picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into journal

This commit is contained in:
Lennart Poettering 2011-10-12 04:29:11 +02:00
parent cec736d21f 64685e0cea
commit 689b9a22f7
34 changed files with 273 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile.am
View File

@ -20,7 +20,7 @@ ACLOCAL_AMFLAGS = -I m4
SUBDIRS = po
LIBSYSTEMD_LOGIN_CURRENT=0
LIBSYSTEMD_LOGIN_REVISION=5
LIBSYSTEMD_LOGIN_REVISION=6
LIBSYSTEMD_LOGIN_AGE=0
LIBSYSTEMD_DAEMON_CURRENT=0
@ -341,7 +341,9 @@ dist_systemunit_DATA = \
units/halt.target \
units/kexec.target \
units/local-fs.target \
units/local-fs-pre.target \
units/remote-fs.target \
units/remote-fs-pre.target \
units/cryptsetup.target \
units/network.target \
units/nss-lookup.target \

7
TODO
View File

@ -19,7 +19,12 @@ Bugfixes:
Features:
* bind mounts should be ordered after remount-root-fs.service
* unset container= in PID1?
* if we can not get user quota for tmpfs, mount a separate tmpfs instance
for every user in /run/user/$USER with a configured maximum size
* default to actual 32bit PIDs, via /proc/sys/kernel/pid_max
* add an option to make mounts private/shareable and so on, enable this for root by default

2
configure.ac
View File

@ -17,7 +17,7 @@
AC_PREREQ(2.63)
AC_INIT([systemd],[36],[systemd-devel@lists.freedesktop.org])
AC_INIT([systemd],[37],[systemd-devel@lists.freedesktop.org])
AC_CONFIG_SRCDIR([src/main.c])
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h])

7
man/systemctl.xml
View File

@ -602,6 +602,13 @@
command.</para></listitem>
</varlistentry>
<varlistentry>
<term><command>list-unit-files</command></term>
<listitem><para>List installed unit files.
</para></listitem>
</varlistentry>
<varlistentry>
<term><command>enable [NAME...]</command></term>

5
man/systemd.exec.xml
View File

@ -279,6 +279,11 @@
assignments. Empty lines and lines
starting with ; or # will be ignored,
which may be used for commenting. The
parser strips leading and
trailing whitespace from the values
of assignments, unless you use
double quotes (").
The
argument passed should be an absolute
file name, optionally prefixed with
"-", which indicates that if the file

36
man/systemd.service.xml
View File

@ -311,20 +311,28 @@
main process of the daemon. The
command line accepts % specifiers as
described in
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. On
top of that basic environment variable
substitution is supported, where
<literal>${FOO}</literal> is replaced
by the string value of the environment
variable of the same name. Also
<literal>$FOO</literal> may appear as
separate word on the command line in
which case the variable is replaced by
its value split at whitespaces. Note
that the first argument (i.e. the
binary to execute) may not be a
variable, and must be a literal and
absolute path name.</para></listitem>
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
<para>On top of that basic environment
variable substitution is
supported. Use
<literal>${FOO}</literal> as part of a
word, or as word of its own on the
command line, in which case it will be
replaced by the value of the
environment variable including all
whitespace it contains, resulting in a
single argument. Use
<literal>$FOO</literal> as a separate
word on the command line, in which
case it will be replaced by the value
of the environment variable split up
at whitespace, resulting in no or more
arguments. Note that the first
argument (i.e. the program to execute)
may not be a variable, and must be a
literal and absolute path
name.</para></listitem>
</varlistentry>
<varlistentry>

26
man/systemd.special.xml.in
View File

@ -59,6 +59,7 @@
<filename>halt.target</filename>,
<filename>kbrequest.target</filename>,
<filename>local-fs.target</filename>,
<filename>local-fs-pre.target</filename>,
<filename>mail-transfer-agent.target</filename>,
<filename>multi-user.target</filename>,
<filename>network.target</filename>,
@ -66,6 +67,7 @@
<filename>poweroff.target</filename>,
<filename>reboot.target</filename>,
<filename>remote-fs.target</filename>,
<filename>remote-fs-pre.target</filename>,
<filename>rescue.target</filename>,
<filename>rpcbind.target</filename>,
<filename>runlevel2.target</filename>,
@ -260,6 +262,18 @@
facility.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>local-fs-pre.target</filename></term>
<listitem>
<para>This target unit is
automatically ordered before
all local mount points marked
with <option>auto</option>
(see above). It can be used to
execute certain units before
all local mounts.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>mail-transfer-agent.target</filename></term>
<listitem>
@ -373,6 +387,18 @@
facility.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>remote-fs-pre.target</filename></term>
<listitem>
<para>This target unit is
automatically ordered before
all remote mount points marked
with <option>auto</option>
(see above). It can be used to
execute certain units before
all remote mounts.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>rescue.target</filename></term>
<listitem>

29
man/systemd.unit.xml
View File

@ -121,8 +121,9 @@
<para>If a line starts with <option>.include</option>
followed by a file name, the specified file will be
read as if its contents were listed in place of the
<option>.include</option> directive.</para>
parsed at this point. Make sure that the file that is
included has the appropiate section headers before
any directives.</para>
<para>Along with a unit file
<filename>foo.service</filename> a directory
@ -672,6 +673,7 @@
<term><varname>ConditionKernelCommandLine=</varname></term>
<term><varname>ConditionVirtualization=</varname></term>
<term><varname>ConditionSecurity=</varname></term>
<term><varname>ConditionCapability=</varname></term>
<term><varname>ConditionNull=</varname></term>
<listitem><para>Before starting a unit
@ -748,9 +750,9 @@
value to check if being executed in
any virtualized environment, or one of
<varname>vm</varname> and
<varname>container</varname> to test against
a specific type of virtualization
solution, or one of
<varname>container</varname> to test
against a specific type of
virtualization solution, or one of
<varname>qemu</varname>,
<varname>kvm</varname>,
<varname>vmware</varname>,
@ -774,7 +776,19 @@
system. Currently the only recognized
value is <varname>selinux</varname>.
The test may be negated by prepending
an exclamation mark. Finally,
an exclamation
mark. <varname>ConditionCapability=</varname>
may be used to check whether the given
capability exists in the capability
bounding set of the service manager
(i.e. this does not check whether
capability is actually available in
the permitted or effective sets, see
<citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details). Pass a capability name
such as <literal>CAP_MKNOD</literal>,
possibly prefixed with an exclamation
mark to negate the check. Finally,
<varname>ConditionNull=</varname> may
be used to add a constant condition
check value to the unit. It takes a
@ -931,7 +945,8 @@
<citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.snapshot</refentrytitle><manvolnum>5</manvolnum></citerefentry>
<citerefentry><refentrytitle>systemd.snapshot</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para>
</refsect1>

10
po/pl.po
View File

@ -53,7 +53,7 @@ msgstr "Ustawienie lokalizacji systemu"
#: ../src/org.freedesktop.login1.policy.in.h:1
msgid "Allow attaching devices to seats"
msgstr "Zezwolenie na podłączanie urządzeń do siedzeń"
msgstr "Zezwolenie na podłączanie urządzeń do stanowisk"
#: ../src/org.freedesktop.login1.policy.in.h:2
msgid "Allow non-logged-in users to run programs"
@ -69,8 +69,8 @@ msgstr ""
#: ../src/org.freedesktop.login1.policy.in.h:4
msgid "Authentication is required to allow attaching a device to a seat"
msgstr ""
"Wymagane jest uwierzytelnienie, aby zezwolić na podłączanie urządzeń do "
"siedzeń"
"Wymagane jest uwierzytelnienie, aby zezwolić na podłączenie urządzenia do "
"stanowiska"
#: ../src/org.freedesktop.login1.policy.in.h:5
msgid "Authentication is required to allow powering off the system"
@ -103,11 +103,11 @@ msgid ""
"seats"
msgstr ""
"Wymagane jest uwierzytelnienie, aby zezwolić na ponowne ustawianie sposobu "
"podłączenia urządzeń do siedzeń"
"podłączenia urządzeń do stanowisk"
#: ../src/org.freedesktop.login1.policy.in.h:10
msgid "Flush device to seat attachments"
msgstr "Czyszczenie podłączeń urządzeń do siedzeń"
msgstr "Usunięcie podłączenia urządzeń do stanowisk"
#: ../src/org.freedesktop.login1.policy.in.h:11
msgid "Power off the system"

36
src/condition.c
View File

@ -23,6 +23,7 @@
#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <sys/capability.h>
#ifdef HAVE_SELINUX
#include <selinux/selinux.h>
@ -148,7 +149,7 @@ static bool test_virtualization(const char *parameter) {
return true;
/* Finally compare id */
return streq(parameter, id);
return v > 0 && streq(parameter, id);
}
static bool test_security(const char *parameter) {
@ -159,6 +160,36 @@ static bool test_security(const char *parameter) {
return false;
}
static bool test_capability(const char *parameter) {
cap_value_t value;
FILE *f;
char line[LINE_MAX];
unsigned long long capabilities = (unsigned long long) -1;
/* If it's an invalid capability, we don't have it */
if (cap_from_name(parameter, &value) < 0)
return false;
/* If it's a valid capability we default to assume
* that we have it */
f = fopen("/proc/self/status", "re");
if (!f)
return true;
while (fgets(line, sizeof(line), f)) {
truncate_nl(line);
if (startswith(line, "CapBnd:")) {
(void) sscanf(line+7, "%llx", &capabilities);
break;
}
}
return !!(capabilities & (1ULL << value));
}
bool condition_test(Condition *c) {
assert(c);
@ -214,6 +245,9 @@ bool condition_test(Condition *c) {
case CONDITION_SECURITY:
return test_security(c->parameter) == !c->negate;
case CONDITION_CAPABILITY:
return test_capability(c->parameter) == !c->negate;
case CONDITION_NULL:
return !c->negate;

1
src/condition.h
View File

@ -37,6 +37,7 @@ typedef enum ConditionType {
CONDITION_KERNEL_COMMAND_LINE,
CONDITION_VIRTUALIZATION,
CONDITION_SECURITY,
CONDITION_CAPABILITY,
CONDITION_NULL,
_CONDITION_TYPE_MAX,
_CONDITION_TYPE_INVALID = -1

7
src/execute.c
View File

@ -895,12 +895,9 @@ static int do_capability_bounding_set_drop(uint64_t drop) {
}
}
for (i = 0; i <= MAX(63LU, (unsigned long) CAP_LAST_CAP); i++)
for (i = 0; i <= cap_last_cap(); i++)
if (drop & ((uint64_t) 1ULL << (uint64_t) i)) {
if (prctl(PR_CAPBSET_DROP, i) < 0) {
if (errno == EINVAL)
break;
r = -errno;
goto finish;
}
@ -1720,7 +1717,7 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
unsigned long l;
fprintf(f, "%sCapabilityBoundingSet:", prefix);
for (l = 0; l <= (unsigned long) CAP_LAST_CAP; l++)
for (l = 0; l <= cap_last_cap(); l++)
if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
char *t;

42
src/generate-kbd-model-map
View File

@ -1,49 +1,33 @@
#!/usr/bin/python
import system_config_keyboard.keyboard_models, sys
import sys
import system_config_keyboard.keyboard_models
def strdash(s):
r = s.strip()
if r == "":
return "-"
return r
def tab_extend(s, n = 1):
return s.strip() or '-'
def tab_extend(s, n=1):
s = strdash(s)
k = len(s) / 8
k = len(s) // 8
if k >= n:
f = 1
else:
f = n - k
for x in range(0, f):
s = s + "\t"
return s
return s + '\t'*f
models = system_config_keyboard.keyboard_models.KeyboardModels().get_models()
print "# Generated from system-config-keyboard's model list"
print "# consolelayout\t\txlayout\txmodel\t\txvariant\txoptions"
k = models.keys()
for key, value in reversed(models.items()):
options = "terminate:ctrl_alt_bksp"
if value[4]:
options += ',' + value[4]
k.reverse()
for key in k:
value = models[key]
options = value[4]
if len(options) > 0:
options = "terminate:ctrl_alt_bksp," + options
else:
options = "terminate:ctrl_alt_bksp"
print "%s%s%s%s%s" % (tab_extend(key, 3), tab_extend(value[1]), tab_extend(value[2], 2), tab_extend(value[3], 2), options)
print ''.join((tab_extend(key, 3), tab_extend(value[1]),
tab_extend(value[2], 2), tab_extend(value[3], 2),
options))

4
src/hostname-setup.c
View File

@ -32,7 +32,7 @@
#if defined(TARGET_FEDORA) || defined(TARGET_ALTLINUX) || defined(TARGET_MANDRIVA) || defined(TARGET_MEEGO)
#define FILENAME "/etc/sysconfig/network"
#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) || defined(TARGET_FRUGALWARE)
#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE)
#define FILENAME "/etc/HOSTNAME"
#elif defined(TARGET_ARCH)
#define FILENAME "/etc/rc.conf"
@ -114,7 +114,7 @@ finish:
fclose(f);
return r;
#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) || defined(TARGET_FRUGALWARE)
#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE)
return read_and_strip_hostname(FILENAME, hn);
#else
return -ENOENT;

1
src/load-fragment-gperf.gperf.m4
View File

@ -119,6 +119,7 @@ Unit.ConditionFileIsExecutable, config_parse_unit_condition_path, CONDITION_F
Unit.ConditionKernelCommandLine, config_parse_unit_condition_string, CONDITION_KERNEL_COMMAND_LINE, 0
Unit.ConditionVirtualization, config_parse_unit_condition_string, CONDITION_VIRTUALIZATION, 0
Unit.ConditionSecurity, config_parse_unit_condition_string, CONDITION_SECURITY, 0
Unit.ConditionCapability, config_parse_unit_condition_string, CONDITION_CAPABILITY, 0
Unit.ConditionNull, config_parse_unit_condition_null, 0, 0
m4_dnl
Service.PIDFile, config_parse_unit_path_printf, 0, offsetof(Service, pid_file)

8
src/localed.c
View File

@ -574,6 +574,10 @@ static int write_data_x11(void) {
#ifdef TARGET_FEDORA
unlink("/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");
/* Symlink this to /dev/null, so that s-s-k (if it is
* still running) doesn't recreate this. */
symlink("/dev/null", "/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");
#endif
if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0)
@ -619,6 +623,10 @@ static int write_data_x11(void) {
#ifdef TARGET_FEDORA
unlink("/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");
/* Symlink this to /dev/null, so that s-s-k (if it is
* still running) doesn't recreate this. */
symlink("/dev/null", "/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");
#endif
r = 0;

7
src/logind-dbus.c
View File

@ -973,8 +973,11 @@ static DBusHandlerResult manager_message_handler(
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "CreateSession")) {
r = bus_manager_create_session(m, message, &reply);
if (r == -ENOMEM)
goto oom;
/* Don't delay the work on OOM here, since it might be
* triggered by a low RLIMIT_NOFILE here (since we
* send a dupped fd to the client), and we'd rather
* see this fail quickly then be retried later */
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);

6
src/mount.c
View File

@ -357,9 +357,11 @@ static int mount_add_fstab_links(Mount *m) {
if (mount_is_network(p)) {
target = SPECIAL_REMOTE_FS_TARGET;
after = SPECIAL_NETWORK_TARGET;
} else
after = SPECIAL_REMOTE_FS_PRE_TARGET;
} else {
target = SPECIAL_LOCAL_FS_TARGET;
after = SPECIAL_LOCAL_FS_PRE_TARGET;
}
if (!path_equal(m->where, "/"))
if ((r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true)) < 0)

8
src/nspawn.c
View File

@ -361,7 +361,7 @@ static int drop_capabilities(void) {
unsigned long l;
for (l = 0; l <= MAX(63LU, (unsigned long) CAP_LAST_CAP); l++) {
for (l = 0; l <= cap_last_cap(); l++) {
unsigned i;
for (i = 0; i < ELEMENTSOF(retain); i++)
@ -372,12 +372,6 @@ static int drop_capabilities(void) {
continue;
if (prctl(PR_CAPBSET_DROP, l) < 0) {
/* If this capability is not known, EINVAL
* will be returned, let's ignore this. */
if (errno == EINVAL)
break;
log_error("PR_CAPBSET_DROP failed: %m");
return -errno;
}

2
src/pager.c
View File

@ -32,7 +32,7 @@
static pid_t pager_pid = 0;
static void pager_fallback(void) {
_noreturn_ static void pager_fallback(void) {
ssize_t n;
do {
n = splice(STDIN_FILENO, NULL, STDOUT_FILENO, NULL, 64*1024, 0);

2
src/readahead-common.h
View File

@ -27,7 +27,7 @@
#include "macro.h"
#define READAHEAD_FILE_SIZE_MAX (128*1024*1024)
#define READAHEAD_FILE_SIZE_MAX (10*1024*1024)
int file_verify(int fd, const char *fn, off_t file_size_max, struct stat *st);

4
src/sd-login.h
View File

@ -83,7 +83,7 @@ int sd_session_get_seat(const char *session, char **seat);
int sd_seat_get_active(const char *seat, char **session, uid_t *uid);
/* Return sessions and users on seat. Returns number of sessions as
* return value. If sessions is NULL returs only the number of
* return value. If sessions is NULL returns only the number of
* sessions. */
int sd_seat_get_sessions(const char *seat, char ***sessions, uid_t **uid, unsigned *n_uids);
@ -94,7 +94,7 @@ int sd_seat_can_multi_session(const char *seat);
* seats is NULL only returns number of seats. */
int sd_get_seats(char ***seats);
/* Get all sessions, store in *seessions. Returns the number of
/* Get all sessions, store in *sessions. Returns the number of
* sessions. If sessions is NULL only returns number of sessions. */
int sd_get_sessions(char ***sessions);

1
src/service.c
View File

@ -829,6 +829,7 @@ static int service_load_sysv_path(Service *s, const char *path) {
/* Special setting for all SysV services */
s->type = SERVICE_FORKING;
s->remain_after_exit = !s->pid_file;
s->guess_main_pid = false;
s->restart = SERVICE_RESTART_NO;
if (s->meta.manager->sysv_console)

2
src/special.h
View File

@ -45,7 +45,9 @@
#define SPECIAL_SYSINIT_TARGET "sysinit.target"
#define SPECIAL_SOCKETS_TARGET "sockets.target"
#define SPECIAL_LOCAL_FS_TARGET "local-fs.target" /* LSB's $local_fs */
#define SPECIAL_LOCAL_FS_PRE_TARGET "local-fs-pre.target"
#define SPECIAL_REMOTE_FS_TARGET "remote-fs.target" /* LSB's $remote_fs */
#define SPECIAL_REMOTE_FS_PRE_TARGET "remote-fs-pre.target"
#define SPECIAL_SWAP_TARGET "swap.target"
#define SPECIAL_BASIC_TARGET "basic.target"

20
src/timedated.c
View File

@ -170,8 +170,24 @@ static int read_data(void) {
free_data();
r = read_one_line_file("/etc/timezone", &zone);
if (r < 0 && r != -ENOENT)
return r;
if (r < 0) {
if (r != -ENOENT)
log_warning("Failed to read /etc/timezone: %s", strerror(-r));
#ifdef TARGET_FEDORA
r = parse_env_file("/etc/sysconfig/clock", NEWLINE,
"ZONE", &zone,
NULL);
if (r < 0 && r != -ENOENT)
log_warning("Failed to read /etc/sysconfig/clock: %s", strerror(-r));
#endif
}
if (isempty(zone)) {
free(zone);
zone = NULL;
}
verify_timezone();

1
src/tmpfiles.c
View File

@ -157,6 +157,7 @@ static void load_unix_sockets(void) {
}
}
fclose(f);
return;
fail:

41
src/util.c
View File

@ -2336,8 +2336,10 @@ int chvt(int vt) {
0
};
if (ioctl(fd, TIOCLINUX, tiocl) < 0)
return -errno;
if (ioctl(fd, TIOCLINUX, tiocl) < 0) {
r = -errno;
goto fail;
}
vt = tiocl[0] <= 0 ? 1 : tiocl[0];
}
@ -2345,7 +2347,8 @@ int chvt(int vt) {
if (ioctl(fd, VT_ACTIVATE, vt) < 0)
r = -errno;
close_nointr_nofail(r);
fail:
close_nointr_nofail(fd);
return r;
}
@ -5899,4 +5902,36 @@ int prot_from_flags(int flags) {
default:
return -EINVAL;
}
unsigned long cap_last_cap(void) {
static __thread unsigned long saved;
static __thread bool valid = false;
unsigned long p;
if (valid)
return saved;
p = (unsigned long) CAP_LAST_CAP;
if (prctl(PR_CAPBSET_READ, p) < 0) {
/* Hmm, look downwards, until we find one that
* works */
for (p--; p > 0; p --)
if (prctl(PR_CAPBSET_READ, p) >= 0)
break;
} else {
/* Hmm, look upwards, until we find one that doesn't
* work */
for (;; p++)
if (prctl(PR_CAPBSET_READ, p+1) < 0)
break;
}
saved = p;
valid = true;
return p;
}

2
src/util.h
View File

@ -515,4 +515,6 @@ bool kexec_loaded(void);
int prot_from_flags(int flags);
unsigned long cap_last_cap(void);
#endif

11
units/local-fs-pre.target Normal file
View File

@ -0,0 +1,11 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# See systemd.special(7) for details
[Unit]
Description=Local File Systems (Pre)

15
units/remote-fs-pre.target Normal file
View File

@ -0,0 +1,15 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# See systemd.special(7) for details
[Unit]
Description=Remote File Systems (Pre)
After=network.target
[Install]
WantedBy=multi-user.target

3
units/remount-rootfs.service
View File

@ -10,7 +10,8 @@ Description=Remount Root FS
DefaultDependencies=no
Conflicts=shutdown.target
After=systemd-readahead-collect.service systemd-readahead-replay.service fsck-root.service
Before=local-fs.target shutdown.target
Before=local-fs-pre.target local-fs.target shutdown.target
Wants=local-fs-pre.target
[Service]
Type=oneshot

4
units/systemd-logind.service.in
View File

@ -16,3 +16,7 @@ Type=dbus
BusName=org.freedesktop.login1
CapabilityBoundingSet=CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER
StandardOutput=syslog
# Increase the default a bit in order to allow many simultaneous
# logins since we keep one fd open per session.
LimitNOFILE=16384

3
units/systemd-remount-api-vfs.service.in
View File

@ -10,7 +10,8 @@ Description=Remount API VFS
DefaultDependencies=no
Conflicts=shutdown.target
After=systemd-readahead-collect.service systemd-readahead-replay.service
Before=local-fs.target shutdown.target
Before=local-fs-pre.target local-fs.target shutdown.target
Wants=local-fs-pre.target
[Service]
Type=oneshot

4
units/systemd-stdout-syslog-bridge.service.in
View File

@ -18,3 +18,7 @@ ExecStart=@rootlibexecdir@/systemd-stdout-syslog-bridge
NotifyAccess=all
StandardOutput=null
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SETUID CAP_SETGID
# Increase the default a bit in order to allow many simultaneous
# services being run since we keep one fd open per service.
LimitNOFILE=16384