diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 13:00:47 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 13:00:47 +0000 |
commit | 2cb7e0aaedad73b076ea18c6900b0e86c5760d79 (patch) | |
tree | da68ca54bb79f4080079bf0828acda937593a4e1 /units | |
parent | Initial commit. (diff) | |
download | systemd-2cb7e0aaedad73b076ea18c6900b0e86c5760d79.tar.xz systemd-2cb7e0aaedad73b076ea18c6900b0e86c5760d79.zip |
Adding upstream version 247.3.upstream/247.3upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
203 files changed, 4995 insertions, 0 deletions
diff --git a/units/basic.target b/units/basic.target new file mode 100644 index 0000000..d8cdd5a --- /dev/null +++ b/units/basic.target @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Basic System +Documentation=man:systemd.special(7) +Requires=sysinit.target +Wants=sockets.target timers.target paths.target slices.target +After=sysinit.target sockets.target paths.target slices.target tmp.mount + +# We support /var, /tmp, /var/tmp, being on NFS, but we don't pull in +# remote-fs.target by default, hence pull them in explicitly here. Note that we +# require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as +# we support that unit being masked, and this should not be considered an error. +RequiresMountsFor=/var /var/tmp +Wants=tmp.mount diff --git a/units/blockdev@.target b/units/blockdev@.target new file mode 100644 index 0000000..ddc85bf --- /dev/null +++ b/units/blockdev@.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Block Device Preparation for %f +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/bluetooth.target b/units/bluetooth.target new file mode 100644 index 0000000..8333c23 --- /dev/null +++ b/units/bluetooth.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Bluetooth +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/boot-complete.target b/units/boot-complete.target new file mode 100644 index 0000000..f302384 --- /dev/null +++ b/units/boot-complete.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Boot Completion Check +Documentation=man:systemd.special(7) +Requires=sysinit.target +After=sysinit.target diff --git a/units/console-getty.service.m4 b/units/console-getty.service.m4 new file mode 100644 index 0000000..d61a490 --- /dev/null +++ b/units/console-getty.service.m4 @@ -0,0 +1,40 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Console Getty +Documentation=man:agetty(8) man:systemd-getty-generator(8) +After=systemd-user-sessions.service plymouth-quit-wait.service +m4_ifdef(`HAVE_SYSV_COMPAT', +After=rc-local.service getty-pre.target +)m4_dnl +Before=getty.target + +# OCI containers may be run without a console +ConditionPathExists=/dev/console + +[Service] +# The '-o' option value tells agetty to replace 'login' arguments with an +# option to preserve environment (-p), followed by '--' for safety, and then +# the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud console 115200,38400,9600 $TERM +Type=idle +Restart=always +UtmpIdentifier=cons +TTYPath=/dev/console +TTYReset=yes +TTYVHangup=yes +m4_ifdef(`ENABLE_LOGIND',, +KillMode=process +)m4_dnl +IgnoreSIGPIPE=no +SendSIGHUP=yes + +[Install] +WantedBy=getty.target diff --git a/units/container-getty@.service.m4 b/units/container-getty@.service.m4 new file mode 100644 index 0000000..92307a3 --- /dev/null +++ b/units/container-getty@.service.m4 @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Container Getty on /dev/pts/%I +Documentation=man:agetty(8) man:systemd-getty-generator(8) +Documentation=man:machinectl(1) +After=systemd-user-sessions.service plymouth-quit-wait.service +m4_ifdef(`HAVE_SYSV_COMPAT', +After=rc-local.service getty-pre.target +)m4_dnl +Before=getty.target +IgnoreOnIsolate=yes +ConditionPathExists=/dev/pts/%I + +# IgnoreOnIsolate is an issue: when someone isolates rescue.target, +# tradition expects that we shut down all but the main console. +Conflicts=rescue.service +Before=rescue.service + +[Service] +# The '-o' option value tells agetty to replace 'login' arguments with an +# option to preserve environment (-p), followed by '--' for safety, and then +# the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud pts/%I 115200,38400,9600 $TERM +Type=idle +Restart=always +RestartSec=0 +UtmpIdentifier=pts/%I +TTYPath=/dev/pts/%I +TTYReset=yes +TTYVHangup=yes +m4_ifdef(`ENABLE_LOGIND',, +KillMode=process +)m4_dnl +IgnoreSIGPIPE=no +SendSIGHUP=yes diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target new file mode 100644 index 0000000..6bb8ff7 --- /dev/null +++ b/units/cryptsetup-pre.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Encrypted Volumes (Pre) +Documentation=man:systemd.special(7) +RefuseManualStart=yes +Before=cryptsetup.target diff --git a/units/cryptsetup.target b/units/cryptsetup.target new file mode 100644 index 0000000..b8eecbd --- /dev/null +++ b/units/cryptsetup.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Encrypted Volumes +Documentation=man:systemd.special(7) diff --git a/units/debug-shell.service.in b/units/debug-shell.service.in new file mode 100644 index 0000000..5b4de84 --- /dev/null +++ b/units/debug-shell.service.in @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Early root shell on @DEBUGTTY@ FOR DEBUGGING ONLY +Documentation=man:systemd-debug-generator(8) +DefaultDependencies=no +IgnoreOnIsolate=yes +ConditionPathExists=@DEBUGTTY@ + +[Service] +Environment=TERM=linux +ExecStart=@SUSHELL@ +Restart=always +RestartSec=0 +StandardInput=tty +TTYPath=@DEBUGTTY@ +TTYReset=yes +TTYVHangup=yes +KillMode=process +IgnoreSIGPIPE=no +# bash ignores SIGTERM +KillSignal=SIGHUP + +# Unset locale for the console getty since the console has problems +# displaying some internationalized messages. +UnsetEnvironment=LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION + +[Install] +WantedBy=sysinit.target diff --git a/units/dev-hugepages.mount b/units/dev-hugepages.mount new file mode 100644 index 0000000..5174377 --- /dev/null +++ b/units/dev-hugepages.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Huge Pages File System +Documentation=https://www.kernel.org/doc/Documentation/vm/hugetlbpage.txt +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Before=sysinit.target +ConditionPathExists=/sys/kernel/mm/hugepages +ConditionCapability=CAP_SYS_ADMIN +ConditionVirtualization=!private-users + +[Mount] +What=hugetlbfs +Where=/dev/hugepages +Type=hugetlbfs diff --git a/units/dev-mqueue.mount b/units/dev-mqueue.mount new file mode 100644 index 0000000..02683a9 --- /dev/null +++ b/units/dev-mqueue.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=POSIX Message Queue File System +Documentation=man:mq_overview(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Before=sysinit.target +ConditionPathExists=/proc/sys/fs/mqueue +ConditionCapability=CAP_SYS_ADMIN + +[Mount] +What=mqueue +Where=/dev/mqueue +Type=mqueue +Options=nosuid,nodev,noexec diff --git a/units/emergency.service.in b/units/emergency.service.in new file mode 100644 index 0000000..9418f5e --- /dev/null +++ b/units/emergency.service.in @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Emergency Shell +Documentation=man:sulogin(8) +DefaultDependencies=no +Conflicts=shutdown.target +Conflicts=rescue.service +Before=shutdown.target +Before=rescue.service + +[Service] +Environment=HOME=/root +WorkingDirectory=-/root +ExecStartPre=-@rootbindir@/plymouth --wait quit +ExecStart=-@rootlibexecdir@/systemd-sulogin-shell emergency +Type=idle +StandardInput=tty-force +StandardOutput=inherit +StandardError=inherit +KillMode=process +IgnoreSIGPIPE=no +SendSIGHUP=yes diff --git a/units/emergency.target b/units/emergency.target new file mode 100644 index 0000000..e7f34be --- /dev/null +++ b/units/emergency.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Emergency Mode +Documentation=man:systemd.special(7) +Requires=emergency.service +After=emergency.service +AllowIsolate=yes diff --git a/units/exit.target b/units/exit.target new file mode 100644 index 0000000..d7a1472 --- /dev/null +++ b/units/exit.target @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Exit the container +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-exit.service +After=systemd-exit.service +AllowIsolate=yes + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/final.target b/units/final.target new file mode 100644 index 0000000..34f6069 --- /dev/null +++ b/units/final.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Final Step +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes +After=shutdown.target umount.target diff --git a/units/first-boot-complete.target b/units/first-boot-complete.target new file mode 100644 index 0000000..b971496 --- /dev/null +++ b/units/first-boot-complete.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=First Boot Complete +Documentation=man:systemd.special(7) +RefuseManualStart=yes +ConditionFirstBoot=yes diff --git a/units/getty-pre.target b/units/getty-pre.target new file mode 100644 index 0000000..5cf0875 --- /dev/null +++ b/units/getty-pre.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Login Prompts (Pre) +Documentation=man:systemd.special(7) man:systemd-getty-generator(8) +Documentation=http://0pointer.de/blog/projects/serial-console.html diff --git a/units/getty.target b/units/getty.target new file mode 100644 index 0000000..7e9aac2 --- /dev/null +++ b/units/getty.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Login Prompts +Documentation=man:systemd.special(7) man:systemd-getty-generator(8) +Documentation=http://0pointer.de/blog/projects/serial-console.html diff --git a/units/getty@.service.m4 b/units/getty@.service.m4 new file mode 100644 index 0000000..4c21002 --- /dev/null +++ b/units/getty@.service.m4 @@ -0,0 +1,62 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Getty on %I +Documentation=man:agetty(8) man:systemd-getty-generator(8) +Documentation=http://0pointer.de/blog/projects/serial-console.html +After=systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target +m4_ifdef(`HAVE_SYSV_COMPAT', +After=rc-local.service +)m4_dnl + +# If additional gettys are spawned during boot then we should make +# sure that this is synchronized before getty.target, even though +# getty.target didn't actually pull it in. +Before=getty.target +IgnoreOnIsolate=yes + +# IgnoreOnIsolate causes issues with sulogin, if someone isolates +# rescue.target or starts rescue.service from multi-user.target or +# graphical.target. +Conflicts=rescue.service +Before=rescue.service + +# On systems without virtual consoles, don't start any getty. Note +# that serial gettys are covered by serial-getty@.service, not this +# unit. +ConditionPathExists=/dev/tty0 + +[Service] +# the VT is cleared by TTYVTDisallocate +# The '-o' option value tells agetty to replace 'login' arguments with an +# option to preserve environment (-p), followed by '--' for safety, and then +# the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear %I $TERM +Type=idle +Restart=always +RestartSec=0 +UtmpIdentifier=%I +TTYPath=/dev/%I +TTYReset=yes +TTYVHangup=yes +TTYVTDisallocate=yes +m4_ifdef(`ENABLE_LOGIND',, +KillMode=process +)m4_dnl +IgnoreSIGPIPE=no +SendSIGHUP=yes + +# Unset locale for the console getty since the console has problems +# displaying some internationalized messages. +UnsetEnvironment=LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION + +[Install] +WantedBy=getty.target +DefaultInstance=tty1 diff --git a/units/graphical.target b/units/graphical.target new file mode 100644 index 0000000..4b2087f --- /dev/null +++ b/units/graphical.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Graphical Interface +Documentation=man:systemd.special(7) +Requires=multi-user.target +Wants=display-manager.service +Conflicts=rescue.service rescue.target +After=multi-user.target rescue.service rescue.target display-manager.service +AllowIsolate=yes diff --git a/units/halt.target b/units/halt.target new file mode 100644 index 0000000..b06758b --- /dev/null +++ b/units/halt.target @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Halt +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-halt.service +After=systemd-halt.service +AllowIsolate=yes + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/hibernate.target b/units/hibernate.target new file mode 100644 index 0000000..9ec6f2a --- /dev/null +++ b/units/hibernate.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Hibernate +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-hibernate.service +After=systemd-hibernate.service +StopWhenUnneeded=yes diff --git a/units/hybrid-sleep.target b/units/hybrid-sleep.target new file mode 100644 index 0000000..4ed0b35 --- /dev/null +++ b/units/hybrid-sleep.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Hybrid Suspend+Hibernate +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-hybrid-sleep.service +After=systemd-hybrid-sleep.service +StopWhenUnneeded=yes diff --git a/units/initrd-cleanup.service b/units/initrd-cleanup.service new file mode 100644 index 0000000..08ab503 --- /dev/null +++ b/units/initrd-cleanup.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cleaning Up and Shutting Down Daemons +DefaultDependencies=no +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +After=initrd-root-fs.target initrd-fs.target initrd.target + +[Service] +Type=oneshot +ExecStart=systemctl --no-block isolate initrd-switch-root.target diff --git a/units/initrd-fs.target b/units/initrd-fs.target new file mode 100644 index 0000000..8c6bdf3 --- /dev/null +++ b/units/initrd-fs.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd File Systems +Documentation=man:systemd.special(7) +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +AssertPathExists=/etc/initrd-release +After=initrd-parse-etc.service +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/initrd-parse-etc.service b/units/initrd-parse-etc.service new file mode 100644 index 0000000..38df728 --- /dev/null +++ b/units/initrd-parse-etc.service @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reload Configuration from the Real Root +DefaultDependencies=no +Requires=initrd-root-fs.target +After=initrd-root-fs.target +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +AssertPathExists=/etc/initrd-release + +[Service] +Type=oneshot +ExecStartPre=-systemctl daemon-reload +# we have to retrigger initrd-fs.target after daemon-reload +ExecStart=-systemctl --no-block start initrd-fs.target +ExecStart=systemctl --no-block start initrd-cleanup.service diff --git a/units/initrd-root-device.target b/units/initrd-root-device.target new file mode 100644 index 0000000..f3c3d79 --- /dev/null +++ b/units/initrd-root-device.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd Root Device +Documentation=man:systemd.special(7) +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/initrd-root-fs.target b/units/initrd-root-fs.target new file mode 100644 index 0000000..4037ac4 --- /dev/null +++ b/units/initrd-root-fs.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd Root File System +Documentation=man:systemd.special(7) +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/initrd-switch-root.service b/units/initrd-switch-root.service new file mode 100644 index 0000000..e3d6926 --- /dev/null +++ b/units/initrd-switch-root.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Switch Root +DefaultDependencies=no +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +AllowIsolate=yes + +[Service] +Type=oneshot +ExecStart=systemctl --no-block switch-root /sysroot diff --git a/units/initrd-switch-root.target b/units/initrd-switch-root.target new file mode 100644 index 0000000..1e32ec5 --- /dev/null +++ b/units/initrd-switch-root.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Switch Root +AssertPathExists=/etc/initrd-release +DefaultDependencies=no +Wants=initrd-switch-root.service +Before=initrd-switch-root.service +AllowIsolate=yes +Wants=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target systemd-journald.service initrd-cleanup.service +After=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target emergency.service emergency.target initrd-cleanup.service diff --git a/units/initrd-udevadm-cleanup-db.service b/units/initrd-udevadm-cleanup-db.service new file mode 100644 index 0000000..bc44473 --- /dev/null +++ b/units/initrd-udevadm-cleanup-db.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cleanup udev Database +DefaultDependencies=no +AssertPathExists=/etc/initrd-release +Conflicts=systemd-udevd.service systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udev-trigger.service systemd-udev-settle.service +After=systemd-udevd.service systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udev-trigger.service systemd-udev-settle.service +Before=initrd-switch-root.target + +[Service] +Type=oneshot +ExecStart=-udevadm info --cleanup-db diff --git a/units/initrd.target b/units/initrd.target new file mode 100644 index 0000000..655158a --- /dev/null +++ b/units/initrd.target @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd Default Target +Documentation=man:systemd.special(7) +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +AssertPathExists=/etc/initrd-release +Requires=basic.target +Wants=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-parse-etc.service +After=initrd-root-fs.target initrd-root-device.target initrd-fs.target basic.target rescue.service rescue.target +AllowIsolate=yes diff --git a/units/kexec.target b/units/kexec.target new file mode 100644 index 0000000..5d8f8cd --- /dev/null +++ b/units/kexec.target @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot via kexec +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-kexec.service +After=systemd-kexec.service +AllowIsolate=yes + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in new file mode 100644 index 0000000..f4170d6 --- /dev/null +++ b/units/kmod-static-nodes.service.in @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create list of static device nodes for the current kernel +DefaultDependencies=no +Before=sysinit.target systemd-tmpfiles-setup-dev.service +ConditionCapability=CAP_SYS_MODULE +ConditionFileNotEmpty=/lib/modules/%v/modules.devname + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@KMOD@ static-nodes --format=tmpfiles --output=/run/tmpfiles.d/static-nodes.conf diff --git a/units/ldconfig.service b/units/ldconfig.service new file mode 100644 index 0000000..33824d4 --- /dev/null +++ b/units/ldconfig.service @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rebuild Dynamic Linker Cache +Documentation=man:ldconfig(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs.target +Before=sysinit.target shutdown.target systemd-update-done.service +ConditionNeedsUpdate=|/etc +ConditionFileNotEmpty=|!/etc/ld.so.cache + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/sbin/ldconfig -X diff --git a/units/local-fs-pre.target b/units/local-fs-pre.target new file mode 100644 index 0000000..bffa7e9 --- /dev/null +++ b/units/local-fs-pre.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local File Systems (Pre) +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/local-fs.target b/units/local-fs.target new file mode 100644 index 0000000..0279795 --- /dev/null +++ b/units/local-fs.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local File Systems +Documentation=man:systemd.special(7) +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs-pre.target +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly diff --git a/units/machine.slice b/units/machine.slice new file mode 100644 index 0000000..501d353 --- /dev/null +++ b/units/machine.slice @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Virtual Machine and Container Slice +Documentation=man:systemd.special(7) +Before=slices.target diff --git a/units/machines.target b/units/machines.target new file mode 100644 index 0000000..165839a --- /dev/null +++ b/units/machines.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Containers +Documentation=man:systemd.special(7) +Before=multi-user.target + +[Install] +WantedBy=multi-user.target diff --git a/units/meson-add-wants.sh b/units/meson-add-wants.sh new file mode 100755 index 0000000..a483d75 --- /dev/null +++ b/units/meson-add-wants.sh @@ -0,0 +1,28 @@ +#!/bin/sh +set -eu + +unitdir="$1" +target="$2" +unit="$3" + +case "$target" in + */?*) # a path, but not just a slash at the end + dir="${DESTDIR:-}${target}" + ;; + *) + dir="${DESTDIR:-}${unitdir}/${target}" + ;; +esac + +unitpath="${DESTDIR:-}${unitdir}/${unit}" + +case "$target" in + */) + mkdir -vp -m 0755 "$dir" + ;; + *) + mkdir -vp -m 0755 "$(dirname "$dir")" + ;; +esac + +ln -vfs --relative "$unitpath" "$dir" diff --git a/units/meson.build b/units/meson.build new file mode 100644 index 0000000..ba60eb7 --- /dev/null +++ b/units/meson.build @@ -0,0 +1,346 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +with_runlevels = conf.get('HAVE_SYSV_COMPAT') == 1 + +units = [ + ['basic.target', ''], + ['blockdev@.target', ''], + ['bluetooth.target', ''], + ['boot-complete.target', ''], + ['cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'], + ['cryptsetup.target', 'HAVE_LIBCRYPTSETUP', + 'sysinit.target.wants/'], + ['dev-hugepages.mount', '', + 'sysinit.target.wants/'], + ['dev-mqueue.mount', '', + 'sysinit.target.wants/'], + ['emergency.target', ''], + ['exit.target', ''], + ['final.target', ''], + ['first-boot-complete.target', ''], + ['getty.target', '', + 'multi-user.target.wants/'], + ['getty-pre.target', ''], + ['graphical.target', '', + 'default.target' + (with_runlevels ? ' runlevel5.target' : '')], + ['halt.target', ''], + ['hibernate.target', 'ENABLE_HIBERNATE'], + ['hybrid-sleep.target', 'ENABLE_HIBERNATE'], + ['suspend-then-hibernate.target', 'ENABLE_HIBERNATE'], + ['initrd-cleanup.service', 'ENABLE_INITRD'], + ['initrd-fs.target', 'ENABLE_INITRD'], + ['initrd-parse-etc.service', 'ENABLE_INITRD'], + ['initrd-root-device.target', 'ENABLE_INITRD'], + ['initrd-root-fs.target', 'ENABLE_INITRD'], + ['initrd-switch-root.service', 'ENABLE_INITRD'], + ['initrd-switch-root.target', 'ENABLE_INITRD'], + ['initrd-udevadm-cleanup-db.service', 'ENABLE_INITRD'], + ['initrd.target', 'ENABLE_INITRD'], + ['kexec.target', ''], + ['ldconfig.service', 'ENABLE_LDCONFIG', + 'sysinit.target.wants/'], + ['local-fs-pre.target', ''], + ['local-fs.target', ''], + ['machine.slice', 'ENABLE_MACHINED'], + ['machines.target', 'ENABLE_MACHINED'], + ['modprobe@.service', ''], + ['multi-user.target', '', + (with_runlevels ? 'runlevel2.target runlevel3.target runlevel4.target' : '')], + ['network-online.target', ''], + ['network-pre.target', ''], + ['network.target', ''], + ['nss-lookup.target', ''], + ['nss-user-lookup.target', ''], + ['paths.target', ''], + ['poweroff.target', '', + (with_runlevels ? 'runlevel0.target' : '')], + ['printer.target', ''], + ['proc-sys-fs-binfmt_misc.automount', 'ENABLE_BINFMT', + 'sysinit.target.wants/'], + ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], + ['reboot.target', '', + 'ctrl-alt-del.target' + (with_runlevels ? ' runlevel6.target' : '')], + ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP', + 'initrd-root-device.target.wants/'], + ['remote-fs-pre.target', ''], + ['remote-fs.target', ''], + ['rescue.target', '', + (with_runlevels ? 'runlevel1.target' : '')], + ['rpcbind.target', ''], + ['shutdown.target', ''], + ['sigpwr.target', ''], + ['sleep.target', ''], + ['slices.target', ''], + ['smartcard.target', ''], + ['sockets.target', ''], + ['sound.target', ''], + ['suspend.target', ''], + ['swap.target', ''], + ['sys-fs-fuse-connections.mount', '', + 'sysinit.target.wants/'], + ['sys-kernel-config.mount', '', + 'sysinit.target.wants/'], + ['sys-kernel-debug.mount', '', + 'sysinit.target.wants/'], + ['sys-kernel-tracing.mount', '', + 'sysinit.target.wants/'], + ['sysinit.target', ''], + ['syslog.socket', ''], + ['system-systemd\\x2dcryptsetup.slice', 'HAVE_LIBCRYPTSETUP'], + ['system-update.target', ''], + ['system-update-pre.target', ''], + ['system-update-cleanup.service', ''], + ['systemd-ask-password-console.path', '', + 'sysinit.target.wants/'], + ['systemd-ask-password-console.service', ''], + ['systemd-ask-password-wall.path', '', + 'multi-user.target.wants/'], + ['systemd-ask-password-wall.service', ''], + ['systemd-boot-system-token.service', 'ENABLE_EFI', + 'sysinit.target.wants/'], + ['systemd-coredump.socket', 'ENABLE_COREDUMP', + 'sockets.target.wants/'], + ['systemd-exit.service', ''], + ['systemd-firstboot.service', 'ENABLE_FIRSTBOOT', + 'sysinit.target.wants/'], + ['systemd-halt.service', ''], + ['systemd-homed-activate.service', 'ENABLE_HOMED'], + ['systemd-initctl.socket', 'HAVE_SYSV_COMPAT', + 'sockets.target.wants/'], + ['systemd-journal-catalog-update.service', '', + 'sysinit.target.wants/'], + ['systemd-journal-flush.service', '', + 'sysinit.target.wants/'], + ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], + ['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], + ['systemd-journald-audit.socket', '', + 'sockets.target.wants/'], + ['systemd-journald-dev-log.socket', '', + 'sockets.target.wants/'], + ['systemd-journald.socket', '', + 'sockets.target.wants/'], + ['systemd-kexec.service', ''], + ['systemd-machine-id-commit.service', '', + 'sysinit.target.wants/'], + ['systemd-journald@.socket', ''], + ['systemd-journald-varlink@.socket', ''], + ['systemd-networkd.socket', 'ENABLE_NETWORKD'], + ['systemd-poweroff.service', ''], + ['systemd-reboot.service', ''], + ['systemd-rfkill.socket', 'ENABLE_RFKILL'], + ['systemd-sysusers.service', 'ENABLE_SYSUSERS', + 'sysinit.target.wants/'], + ['systemd-tmpfiles-clean.service', 'ENABLE_TMPFILES'], + ['systemd-tmpfiles-clean.timer', 'ENABLE_TMPFILES', + 'timers.target.wants/'], + ['systemd-tmpfiles-setup-dev.service', 'ENABLE_TMPFILES', + 'sysinit.target.wants/'], + ['systemd-tmpfiles-setup.service', 'ENABLE_TMPFILES', + 'sysinit.target.wants/'], + ['systemd-udevd-control.socket', '', + 'sockets.target.wants/'], + ['systemd-udev-settle.service', ''], + ['systemd-udev-trigger.service', '', + 'sysinit.target.wants/'], + ['systemd-udevd-kernel.socket', '', + 'sockets.target.wants/'], + ['systemd-userdbd.socket', 'ENABLE_USERDB'], + ['time-set.target', ''], + ['time-sync.target', ''], + ['timers.target', ''], + ['tmp.mount', '', + 'local-fs.target.wants/'], + ['umount.target', ''], + ['usb-gadget.target', ''], + ['user.slice', ''], + ['var-lib-machines.mount', 'ENABLE_MACHINED', + 'remote-fs.target.wants/ machines.target.wants/'], +] + +in_units = [ + ['debug-shell.service', ''], + ['emergency.service', ''], + ['kmod-static-nodes.service', 'HAVE_KMOD ENABLE_TMPFILES', + 'sysinit.target.wants/'], + ['quotaon.service', 'ENABLE_QUOTACHECK'], + ['rc-local.service', 'HAVE_SYSV_COMPAT'], + ['rescue.service', ''], + ['systemd-backlight@.service', 'ENABLE_BACKLIGHT'], + ['systemd-binfmt.service', 'ENABLE_BINFMT', + 'sysinit.target.wants/'], + ['systemd-bless-boot.service', 'ENABLE_EFI HAVE_BLKID'], + ['systemd-boot-check-no-failures.service', ''], + ['systemd-coredump@.service', 'ENABLE_COREDUMP'], + ['systemd-pstore.service', 'ENABLE_PSTORE'], + ['systemd-fsck-root.service', ''], + ['systemd-fsck@.service', ''], + ['systemd-hibernate-resume@.service', 'ENABLE_HIBERNATE'], + ['systemd-hibernate.service', 'ENABLE_HIBERNATE'], + ['systemd-hybrid-sleep.service', 'ENABLE_HIBERNATE'], + ['systemd-suspend-then-hibernate.service', 'ENABLE_HIBERNATE'], + ['systemd-hostnamed.service', 'ENABLE_HOSTNAMED', + 'dbus-org.freedesktop.hostname1.service'], + ['systemd-hwdb-update.service', 'ENABLE_HWDB', + 'sysinit.target.wants/'], + ['systemd-importd.service', 'ENABLE_IMPORTD', + 'dbus-org.freedesktop.import1.service'], + ['systemd-initctl.service', 'HAVE_SYSV_COMPAT'], + ['systemd-journal-gatewayd.service', 'ENABLE_REMOTE HAVE_MICROHTTPD'], + ['systemd-journal-remote.service', 'ENABLE_REMOTE HAVE_MICROHTTPD'], + ['systemd-journal-upload.service', 'ENABLE_REMOTE HAVE_LIBCURL'], + ['systemd-journald.service', '', + 'sysinit.target.wants/'], + ['systemd-journald@.service', ''], + ['systemd-localed.service', 'ENABLE_LOCALED', + 'dbus-org.freedesktop.locale1.service'], + ['systemd-logind.service', 'ENABLE_LOGIND', + 'multi-user.target.wants/ dbus-org.freedesktop.login1.service'], + ['systemd-machined.service', 'ENABLE_MACHINED', + 'dbus-org.freedesktop.machine1.service'], + ['systemd-modules-load.service', 'HAVE_KMOD', + 'sysinit.target.wants/'], + ['systemd-network-generator.service', 'ENABLE_NETWORKD'], + ['systemd-networkd.service', 'ENABLE_NETWORKD'], + ['systemd-networkd-wait-online.service', 'ENABLE_NETWORKD'], + ['systemd-nspawn@.service', ''], + ['systemd-oomd.service', 'ENABLE_OOMD'], + ['systemd-portabled.service', 'ENABLE_PORTABLED', + 'dbus-org.freedesktop.portable1.service'], + ['systemd-userdbd.service', 'ENABLE_USERDB'], + ['systemd-homed.service', 'ENABLE_HOMED'], + ['systemd-quotacheck.service', 'ENABLE_QUOTACHECK'], + ['systemd-random-seed.service', 'ENABLE_RANDOMSEED', + 'sysinit.target.wants/'], + ['systemd-remount-fs.service', ''], + ['systemd-resolved.service', 'ENABLE_RESOLVE'], + ['systemd-rfkill.service', 'ENABLE_RFKILL'], + ['systemd-suspend.service', ''], + ['systemd-sysctl.service', '', + 'sysinit.target.wants/'], + ['systemd-timedated.service', 'ENABLE_TIMEDATED', + 'dbus-org.freedesktop.timedate1.service'], + ['systemd-timesyncd.service', 'ENABLE_TIMESYNCD'], + ['systemd-time-wait-sync.service', 'ENABLE_TIMESYNCD'], + ['systemd-udevd.service', '', + 'sysinit.target.wants/'], + ['systemd-update-done.service', '', + 'sysinit.target.wants/'], + ['systemd-update-utmp-runlevel.service', 'ENABLE_UTMP HAVE_SYSV_COMPAT', + 'multi-user.target.wants/ graphical.target.wants/ rescue.target.wants/'], + ['systemd-update-utmp.service', 'ENABLE_UTMP', + 'sysinit.target.wants/'], + ['systemd-user-sessions.service', 'HAVE_PAM', + 'multi-user.target.wants/'], + ['systemd-vconsole-setup.service', 'ENABLE_VCONSOLE'], + ['systemd-volatile-root.service', 'ENABLE_INITRD'], + ['systemd-repart.service', 'ENABLE_REPART', + 'sysinit.target.wants/ initrd-root-fs.target.wants/'], + ['user-runtime-dir@.service', ''], + ['user@.service', ''], +] + +m4_units = [ + ['console-getty.service', ''], + ['container-getty@.service', ''], + ['getty@.service', '', + 'autovt@.service '], + ['serial-getty@.service', ''], +] + +foreach tuple : in_units + file = tuple[0] + + # we do this here because install_data does not accept custom_target output + conds = tuple[1].split(' ') + install = ((conds.get(0, '') == '' or conf.get(conds[0]) == 1) and + (conds.get(1, '') == '' or conf.get(conds[1]) == 1)) + + gen1 = configure_file( + input : file + '.in', + output : file + '.tmp', + configuration : substs) + gen2 = custom_target( + file, + input : gen1, + output : file, + command : [sed, '/^## /d', '@INPUT@'], + capture : true, + install : install, + install_dir : systemunitdir) + + if install and tuple.length() > 2 + foreach target : tuple[2].split() + meson.add_install_script('meson-add-wants.sh', systemunitdir, target, file) + endforeach + endif +endforeach + +foreach tuple : m4_units + file = tuple[0] + input = tuple.get(3, file + '.m4') + + # we do this here because install_data does not accept custom_target output + conds = tuple[1].split(' ') + install = ((conds.get(0, '') == '' or conf.get(conds[0]) == 1) and + (conds.get(1, '') == '' or conf.get(conds[1]) == 1)) + + custom_target( + file, + input : input, + output: file, + command : [meson_apply_m4, config_h, '@INPUT@'], + capture : true, + install : install, + install_dir : systemunitdir) + + if tuple.length() > 2 and install + foreach target : tuple[2].split() + meson.add_install_script('meson-add-wants.sh', systemunitdir, target, file) + endforeach + endif +endforeach + +foreach tuple : units + file = tuple[0] + input = tuple.get(3, file) + + conds = tuple[1].split(' ') + install = ((conds.get(0, '') == '' or conf.get(conds[0]) == 1) and + (conds.get(1, '') == '' or conf.get(conds[1]) == 1)) + + if install + install_data(input, + install_dir : systemunitdir) + + if tuple.length() > 2 + foreach target : tuple[2].split() + meson.add_install_script( + 'meson-add-wants.sh', systemunitdir, target, file) + endforeach + endif + endif +endforeach + +install_data('user-.slice.d/10-defaults.conf', + install_dir : systemunitdir + '/user-.slice.d') + +############################################################ + +if install_sysconfdir + meson.add_install_script(meson_make_symlink, + join_paths(pkgsysconfdir, 'user'), + join_paths(sysconfdir, 'xdg/systemd/user')) +endif +meson.add_install_script(meson_make_symlink, + join_paths(dbussystemservicedir, 'org.freedesktop.systemd1.service'), + join_paths(dbussessionservicedir, 'org.freedesktop.systemd1.service')) +if conf.get('HAVE_SYSV_COMPAT') == 1 + foreach i : [1, 2, 3, 4, 5] + meson.add_install_script( + 'sh', '-c', + mkdir_p + .format(join_paths(systemunitdir, 'runlevel@0@.target.wants'.format(i)))) + endforeach +endif + +subdir('user') diff --git a/units/modprobe@.service b/units/modprobe@.service new file mode 100644 index 0000000..cf8baf6 --- /dev/null +++ b/units/modprobe@.service @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load Kernel Module %i +DefaultDependencies=no +Before=sysinit.target +Documentation=man:modprobe(8) +ConditionCapability=CAP_SYS_MODULE + +[Service] +Type=oneshot +ExecStart=-/sbin/modprobe -abq %I diff --git a/units/multi-user.target b/units/multi-user.target new file mode 100644 index 0000000..53eb2b7 --- /dev/null +++ b/units/multi-user.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Multi-User System +Documentation=man:systemd.special(7) +Requires=basic.target +Conflicts=rescue.service rescue.target +After=basic.target rescue.service rescue.target +AllowIsolate=yes diff --git a/units/network-online.target b/units/network-online.target new file mode 100644 index 0000000..c3edfeb --- /dev/null +++ b/units/network-online.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network is Online +Documentation=man:systemd.special(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget +After=network.target diff --git a/units/network-pre.target b/units/network-pre.target new file mode 100644 index 0000000..70279da --- /dev/null +++ b/units/network-pre.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network (Pre) +Documentation=man:systemd.special(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget +RefuseManualStart=yes diff --git a/units/network.target b/units/network.target new file mode 100644 index 0000000..08baf12 --- /dev/null +++ b/units/network.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network +Documentation=man:systemd.special(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget +After=network-pre.target +RefuseManualStart=yes diff --git a/units/nss-lookup.target b/units/nss-lookup.target new file mode 100644 index 0000000..53e7a31 --- /dev/null +++ b/units/nss-lookup.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This exists mostly for compatibility with SysV/LSB units, and +# implementations lacking socket/bus activation. + +[Unit] +Description=Host and Network Name Lookups +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/nss-user-lookup.target b/units/nss-user-lookup.target new file mode 100644 index 0000000..9f0d619 --- /dev/null +++ b/units/nss-user-lookup.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This exists mostly for implementations lacking socket/bus +# activation. + +[Unit] +Description=User and Group Name Lookups +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/paths.target b/units/paths.target new file mode 100644 index 0000000..1bec148 --- /dev/null +++ b/units/paths.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Paths +Documentation=man:systemd.special(7) diff --git a/units/poweroff.target b/units/poweroff.target new file mode 100644 index 0000000..e97f058 --- /dev/null +++ b/units/poweroff.target @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Power-Off +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-poweroff.service +After=systemd-poweroff.service +AllowIsolate=yes +JobTimeoutSec=30min +JobTimeoutAction=poweroff-force + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/printer.target b/units/printer.target new file mode 100644 index 0000000..c695669 --- /dev/null +++ b/units/printer.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Printer +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/proc-sys-fs-binfmt_misc.automount b/units/proc-sys-fs-binfmt_misc.automount new file mode 100644 index 0000000..a71e249 --- /dev/null +++ b/units/proc-sys-fs-binfmt_misc.automount @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Arbitrary Executable File Formats File System Automount Point +Documentation=https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Before=sysinit.target +ConditionPathExists=/proc/sys/fs/binfmt_misc/ +ConditionPathIsReadWrite=/proc/sys/ + +[Automount] +Where=/proc/sys/fs/binfmt_misc diff --git a/units/proc-sys-fs-binfmt_misc.mount b/units/proc-sys-fs-binfmt_misc.mount new file mode 100644 index 0000000..919271b --- /dev/null +++ b/units/proc-sys-fs-binfmt_misc.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Arbitrary Executable File Formats File System +Documentation=https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no + +[Mount] +What=binfmt_misc +Where=/proc/sys/fs/binfmt_misc +Type=binfmt_misc +Options=nosuid,nodev,noexec + +[Install] +WantedBy=sysinit.target diff --git a/units/quotaon.service.in b/units/quotaon.service.in new file mode 100644 index 0000000..fa6b4c8 --- /dev/null +++ b/units/quotaon.service.in @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Enable File System Quotas +Documentation=man:quotaon(8) +DefaultDependencies=no +After=systemd-quotacheck.service +Before=remote-fs.target shutdown.target +ConditionPathExists=@QUOTAON@ + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@QUOTAON@ -aug diff --git a/units/rc-local.service.in b/units/rc-local.service.in new file mode 100644 index 0000000..f7ce98f --- /dev/null +++ b/units/rc-local.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This unit gets pulled automatically into multi-user.target by +# systemd-rc-local-generator if @RC_LOCAL_PATH@ is executable. +[Unit] +Description=@RC_LOCAL_PATH@ Compatibility +Documentation=man:systemd-rc-local-generator(8) +ConditionFileIsExecutable=@RC_LOCAL_PATH@ +After=network.target + +[Service] +Type=forking +ExecStart=@RC_LOCAL_PATH@ start +TimeoutSec=0 +RemainAfterExit=yes +GuessMainPID=no diff --git a/units/reboot.target b/units/reboot.target new file mode 100644 index 0000000..a900c90 --- /dev/null +++ b/units/reboot.target @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-reboot.service +After=systemd-reboot.service +AllowIsolate=yes +JobTimeoutSec=30min +JobTimeoutAction=reboot-force + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target new file mode 100644 index 0000000..0a689bf --- /dev/null +++ b/units/remote-cryptsetup.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remote Encrypted Volumes +Documentation=man:systemd.special(7) +After=remote-fs-pre.target cryptsetup-pre.target +DefaultDependencies=no +Conflicts=shutdown.target + +[Install] +WantedBy=multi-user.target diff --git a/units/remote-fs-pre.target b/units/remote-fs-pre.target new file mode 100644 index 0000000..bba5e0c --- /dev/null +++ b/units/remote-fs-pre.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remote File Systems (Pre) +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/remote-fs.target b/units/remote-fs.target new file mode 100644 index 0000000..74011d8 --- /dev/null +++ b/units/remote-fs.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remote File Systems +Documentation=man:systemd.special(7) +After=remote-fs-pre.target +DefaultDependencies=no +Conflicts=shutdown.target + +[Install] +WantedBy=multi-user.target diff --git a/units/rescue.service.in b/units/rescue.service.in new file mode 100644 index 0000000..2018516 --- /dev/null +++ b/units/rescue.service.in @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rescue Shell +Documentation=man:sulogin(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=sysinit.target plymouth-start.service +Before=shutdown.target + +[Service] +Environment=HOME=/root +WorkingDirectory=-/root +ExecStartPre=-@rootbindir@/plymouth --wait quit +ExecStart=-@rootlibexecdir@/systemd-sulogin-shell rescue +Type=idle +StandardInput=tty-force +StandardOutput=inherit +StandardError=inherit +KillMode=process +IgnoreSIGPIPE=no +SendSIGHUP=yes diff --git a/units/rescue.target b/units/rescue.target new file mode 100644 index 0000000..1128083 --- /dev/null +++ b/units/rescue.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rescue Mode +Documentation=man:systemd.special(7) +Requires=sysinit.target rescue.service +After=sysinit.target rescue.service +AllowIsolate=yes diff --git a/units/rpcbind.target b/units/rpcbind.target new file mode 100644 index 0000000..8bd853b --- /dev/null +++ b/units/rpcbind.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This exists mostly for compatibility with SysV/LSB units, and +# implementations lacking socket/bus activation. + +[Unit] +Description=RPC Port Mapper +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4 new file mode 100644 index 0000000..72c1df5 --- /dev/null +++ b/units/serial-getty@.service.m4 @@ -0,0 +1,50 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Serial Getty on %I +Documentation=man:agetty(8) man:systemd-getty-generator(8) +Documentation=http://0pointer.de/blog/projects/serial-console.html +BindsTo=dev-%i.device +After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target +m4_ifdef(`HAVE_SYSV_COMPAT', +After=rc-local.service +)m4_dnl + +# If additional gettys are spawned during boot then we should make +# sure that this is synchronized before getty.target, even though +# getty.target didn't actually pull it in. +Before=getty.target +IgnoreOnIsolate=yes + +# IgnoreOnIsolate causes issues with sulogin, if someone isolates +# rescue.target or starts rescue.service from multi-user.target or +# graphical.target. +Conflicts=rescue.service +Before=rescue.service + +[Service] +# The '-o' option value tells agetty to replace 'login' arguments with an +# option to preserve environment (-p), followed by '--' for safety, and then +# the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 %I $TERM +Type=idle +Restart=always +UtmpIdentifier=%I +TTYPath=/dev/%I +TTYReset=yes +TTYVHangup=yes +m4_ifdef(`ENABLE_LOGIND',, +KillMode=process +)m4_dnl +IgnoreSIGPIPE=no +SendSIGHUP=yes + +[Install] +WantedBy=getty.target diff --git a/units/shutdown.target b/units/shutdown.target new file mode 100644 index 0000000..582ae6b --- /dev/null +++ b/units/shutdown.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Shutdown +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes diff --git a/units/sigpwr.target b/units/sigpwr.target new file mode 100644 index 0000000..beda318 --- /dev/null +++ b/units/sigpwr.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Power Failure +Documentation=man:systemd.special(7) diff --git a/units/sleep.target b/units/sleep.target new file mode 100644 index 0000000..a38a431 --- /dev/null +++ b/units/sleep.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Sleep +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes +StopWhenUnneeded=yes diff --git a/units/slices.target b/units/slices.target new file mode 100644 index 0000000..4517e35 --- /dev/null +++ b/units/slices.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Slices +Documentation=man:systemd.special(7) +Wants=-.slice system.slice +After=-.slice system.slice diff --git a/units/smartcard.target b/units/smartcard.target new file mode 100644 index 0000000..0c3fe72 --- /dev/null +++ b/units/smartcard.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Smart Card +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/sockets.target b/units/sockets.target new file mode 100644 index 0000000..c6e20d7 --- /dev/null +++ b/units/sockets.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Sockets +Documentation=man:systemd.special(7) diff --git a/units/sound.target b/units/sound.target new file mode 100644 index 0000000..99e68af --- /dev/null +++ b/units/sound.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Sound Card +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/suspend-then-hibernate.target b/units/suspend-then-hibernate.target new file mode 100644 index 0000000..e998763 --- /dev/null +++ b/units/suspend-then-hibernate.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Suspend; Hibernate if not used for a period of time +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-suspend-then-hibernate.service +After=systemd-suspend-then-hibernate.service +StopWhenUnneeded=yes diff --git a/units/suspend.target b/units/suspend.target new file mode 100644 index 0000000..bf228f9 --- /dev/null +++ b/units/suspend.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Suspend +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-suspend.service +After=systemd-suspend.service +StopWhenUnneeded=yes diff --git a/units/swap.target b/units/swap.target new file mode 100644 index 0000000..bcdd988 --- /dev/null +++ b/units/swap.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Swap +Documentation=man:systemd.special(7) diff --git a/units/sys-fs-fuse-connections.mount b/units/sys-fs-fuse-connections.mount new file mode 100644 index 0000000..ca48fd5 --- /dev/null +++ b/units/sys-fs-fuse-connections.mount @@ -0,0 +1,32 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=FUSE Control File System +Documentation=https://www.kernel.org/doc/Documentation/filesystems/fuse.txt +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +ConditionPathExists=/sys/fs/fuse/connections +ConditionCapability=CAP_SYS_ADMIN +ConditionVirtualization=!private-users +Before=sysinit.target + +# These dependencies are used to make certain that the module is fully +# loaded. Indeed udev starts this unit when it receives an uevent for the +# module but the kernel sends it too early, ie before the init() of the module +# is fully operational and /sys/fs/fuse/connections is created, see issue#17586. + +After=modprobe@fuse.service +Requires=modprobe@fuse.service + +[Mount] +What=fusectl +Where=/sys/fs/fuse/connections +Type=fusectl +Options=nosuid,nodev,noexec diff --git a/units/sys-kernel-config.mount b/units/sys-kernel-config.mount new file mode 100644 index 0000000..b99b4f4 --- /dev/null +++ b/units/sys-kernel-config.mount @@ -0,0 +1,31 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Kernel Configuration File System +Documentation=https://www.kernel.org/doc/Documentation/filesystems/configfs/configfs.txt +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +ConditionPathExists=/sys/kernel/config +ConditionCapability=CAP_SYS_RAWIO +Before=sysinit.target + +# These dependencies are used to make certain that the module is fully +# loaded. Indeed udev starts this unit when it receives an uevent for the +# module but the kernel sends it too early, ie before the init() of the module +# is fully operational and /sys/kernel/config is created, see issue#17586. + +After=modprobe@configfs.service +Requires=modprobe@configfs.service + +[Mount] +What=configfs +Where=/sys/kernel/config +Type=configfs +Options=nosuid,nodev,noexec diff --git a/units/sys-kernel-debug.mount b/units/sys-kernel-debug.mount new file mode 100644 index 0000000..d03837b --- /dev/null +++ b/units/sys-kernel-debug.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Kernel Debug File System +Documentation=https://www.kernel.org/doc/Documentation/filesystems/debugfs.txt +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +ConditionPathExists=/sys/kernel/debug +ConditionCapability=CAP_SYS_RAWIO +Before=sysinit.target + +[Mount] +What=debugfs +Where=/sys/kernel/debug +Type=debugfs +Options=nosuid,nodev,noexec diff --git a/units/sys-kernel-tracing.mount b/units/sys-kernel-tracing.mount new file mode 100644 index 0000000..8800c96 --- /dev/null +++ b/units/sys-kernel-tracing.mount @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Kernel Trace File System +Documentation=https://www.kernel.org/doc/Documentation/trace/ftrace.txt +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +ConditionVirtualization=!lxc +ConditionPathExists=/sys/kernel/tracing +ConditionCapability=CAP_SYS_RAWIO +Before=sysinit.target + +[Mount] +What=tracefs +Where=/sys/kernel/tracing +Type=tracefs +Options=nosuid,nodev,noexec diff --git a/units/sysinit.target b/units/sysinit.target new file mode 100644 index 0000000..eed3d16 --- /dev/null +++ b/units/sysinit.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Initialization +Documentation=man:systemd.special(7) +Conflicts=emergency.service emergency.target +Wants=local-fs.target swap.target +After=local-fs.target swap.target emergency.service emergency.target diff --git a/units/syslog.socket b/units/syslog.socket new file mode 100644 index 0000000..ff76bc5 --- /dev/null +++ b/units/syslog.socket @@ -0,0 +1,47 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Syslog Socket +Documentation=man:systemd.special(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/syslog +DefaultDependencies=no +Before=sockets.target + +# Don't allow logging until the very end +Conflicts=shutdown.target +Before=shutdown.target + +# Don't try to activate syslog.service if sysinit.target has failed. +Conflicts=emergency.service +Before=emergency.service + +[Socket] +ListenDatagram=/run/systemd/journal/syslog +SocketMode=0666 +PassCredentials=yes +PassSecurity=yes +ReceiveBuffer=8M + +# The default syslog implementation should make syslog.service a +# symlink to itself, so that this socket activates the right actual +# syslog service. +# +# Examples: +# +# /etc/systemd/system/syslog.service -> /lib/systemd/system/rsyslog.service +# /etc/systemd/system/syslog.service -> /lib/systemd/system/syslog-ng.service +# +# Best way to achieve that is by adding this to your unit file +# (i.e. to rsyslog.service or syslog-ng.service): +# +# [Install] +# Alias=syslog.service +# +# See https://www.freedesktop.org/wiki/Software/systemd/syslog for details. diff --git a/units/system-systemd\x2dcryptsetup.slice b/units/system-systemd\x2dcryptsetup.slice new file mode 100644 index 0000000..9369b73 --- /dev/null +++ b/units/system-systemd\x2dcryptsetup.slice @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cryptsetup Units Slice +Documentation=man:systemd.special(7) +DefaultDependencies=no diff --git a/units/system-update-cleanup.service b/units/system-update-cleanup.service new file mode 100644 index 0000000..d0878dc --- /dev/null +++ b/units/system-update-cleanup.service @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remove the Offline System Updates Symlink +Documentation=man:systemd.special(7) man:systemd.offline-updates(7) +After=system-update.target +DefaultDependencies=no +Conflicts=shutdown.target +Before=shutdown.target +SuccessAction=reboot + +# system-update-generator uses laccess("/system-update"), while a plain +# ConditionPathExists=/system-update uses access("/system-update"), so +# we need an alternate condition to cover the case of a dangling symlink. +# +# This service is only invoked if /system-update exists, i.e. if the +# condition tested by system-update-generator remains true and the system +# would be diverted into system-update.target again after reboot. This way +# we guard against being diverted into system-update.target again, which +# works as a safety measure, but we will not step on the toes of the +# update script if it successfully removed the symlink and scheduled a +# reboot or some other action on its own. +ConditionPathExists=|/system-update +ConditionPathIsSymbolicLink=|/system-update + +[Service] +Type=oneshot +ExecStart=/bin/rm -fv /system-update diff --git a/units/system-update-pre.target b/units/system-update-pre.target new file mode 100644 index 0000000..0410138 --- /dev/null +++ b/units/system-update-pre.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Offline System Update (Pre) +Documentation=man:systemd.offline-updates(7) +Documentation=man:systemd.special(7) man:systemd-system-update-generator(8) +RefuseManualStart=yes +After=sysinit.target diff --git a/units/system-update.target b/units/system-update.target new file mode 100644 index 0000000..dcddfc2 --- /dev/null +++ b/units/system-update.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Offline System Update +Documentation=man:systemd.offline-updates(7) +Documentation=man:systemd.special(7) man:systemd-system-update-generator(8) +Requires=sysinit.target +After=sysinit.target system-update-pre.target +AllowIsolate=yes +Wants=system-update-cleanup.service diff --git a/units/systemd-ask-password-console.path b/units/systemd-ask-password-console.path new file mode 100644 index 0000000..a7aac83 --- /dev/null +++ b/units/systemd-ask-password-console.path @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Dispatch Password Requests to Console Directory Watch +Documentation=man:systemd-ask-password-console.service(8) +DefaultDependencies=no +Conflicts=shutdown.target emergency.service +After=plymouth-start.service +Before=paths.target shutdown.target cryptsetup.target +ConditionPathExists=!/run/plymouth/pid + +[Path] +DirectoryNotEmpty=/run/systemd/ask-password +MakeDirectory=yes diff --git a/units/systemd-ask-password-console.service b/units/systemd-ask-password-console.service new file mode 100644 index 0000000..d31f3fa --- /dev/null +++ b/units/systemd-ask-password-console.service @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Dispatch Password Requests to Console +Documentation=man:systemd-ask-password-console.service(8) +DefaultDependencies=no +Conflicts=shutdown.target emergency.service +After=plymouth-start.service systemd-vconsole-setup.service +Before=shutdown.target +ConditionPathExists=!/run/plymouth/pid + +[Service] +ExecStart=systemd-tty-ask-password-agent --watch --console +SystemCallArchitectures=native diff --git a/units/systemd-ask-password-wall.path b/units/systemd-ask-password-wall.path new file mode 100644 index 0000000..c82cfd2 --- /dev/null +++ b/units/systemd-ask-password-wall.path @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Forward Password Requests to Wall Directory Watch +Documentation=man:systemd-ask-password-console.service(8) +DefaultDependencies=no +Conflicts=shutdown.target emergency.service +Before=paths.target shutdown.target cryptsetup.target + +[Path] +DirectoryNotEmpty=/run/systemd/ask-password +MakeDirectory=yes diff --git a/units/systemd-ask-password-wall.service b/units/systemd-ask-password-wall.service new file mode 100644 index 0000000..6a70b58 --- /dev/null +++ b/units/systemd-ask-password-wall.service @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Forward Password Requests to Wall +Documentation=man:systemd-ask-password-console.service(8) +After=systemd-user-sessions.service + +[Service] +ExecStartPre=-systemctl stop systemd-ask-password-console.path systemd-ask-password-console.service systemd-ask-password-plymouth.path systemd-ask-password-plymouth.service +ExecStart=systemd-tty-ask-password-agent --wall +SystemCallArchitectures=native diff --git a/units/systemd-backlight@.service.in b/units/systemd-backlight@.service.in new file mode 100644 index 0000000..317aa38 --- /dev/null +++ b/units/systemd-backlight@.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load/Save Screen Backlight Brightness of %i +Documentation=man:systemd-backlight@.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-backlight load %i +ExecStop=@rootlibexecdir@/systemd-backlight save %i +TimeoutSec=90s +StateDirectory=systemd/backlight diff --git a/units/systemd-binfmt.service.in b/units/systemd-binfmt.service.in new file mode 100644 index 0000000..ca76750 --- /dev/null +++ b/units/systemd-binfmt.service.in @@ -0,0 +1,32 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Set Up Additional Binary Formats +Documentation=man:systemd-binfmt.service(8) man:binfmt.d(5) +Documentation=https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Conflicts=shutdown.target +After=proc-sys-fs-binfmt_misc.automount +After=proc-sys-fs-binfmt_misc.mount +Before=sysinit.target shutdown.target +ConditionPathIsReadWrite=/proc/sys/ +ConditionDirectoryNotEmpty=|/lib/binfmt.d +ConditionDirectoryNotEmpty=|/usr/lib/binfmt.d +ConditionDirectoryNotEmpty=|/usr/local/lib/binfmt.d +ConditionDirectoryNotEmpty=|/etc/binfmt.d +ConditionDirectoryNotEmpty=|/run/binfmt.d + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-binfmt +ExecStop=@rootlibexecdir@/systemd-binfmt --unregister +TimeoutSec=90s diff --git a/units/systemd-bless-boot.service.in b/units/systemd-bless-boot.service.in new file mode 100644 index 0000000..601588f --- /dev/null +++ b/units/systemd-bless-boot.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Mark the Current Boot Loader Entry as Good +Documentation=man:systemd-bless-boot.service(8) +DefaultDependencies=no +Requires=boot-complete.target +After=local-fs.target boot-complete.target +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-bless-boot good diff --git a/units/systemd-boot-check-no-failures.service.in b/units/systemd-boot-check-no-failures.service.in new file mode 100644 index 0000000..1bf74c2 --- /dev/null +++ b/units/systemd-boot-check-no-failures.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Check if Any System Units Failed +Documentation=man:systemd-boot-check-no-failures.service(8) +After=default.target graphical.target multi-user.target +Before=boot-complete.target +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-boot-check-no-failures + +[Install] +RequiredBy=boot-complete.target diff --git a/units/systemd-boot-system-token.service b/units/systemd-boot-system-token.service new file mode 100644 index 0000000..55f05ec --- /dev/null +++ b/units/systemd-boot-system-token.service @@ -0,0 +1,34 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Store a System Token in an EFI Variable +Documentation=man:systemd-boot-system-token.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs.target systemd-random-seed.service +Before=shutdown.target + +# Don't run this in a VM environment, because there EFI variables are not +# actually stored in NVRAM, independent of regular storage. +ConditionVirtualization=no + +# Only run this if the boot loader can support random seed initialization. +ConditionPathExists=/sys/firmware/efi/efivars/LoaderFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +# Only run this if there is no system token defined yet, or … +ConditionPathExists=|!/sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +# … if the boot loader didn't pass the OS a random seed (and thus probably was missing the random seed file) +ConditionPathExists=|!/sys/firmware/efi/efivars/LoaderRandomSeed-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=bootctl random-seed --graceful diff --git a/units/systemd-coredump.socket b/units/systemd-coredump.socket new file mode 100644 index 0000000..922358f --- /dev/null +++ b/units/systemd-coredump.socket @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Process Core Dump Socket +Documentation=man:systemd-coredump(8) +DefaultDependencies=no + +[Socket] +ListenSequentialPacket=/run/systemd/coredump +SocketMode=0600 +Accept=yes +MaxConnections=16 diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in new file mode 100644 index 0000000..219f207 --- /dev/null +++ b/units/systemd-coredump@.service.in @@ -0,0 +1,45 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Process Core Dump +Documentation=man:systemd-coredump(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-journald.socket +Requires=systemd-journald.socket +Before=shutdown.target + +[Service] +ExecStart=-@rootlibexecdir@/systemd-coredump +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +Nice=9 +NoNewPrivileges=yes +OOMScoreAdjust=500 +PrivateDevices=yes +PrivateNetwork=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectKernelLogs=yes +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeMaxSec=5min +StateDirectory=systemd/coredump +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service diff --git a/units/systemd-exit.service b/units/systemd-exit.service new file mode 100644 index 0000000..df6e671 --- /dev/null +++ b/units/systemd-exit.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Exit the Container +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target +SuccessAction=exit-force diff --git a/units/systemd-firstboot.service b/units/systemd-firstboot.service new file mode 100644 index 0000000..2fea883 --- /dev/null +++ b/units/systemd-firstboot.service @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=First Boot Wizard +Documentation=man:systemd-firstboot(1) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-remount-fs.service +Before=systemd-sysusers.service sysinit.target first-boot-complete.target shutdown.target +Wants=first-boot-complete.target +ConditionPathIsReadWrite=/etc +ConditionFirstBoot=yes + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-firstboot --prompt-locale --prompt-timezone --prompt-root-password +StandardOutput=tty +StandardInput=tty +StandardError=tty diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in new file mode 100644 index 0000000..c4a2948 --- /dev/null +++ b/units/systemd-fsck-root.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=File System Check on Root Device +Documentation=man:systemd-fsck-root.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=local-fs.target shutdown.target +ConditionPathIsReadWrite=!/ + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-fsck +TimeoutSec=0 diff --git a/units/systemd-fsck@.service.in b/units/systemd-fsck@.service.in new file mode 100644 index 0000000..6d9c9ab --- /dev/null +++ b/units/systemd-fsck@.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=File System Check on %f +Documentation=man:systemd-fsck@.service(8) +DefaultDependencies=no +BindsTo=%i.device +Conflicts=shutdown.target +After=%i.device systemd-fsck-root.service local-fs-pre.target +Before=systemd-quotacheck.service shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-fsck %f +TimeoutSec=0 diff --git a/units/systemd-halt.service b/units/systemd-halt.service new file mode 100644 index 0000000..37bfe28 --- /dev/null +++ b/units/systemd-halt.service @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Halt +Documentation=man:systemd-halt.service(8) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target + +[Service] +Type=oneshot +ExecStart=systemctl --force halt diff --git a/units/systemd-hibernate-resume@.service.in b/units/systemd-hibernate-resume@.service.in new file mode 100644 index 0000000..85e0c88 --- /dev/null +++ b/units/systemd-hibernate-resume@.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Resume from hibernation using device %f +Documentation=man:systemd-hibernate-resume@.service(8) +DefaultDependencies=no +BindsTo=%i.device +Wants=local-fs-pre.target +After=%i.device +Before=local-fs-pre.target +AssertPathExists=/etc/initrd-release + +[Service] +Type=oneshot +ExecStart=@rootlibexecdir@/systemd-hibernate-resume %f diff --git a/units/systemd-hibernate.service.in b/units/systemd-hibernate.service.in new file mode 100644 index 0000000..3096541 --- /dev/null +++ b/units/systemd-hibernate.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Hibernate +Documentation=man:systemd-suspend.service(8) +DefaultDependencies=no +Requires=sleep.target +After=sleep.target + +[Service] +Type=oneshot +ExecStart=@rootlibexecdir@/systemd-sleep hibernate diff --git a/units/systemd-homed-activate.service b/units/systemd-homed-activate.service new file mode 100644 index 0000000..b16fedb --- /dev/null +++ b/units/systemd-homed-activate.service @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Home Area Activation +Documentation=man:systemd-homed.service(8) +After=home.mount systemd-homed.service +Before=systemd-user-sessions.service + +[Service] +ExecStop=homectl deactivate-all +RemainAfterExit=true +Type=oneshot + +[Install] +WantedBy=systemd-homed.service +Also=systemd-homed.service diff --git a/units/systemd-homed.service.in b/units/systemd-homed.service.in new file mode 100644 index 0000000..5ac53ca --- /dev/null +++ b/units/systemd-homed.service.in @@ -0,0 +1,42 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Home Area Manager +Documentation=man:systemd-homed.service(8) +Documentation=man:org.freedesktop.home1(5) + +After=home.mount + +[Service] +BusName=org.freedesktop.home1 +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE +DeviceAllow=/dev/loop-control rw +DeviceAllow=/dev/mapper/control rw +DeviceAllow=block-* rw +ExecStart=@rootlibexecdir@/systemd-homed +IPAddressDeny=any +KillMode=mixed +LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_ALG +RestrictNamespaces=mnt +RestrictRealtime=yes +StateDirectory=systemd/home +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @mount +@SERVICE_WATCHDOG@ + +[Install] +WantedBy=multi-user.target +Alias=dbus-org.freedesktop.home1.service +Also=systemd-homed-activate.service systemd-userdbd.service diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in new file mode 100644 index 0000000..d3d0efe --- /dev/null +++ b/units/systemd-hostnamed.service.in @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Hostname Service +Documentation=man:systemd-hostnamed.service(8) +Documentation=man:hostname(5) +Documentation=man:machine-info(5) +Documentation=man:org.freedesktop.resolve1(5) + +[Service] +BusName=org.freedesktop.hostname1 +CapabilityBoundingSet=CAP_SYS_ADMIN +ExecStart=@rootlibexecdir@/systemd-hostnamed +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateNetwork=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +ReadWritePaths=/etc +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service sethostname +@SERVICE_WATCHDOG@ diff --git a/units/systemd-hwdb-update.service.in b/units/systemd-hwdb-update.service.in new file mode 100644 index 0000000..57398e5 --- /dev/null +++ b/units/systemd-hwdb-update.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rebuild Hardware Database +Documentation=man:hwdb(7) man:systemd-hwdb(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-remount-fs.service +Before=sysinit.target shutdown.target systemd-update-done.service +ConditionNeedsUpdate=/etc +ConditionPathExists=|!@udevlibexecdir@/hwdb.bin +ConditionPathExists=|/etc/udev/hwdb.bin +ConditionDirectoryNotEmpty=|/etc/udev/hwdb.d/ + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-hwdb update +TimeoutSec=90s diff --git a/units/systemd-hybrid-sleep.service.in b/units/systemd-hybrid-sleep.service.in new file mode 100644 index 0000000..6fe37da --- /dev/null +++ b/units/systemd-hybrid-sleep.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Hybrid Suspend+Hibernate +Documentation=man:systemd-suspend.service(8) +DefaultDependencies=no +Requires=sleep.target +After=sleep.target + +[Service] +Type=oneshot +ExecStart=@rootlibexecdir@/systemd-sleep hybrid-sleep diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in new file mode 100644 index 0000000..afe3956 --- /dev/null +++ b/units/systemd-importd.service.in @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Virtual Machine and Container Download Service +Documentation=man:systemd-importd.service(8) +Documentation=man:org.freedesktop.import1(5) + +[Service] +ExecStart=@rootlibexecdir@/systemd-importd +BusName=org.freedesktop.import1 +KillMode=mixed +CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE +NoNewPrivileges=yes +MemoryDenyWriteExecute=yes +ProtectHostname=yes +RestrictRealtime=yes +RestrictNamespaces=net +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +SystemCallFilter=@system-service @mount +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +LockPersonality=yes +@SERVICE_WATCHDOG@ diff --git a/units/systemd-initctl.service.in b/units/systemd-initctl.service.in new file mode 100644 index 0000000..6367433 --- /dev/null +++ b/units/systemd-initctl.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=initctl Compatibility Daemon +Documentation=man:systemd-initctl.service(8) +DefaultDependencies=no + +[Service] +ExecStart=@rootlibexecdir@/systemd-initctl +NoNewPrivileges=yes +NotifyAccess=all +SystemCallArchitectures=native diff --git a/units/systemd-initctl.socket b/units/systemd-initctl.socket new file mode 100644 index 0000000..598a67f --- /dev/null +++ b/units/systemd-initctl.socket @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=initctl Compatibility Named Pipe +Documentation=man:systemd-initctl.service(8) +DefaultDependencies=no +Before=sockets.target + +[Socket] +ListenFIFO=/run/initctl +Symlinks=/dev/initctl +SocketMode=0600 diff --git a/units/systemd-journal-catalog-update.service b/units/systemd-journal-catalog-update.service new file mode 100644 index 0000000..4779256 --- /dev/null +++ b/units/systemd-journal-catalog-update.service @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rebuild Journal Catalog +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs.target systemd-tmpfiles-setup.service +Before=sysinit.target shutdown.target systemd-update-done.service +ConditionNeedsUpdate=/var + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=journalctl --update-catalog +TimeoutSec=90s diff --git a/units/systemd-journal-flush.service b/units/systemd-journal-flush.service new file mode 100644 index 0000000..1a71592 --- /dev/null +++ b/units/systemd-journal-flush.service @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Flush Journal to Persistent Storage +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Requires=systemd-journald.service +After=systemd-journald.service systemd-remount-fs.service +Before=systemd-tmpfiles-setup.service +RequiresMountsFor=/var/log/journal + +[Service] +ExecStart=journalctl --flush +ExecStop=journalctl --smart-relinquish-var +Type=oneshot +RemainAfterExit=yes +TimeoutSec=90s diff --git a/units/systemd-journal-gatewayd.service.in b/units/systemd-journal-gatewayd.service.in new file mode 100644 index 0000000..7944d6f --- /dev/null +++ b/units/systemd-journal-gatewayd.service.in @@ -0,0 +1,41 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Gateway Service +Documentation=man:systemd-journal-gatewayd(8) +Requires=systemd-journal-gatewayd.socket + +[Service] +DynamicUser=yes +ExecStart=@rootlibexecdir@/systemd-journal-gatewayd +LockPersonality=yes +MemoryDenyWriteExecute=yes +PrivateDevices=yes +PrivateNetwork=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +SupplementaryGroups=systemd-journal +SystemCallArchitectures=native +User=systemd-journal-gateway + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE=@HIGH_RLIMIT_NOFILE@ + +[Install] +Also=systemd-journal-gatewayd.socket diff --git a/units/systemd-journal-gatewayd.socket b/units/systemd-journal-gatewayd.socket new file mode 100644 index 0000000..30e74e3 --- /dev/null +++ b/units/systemd-journal-gatewayd.socket @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Gateway Service Socket +Documentation=man:systemd-journal-gatewayd(8) + +[Socket] +ListenStream=19531 + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in new file mode 100644 index 0000000..e48df81 --- /dev/null +++ b/units/systemd-journal-remote.service.in @@ -0,0 +1,46 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Remote Sink Service +Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5) +Requires=systemd-journal-remote.socket + +[Service] +ExecStart=@rootlibexecdir@/systemd-journal-remote --listen-https=-3 --output=/var/log/journal/remote/ +LockPersonality=yes +LogsDirectory=journal/remote +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateNetwork=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +User=systemd-journal-remote +@SERVICE_WATCHDOG@ + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE=@HIGH_RLIMIT_NOFILE@ + +[Install] +Also=systemd-journal-remote.socket diff --git a/units/systemd-journal-remote.socket b/units/systemd-journal-remote.socket new file mode 100644 index 0000000..2956819 --- /dev/null +++ b/units/systemd-journal-remote.socket @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Remote Sink Socket + +[Socket] +ListenStream=19532 + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in new file mode 100644 index 0000000..ba6b6e7 --- /dev/null +++ b/units/systemd-journal-upload.service.in @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Remote Upload Service +Documentation=man:systemd-journal-upload(8) +Wants=network-online.target +After=network-online.target + +[Service] +DynamicUser=yes +ExecStart=@rootlibexecdir@/systemd-journal-upload --save-state +LockPersonality=yes +MemoryDenyWriteExecute=yes +PrivateDevices=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +StateDirectory=systemd/journal-upload +SupplementaryGroups=systemd-journal +SystemCallArchitectures=native +User=systemd-journal-upload +@SERVICE_WATCHDOG@ + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE=@HIGH_RLIMIT_NOFILE@ + +[Install] +WantedBy=multi-user.target diff --git a/units/systemd-journald-audit.socket b/units/systemd-journald-audit.socket new file mode 100644 index 0000000..f0c0aeb --- /dev/null +++ b/units/systemd-journald-audit.socket @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Audit Socket +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target +ConditionSecurity=audit +ConditionCapability=CAP_AUDIT_READ + +[Socket] +Service=systemd-journald.service +ReceiveBuffer=128M +ListenNetlink=audit 1 +PassCredentials=yes diff --git a/units/systemd-journald-dev-log.socket b/units/systemd-journald-dev-log.socket new file mode 100644 index 0000000..93e8b25 --- /dev/null +++ b/units/systemd-journald-dev-log.socket @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Socket (/dev/log) +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target + +# Mount and swap units need this. If this socket unit is removed by an +# isolate request the mount and swap units would be removed too, +# hence let's exclude this from isolate requests. +IgnoreOnIsolate=yes + +[Socket] +ListenDatagram=/run/systemd/journal/dev-log +PassCredentials=yes +PassSecurity=yes +Service=systemd-journald.service +SocketMode=0666 +Symlinks=/dev/log +Timestamping=us + +# Increase both the send and receive buffer, so that things don't +# block early. Note that journald internally uses the this socket both +# for receiving syslog messages, and for forwarding them to any other +# syslog, hence we bump both values. +ReceiveBuffer=8M +SendBuffer=8M diff --git a/units/systemd-journald-varlink@.socket b/units/systemd-journald-varlink@.socket new file mode 100644 index 0000000..05d8cf6 --- /dev/null +++ b/units/systemd-journald-varlink@.socket @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Varlink Socket for Namespace %i +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +StopWhenUnneeded=yes + +[Socket] +Service=systemd-journald@%i.service +ListenStream=/run/systemd/journal.%i/io.systemd.journal +SocketMode=0600 diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in new file mode 100644 index 0000000..c743254 --- /dev/null +++ b/units/systemd-journald.service.in @@ -0,0 +1,51 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Service +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Requires=systemd-journald.socket +After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket +Before=sysinit.target + +[Service] +DeviceAllow=char-* rw +ExecStart=@rootlibexecdir@/systemd-journald +FileDescriptorStoreMax=4224 +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +OOMScoreAdjust=-250 +ProtectClock=yes +Restart=always +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/journal +RuntimeDirectoryPreserve=yes +Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket +StandardOutput=null +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +@SERVICE_WATCHDOG@ + +# In case you're wondering why CAP_SYS_PTRACE is needed, access to +# /proc/<pid>/exe requires this capability. Thus if this capability is missing +# the _EXE=/OBJECT_EXE= fields will be missing from the journal entries. +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE=@HIGH_RLIMIT_NOFILE@ diff --git a/units/systemd-journald.socket b/units/systemd-journald.socket new file mode 100644 index 0000000..ada3520 --- /dev/null +++ b/units/systemd-journald.socket @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Socket +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target + +# Mount and swap units need this. If this socket unit is removed by an +# isolate request the mount and swap units would be removed too, +# hence let's exclude this from isolate requests. +IgnoreOnIsolate=yes + +[Socket] +ListenDatagram=/run/systemd/journal/socket +ListenStream=/run/systemd/journal/stdout +PassCredentials=yes +PassSecurity=yes +ReceiveBuffer=8M +Service=systemd-journald.service +SocketMode=0666 +Timestamping=us diff --git a/units/systemd-journald@.service.in b/units/systemd-journald@.service.in new file mode 100644 index 0000000..14a217d --- /dev/null +++ b/units/systemd-journald@.service.in @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Service for Namespace %i +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +Requires=systemd-journald@%i.socket systemd-journald-varlink@%i.socket +After=systemd-journald@%i.socket systemd-journald-varlink@%i.socket + +[Service] +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE +DevicePolicy=closed +ExecStart=@rootlibexecdir@/systemd-journald %i +FileDescriptorStoreMax=4224 +Group=systemd-journal +IPAddressDeny=any +LockPersonality=yes +LogsDirectory=journal/%m.%i +LogsDirectoryMode=02755 +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/journal.%i +RuntimeDirectoryPreserve=yes +Sockets=systemd-journald@%i.socket +StandardOutput=null +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +@SERVICE_WATCHDOG@ + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE=@HIGH_RLIMIT_NOFILE@ diff --git a/units/systemd-journald@.socket b/units/systemd-journald@.socket new file mode 100644 index 0000000..60c025f --- /dev/null +++ b/units/systemd-journald@.socket @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Socket for Namespace %i +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +StopWhenUnneeded=yes + +[Socket] +Service=systemd-journald@%i.service +ListenStream=/run/systemd/journal.%i/stdout +ListenDatagram=/run/systemd/journal.%i/socket +ListenDatagram=/run/systemd/journal.%i/dev-log +SocketMode=0666 +PassCredentials=yes +PassSecurity=yes +ReceiveBuffer=8M +SendBuffer=8M diff --git a/units/systemd-kexec.service b/units/systemd-kexec.service new file mode 100644 index 0000000..0aa7933 --- /dev/null +++ b/units/systemd-kexec.service @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot via kexec +Documentation=man:systemd-halt.service(8) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target + +[Service] +Type=oneshot +ExecStart=systemctl --force kexec diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in new file mode 100644 index 0000000..652b956 --- /dev/null +++ b/units/systemd-localed.service.in @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Locale Service +Documentation=man:systemd-localed.service(8) +Documentation=man:locale.conf(5) +Documentation=man:vconsole.conf(5) +Documentation=man:org.freedesktop.locale1(5) + +[Service] +BusName=org.freedesktop.locale1 +CapabilityBoundingSet= +ExecStart=@rootlibexecdir@/systemd-localed +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateNetwork=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +ReadWritePaths=/etc +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +@SERVICE_WATCHDOG@ diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in new file mode 100644 index 0000000..f131b60 --- /dev/null +++ b/units/systemd-logind.service.in @@ -0,0 +1,65 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Login Management +Documentation=man:sd-login(3) +Documentation=man:systemd-logind.service(8) +Documentation=man:logind.conf(5) +Documentation=man:org.freedesktop.login1(5) + +Wants=user.slice modprobe@drm.service +After=nss-user-lookup.target user.slice modprobe@drm.service + +# Ask for the dbus socket. +Wants=dbus.socket +After=dbus.socket + +[Service] +BusName=org.freedesktop.login1 +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG CAP_LINUX_IMMUTABLE +DeviceAllow=block-* r +DeviceAllow=char-/dev/console rw +DeviceAllow=char-drm rw +DeviceAllow=char-input rw +DeviceAllow=char-tty rw +DeviceAllow=char-vcs rw +ExecStart=@rootlibexecdir@/systemd-logind +FileDescriptorStoreMax=512 +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectSystem=strict +ReadWritePaths=/etc /run +Restart=always +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/sessions systemd/seats systemd/users systemd/inhibit systemd/shutdown +RuntimeDirectoryPreserve=yes +StateDirectory=systemd/linger +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +@SERVICE_WATCHDOG@ + +# Increase the default a bit in order to allow many simultaneous logins since +# we keep one fd open per session. +LimitNOFILE=@HIGH_RLIMIT_NOFILE@ diff --git a/units/systemd-machine-id-commit.service b/units/systemd-machine-id-commit.service new file mode 100644 index 0000000..89e0613 --- /dev/null +++ b/units/systemd-machine-id-commit.service @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Commit a transient machine-id on disk +Documentation=man:systemd-machine-id-commit.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=shutdown.target +After=local-fs.target first-boot-complete.target +ConditionPathIsReadWrite=/etc +ConditionPathIsMountPoint=/etc/machine-id + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-machine-id-setup --commit +TimeoutSec=30s diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in new file mode 100644 index 0000000..56c9532 --- /dev/null +++ b/units/systemd-machined.service.in @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Virtual Machine and Container Registration Service +Documentation=man:systemd-machined.service(8) +Documentation=man:org.freedesktop.machine1(5) + +Wants=machine.slice +After=machine.slice +RequiresMountsFor=/var/lib/machines + +[Service] +BusName=org.freedesktop.machine1 +CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD +ExecStart=@rootlibexecdir@/systemd-machined +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +ProtectHostname=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +RestrictRealtime=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @mount +@SERVICE_WATCHDOG@ + +# Note that machined cannot be placed in a mount namespace, since it +# needs access to the host's mount namespace in order to implement the +# "machinectl bind" operation. diff --git a/units/systemd-modules-load.service.in b/units/systemd-modules-load.service.in new file mode 100644 index 0000000..fdb5b3a --- /dev/null +++ b/units/systemd-modules-load.service.in @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load Kernel Modules +Documentation=man:systemd-modules-load.service(8) man:modules-load.d(5) +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target +ConditionCapability=CAP_SYS_MODULE +ConditionDirectoryNotEmpty=|/lib/modules-load.d +ConditionDirectoryNotEmpty=|/usr/lib/modules-load.d +ConditionDirectoryNotEmpty=|/usr/local/lib/modules-load.d +ConditionDirectoryNotEmpty=|/etc/modules-load.d +ConditionDirectoryNotEmpty=|/run/modules-load.d +ConditionKernelCommandLine=|modules-load +ConditionKernelCommandLine=|rd.modules-load + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-modules-load +TimeoutSec=90s diff --git a/units/systemd-network-generator.service.in b/units/systemd-network-generator.service.in new file mode 100644 index 0000000..bda8426 --- /dev/null +++ b/units/systemd-network-generator.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Generate network units from Kernel command line +Documentation=man:systemd-network-generator.service(8) +DefaultDependencies=no +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-network-generator + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-networkd-wait-online.service.in b/units/systemd-networkd-wait-online.service.in new file mode 100644 index 0000000..d868e77 --- /dev/null +++ b/units/systemd-networkd-wait-online.service.in @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Wait for Network to be Configured +Documentation=man:systemd-networkd-wait-online.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +Requires=systemd-networkd.service +After=systemd-networkd.service +Before=network-online.target shutdown.target + +[Service] +Type=oneshot +ExecStart=@rootlibexecdir@/systemd-networkd-wait-online +RemainAfterExit=yes + +[Install] +WantedBy=network-online.target diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in new file mode 100644 index 0000000..9834b06 --- /dev/null +++ b/units/systemd-networkd.service.in @@ -0,0 +1,62 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Service +Documentation=man:systemd-networkd.service(8) +ConditionCapability=CAP_NET_ADMIN +DefaultDependencies=no +# systemd-udevd.service can be dropped once tuntap is moved to netlink +After=systemd-networkd.socket systemd-udevd.service network-pre.target systemd-sysusers.service systemd-sysctl.service +Before=network.target multi-user.target shutdown.target +Conflicts=shutdown.target +Wants=systemd-networkd.socket network.target + +[Service] +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW +BusName=org.freedesktop.network1 +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW +DeviceAllow=char-* rw +ExecStart=!!@rootlibexecdir@/systemd-networkd +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +ProtectProc=invisible +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectSystem=strict +Restart=on-failure +RestartKillSignal=SIGUSR2 +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET AF_ALG +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/netif +RuntimeDirectoryPreserve=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +User=systemd-network +@SERVICE_WATCHDOG@ + +[Install] +WantedBy=multi-user.target +Also=systemd-networkd.socket +Alias=dbus-org.freedesktop.network1.service + +# We want to enable systemd-networkd-wait-online.service whenever this service +# is enabled. systemd-networkd-wait-online.service has +# WantedBy=network-online.target, so enabling it only has an effect if +# network-online.target itself is enabled or pulled in by some other unit. +Also=systemd-networkd-wait-online.service diff --git a/units/systemd-networkd.socket b/units/systemd-networkd.socket new file mode 100644 index 0000000..aa9ad7e --- /dev/null +++ b/units/systemd-networkd.socket @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Service Netlink Socket +Documentation=man:systemd-networkd.service(8) man:rtnetlink(7) +ConditionCapability=CAP_NET_ADMIN +DefaultDependencies=no +Before=sockets.target + +[Socket] +ReceiveBuffer=128M +ListenNetlink=route 1361 +PassPacketInfo=yes + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in new file mode 100644 index 0000000..a6551f9 --- /dev/null +++ b/units/systemd-nspawn@.service.in @@ -0,0 +1,50 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Container %i +Documentation=man:systemd-nspawn(1) +Wants=modprobe@tun.service modprobe@loop.service modprobe@dm-mod.service +PartOf=machines.target +Before=machines.target +After=network.target systemd-resolved.service modprobe@tun.service modprobe@loop.service modprobe@dm-mod.service +RequiresMountsFor=/var/lib/machines/%i + +[Service] +# Make sure the DeviceAllow= lines below can properly resolve the 'block-loop' expression (and others) +ExecStart=systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth -U --settings=override --machine=%i +KillMode=mixed +Type=notify +RestartForceExitStatus=133 +SuccessExitStatus=133 +Slice=machine.slice +Delegate=yes +TasksMax=16384 +@SERVICE_WATCHDOG@ + +# Enforce a strict device policy, similar to the one nspawn configures when it +# allocates its own scope unit. Make sure to keep these policies in sync if you +# change them! +DevicePolicy=closed +DeviceAllow=/dev/net/tun rwm +DeviceAllow=char-pts rw + +# nspawn itself needs access to /dev/loop-control and /dev/loop, to implement +# the --image= option. Add these here, too. +DeviceAllow=/dev/loop-control rw +DeviceAllow=block-loop rw +DeviceAllow=block-blkext rw + +# nspawn can set up LUKS encrypted loopback files, in which case it needs +# access to /dev/mapper/control and the block devices /dev/mapper/*. +DeviceAllow=/dev/mapper/control rw +DeviceAllow=block-device-mapper rw + +[Install] +WantedBy=machines.target diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in new file mode 100644 index 0000000..fd7c8d2 --- /dev/null +++ b/units/systemd-oomd.service.in @@ -0,0 +1,54 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Userspace Out-Of-Memory (OOM) Killer +Documentation=man:systemd-oomd.service(8) +DefaultDependencies=no +Before=multi-user.target shutdown.target +Conflicts=shutdown.target + +[Service] +AmbientCapabilities=CAP_KILL CAP_DAC_OVERRIDE +BusName=org.freedesktop.oom1 +CapabilityBoundingSet=CAP_KILL CAP_DAC_OVERRIDE +ExecStart=@rootlibexecdir@/systemd-oomd +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +# Reserve some minimum amount of memory so that systemd-oomd can continue to +# run in resource starved scenarios. +MemoryMin=64M +MemoryLow=64M +NoNewPrivileges=yes +OOMScoreAdjust=-900 +PrivateDevices=yes +PrivateTmp=yes +ProtectClock=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +Restart=on-failure +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +User=systemd-oom +@SERVICE_WATCHDOG@ + +[Install] +WantedBy=multi-user.target +Alias=dbus-org.freedesktop.oom1.service diff --git a/units/systemd-portabled.service.in b/units/systemd-portabled.service.in new file mode 100644 index 0000000..e00a006 --- /dev/null +++ b/units/systemd-portabled.service.in @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Portable Service Manager +Documentation=man:systemd-portabled.service(8) +RequiresMountsFor=/var/lib/portables + +[Service] +ExecStart=@rootlibexecdir@/systemd-portabled +BusName=org.freedesktop.portable1 +CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD +MemoryDenyWriteExecute=yes +ProtectHostname=yes +ProtectKernelLogs=yes +RestrictRealtime=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +SystemCallFilter=@system-service @mount +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +LockPersonality=yes +IPAddressDeny=any +@SERVICE_WATCHDOG@ diff --git a/units/systemd-poweroff.service b/units/systemd-poweroff.service new file mode 100644 index 0000000..bb2ddb0 --- /dev/null +++ b/units/systemd-poweroff.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Power-Off +Documentation=man:systemd-halt.service(8) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target +SuccessAction=poweroff-force diff --git a/units/systemd-pstore.service.in b/units/systemd-pstore.service.in new file mode 100644 index 0000000..624ee70 --- /dev/null +++ b/units/systemd-pstore.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Platform Persistent Storage Archival +Documentation=man:systemd-pstore(8) +ConditionDirectoryNotEmpty=/sys/fs/pstore +ConditionVirtualization=!container +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target + +[Service] +Type=oneshot +ExecStart=@rootlibexecdir@/systemd-pstore +RemainAfterExit=yes +StateDirectory=systemd/pstore + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-quotacheck.service.in b/units/systemd-quotacheck.service.in new file mode 100644 index 0000000..3e10378 --- /dev/null +++ b/units/systemd-quotacheck.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=File System Quota Check +Documentation=man:systemd-quotacheck.service(8) +DefaultDependencies=no +After=systemd-remount-fs.service +Before=remote-fs.target shutdown.target +ConditionPathExists=@QUOTACHECK@ + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-quotacheck +TimeoutSec=0 diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in new file mode 100644 index 0000000..a7d4acb --- /dev/null +++ b/units/systemd-random-seed.service.in @@ -0,0 +1,31 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load/Save Random Seed +Documentation=man:systemd-random-seed.service(8) man:random(4) +DefaultDependencies=no +RequiresMountsFor=@RANDOM_SEED@ +Conflicts=shutdown.target +After=systemd-remount-fs.service +Before=first-boot-complete.target shutdown.target +Wants=first-boot-complete.target +ConditionVirtualization=!container + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-random-seed load +ExecStop=@rootlibexecdir@/systemd-random-seed save + +# This service waits until the kernel's entropy pool is initialized, and may be +# used as ordering barrier for service that require an initialized entropy +# pool. Since initialization can take a while on entropy-starved systems, let's +# increase the timeout substantially here. +TimeoutSec=10min diff --git a/units/systemd-reboot.service b/units/systemd-reboot.service new file mode 100644 index 0000000..b50a792 --- /dev/null +++ b/units/systemd-reboot.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot +Documentation=man:systemd-halt.service(8) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target +SuccessAction=reboot-force diff --git a/units/systemd-remount-fs.service.in b/units/systemd-remount-fs.service.in new file mode 100644 index 0000000..51985a7 --- /dev/null +++ b/units/systemd-remount-fs.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remount Root and Kernel File Systems +Documentation=man:systemd-remount-fs.service(8) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-fsck-root.service +Before=local-fs-pre.target local-fs.target shutdown.target +Wants=local-fs-pre.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-remount-fs diff --git a/units/systemd-repart.service.in b/units/systemd-repart.service.in new file mode 100644 index 0000000..a556583 --- /dev/null +++ b/units/systemd-repart.service.in @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Repartition Root Disk +Documentation=man:systemd-repart.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=sysroot.mount +Before=initrd-root-fs.target shutdown.target +ConditionVirtualization=!container +ConditionDirectoryNotEmpty=|/usr/lib/repart.d +ConditionDirectoryNotEmpty=|/usr/local/lib/repart.d +ConditionDirectoryNotEmpty=|/etc/repart.d +ConditionDirectoryNotEmpty=|/run/repart.d + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootbindir@/systemd-repart --dry-run=no + +# The tool returns 77 if there's no existing GPT partition table +SuccessExitStatus=77 diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in new file mode 100644 index 0000000..29adb6b --- /dev/null +++ b/units/systemd-resolved.service.in @@ -0,0 +1,58 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Name Resolution +Documentation=man:systemd-resolved.service(8) +Documentation=man:org.freedesktop.resolve1(5) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers +Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients + +DefaultDependencies=no +After=systemd-sysusers.service systemd-networkd.service +Before=network.target nss-lookup.target shutdown.target +Conflicts=shutdown.target +Wants=nss-lookup.target + +[Service] +AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE +BusName=org.freedesktop.resolve1 +CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE +ExecStart=!!@rootlibexecdir@/systemd-resolved +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +Restart=always +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/resolve +RuntimeDirectoryPreserve=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +User=systemd-resolve +@SERVICE_WATCHDOG@ + +[Install] +WantedBy=multi-user.target +Alias=dbus-org.freedesktop.resolve1.service diff --git a/units/systemd-rfkill.service.in b/units/systemd-rfkill.service.in new file mode 100644 index 0000000..40a80a0 --- /dev/null +++ b/units/systemd-rfkill.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load/Save RF Kill Switch Status +Documentation=man:systemd-rfkill.service(8) +DefaultDependencies=no +BindsTo=sys-devices-virtual-misc-rfkill.device +Conflicts=shutdown.target +After=sys-devices-virtual-misc-rfkill.device +Before=shutdown.target + +[Service] +ExecStart=@rootlibexecdir@/systemd-rfkill +NoNewPrivileges=yes +StateDirectory=systemd/rfkill +TimeoutSec=30s +Type=notify diff --git a/units/systemd-rfkill.socket b/units/systemd-rfkill.socket new file mode 100644 index 0000000..4ca8d6f --- /dev/null +++ b/units/systemd-rfkill.socket @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load/Save RF Kill Switch Status /dev/rfkill Watch +Documentation=man:systemd-rfkill.socket(8) +DefaultDependencies=no +BindsTo=sys-devices-virtual-misc-rfkill.device +After=sys-devices-virtual-misc-rfkill.device systemd-remount-fs.service +RequiresMountsFor=/var/lib/systemd/rfkill +Conflicts=shutdown.target +Before=shutdown.target + +[Socket] +ListenSpecial=/dev/rfkill +Writable=yes diff --git a/units/systemd-suspend-then-hibernate.service.in b/units/systemd-suspend-then-hibernate.service.in new file mode 100644 index 0000000..3f811e7 --- /dev/null +++ b/units/systemd-suspend-then-hibernate.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Suspend; Hibernate if not used for a period of time +Documentation=man:systemd-suspend.service(8) +DefaultDependencies=no +Requires=sleep.target +After=sleep.target + +[Service] +Type=oneshot +ExecStart=@rootlibexecdir@/systemd-sleep suspend-then-hibernate diff --git a/units/systemd-suspend.service.in b/units/systemd-suspend.service.in new file mode 100644 index 0000000..40cc83e --- /dev/null +++ b/units/systemd-suspend.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Suspend +Documentation=man:systemd-suspend.service(8) +DefaultDependencies=no +Requires=sleep.target +After=sleep.target + +[Service] +Type=oneshot +ExecStart=@rootlibexecdir@/systemd-sleep suspend diff --git a/units/systemd-sysctl.service.in b/units/systemd-sysctl.service.in new file mode 100644 index 0000000..c4a34a8 --- /dev/null +++ b/units/systemd-sysctl.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Apply Kernel Variables +Documentation=man:systemd-sysctl.service(8) man:sysctl.d(5) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-modules-load.service +Before=sysinit.target shutdown.target +ConditionPathIsReadWrite=/proc/sys/net/ + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-sysctl +TimeoutSec=90s diff --git a/units/systemd-sysusers.service b/units/systemd-sysusers.service new file mode 100644 index 0000000..ff5b3db --- /dev/null +++ b/units/systemd-sysusers.service @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create System Users +Documentation=man:sysusers.d(5) man:systemd-sysusers.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-remount-fs.service +Before=sysinit.target shutdown.target systemd-update-done.service +ConditionNeedsUpdate=/etc + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-sysusers +TimeoutSec=90s diff --git a/units/systemd-time-wait-sync.service.in b/units/systemd-time-wait-sync.service.in new file mode 100644 index 0000000..212d0e5 --- /dev/null +++ b/units/systemd-time-wait-sync.service.in @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Wait Until Kernel Time Synchronized +Documentation=man:systemd-time-wait-sync.service(8) + +# Note that this tool doesn't need CAP_SYS_TIME itself, but it's primary +# usecase is to run in conjunction with a local NTP service such as +# systemd-timesyncd.service, which is conditioned this way. There might be +# niche usecases where running this service independently is desired, but let's +# make this all "just work" for the general case, and leave it to local +# modifications to make it work in the remaining cases. + +ConditionCapability=CAP_SYS_TIME +ConditionVirtualization=!container + +DefaultDependencies=no +Before=time-sync.target shutdown.target +Wants=time-sync.target +Conflicts=shutdown.target + +[Service] +Type=oneshot +ExecStart=@rootlibexecdir@/systemd-time-wait-sync +TimeoutStartSec=infinity +RemainAfterExit=yes + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in new file mode 100644 index 0000000..6f47617 --- /dev/null +++ b/units/systemd-timedated.service.in @@ -0,0 +1,42 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Time & Date Service +Documentation=man:systemd-timedated.service(8) +Documentation=man:localtime(5) +Documentation=man:org.freedesktop.timedate1(5) + +[Service] +BusName=org.freedesktop.timedate1 +CapabilityBoundingSet=CAP_SYS_TIME +DeviceAllow=char-rtc r +ExecStart=@rootlibexecdir@/systemd-timedated +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +ReadWritePaths=/etc +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @clock +@SERVICE_WATCHDOG@ diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in new file mode 100644 index 0000000..62120d8 --- /dev/null +++ b/units/systemd-timesyncd.service.in @@ -0,0 +1,56 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Time Synchronization +Documentation=man:systemd-timesyncd.service(8) +ConditionCapability=CAP_SYS_TIME +ConditionVirtualization=!container +DefaultDependencies=no +After=systemd-sysusers.service +Before=time-set.target sysinit.target shutdown.target +Conflicts=shutdown.target +Wants=time-set.target time-sync.target + +[Service] +AmbientCapabilities=CAP_SYS_TIME +BusName=org.freedesktop.timesync1 +CapabilityBoundingSet=CAP_SYS_TIME +ExecStart=!!@rootlibexecdir@/systemd-timesyncd +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +Restart=always +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/timesync +StateDirectory=systemd/timesync +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @clock +Type=notify +User=systemd-timesync +@SERVICE_WATCHDOG@ + +[Install] +WantedBy=sysinit.target +Alias=dbus-org.freedesktop.timesync1.service diff --git a/units/systemd-tmpfiles-clean.service b/units/systemd-tmpfiles-clean.service new file mode 100644 index 0000000..e962954 --- /dev/null +++ b/units/systemd-tmpfiles-clean.service @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cleanup of Temporary Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs.target time-set.target +Before=shutdown.target + +[Service] +Type=oneshot +ExecStart=systemd-tmpfiles --clean +SuccessExitStatus=DATAERR +IOSchedulingClass=idle diff --git a/units/systemd-tmpfiles-clean.timer b/units/systemd-tmpfiles-clean.timer new file mode 100644 index 0000000..6c6cfe7 --- /dev/null +++ b/units/systemd-tmpfiles-clean.timer @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Daily Cleanup of Temporary Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + +[Timer] +OnBootSec=15min +OnUnitActiveSec=1d diff --git a/units/systemd-tmpfiles-setup-dev.service b/units/systemd-tmpfiles-setup-dev.service new file mode 100644 index 0000000..0babe78 --- /dev/null +++ b/units/systemd-tmpfiles-setup-dev.service @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create Static Device Nodes in /dev +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-sysusers.service +Before=sysinit.target local-fs-pre.target systemd-udevd.service shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-tmpfiles --prefix=/dev --create --boot +SuccessExitStatus=DATAERR CANTCREAT diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service new file mode 100644 index 0000000..3f028d2 --- /dev/null +++ b/units/systemd-tmpfiles-setup.service @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create Volatile Files and Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs.target systemd-sysusers.service systemd-journald.service +Before=sysinit.target shutdown.target +RefuseManualStop=yes + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev +SuccessExitStatus=DATAERR CANTCREAT diff --git a/units/systemd-udev-settle.service b/units/systemd-udev-settle.service new file mode 100644 index 0000000..994c47f --- /dev/null +++ b/units/systemd-udev-settle.service @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This service can dynamically be pulled-in by legacy services which +# cannot reliably cope with dynamic device configurations, and wrongfully +# expect a populated /dev during bootup. + +[Unit] +Description=Wait for udev To Complete Device Initialization +Documentation=man:systemd-udev-settle.service(8) +DefaultDependencies=no +Wants=systemd-udevd.service +After=systemd-udev-trigger.service +Before=sysinit.target +ConditionPathIsReadWrite=/sys + +[Service] +Type=oneshot +TimeoutSec=180 +RemainAfterExit=yes +ExecStart=udevadm settle diff --git a/units/systemd-udev-trigger.service b/units/systemd-udev-trigger.service new file mode 100644 index 0000000..8b2d88e --- /dev/null +++ b/units/systemd-udev-trigger.service @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Coldplug All udev Devices +Documentation=man:udev(7) man:systemd-udevd.service(8) +DefaultDependencies=no +Wants=systemd-udevd.service +After=systemd-udevd-kernel.socket systemd-udevd-control.socket +Before=sysinit.target +ConditionPathIsReadWrite=/sys + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=udevadm trigger --type=subsystems --action=add +ExecStart=udevadm trigger --type=devices --action=add diff --git a/units/systemd-udevd-control.socket b/units/systemd-udevd-control.socket new file mode 100644 index 0000000..a9d5a4d --- /dev/null +++ b/units/systemd-udevd-control.socket @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=udev Control Socket +Documentation=man:systemd-udevd.service(8) man:udev(7) +DefaultDependencies=no +Before=sockets.target +ConditionPathIsReadWrite=/sys + +[Socket] +Service=systemd-udevd.service +ListenSequentialPacket=/run/udev/control +SocketMode=0600 +PassCredentials=yes +RemoveOnStop=yes diff --git a/units/systemd-udevd-kernel.socket b/units/systemd-udevd-kernel.socket new file mode 100644 index 0000000..f636aeb --- /dev/null +++ b/units/systemd-udevd-kernel.socket @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=udev Kernel Socket +Documentation=man:systemd-udevd.service(8) man:udev(7) +DefaultDependencies=no +Before=sockets.target +ConditionPathIsReadWrite=/sys + +[Socket] +Service=systemd-udevd.service +ReceiveBuffer=128M +ListenNetlink=kobject-uevent 1 +PassCredentials=yes diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in new file mode 100644 index 0000000..f3458d9 --- /dev/null +++ b/units/systemd-udevd.service.in @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rule-based Manager for Device Events and Files +Documentation=man:systemd-udevd.service(8) man:udev(7) +DefaultDependencies=no +After=systemd-sysusers.service systemd-hwdb-update.service +Before=sysinit.target +ConditionPathIsReadWrite=/sys + +[Service] +DeviceAllow=block-* rwm +DeviceAllow=char-* rwm +Type=notify +# Note that udev will reset the value internally for its workers +OOMScoreAdjust=-1000 +Sockets=systemd-udevd-control.socket systemd-udevd-kernel.socket +Restart=always +RestartSec=0 +ExecStart=@rootlibexecdir@/systemd-udevd +ExecReload=udevadm control --reload --timeout 0 +KillMode=mixed +TasksMax=infinity +PrivateMounts=yes +ProtectClock=yes +ProtectHostname=yes +MemoryDenyWriteExecute=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallFilter=@system-service @module @raw-io +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +LockPersonality=yes +IPAddressDeny=any +@SERVICE_WATCHDOG@ diff --git a/units/systemd-update-done.service.in b/units/systemd-update-done.service.in new file mode 100644 index 0000000..b4aa746 --- /dev/null +++ b/units/systemd-update-done.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Update is Completed +Documentation=man:systemd-update-done.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs.target +Before=sysinit.target shutdown.target +ConditionNeedsUpdate=|/etc +ConditionNeedsUpdate=|/var + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-update-done diff --git a/units/systemd-update-utmp-runlevel.service.in b/units/systemd-update-utmp-runlevel.service.in new file mode 100644 index 0000000..042145c --- /dev/null +++ b/units/systemd-update-utmp-runlevel.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Update UTMP about System Runlevel Changes +Documentation=man:systemd-update-utmp.service(8) man:utmp(5) +DefaultDependencies=no +RequiresMountsFor=/var/log/wtmp +Conflicts=shutdown.target +Requisite=systemd-update-utmp.service +After=systemd-update-utmp.service +After=runlevel1.target runlevel2.target runlevel3.target runlevel4.target runlevel5.target +Before=shutdown.target + +[Service] +Type=oneshot +ExecStart=@rootlibexecdir@/systemd-update-utmp runlevel diff --git a/units/systemd-update-utmp.service.in b/units/systemd-update-utmp.service.in new file mode 100644 index 0000000..e2fa2d8 --- /dev/null +++ b/units/systemd-update-utmp.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Update UTMP about System Boot/Shutdown +Documentation=man:systemd-update-utmp.service(8) man:utmp(5) +DefaultDependencies=no +RequiresMountsFor=/var/log/wtmp +Conflicts=shutdown.target +After=systemd-remount-fs.service systemd-tmpfiles-setup.service auditd.service +Before=sysinit.target shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-update-utmp reboot +ExecStop=@rootlibexecdir@/systemd-update-utmp shutdown diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in new file mode 100644 index 0000000..b15a651 --- /dev/null +++ b/units/systemd-user-sessions.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Permit User Sessions +Documentation=man:systemd-user-sessions.service(8) +After=remote-fs.target nss-user-lookup.target network.target home.mount + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-user-sessions start +ExecStop=@rootlibexecdir@/systemd-user-sessions stop diff --git a/units/systemd-userdbd.service.in b/units/systemd-userdbd.service.in new file mode 100644 index 0000000..9b36a17 --- /dev/null +++ b/units/systemd-userdbd.service.in @@ -0,0 +1,45 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Database Manager +Documentation=man:systemd-userdbd.service(8) +Requires=systemd-userdbd.socket +After=systemd-userdbd.socket +Before=sysinit.target +DefaultDependencies=no + +[Service] +CapabilityBoundingSet=CAP_DAC_READ_SEARCH +ExecStart=@rootlibexecdir@/systemd-userdbd +IPAddressDeny=any +LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +@SERVICE_WATCHDOG@ + +[Install] +Also=systemd-userdbd.socket diff --git a/units/systemd-userdbd.socket b/units/systemd-userdbd.socket new file mode 100644 index 0000000..50235dd --- /dev/null +++ b/units/systemd-userdbd.socket @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Database Manager Socket +Documentation=man:systemd-userdbd.service(8) +DefaultDependencies=no +Before=sockets.target + +[Socket] +ListenStream=/run/systemd/userdb/io.systemd.Multiplexer +Symlinks=/run/systemd/userdb/io.systemd.NameServiceSwitch +SocketMode=0666 + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-vconsole-setup.service.in b/units/systemd-vconsole-setup.service.in new file mode 100644 index 0000000..45da056 --- /dev/null +++ b/units/systemd-vconsole-setup.service.in @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Setup Virtual Console +Documentation=man:systemd-vconsole-setup.service(8) man:vconsole.conf(5) +DefaultDependencies=no +Before=initrd-switch-root.target shutdown.target +ConditionPathExists=/dev/tty0 + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-vconsole-setup diff --git a/units/systemd-volatile-root.service.in b/units/systemd-volatile-root.service.in new file mode 100644 index 0000000..5ecc702 --- /dev/null +++ b/units/systemd-volatile-root.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Enforce Volatile Root File Systems +Documentation=man:systemd-volatile-root.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=sysroot.mount systemd-repart.service +Before=initrd-root-fs.target shutdown.target +AssertPathExists=/etc/initrd-release + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-volatile-root yes /sysroot diff --git a/units/time-set.target b/units/time-set.target new file mode 100644 index 0000000..daac8ef --- /dev/null +++ b/units/time-set.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Time Set +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/time-sync.target b/units/time-sync.target new file mode 100644 index 0000000..e730bbd --- /dev/null +++ b/units/time-sync.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Time Synchronized +Documentation=man:systemd.special(7) +RefuseManualStart=yes +After=time-set.target +Wants=time-set.target diff --git a/units/timers.target b/units/timers.target new file mode 100644 index 0000000..99f82e3 --- /dev/null +++ b/units/timers.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Timers +Documentation=man:systemd.special(7) + +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/tmp.mount b/units/tmp.mount new file mode 100644 index 0000000..a8e5851 --- /dev/null +++ b/units/tmp.mount @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Temporary Directory (/tmp) +Documentation=https://systemd.io/TEMPORARY_DIRECTORIES +Documentation=man:file-hierarchy(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +ConditionPathIsSymbolicLink=!/tmp +DefaultDependencies=no +Conflicts=umount.target +Before=local-fs.target umount.target +After=swap.target + +[Mount] +What=tmpfs +Where=/tmp +Type=tmpfs +Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=400k diff --git a/units/umount.target b/units/umount.target new file mode 100644 index 0000000..319b503 --- /dev/null +++ b/units/umount.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Unmount All Filesystems +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes diff --git a/units/usb-gadget.target b/units/usb-gadget.target new file mode 100644 index 0000000..46de5b8 --- /dev/null +++ b/units/usb-gadget.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Hardware activated USB gadget +Documentation=man:systemd.special(7) diff --git a/units/user-.slice.d/10-defaults.conf b/units/user-.slice.d/10-defaults.conf new file mode 100644 index 0000000..cb3651b --- /dev/null +++ b/units/user-.slice.d/10-defaults.conf @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Slice of UID %j +Documentation=man:user@.service(5) +After=systemd-user-sessions.service +StopWhenUnneeded=yes + +[Slice] +TasksMax=33% diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in new file mode 100644 index 0000000..ff23e01 --- /dev/null +++ b/units/user-runtime-dir@.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Runtime Directory /run/user/%i +Documentation=man:user@.service(5) +After=systemd-user-sessions.service dbus.service +StopWhenUnneeded=yes +IgnoreOnIsolate=yes + +[Service] +ExecStart=@rootlibexecdir@/systemd-user-runtime-dir start %i +ExecStop=@rootlibexecdir@/systemd-user-runtime-dir stop %i +Type=oneshot +RemainAfterExit=yes +Slice=user-%i.slice diff --git a/units/user.slice b/units/user.slice new file mode 100644 index 0000000..3e49064 --- /dev/null +++ b/units/user.slice @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User and Session Slice +Documentation=man:systemd.special(7) +Before=slices.target diff --git a/units/user/app.slice b/units/user/app.slice new file mode 100644 index 0000000..0c73135 --- /dev/null +++ b/units/user/app.slice @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Application Slice +Documentation=man:systemd.special(7) diff --git a/units/user/background.slice b/units/user/background.slice new file mode 100644 index 0000000..8f2a094 --- /dev/null +++ b/units/user/background.slice @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Background Tasks Slice +Documentation=man:systemd.special(7) diff --git a/units/user/basic.target b/units/user/basic.target new file mode 100644 index 0000000..6c79304 --- /dev/null +++ b/units/user/basic.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Basic System +Documentation=man:systemd.special(7) +Wants=sockets.target timers.target paths.target +After=sockets.target timers.target paths.target diff --git a/units/user/bluetooth.target b/units/user/bluetooth.target new file mode 100644 index 0000000..8333c23 --- /dev/null +++ b/units/user/bluetooth.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Bluetooth +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/user/default.target b/units/user/default.target new file mode 100644 index 0000000..b182431 --- /dev/null +++ b/units/user/default.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Main User Target +Documentation=man:systemd.special(7) +Requires=basic.target +After=basic.target +AllowIsolate=yes diff --git a/units/user/exit.target b/units/user/exit.target new file mode 100644 index 0000000..ec2dde2 --- /dev/null +++ b/units/user/exit.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Exit the Session +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-exit.service +After=systemd-exit.service +AllowIsolate=yes diff --git a/units/user/graphical-session-pre.target b/units/user/graphical-session-pre.target new file mode 100644 index 0000000..4b9e3dc --- /dev/null +++ b/units/user/graphical-session-pre.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Session services which should run early before the graphical session is brought up +Documentation=man:systemd.special(7) +Requires=basic.target +Before=graphical-session.target +RefuseManualStart=yes +StopWhenUnneeded=yes diff --git a/units/user/graphical-session.target b/units/user/graphical-session.target new file mode 100644 index 0000000..1f8fafc --- /dev/null +++ b/units/user/graphical-session.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Current graphical user session +Documentation=man:systemd.special(7) +Requires=basic.target +RefuseManualStart=yes +StopWhenUnneeded=yes diff --git a/units/user/meson.build b/units/user/meson.build new file mode 100644 index 0000000..337a920 --- /dev/null +++ b/units/user/meson.build @@ -0,0 +1,33 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +units = [ + 'app.slice', + 'background.slice', + 'basic.target', + 'bluetooth.target', + 'default.target', + 'exit.target', + 'graphical-session-pre.target', + 'graphical-session.target', + 'paths.target', + 'printer.target', + 'session.slice', + 'shutdown.target', + 'smartcard.target', + 'sockets.target', + 'sound.target', + 'systemd-exit.service', + 'systemd-tmpfiles-clean.service', + 'systemd-tmpfiles-clean.timer', + 'systemd-tmpfiles-setup.service', + 'timers.target', +] + +if conf.get('ENABLE_XDG_AUTOSTART') == 1 + units += [ 'xdg-desktop-autostart.target', ] +endif + +foreach file : units + install_data(file, + install_dir : userunitdir) +endforeach diff --git a/units/user/paths.target b/units/user/paths.target new file mode 100644 index 0000000..1bec148 --- /dev/null +++ b/units/user/paths.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Paths +Documentation=man:systemd.special(7) diff --git a/units/user/printer.target b/units/user/printer.target new file mode 100644 index 0000000..c695669 --- /dev/null +++ b/units/user/printer.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Printer +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/user/session.slice b/units/user/session.slice new file mode 100644 index 0000000..3d99d51 --- /dev/null +++ b/units/user/session.slice @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Core Session Slice +Documentation=man:systemd.special(7) diff --git a/units/user/shutdown.target b/units/user/shutdown.target new file mode 100644 index 0000000..582ae6b --- /dev/null +++ b/units/user/shutdown.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Shutdown +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes diff --git a/units/user/smartcard.target b/units/user/smartcard.target new file mode 100644 index 0000000..0c3fe72 --- /dev/null +++ b/units/user/smartcard.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Smart Card +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/user/sockets.target b/units/user/sockets.target new file mode 100644 index 0000000..c6e20d7 --- /dev/null +++ b/units/user/sockets.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Sockets +Documentation=man:systemd.special(7) diff --git a/units/user/sound.target b/units/user/sound.target new file mode 100644 index 0000000..99e68af --- /dev/null +++ b/units/user/sound.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Sound Card +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/user/systemd-exit.service b/units/user/systemd-exit.service new file mode 100644 index 0000000..1872525 --- /dev/null +++ b/units/user/systemd-exit.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Exit the Session +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=shutdown.target +After=shutdown.target +SuccessAction=exit-force + +[Service] +# Place into the root slice to not keep another slice unit alive +Slice=-.slice diff --git a/units/user/systemd-tmpfiles-clean.service b/units/user/systemd-tmpfiles-clean.service new file mode 100644 index 0000000..6a93707 --- /dev/null +++ b/units/user/systemd-tmpfiles-clean.service @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cleanup of User's Temporary Files and Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=basic.target shutdown.target + +[Service] +Type=oneshot +ExecStart=systemd-tmpfiles --user --clean +SuccessExitStatus=DATAERR +IOSchedulingClass=idle +Slice=background.slice diff --git a/units/user/systemd-tmpfiles-clean.timer b/units/user/systemd-tmpfiles-clean.timer new file mode 100644 index 0000000..f8f6ef4 --- /dev/null +++ b/units/user/systemd-tmpfiles-clean.timer @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Daily Cleanup of User's Temporary Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + +[Timer] +OnStartupSec=5min +OnUnitActiveSec=1d + +[Install] +WantedBy=timers.target diff --git a/units/user/systemd-tmpfiles-setup.service b/units/user/systemd-tmpfiles-setup.service new file mode 100644 index 0000000..156689e --- /dev/null +++ b/units/user/systemd-tmpfiles-setup.service @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create User's Volatile Files and Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=basic.target shutdown.target +RefuseManualStop=yes + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-tmpfiles --user --create --remove --boot +SuccessExitStatus=DATAERR + +[Install] +WantedBy=basic.target diff --git a/units/user/timers.target b/units/user/timers.target new file mode 100644 index 0000000..99f82e3 --- /dev/null +++ b/units/user/timers.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Timers +Documentation=man:systemd.special(7) + +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/user/xdg-desktop-autostart.target b/units/user/xdg-desktop-autostart.target new file mode 100644 index 0000000..1be7c4b --- /dev/null +++ b/units/user/xdg-desktop-autostart.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Startup of XDG autostart applications +Documentation=man:systemd.special(7) +RefuseManualStart=yes +StopWhenUnneeded=yes diff --git a/units/user@.service.in b/units/user@.service.in new file mode 100644 index 0000000..8c6c6d1 --- /dev/null +++ b/units/user@.service.in @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Manager for UID %i +Documentation=man:user@.service(5) +After=systemd-user-sessions.service user-runtime-dir@%i.service dbus.service +Requires=user-runtime-dir@%i.service +IgnoreOnIsolate=yes + +[Service] +User=%i +PAMName=systemd-user +Type=notify +ExecStart=@rootlibexecdir@/systemd --user +Slice=user-%i.slice +KillMode=mixed +Delegate=pids memory +TasksMax=infinity +TimeoutStopSec=120s +KeyringMode=inherit diff --git a/units/var-lib-machines.mount b/units/var-lib-machines.mount new file mode 100644 index 0000000..82ebfa5 --- /dev/null +++ b/units/var-lib-machines.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This unit is required for pre-240 versions of systemd that automatically set +# up /var/lib/machines.raw as loopback-mounted btrfs file system. Later +# versions don't do that anymore, but let's keep minimal compatibility by +# mounting the image still, if it exists. + +[Unit] +Description=Virtual Machine and Container Storage (Compatibility) +ConditionPathExists=/var/lib/machines.raw + +[Mount] +What=/var/lib/machines.raw +Where=/var/lib/machines +Type=btrfs +Options=loop |