summaryrefslogtreecommitdiffstats
path: root/units/systemd-journald.service.in
diff options
context:
space:
mode:
Diffstat (limited to 'units/systemd-journald.service.in')
-rw-r--r--units/systemd-journald.service.in10
1 files changed, 8 insertions, 2 deletions
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index 37eeabc..4404af9 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -17,7 +17,10 @@ Before=sysinit.target
# To avoid journald SIGKILLed during soft-reboot and corrupting journals.
# See https://github.com/systemd/systemd/issues/30195
-Before=soft-reboot.target
+# Note, typically soft-reboot.target will be never reached,
+# and systemd-soft-reboot.service will trigger soft-reboot.
+# Hence, this must be stopped before systemd-soft-reboot.service.
+Before=soft-reboot.target systemd-soft-reboot.service
Conflicts=soft-reboot.target
# Mount and swap units need the journal socket units. If they were removed by
@@ -29,6 +32,9 @@ IgnoreOnIsolate=yes
DeviceAllow=char-* rw
ExecStart={{LIBEXECDIR}}/systemd-journald
FileDescriptorStoreMax=4224
+# Ensure services using StandardOutput=journal do not break when journald is stopped
+FileDescriptorStorePreserve=yes
+ImportCredential=journal.*
IPAddressDeny=any
LockPersonality=yes
MemoryDenyWriteExecute=yes
@@ -37,7 +43,7 @@ OOMScoreAdjust=-250
ProtectClock=yes
Restart=always
RestartSec=0
-RestrictAddressFamilies=AF_UNIX AF_NETLINK
+RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_VSOCK AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-16 10:02:29 +0000