summaryrefslogtreecommitdiff
path: root/units/systemd-udevd.service.in
AgeCommit message (Collapse)Author
2016-10-06units: systemd-udevd: add AF_INET and AF_INET6 to RestrictAddressFamilies= ↵Yu Watanabe
(#4296) The udev builtin command `net_setup_link` requires AF_INET and AF_INET6. Fixes #4293.
2016-09-25units: further lock down our long-running servicesLennart Poettering
Let's make this an excercise in dogfooding: let's turn on more security features for all our long-running services. Specifically: - Turn on RestrictRealtime=yes for all of them - Turn on ProtectKernelTunables=yes and ProtectControlGroups=yes for most of them - Turn on RestrictAddressFamilies= for all of them, but different sets of address families for each Also, always order settings in the unit files, that the various sandboxing features are close together. Add a couple of missing, older settings for a numbre of unit files. Note that this change turns off AF_INET/AF_INET6 from udevd, thus effectively turning of networking from udev rule commands. Since this might break stuff (that is already broken I'd argue) this is documented in NEWS.
2016-06-23udev: bump TasksMax to inifinity (#3593)Franck Bui
udevd already limits its number of workers/children: the max number is actually twice the number of CPUs the system is using. (The limit can also be raised with udev.children-max= kernel command line option BTW). On some servers, this limit can easily exceed the maximum number of tasks that systemd put on all services, which is 512 by default. Since udevd has already its limitation logic, simply disable the static limitation done by TasksMax.
2015-09-29units: increase watchdog timeout to 3min for all our servicesLennart Poettering
Apparently, disk IO issues are more frequent than we hope, and 1min waiting for disk IO happens, so let's increase the watchdog timeout a bit, for all our services. See #1353 for an example where this triggers.
2015-05-29udevd: hook up watchdog supportTom Gundersen
We are already sending watchdog notification, this tells PID1 to actually listen for them and restart udevd in case it gets stuck.
2015-04-24units: set KillMode=mixed for our daemons that fork worker processesLennart Poettering
The daemons should really have the time to kill the workers first, before systemd does it, hence use KillMode=mixed for these daemons. https://bugs.freedesktop.org/show_bug.cgi?id=90051
2015-04-03units: move After=systemd-hwdb-update.service dependency from udev to ↵Lennart Poettering
udev-trigger Let's move the hwdb regeneration a bit later. Given that hwdb is non-essential it should be OK to allow udev to run without it until we do the full trigger. http://lists.freedesktop.org/archives/systemd-devel/2015-April/030074.html
2015-03-14units: there is no systemd-udev-hwdb-update.serviceZbigniew Jędrzejewski-Szmek
2014-06-13units: rebuild /etc/passwd, the udev hwdb and the journal catalog files on bootLennart Poettering
Only when necessary of course, nicely guarded with the new ConditionNeedsUpdate= condition we added.
2014-06-04remove ReadOnlySystem and ProtectedHome from udevd and logindKay Sievers
logind needs access to /run/user/, udevd fails during early boot with these settings
2014-06-03core: add new ReadOnlySystem= and ProtectedHome= settings for service unitsLennart Poettering
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
2014-03-20unit: turn off mount propagation for udevdLennart Poettering
Keep mounts done by udev rules private to udevd. Also, document how MountFlags= may be used for this.
2013-07-08static-nodes: move creation of static nodes from udevd to tmpfilesTom Gundersen
As of kmod v14, it is possible to export the static node information from /lib/modules/`uname -r`/modules.devname in tmpfiles.d(5) format. Use this functionality to let systemd-tmpfilesd create the static device nodes at boot, and drop the functionality from systemd-udevd. As an effect of this we can move from systemd-udevd to systemd-tmpfiles-setup-dev: * the conditional CAP_MKNOD (replaced by checking if /sys is mounted rw) * ordering before local-fs-pre.target (see 89d09e1b5c65a2d97840f682e0932c8bb499f166)
2013-03-25units: order all udev services before sysinit.target, tooLennart Poettering
Not that it would matter much, but let's make things a bit more systematic: early boot services shall order themselves before sysinit.target, and nothing else.
2013-03-23udevd: ensure static nodes are created before local-fs mountFrederic Crozat
static nodes (like /dev/loop-control) are created when systemd-udevd is started and needed to mount loopback devices. Therefore, local-fs-pre.target should be only started after systemd-udevd is started.
2013-03-12udevd: sort into sysinit instead of basic targetKay Sievers
2012-07-18units: don't enforce a holdoff time for journald, logind, udevdLennart Poettering
These services should be restarted as quickly as possible if they fail, and the extra safety net of the holdoff time is not necessary.
2012-07-02units: Rename systemd-udev.service to systemd-udevd.serviceColin Guthrie
This naming convention is more inline with other systemd daemon unit names (systemd-logind.service, systemd-localed.service etc) The companion .socket units have also been renamed, however the -trigger and -settle units keep their current name as these are not directly related to daemon process itself.