Since busname units are only useful with kdbus, they weren't actively
used. This was dead code, only compile-tested. If busname units are
ever added back, it'll be cleaner to start from scratch (possibly reverting
parts of this patch).
This makes dbus-org.freedesktop.network1.service like dbus-org.freedesktop.resolve1.service.
When systemd-networkd.service is disabled, the alias is also removed.
In 58a6dd1558 s-n-wait-online.service was added
to presets to synchronize the presets with the state after installation. But it
is harmful to have s-n-wait-online.service enabled when s-n.service is
disabled, because s-n-wait-online.service has Requsite=s-n.service and cannot
be activated. Thus remove s-n-wait-online.service from presets again, and let
it be enabled whenever s-n.service is enabled.
During installation we create enablement symlinks by hand, and since s-n.service
is enabled, s-n-w-o.service should be enabled too, so the symlink should still
be created during installation.
https://bugzilla.redhat.com/show_bug.cgi?id=1433459#c15
With the previous improvements, networkd.service's "After=dbus.service" can now
be dropped. That ordering effectively forced networkd.service to run in late
boot only (dbus.service was rejected to run in early boot in
https://bugs.freedesktop.org/show_bug.cgi?id=98254).
Fixes#4504
Let's make this an excercise in dogfooding: let's turn on more security
features for all our long-running services.
Specifically:
- Turn on RestrictRealtime=yes for all of them
- Turn on ProtectKernelTunables=yes and ProtectControlGroups=yes for most of
them
- Turn on RestrictAddressFamilies= for all of them, but different sets of
address families for each
Also, always order settings in the unit files, that the various sandboxing
features are close together.
Add a couple of missing, older settings for a numbre of unit files.
Note that this change turns off AF_INET/AF_INET6 from udevd, thus effectively
turning of networking from udev rule commands. Since this might break stuff
(that is already broken I'd argue) this is documented in NEWS.
Add a line
SystemCallFilter=~@clock @module @mount @obsolete @raw-io ptrace
for daemons shipped by systemd. As an exception, systemd-timesyncd
needs @clock system calls and systemd-localed is not privileged.
ptrace(2) is blocked to prevent seccomp escapes.
Apparently, disk IO issues are more frequent than we hope, and 1min
waiting for disk IO happens, so let's increase the watchdog timeout a
bit, for all our services.
See #1353 for an example where this triggers.
./configure --enable/disable-kdbus can be used to set the default
behavior regarding kdbus.
If no kdbus kernel support is available, dbus-dameon will be used.
With --enable-kdbus, the kernel command line option "kdbus=0" can
be used to disable kdbus.
With --disable-kdbus, the kernel command line option "kdbus=1" is
required to enable kdbus support.
The daemon requires the busname unit to operate (on kdbus systems),
since it contains the policy that allows it to acquire its service
name.
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=90287
2015-05-15 22:59:43 +02:00
Renamed from units/systemd-networkd.service.in (Browse further)