service manager is called in time. This means that setting WatchdogSec= in a .service file and calling sd_event_set_watchdog() in your daemon is enough to hook it up with the watchdog logic.
2013-10-01logind: run with CAP_SYS_ADMINDavid Herrmann
DRM Master access requires CAP_SYS_ADMIN, yay! Add it to the capability bounding set for systemd-logind. As CAP_SYS_ADMIN actually allows a huge set of actions, this mostly renders the restriction-set useless. Anyway, patches are already pending to reduce the restriction on the kernel side. But these won't really make it into any stable-release so for now we're stuck with CAP_SYS_ADMIN.
2013-07-19units: add references to bus API documentation to logind+machinedLennart Poettering
2013-07-02machined: split out machine registration stuff from logindLennart Poettering
Embedded folks don't need the machine registration stuff, hence it's nice to make this optional. Also, I'd expect that machinectl will grow additional commands quickly, for example to join existing containers and suchlike, hence it's better keeping that separate from loginctl.
2013-06-20logind: add infrastructure to keep track of machines, and move to slicesLennart Poettering
- This changes all logind cgroup objects to use slice objects rather than fixed croup locations. - logind can now collect minimal information about running VMs/containers. As fixed cgroup locations can no longer be used we need an entity that keeps track of machine cgroups in whatever slice they might be located. Since logind already keeps track of users, sessions and seats this is a trivial addition. - nspawn will now register with logind and pass various bits of metadata along. A new option "--slice=" has been added to place the container in a specific slice. - loginctl gained commands to list, introspect and terminate machines. - user.slice and machine.slice will now be pulled in by logind.service, since only logind.service requires this slice.
2012-07-19units: fix section of man page link in systemd-logind.serviceLennart Poettering
https://bugs.freedesktop.org/show_bug.cgi?id=51963
2012-07-18units: don't enforce a holdoff time for journald, logind, udevdLennart Poettering
These services should be restarted as quickly as possible if they fail, and the extra safety net of the holdoff time is not necessary.
2012-06-28units: automatically respawn the core servicesLennart Poettering
2012-06-01man: write man page for systemd-logindLennart Poettering
2012-05-21units: introduce new Documentation= field and make use of it everywhereLennart Poettering
This should help making the boot process a bit easier to explore and understand for the administrator. The simple idea is that "systemctl status" now shows a link to documentation alongside the other status and decriptionary information of a service. This patch adds the necessary fields to all our shipped units if we have proper documentation for them.
2012-05-03units: explicit Type=dbus is now redundantLennart Poettering
2012-04-12relicense to LGPLv2.1 (with exceptions)Lennart Poettering
We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.
2012-04-11units: introduce nss-user-lookup.targetLennart Poettering
This separates user/group NSS lookups from host/network NSS lookups. By default order all network mounts after host/network NSS lookups now, and logind execution after user/group NSS lookups.
2012-01-27logind: add sys_tty_config capability, to let it use VT_ACTIVATE ioctl on ↵Mike Kazantsev
"activate" action
2011-11-09units: drop unnecessary 'StandardOutput=syslog'Michal Schmidt
DefaultStandardOutput is syslog anyway. There's no reason to assume that the administrator would want these units to be excluded when he configures a different DefaultStandardOutput.
2011-10-11units: increase LimitNOFILE a bitLennart Poettering
since we need one fd per session (for logind) and one fd per service (for stdout-syslog-bridge) increase the default rlimit a bit.
2011-06-24logind: add more necessary caps to the serviceLennart Poettering
2011-06-24logind: fix set of capabilitiesLennart Poettering
2011-06-21dbus: add dbus introspection extractionLennart Poettering