diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-16 18:20:20 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-16 18:20:20 +0000 |
commit | 8612d3d858fa108e5732a586d4e2d0227ae34422 (patch) | |
tree | 33e7f8b3d5caa6c44b4d6759cb25d3eff4b2d975 /mkosi.extra/usr | |
parent | Adding debian version 256.2-1. (diff) | |
download | systemd-8612d3d858fa108e5732a586d4e2d0227ae34422.tar.xz systemd-8612d3d858fa108e5732a586d4e2d0227ae34422.zip |
Merging upstream version 256.4.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'mkosi.extra/usr')
8 files changed, 79 insertions, 0 deletions
diff --git a/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf b/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf new file mode 100644 index 0000000..657ac72 --- /dev/null +++ b/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf @@ -0,0 +1,4 @@ +# Ubuntu since Noble disables unprivileged user namespaces by default, re-enable them as they are needed +# for integration tests +kernel.apparmor_restrict_unprivileged_unconfined = 0 +kernel.apparmor_restrict_unprivileged_userns = 0 diff --git a/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf b/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf new file mode 100644 index 0000000..3baede4 --- /dev/null +++ b/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Journal] +RateLimitIntervalSec=0 +RateLimitBurst=0 diff --git a/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset new file mode 100644 index 0000000..5a15e6b --- /dev/null +++ b/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset @@ -0,0 +1,41 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# mkosi adds its own ssh units via the --ssh switch so disable the default ones. +disable ssh.service +disable sshd.service + +# These are started manually in integration tests so don't start them by default. +disable dnsmasq.service +disable isc-dhcp-server.service +disable isc-dhcp-server6.service + +# Pulled in via dracut-network by kexec-tools on Fedora. +disable NetworkManager* + +# Make sure dbus-broker is started by default on Debian/Ubuntu. +enable dbus-broker.service + +# systemd-networkd is disabled by default on Fedora so make sure it is enabled. +enable systemd-networkd.service +enable systemd-networkd-wait-online.service + +# systemd-resolved is disable by default on CentOS so make sure it is enabled. +enable systemd-resolved.service + +# We install dnf in some images but it's only going to be used rarely, +# so let's not have dnf create its cache. +disable dnf-makecache.* + +# We have journald to receive audit data so let's make sure we're not running auditd as well +disable auditd.service + +# systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead. +enable systemd-timesyncd.service + +# Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead. +disable iscsi.service +disable iscsid.socket +disable iscsiuio.socket + +# mkosi relabels the image itself so no need to do it on boot. +disable selinux-autorelabel-mark.service diff --git a/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset b/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset new file mode 100644 index 0000000..710ee7c --- /dev/null +++ b/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Make sure that services are disabled by default (primarily for Debian/Ubuntu). +disable * diff --git a/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf b/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf new file mode 100644 index 0000000..ebf7899 --- /dev/null +++ b/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# The iscsi-init.service calls `sh` which might, in certain circumstances, pull in instrumented systemd NSS +# modules causing `sh` to fail. Avoid the issue by setting LD_PRELOAD to load the sanitizer libraries if +# needed. +[Service] +EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf b/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf new file mode 100644 index 0000000..d0093b7 --- /dev/null +++ b/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Service] +PassEnvironment=SYSTEMD_UNIT_PATH diff --git a/mkosi.extra/usr/lib/tmpfiles.d/locale.conf b/mkosi.extra/usr/lib/tmpfiles.d/locale.conf new file mode 100644 index 0000000..e1a8e81 --- /dev/null +++ b/mkosi.extra/usr/lib/tmpfiles.d/locale.conf @@ -0,0 +1 @@ +L /etc/default/locale - - - - ../locale.conf diff --git a/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf b/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf new file mode 100644 index 0000000..ddd36ed --- /dev/null +++ b/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf @@ -0,0 +1,13 @@ +<?xml version="1.0"?> +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> + +<!-- + SPDX-License-Identifier: LGPL-2.1-or-later +--> + +<busconfig> + <policy user="root"> + <allow own="systemd.test.ExecStopPost"/> + </policy> +</busconfig> |