systemd-oomd: service files

This commit is contained in:
Anita Zhang 2020-06-19 11:41:03 -07:00
parent 5c616ecfcd
commit 87e2bafff9
5 changed files with 76 additions and 0 deletions

View File

@ -26,6 +26,9 @@ if conf.get('ENABLE_OOMD') == 1
install_data('org.freedesktop.oom1.conf',
install_dir : dbuspolicydir)
install_data('org.freedesktop.oom1.service',
install_dir : dbussystemservicedir)
install_data('oomd.conf',
install_dir : pkgsysconfdir)
endif

View File

@ -0,0 +1,14 @@
# SPDX-License-Identifier: LGPL-2.1+
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[D-BUS Service]
Name=org.freedesktop.oom1
Exec=/bin/false
User=root
SystemdService=dbus-org.freedesktop.oom1.service

View File

@ -9,6 +9,9 @@ g systemd-journal - -
m4_ifdef(`ENABLE_NETWORKD',
u systemd-network - "systemd Network Management"
)m4_dnl
m4_ifdef(`ENABLE_OOMD',
u systemd-oom - "systemd Userspace OOM Killer"
)m4_dnl
m4_ifdef(`ENABLE_RESOLVE',
u systemd-resolve - "systemd Resolver"
)m4_dnl

View File

@ -201,6 +201,7 @@ in_units = [
['systemd-networkd.service', 'ENABLE_NETWORKD'],
['systemd-networkd-wait-online.service', 'ENABLE_NETWORKD'],
['systemd-nspawn@.service', ''],
['systemd-oomd.service', 'ENABLE_OOMD'],
['systemd-portabled.service', 'ENABLE_PORTABLED',
'dbus-org.freedesktop.portable1.service'],
['systemd-userdbd.service', 'ENABLE_USERDB'],

View File

@ -0,0 +1,55 @@
# SPDX-License-Identifier: LGPL-2.1+
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Userspace Out-Of-Memory (OOM) Killer
Documentation=man:systemd-oomd.service(8)
ConditionCapability=CAP_KILL
DefaultDependencies=no
Before=multi-user.target shutdown.target
Conflicts=shutdown.target
[Service]
AmbientCapabilities=CAP_KILL CAP_DAC_OVERRIDE
BusName=org.freedesktop.oom1
CapabilityBoundingSet=CAP_KILL CAP_DAC_OVERRIDE
ExecStart=@rootlibexecdir@/systemd-oomd
IPAddressDeny=any
LockPersonality=yes
MemoryDenyWriteExecute=yes
# Reserve some minimum amount of memory so that systemd-oomd can continue to
# run in resource starved scenarios.
MemoryMin=64M
MemoryLow=64M
NoNewPrivileges=yes
OOMScoreAdjust=-900
PrivateDevices=yes
PrivateTmp=yes
ProtectClock=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
Restart=on-failure
RestrictAddressFamilies=AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service
Type=notify
User=systemd-oom
@SERVICE_WATCHDOG@
[Install]
WantedBy=multi-user.target
Alias=dbus-org.freedesktop.oom1.service