From fc1de713f5b754fb38876b5b797e18f812727f0a Mon Sep 17 00:00:00 2001
From: Kay Sievers <kay.sievers@vrfy.org>
Date: Wed, 23 Mar 2011 16:40:23 +0100
Subject: systemd: bind udev control socket in systemd and split udev.service

We should bind the udev socket from systemd, so we are sure
that the abstract namespace socket is always bound by a root
process and there is never a window during an update where
an untrusted process can steal our socket.

Also split the udev.service file, so that the daemon can be
updated/restarted without triggering any coldplug events.
---
 init/udev-trigger.service.in | 11 +++++++++++
 init/udev.service.in         |  5 +++--
 init/udev.socket             |  5 +++++
 3 files changed, 19 insertions(+), 2 deletions(-)
 create mode 100644 init/udev-trigger.service.in
 create mode 100644 init/udev.socket

(limited to 'init')

diff --git a/init/udev-trigger.service.in b/init/udev-trigger.service.in
new file mode 100644
index 0000000000..0ede3171ea
--- /dev/null
+++ b/init/udev-trigger.service.in
@@ -0,0 +1,11 @@
+[Unit]
+Description=udev Coldplug all Devices
+Requires=udev.service
+After=udev.service
+Before=basic.target
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=@sbindir@/udevadm trigger --type=subsystems --action=add ; @sbindir@/udevadm trigger --type=devices --action=add
diff --git a/init/udev.service.in b/init/udev.service.in
index 908c8e9acc..c02a4b4d85 100644
--- a/init/udev.service.in
+++ b/init/udev.service.in
@@ -1,9 +1,10 @@
 [Unit]
 Description=udev Kernel Device Manager
-DefaultDependencies=no
+Requires=udev.socket
+After=udev.socket
 Before=basic.target
+DefaultDependencies=no
 
 [Service]
 Type=notify
 ExecStart=@sbindir@/udevd
-ExecStartPost=@sbindir@/udevadm trigger --type=subsystems --action=add ; @sbindir@/udevadm trigger --type=devices --action=add
diff --git a/init/udev.socket b/init/udev.socket
new file mode 100644
index 0000000000..324ab47093
--- /dev/null
+++ b/init/udev.socket
@@ -0,0 +1,5 @@
+[Unit]
+Description=udev Kernel Device Manager Socket
+
+[Socket]
+ListenDatagram=@/org/kernel/udev/udevd
-- 
cgit v1.2.3-54-g00ecf