diff options
Diffstat (limited to 'units')
249 files changed, 6673 insertions, 0 deletions
diff --git a/units/basic.target b/units/basic.target new file mode 100644 index 0000000..d8cdd5a --- /dev/null +++ b/units/basic.target @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Basic System +Documentation=man:systemd.special(7) +Requires=sysinit.target +Wants=sockets.target timers.target paths.target slices.target +After=sysinit.target sockets.target paths.target slices.target tmp.mount + +# We support /var, /tmp, /var/tmp, being on NFS, but we don't pull in +# remote-fs.target by default, hence pull them in explicitly here. Note that we +# require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as +# we support that unit being masked, and this should not be considered an error. +RequiresMountsFor=/var /var/tmp +Wants=tmp.mount diff --git a/units/blockdev@.target b/units/blockdev@.target new file mode 100644 index 0000000..f4034d3 --- /dev/null +++ b/units/blockdev@.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Block Device Preparation for %f +Documentation=man:systemd.special(7) + +DefaultDependencies=no +Conflicts=umount.target +Before=umount.target + +StopWhenUnneeded=yes diff --git a/units/bluetooth.target b/units/bluetooth.target new file mode 100644 index 0000000..ab23c85 --- /dev/null +++ b/units/bluetooth.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Bluetooth Support +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/boot-complete.target b/units/boot-complete.target new file mode 100644 index 0000000..f302384 --- /dev/null +++ b/units/boot-complete.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Boot Completion Check +Documentation=man:systemd.special(7) +Requires=sysinit.target +After=sysinit.target diff --git a/units/console-getty.service.in b/units/console-getty.service.in new file mode 100644 index 0000000..d64112b --- /dev/null +++ b/units/console-getty.service.in @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Console Getty +Documentation=man:agetty(8) man:systemd-getty-generator(8) +After=systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target +{% if HAVE_SYSV_COMPAT %} +After=rc-local.service +{% endif %} +Before=getty.target + +# OCI containers may be run without a console +ConditionPathExists=/dev/console + +[Service] +# The '-o' option value tells agetty to replace 'login' arguments with an option to preserve environment (-p), +# followed by '--' for safety, and then the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud - 115200,38400,9600 $TERM +Type=idle +Restart=always +UtmpIdentifier=cons +StandardInput=tty +StandardOutput=tty +TTYPath=/dev/console +TTYReset=yes +TTYVHangup=yes +{% if not ENABLE_LOGIND %} +KillMode=process +{% endif %} +IgnoreSIGPIPE=no +SendSIGHUP=yes +ImportCredential=agetty.* +ImportCredential=login.* + +[Install] +WantedBy=getty.target diff --git a/units/container-getty@.service.in b/units/container-getty@.service.in new file mode 100644 index 0000000..8847d73 --- /dev/null +++ b/units/container-getty@.service.in @@ -0,0 +1,46 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Container Getty on /dev/pts/%I +Documentation=man:agetty(8) man:systemd-getty-generator(8) +Documentation=man:machinectl(1) +After=systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target +{% if HAVE_SYSV_COMPAT %} +After=rc-local.service +{% endif %} +Before=getty.target +IgnoreOnIsolate=yes +ConditionPathExists=/dev/pts/%I + +# IgnoreOnIsolate is an issue: when someone isolates rescue.target, +# tradition expects that we shut down all but the main console. +Conflicts=rescue.service +Before=rescue.service + +[Service] +# The '-o' option value tells agetty to replace 'login' arguments with an option to preserve environment (-p), +# followed by '--' for safety, and then the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM +Type=idle +Restart=always +RestartSec=0 +UtmpIdentifier=pts/%I +StandardInput=tty +StandardOutput=tty +TTYPath=/dev/pts/%I +TTYReset=yes +TTYVHangup=yes +{% if not ENABLE_LOGIND %} +KillMode=process +{% endif %} +IgnoreSIGPIPE=no +SendSIGHUP=yes +ImportCredential=agetty.* +ImportCredential=login.* diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target new file mode 100644 index 0000000..6bb8ff7 --- /dev/null +++ b/units/cryptsetup-pre.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Encrypted Volumes (Pre) +Documentation=man:systemd.special(7) +RefuseManualStart=yes +Before=cryptsetup.target diff --git a/units/cryptsetup.target b/units/cryptsetup.target new file mode 100644 index 0000000..b8eecbd --- /dev/null +++ b/units/cryptsetup.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Encrypted Volumes +Documentation=man:systemd.special(7) diff --git a/units/debug-shell.service.in b/units/debug-shell.service.in new file mode 100644 index 0000000..2c2c8dd --- /dev/null +++ b/units/debug-shell.service.in @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Early root shell on {{DEBUGTTY}} FOR DEBUGGING ONLY +Documentation=man:systemd-debug-generator(8) +DefaultDependencies=no +IgnoreOnIsolate=yes +ConditionPathExists={{DEBUGTTY}} +After=systemd-vconsole-setup.service + +[Service] +Environment=TERM=linux +ExecStart={{SUSHELL}} +Restart=always +RestartSec=0 +StandardInput=tty +TTYPath={{DEBUGTTY}} +TTYReset=yes +TTYVHangup=yes +KillMode=process +IgnoreSIGPIPE=no +# bash ignores SIGTERM +KillSignal=SIGHUP + +# Unset locale for the console getty since the console has problems +# displaying some internationalized messages. +UnsetEnvironment=LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION + +[Install] +WantedBy=sysinit.target diff --git a/units/dev-hugepages.mount b/units/dev-hugepages.mount new file mode 100644 index 0000000..88cd89d --- /dev/null +++ b/units/dev-hugepages.mount @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Huge Pages File System +Documentation=https://docs.kernel.org/admin-guide/mm/hugetlbpage.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Before=sysinit.target +ConditionPathExists=/sys/kernel/mm/hugepages +ConditionCapability=CAP_SYS_ADMIN +ConditionVirtualization=!private-users + +[Mount] +What=hugetlbfs +Where=/dev/hugepages +Type=hugetlbfs +Options=nosuid,nodev diff --git a/units/dev-mqueue.mount b/units/dev-mqueue.mount new file mode 100644 index 0000000..02683a9 --- /dev/null +++ b/units/dev-mqueue.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=POSIX Message Queue File System +Documentation=man:mq_overview(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Before=sysinit.target +ConditionPathExists=/proc/sys/fs/mqueue +ConditionCapability=CAP_SYS_ADMIN + +[Mount] +What=mqueue +Where=/dev/mqueue +Type=mqueue +Options=nosuid,nodev,noexec diff --git a/units/emergency.service.in b/units/emergency.service.in new file mode 100644 index 0000000..8f70cbe --- /dev/null +++ b/units/emergency.service.in @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Emergency Shell +Documentation=man:sulogin(8) +DefaultDependencies=no +Conflicts=shutdown.target +Conflicts=rescue.service +Before=shutdown.target +Before=rescue.service + +[Service] +Environment=HOME=/root +WorkingDirectory=-/root +ExecStartPre=-{{BINDIR}}/plymouth --wait quit +ExecStart=-{{LIBEXECDIR}}/systemd-sulogin-shell emergency +Type=idle +StandardInput=tty-force +StandardOutput=inherit +StandardError=inherit +KillMode=process +IgnoreSIGPIPE=no +SendSIGHUP=yes diff --git a/units/emergency.target b/units/emergency.target new file mode 100644 index 0000000..e7f34be --- /dev/null +++ b/units/emergency.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Emergency Mode +Documentation=man:systemd.special(7) +Requires=emergency.service +After=emergency.service +AllowIsolate=yes diff --git a/units/exit.target b/units/exit.target new file mode 100644 index 0000000..f8a22e5 --- /dev/null +++ b/units/exit.target @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Exit the Container +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-exit.service +After=systemd-exit.service +AllowIsolate=yes + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/factory-reset.target b/units/factory-reset.target new file mode 100644 index 0000000..d2c35ee --- /dev/null +++ b/units/factory-reset.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Factory Reset +Documentation=man:systemd.special(7) diff --git a/units/final.target b/units/final.target new file mode 100644 index 0000000..36cea57 --- /dev/null +++ b/units/final.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Late Shutdown Services +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes +After=shutdown.target umount.target diff --git a/units/first-boot-complete.target b/units/first-boot-complete.target new file mode 100644 index 0000000..b971496 --- /dev/null +++ b/units/first-boot-complete.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=First Boot Complete +Documentation=man:systemd.special(7) +RefuseManualStart=yes +ConditionFirstBoot=yes diff --git a/units/getty-pre.target b/units/getty-pre.target new file mode 100644 index 0000000..fee65c0 --- /dev/null +++ b/units/getty-pre.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Preparation for Logins +Documentation=man:systemd.special(7) man:systemd-getty-generator(8) +Documentation=https://0pointer.de/blog/projects/serial-console.html diff --git a/units/getty.target b/units/getty.target new file mode 100644 index 0000000..eebb616 --- /dev/null +++ b/units/getty.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Login Prompts +Documentation=man:systemd.special(7) man:systemd-getty-generator(8) +Documentation=https://0pointer.de/blog/projects/serial-console.html diff --git a/units/getty@.service.in b/units/getty@.service.in new file mode 100644 index 0000000..80b8f3e --- /dev/null +++ b/units/getty@.service.in @@ -0,0 +1,66 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Getty on %I +Documentation=man:agetty(8) man:systemd-getty-generator(8) +Documentation=https://0pointer.de/blog/projects/serial-console.html +After=systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target +{% if HAVE_SYSV_COMPAT %} +After=rc-local.service +{% endif %} + +# If additional gettys are spawned during boot then we should make +# sure that this is synchronized before getty.target, even though +# getty.target didn't actually pull it in. +Before=getty.target +IgnoreOnIsolate=yes + +# IgnoreOnIsolate causes issues with sulogin, if someone isolates +# rescue.target or starts rescue.service from multi-user.target or +# graphical.target. +Conflicts=rescue.service +Before=rescue.service + +# On systems without virtual consoles, don't start any getty. Note +# that serial gettys are covered by serial-getty@.service, not this +# unit. +ConditionPathExists=/dev/tty0 + +[Service] +# the VT is cleared by TTYVTDisallocate +# The '-o' option value tells agetty to replace 'login' arguments with an +# option to preserve environment (-p), followed by '--' for safety, and then +# the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM +Type=idle +Restart=always +RestartSec=0 +UtmpIdentifier=%I +StandardInput=tty +StandardOutput=tty +TTYPath=/dev/%I +TTYReset=yes +TTYVHangup=yes +TTYVTDisallocate=yes +{% if not ENABLE_LOGIND %} +KillMode=process +{% endif %} +IgnoreSIGPIPE=no +SendSIGHUP=yes +ImportCredential=agetty.* +ImportCredential=login.* + +# Unset locale for the console getty since the console has problems +# displaying some internationalized messages. +UnsetEnvironment=LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION + +[Install] +WantedBy=getty.target +DefaultInstance=tty1 diff --git a/units/graphical.target b/units/graphical.target new file mode 100644 index 0000000..4b2087f --- /dev/null +++ b/units/graphical.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Graphical Interface +Documentation=man:systemd.special(7) +Requires=multi-user.target +Wants=display-manager.service +Conflicts=rescue.service rescue.target +After=multi-user.target rescue.service rescue.target display-manager.service +AllowIsolate=yes diff --git a/units/halt.target b/units/halt.target new file mode 100644 index 0000000..bfa5f23 --- /dev/null +++ b/units/halt.target @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Halt +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-halt.service +After=systemd-halt.service +AllowIsolate=yes + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/hibernate.target b/units/hibernate.target new file mode 100644 index 0000000..838c5a3 --- /dev/null +++ b/units/hibernate.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Hibernation +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-hibernate.service +After=systemd-hibernate.service +StopWhenUnneeded=yes diff --git a/units/hybrid-sleep.target b/units/hybrid-sleep.target new file mode 100644 index 0000000..4ed0b35 --- /dev/null +++ b/units/hybrid-sleep.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Hybrid Suspend+Hibernate +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-hybrid-sleep.service +After=systemd-hybrid-sleep.service +StopWhenUnneeded=yes diff --git a/units/initrd-cleanup.service b/units/initrd-cleanup.service new file mode 100644 index 0000000..08ab503 --- /dev/null +++ b/units/initrd-cleanup.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cleaning Up and Shutting Down Daemons +DefaultDependencies=no +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +After=initrd-root-fs.target initrd-fs.target initrd.target + +[Service] +Type=oneshot +ExecStart=systemctl --no-block isolate initrd-switch-root.target diff --git a/units/initrd-fs.target b/units/initrd-fs.target new file mode 100644 index 0000000..674b7ae --- /dev/null +++ b/units/initrd-fs.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd File Systems +Documentation=man:systemd.special(7) +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +After=initrd-parse-etc.service +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/initrd-parse-etc.service.in b/units/initrd-parse-etc.service.in new file mode 100644 index 0000000..3dadab1 --- /dev/null +++ b/units/initrd-parse-etc.service.in @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Mountpoints Configured in the Real Root +AssertPathExists=/etc/initrd-release + +DefaultDependencies=no +Requires=initrd-root-fs.target +After=initrd-root-fs.target + +Conflicts=emergency.target + +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly + +[Service] +Type=oneshot + +# FIXME: once dracut is patched to install the symlink, change to: +# ExecStart={{LIBEXECDIR}}/systemd-sysroot-fstab-check +ExecStart=@{{SYSTEM_GENERATOR_DIR}}/systemd-fstab-generator systemd-sysroot-fstab-check + +# We want to enqueue initrd-cleanup.service/start after we finished the part +# above. It can't be part of the initial transaction, because non-oneshot units +# use Conflicts=initrd-cleanup.service to be terminated before we switch root. +# Effectively, initrd-parse-etc.service acts as a synchronization point after +# which cleanup of the initrd processes starts. +ExecStart=systemctl --no-block start initrd-cleanup.service diff --git a/units/initrd-root-device.target b/units/initrd-root-device.target new file mode 100644 index 0000000..f3c3d79 --- /dev/null +++ b/units/initrd-root-device.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd Root Device +Documentation=man:systemd.special(7) +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/initrd-root-fs.target b/units/initrd-root-fs.target new file mode 100644 index 0000000..4037ac4 --- /dev/null +++ b/units/initrd-root-fs.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd Root File System +Documentation=man:systemd.special(7) +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/initrd-switch-root.service b/units/initrd-switch-root.service new file mode 100644 index 0000000..f81b478 --- /dev/null +++ b/units/initrd-switch-root.service @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Switch Root + +AssertPathExists=/etc/initrd-release + +DefaultDependencies=no +Wants=initrd-switch-root.target +AllowIsolate=yes +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly + +[Service] +Type=oneshot +ExecStart=systemctl --no-block switch-root diff --git a/units/initrd-switch-root.target b/units/initrd-switch-root.target new file mode 100644 index 0000000..1e32ec5 --- /dev/null +++ b/units/initrd-switch-root.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Switch Root +AssertPathExists=/etc/initrd-release +DefaultDependencies=no +Wants=initrd-switch-root.service +Before=initrd-switch-root.service +AllowIsolate=yes +Wants=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target systemd-journald.service initrd-cleanup.service +After=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target emergency.service emergency.target initrd-cleanup.service diff --git a/units/initrd-udevadm-cleanup-db.service b/units/initrd-udevadm-cleanup-db.service new file mode 100644 index 0000000..bc44473 --- /dev/null +++ b/units/initrd-udevadm-cleanup-db.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cleanup udev Database +DefaultDependencies=no +AssertPathExists=/etc/initrd-release +Conflicts=systemd-udevd.service systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udev-trigger.service systemd-udev-settle.service +After=systemd-udevd.service systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udev-trigger.service systemd-udev-settle.service +Before=initrd-switch-root.target + +[Service] +Type=oneshot +ExecStart=-udevadm info --cleanup-db diff --git a/units/initrd-usr-fs.target b/units/initrd-usr-fs.target new file mode 100644 index 0000000..7219655 --- /dev/null +++ b/units/initrd-usr-fs.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd /usr File System +Documentation=man:systemd.special(7) +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/initrd.target b/units/initrd.target new file mode 100644 index 0000000..fc8fbff --- /dev/null +++ b/units/initrd.target @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd Default Target +Documentation=man:systemd.special(7) +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +AssertPathExists=/etc/initrd-release +Requires=basic.target +Wants=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-usr-fs.target initrd-parse-etc.service +After=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-usr-fs.target basic.target rescue.service rescue.target +AllowIsolate=yes diff --git a/units/integritysetup-pre.target b/units/integritysetup-pre.target new file mode 100644 index 0000000..da2aca9 --- /dev/null +++ b/units/integritysetup-pre.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Integrity Protected Volumes (Pre) +Documentation=man:systemd.special(7) +RefuseManualStart=yes +Before=integritysetup.target diff --git a/units/integritysetup.target b/units/integritysetup.target new file mode 100644 index 0000000..371490f --- /dev/null +++ b/units/integritysetup.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Integrity Protected Volumes +Documentation=man:systemd.special(7) diff --git a/units/kexec.target b/units/kexec.target new file mode 100644 index 0000000..5d8f8cd --- /dev/null +++ b/units/kexec.target @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot via kexec +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-kexec.service +After=systemd-kexec.service +AllowIsolate=yes + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in new file mode 100644 index 0000000..70605d9 --- /dev/null +++ b/units/kmod-static-nodes.service.in @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create List of Static Device Nodes +DefaultDependencies=no +Before=sysinit.target systemd-tmpfiles-setup-dev-early.service +ConditionCapability=CAP_SYS_MODULE +ConditionFileNotEmpty=/lib/modules/%v/modules.devname + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{KMOD}} static-nodes --format=tmpfiles --output=/run/tmpfiles.d/static-nodes.conf diff --git a/units/ldconfig.service b/units/ldconfig.service new file mode 100644 index 0000000..53c6d4e --- /dev/null +++ b/units/ldconfig.service @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rebuild Dynamic Linker Cache +Documentation=man:ldconfig(8) + +ConditionNeedsUpdate=|/etc +ConditionFileNotEmpty=|!/etc/ld.so.cache + +DefaultDependencies=no +After=local-fs.target +Before=sysinit.target systemd-update-done.service +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/sbin/ldconfig -X diff --git a/units/local-fs-pre.target b/units/local-fs-pre.target new file mode 100644 index 0000000..8e0f4b8 --- /dev/null +++ b/units/local-fs-pre.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Preparation for Local File Systems +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/local-fs.target b/units/local-fs.target new file mode 100644 index 0000000..fe175a7 --- /dev/null +++ b/units/local-fs.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local File Systems +Documentation=man:systemd.special(7) + +DefaultDependencies=no +After=local-fs-pre.target +Conflicts=shutdown.target +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly diff --git a/units/machine.slice b/units/machine.slice new file mode 100644 index 0000000..501d353 --- /dev/null +++ b/units/machine.slice @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Virtual Machine and Container Slice +Documentation=man:systemd.special(7) +Before=slices.target diff --git a/units/machines.target b/units/machines.target new file mode 100644 index 0000000..165839a --- /dev/null +++ b/units/machines.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Containers +Documentation=man:systemd.special(7) +Before=multi-user.target + +[Install] +WantedBy=multi-user.target diff --git a/units/meson.build b/units/meson.build new file mode 100644 index 0000000..e7bfb7f --- /dev/null +++ b/units/meson.build @@ -0,0 +1,786 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +with_runlevels = conf.get('HAVE_SYSV_COMPAT') == 1 + +units = [ + { 'file' : 'basic.target' }, + { 'file' : 'blockdev@.target' }, + { 'file' : 'bluetooth.target' }, + { 'file' : 'boot-complete.target' }, + { 'file' : 'console-getty.service.in' }, + { 'file' : 'container-getty@.service.in' }, + { + 'file' : 'cryptsetup-pre.target', + 'conditions' : ['HAVE_LIBCRYPTSETUP'], + }, + { + 'file' : 'cryptsetup.target', + 'conditions' : ['HAVE_LIBCRYPTSETUP'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { 'file' : 'debug-shell.service.in' }, + { + 'file' : 'dev-hugepages.mount', + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'dev-mqueue.mount', + 'symlinks' : ['sysinit.target.wants/'], + }, + { 'file' : 'emergency.service.in' }, + { 'file' : 'emergency.target' }, + { 'file' : 'exit.target' }, + { 'file' : 'factory-reset.target' }, + { 'file' : 'final.target' }, + { 'file' : 'first-boot-complete.target' }, + { 'file' : 'getty-pre.target' }, + { + 'file' : 'getty.target', + 'symlinks' : ['multi-user.target.wants/'], + }, + { + 'file' : 'getty@.service.in', + 'symlinks' : ['autovt@.service'], + }, + { + 'file' : 'graphical.target', + 'symlinks' : ['default.target'] + (with_runlevels ? ['runlevel5.target'] : []), + }, + { 'file' : 'halt.target' }, + { + 'file' : 'hibernate.target', + 'conditions' : ['ENABLE_HIBERNATE'], + }, + { + 'file' : 'hybrid-sleep.target', + 'conditions' : ['ENABLE_HIBERNATE'], + }, + { + 'file' : 'systemd-battery-check.service.in', + 'conditions' : ['ENABLE_INITRD'], + 'symlinks' : ['initrd.target.wants/'], + }, + { + 'file' : 'systemd-bsod.service.in', + 'conditions' : ['HAVE_QRENCODE', 'ENABLE_INITRD'], + 'symlinks' : ['initrd.target.wants/'], + }, + { + 'file' : 'initrd-cleanup.service', + 'conditions' : ['ENABLE_INITRD'], + }, + { + 'file' : 'initrd-fs.target', + 'conditions' : ['ENABLE_INITRD'], + }, + { + 'file' : 'initrd-parse-etc.service.in', + 'conditions' : ['ENABLE_INITRD'], + }, + { + 'file' : 'initrd-root-device.target', + 'conditions' : ['ENABLE_INITRD'], + }, + { + 'file' : 'initrd-root-fs.target', + 'conditions' : ['ENABLE_INITRD'], + }, + { + 'file' : 'initrd-switch-root.service', + 'conditions' : ['ENABLE_INITRD'], + }, + { + 'file' : 'initrd-switch-root.target', + 'conditions' : ['ENABLE_INITRD'], + }, + { + 'file' : 'initrd-udevadm-cleanup-db.service', + 'conditions' : ['ENABLE_INITRD'], + }, + { + 'file' : 'initrd-usr-fs.target', + 'conditions' : ['ENABLE_INITRD'], + }, + { + 'file' : 'initrd.target', + 'conditions' : ['ENABLE_INITRD'], + }, + { + 'file' : 'integritysetup-pre.target', + 'conditions' : ['HAVE_LIBCRYPTSETUP'], + }, + { + 'file' : 'integritysetup.target', + 'conditions' : ['HAVE_LIBCRYPTSETUP'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { 'file' : 'kexec.target' }, + { + 'file' : 'kmod-static-nodes.service.in', + 'conditions' : ['HAVE_KMOD', 'ENABLE_TMPFILES'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'ldconfig.service', + 'conditions' : ['ENABLE_LDCONFIG'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { 'file' : 'local-fs-pre.target' }, + { 'file' : 'local-fs.target' }, + { + 'file' : 'machine.slice', + 'conditions' : ['ENABLE_MACHINED'], + }, + { + 'file' : 'machines.target', + 'conditions' : ['ENABLE_MACHINED'], + }, + { 'file' : 'modprobe@.service' }, + { + 'file' : 'multi-user.target', + 'symlinks' : with_runlevels ? ['runlevel2.target', 'runlevel3.target', 'runlevel4.target'] : [], + }, + { 'file' : 'network-online.target' }, + { 'file' : 'network-pre.target' }, + { 'file' : 'network.target' }, + { 'file' : 'nss-lookup.target' }, + { 'file' : 'nss-user-lookup.target' }, + { 'file' : 'paths.target' }, + { + 'file' : 'poweroff.target', + 'symlinks' : with_runlevels ? ['runlevel0.target'] : [], + }, + { 'file' : 'printer.target' }, + { + 'file' : 'proc-sys-fs-binfmt_misc.automount', + 'conditions' : ['ENABLE_BINFMT'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'proc-sys-fs-binfmt_misc.mount', + 'conditions' : ['ENABLE_BINFMT'], + }, + { + 'file' : 'quotaon.service.in', + 'conditions' : ['ENABLE_QUOTACHECK'], + }, + { + 'file' : 'rc-local.service.in', + 'conditions' : ['HAVE_SYSV_COMPAT'], + }, + { + 'file' : 'reboot.target', + 'symlinks' : ['ctrl-alt-del.target'] + (with_runlevels ? ['runlevel6.target'] : []), + }, + { + 'file' : 'remote-cryptsetup.target', + 'conditions' : ['HAVE_LIBCRYPTSETUP'], + 'symlinks' : ['initrd-root-device.target.wants/'], + }, + { 'file' : 'remote-fs-pre.target' }, + { 'file' : 'remote-fs.target' }, + { + 'file' : 'remote-veritysetup.target', + 'conditions' : ['HAVE_LIBCRYPTSETUP'], + 'symlinks' : ['initrd-root-device.target.wants/'], + }, + { 'file' : 'rescue.service.in' }, + { + 'file' : 'rescue.target', + 'symlinks' : with_runlevels ? ['runlevel1.target'] : [], + }, + { 'file' : 'rpcbind.target' }, + { 'file' : 'serial-getty@.service.in' }, + { 'file' : 'shutdown.target' }, + { 'file' : 'sigpwr.target' }, + { 'file' : 'sleep.target' }, + { 'file' : 'slices.target' }, + { 'file' : 'smartcard.target' }, + { 'file' : 'sockets.target' }, + { 'file' : 'soft-reboot.target' }, + { 'file' : 'sound.target' }, + { + 'file' : 'suspend-then-hibernate.target', + 'conditions' : ['ENABLE_HIBERNATE'], + }, + { 'file' : 'suspend.target' }, + { 'file' : 'swap.target' }, + { + 'file' : 'sys-fs-fuse-connections.mount', + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'sys-kernel-config.mount', + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'sys-kernel-debug.mount', + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'sys-kernel-tracing.mount', + 'symlinks' : ['sysinit.target.wants/'], + }, + { 'file' : 'sysinit.target' }, + { 'file' : 'syslog.socket' }, + { + 'file' : 'system-systemd\\x2dcryptsetup.slice', + 'conditions' : ['HAVE_LIBCRYPTSETUP'], + }, + { + 'file' : 'system-systemd\\x2dveritysetup.slice', + 'conditions' : ['HAVE_LIBCRYPTSETUP'], + }, + { 'file' : 'system-update-cleanup.service' }, + { 'file' : 'system-update-pre.target' }, + { 'file' : 'system-update.target' }, + { + 'file' : 'systemd-ask-password-console.path', + 'symlinks' : ['sysinit.target.wants/'], + }, + { 'file' : 'systemd-ask-password-console.service' }, + { + 'file' : 'systemd-ask-password-wall.path', + 'symlinks' : ['multi-user.target.wants/'], + }, + { 'file' : 'systemd-ask-password-wall.service' }, + { + 'file' : 'systemd-backlight@.service.in', + 'conditions' : ['ENABLE_BACKLIGHT'], + }, + { + 'file' : 'systemd-binfmt.service.in', + 'conditions' : ['ENABLE_BINFMT'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-bless-boot.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_BLKID'], + }, + { 'file' : 'systemd-boot-check-no-failures.service.in' }, + { + 'file' : 'systemd-boot-random-seed.service', + 'conditions' : ['ENABLE_BOOTLOADER'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-boot-update.service', + 'conditions' : ['ENABLE_BOOTLOADER'], + }, + { + 'file' : 'systemd-confext.service', + 'conditions' : ['ENABLE_SYSEXT'], + }, + { + 'file' : 'systemd-coredump.socket', + 'conditions' : ['ENABLE_COREDUMP'], + 'symlinks' : ['sockets.target.wants/'], + }, + { + 'file' : 'systemd-coredump@.service.in', + 'conditions' : ['ENABLE_COREDUMP'], + }, + { 'file' : 'systemd-exit.service' }, + { + 'file' : 'systemd-firstboot.service', + 'conditions' : ['ENABLE_FIRSTBOOT'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { 'file' : 'systemd-fsck-root.service.in' }, + { 'file' : 'systemd-fsck@.service.in' }, + { 'file' : 'systemd-growfs-root.service.in' }, + { 'file' : 'systemd-growfs@.service.in' }, + { 'file' : 'systemd-halt.service' }, + { + 'file' : 'systemd-hibernate-resume.service.in', + 'conditions' : ['ENABLE_HIBERNATE'], + }, + { + 'file' : 'systemd-hibernate.service.in', + 'conditions' : ['ENABLE_HIBERNATE'], + }, + { + 'file' : 'systemd-homed-activate.service', + 'conditions' : ['ENABLE_HOMED'], + }, + { + 'file' : 'systemd-homed.service.in', + 'conditions' : ['ENABLE_HOMED'], + }, + { + 'file' : 'systemd-hostnamed.service.in', + 'conditions' : ['ENABLE_HOSTNAMED'], + 'symlinks' : ['dbus-org.freedesktop.hostname1.service'], + }, + { + 'file' : 'systemd-hwdb-update.service.in', + 'conditions' : ['ENABLE_HWDB'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-hybrid-sleep.service.in', + 'conditions' : ['ENABLE_HIBERNATE'], + }, + { + 'file' : 'systemd-importd.service.in', + 'conditions' : ['ENABLE_IMPORTD'], + 'symlinks' : ['dbus-org.freedesktop.import1.service'], + }, + { + 'file' : 'systemd-initctl.service.in', + 'conditions' : ['HAVE_SYSV_COMPAT'], + }, + { + 'file' : 'systemd-initctl.socket', + 'conditions' : ['HAVE_SYSV_COMPAT'], + 'symlinks' : ['sockets.target.wants/'], + }, + { + 'file' : 'systemd-journal-catalog-update.service', + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-journal-flush.service', + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-journal-gatewayd.service.in', + 'conditions' : ['ENABLE_REMOTE', 'HAVE_MICROHTTPD'], + }, + { + 'file' : 'systemd-journal-gatewayd.socket', + 'conditions' : ['ENABLE_REMOTE', 'HAVE_MICROHTTPD'], + }, + { + 'file' : 'systemd-journal-remote.service.in', + 'conditions' : ['ENABLE_REMOTE', 'HAVE_MICROHTTPD'], + }, + { + 'file' : 'systemd-journal-remote.socket', + 'conditions' : ['ENABLE_REMOTE', 'HAVE_MICROHTTPD'], + }, + { + 'file' : 'systemd-journal-upload.service.in', + 'conditions' : ['ENABLE_REMOTE', 'HAVE_LIBCURL'], + }, + { 'file' : 'systemd-journald-audit.socket' }, + { + 'file' : 'systemd-journald-dev-log.socket', + 'symlinks' : ['sockets.target.wants/'], + }, + { 'file' : 'systemd-journald-varlink@.socket' }, + { + 'file' : 'systemd-journald.service.in', + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-journald.socket', + 'symlinks' : ['sockets.target.wants/'], + }, + { 'file' : 'systemd-journald@.service.in' }, + { 'file' : 'systemd-journald@.socket' }, + { 'file' : 'systemd-kexec.service' }, + { + 'file' : 'systemd-localed.service.in', + 'conditions' : ['ENABLE_LOCALED'], + 'symlinks' : ['dbus-org.freedesktop.locale1.service'], + }, + { + 'file' : 'systemd-logind.service.in', + 'conditions' : ['ENABLE_LOGIND'], + 'symlinks' : ['multi-user.target.wants/', 'dbus-org.freedesktop.login1.service'], + }, + { + 'file' : 'systemd-machine-id-commit.service', + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-machined.service.in', + 'conditions' : ['ENABLE_MACHINED'], + 'symlinks' : ['dbus-org.freedesktop.machine1.service'], + }, + { + 'file' : 'systemd-modules-load.service.in', + 'conditions' : ['HAVE_KMOD'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { 'file' : 'systemd-network-generator.service.in' }, + { + 'file' : 'systemd-networkd-wait-online.service.in', + 'conditions' : ['ENABLE_NETWORKD'], + }, + { + 'file' : 'systemd-networkd-wait-online@.service.in', + 'conditions' : ['ENABLE_NETWORKD'], + }, + { + 'file' : 'systemd-networkd.service.in', + 'conditions' : ['ENABLE_NETWORKD'], + }, + { + 'file' : 'systemd-networkd.socket', + 'conditions' : ['ENABLE_NETWORKD'], + }, + { 'file' : 'systemd-nspawn@.service.in' }, + { + 'file' : 'systemd-oomd.service.in', + 'conditions' : ['ENABLE_OOMD'], + }, + { + 'file' : 'systemd-oomd.socket', + 'conditions' : ['ENABLE_OOMD'], + }, + { + 'file' : 'systemd-pcrextend@.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + }, + { + 'file' : 'systemd-pcrextend.socket', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + 'symlinks' : ['sockets.target.wants/'], + }, + { + 'file' : 'systemd-pcrfs-root.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + }, + { + 'file' : 'systemd-pcrfs@.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + }, + { + 'file' : 'systemd-pcrmachine.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-pcrphase-initrd.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2', 'ENABLE_INITRD'], + 'symlinks' : ['initrd.target.wants/'], + }, + { + 'file' : 'systemd-pcrphase-sysinit.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-pcrphase.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-tpm2-setup.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-tpm2-setup-early.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-pcrlock-make-policy.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + }, + { + 'file' : 'systemd-pcrlock-secureboot-policy.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + }, + { + 'file' : 'systemd-pcrlock-secureboot-authority.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + }, + { + 'file' : 'systemd-pcrlock-file-system.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + }, + { + 'file' : 'systemd-pcrlock-machine-id.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + }, + { + 'file' : 'systemd-pcrlock-firmware-code.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + }, + { + 'file' : 'systemd-pcrlock-firmware-config.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + }, + { + 'file' : 'systemd-portabled.service.in', + 'conditions' : ['ENABLE_PORTABLED'], + 'symlinks' : ['dbus-org.freedesktop.portable1.service'], + }, + { 'file' : 'systemd-poweroff.service' }, + { + 'file' : 'systemd-pstore.service.in', + 'conditions' : ['ENABLE_PSTORE'], + }, + { + 'file' : 'systemd-quotacheck.service.in', + 'conditions' : ['ENABLE_QUOTACHECK'], + }, + { + 'file' : 'systemd-random-seed.service.in', + 'conditions' : ['ENABLE_RANDOMSEED'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { 'file' : 'systemd-reboot.service' }, + { 'file' : 'systemd-remount-fs.service.in' }, + { + 'file' : 'systemd-repart.service.in', + 'conditions' : ['ENABLE_REPART'], + 'symlinks' : ['sysinit.target.wants/', 'initrd-root-fs.target.wants/'], + }, + { + 'file' : 'systemd-resolved.service.in', + 'conditions' : ['ENABLE_RESOLVE'], + }, + { + 'file' : 'systemd-rfkill.service.in', + 'conditions' : ['ENABLE_RFKILL'], + }, + { + 'file' : 'systemd-rfkill.socket', + 'conditions' : ['ENABLE_RFKILL'], + }, + { 'file' : 'systemd-soft-reboot.service' }, + { + 'file' : 'systemd-suspend-then-hibernate.service.in', + 'conditions' : ['ENABLE_HIBERNATE'], + }, + { 'file' : 'systemd-suspend.service.in' }, + { + 'file' : 'systemd-sysctl.service.in', + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-sysext.service', + 'conditions' : ['ENABLE_SYSEXT'], + }, + { + 'file' : 'systemd-sysext.socket', + 'conditions' : ['ENABLE_SYSEXT'], + 'symlinks' : ['sockets.target.wants/'], + }, + { + 'file' : 'systemd-sysext@.service', + 'conditions' : ['ENABLE_SYSEXT'], + }, + { + 'file' : 'systemd-sysupdate-reboot.service.in', + 'conditions' : ['ENABLE_SYSUPDATE'], + }, + { + 'file' : 'systemd-sysupdate-reboot.timer', + 'conditions' : ['ENABLE_SYSUPDATE'], + }, + { + 'file' : 'systemd-sysupdate.service.in', + 'conditions' : ['ENABLE_SYSUPDATE'], + }, + { + 'file' : 'systemd-sysupdate.timer', + 'conditions' : ['ENABLE_SYSUPDATE'], + }, + { + 'file' : 'systemd-sysusers.service', + 'conditions' : ['ENABLE_SYSUSERS'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-storagetm.service.in', + 'conditions' : ['ENABLE_STORAGETM'], + }, + { + 'file' : 'storage-target-mode.target', + 'conditions' : ['ENABLE_STORAGETM'], + }, + { + 'file' : 'systemd-time-wait-sync.service.in', + 'conditions' : ['ENABLE_TIMESYNCD'], + }, + { + 'file' : 'systemd-timedated.service.in', + 'conditions' : ['ENABLE_TIMEDATED'], + 'symlinks' : ['dbus-org.freedesktop.timedate1.service'], + }, + { + 'file' : 'systemd-timesyncd.service.in', + 'conditions' : ['ENABLE_TIMESYNCD'], + }, + { + 'file' : 'systemd-tmpfiles-clean.service', + 'conditions' : ['ENABLE_TMPFILES'], + }, + { + 'file' : 'systemd-tmpfiles-clean.timer', + 'conditions' : ['ENABLE_TMPFILES'], + 'symlinks' : ['timers.target.wants/'], + }, + { + 'file' : 'systemd-tmpfiles-setup-dev-early.service', + 'conditions' : ['ENABLE_TMPFILES'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-tmpfiles-setup-dev.service', + 'conditions' : ['ENABLE_TMPFILES'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-tmpfiles-setup.service', + 'conditions' : ['ENABLE_TMPFILES'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { 'file' : 'systemd-udev-settle.service' }, + { + 'file' : 'systemd-udev-trigger.service', + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-udevd-control.socket', + 'symlinks' : ['sockets.target.wants/'], + }, + { + 'file' : 'systemd-udevd-kernel.socket', + 'symlinks' : ['sockets.target.wants/'], + }, + { + 'file' : 'systemd-udevd.service.in', + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-update-done.service.in', + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-update-utmp-runlevel.service.in', + 'conditions' : ['ENABLE_UTMP', 'HAVE_SYSV_COMPAT'], + 'symlinks' : ['multi-user.target.wants/', 'graphical.target.wants/', 'rescue.target.wants/'], + }, + { + 'file' : 'systemd-update-utmp.service.in', + 'conditions' : ['ENABLE_UTMP'], + 'symlinks' : ['sysinit.target.wants/'], + }, + { + 'file' : 'systemd-user-sessions.service.in', + 'conditions' : ['HAVE_PAM'], + 'symlinks' : ['multi-user.target.wants/'], + }, + { + 'file' : 'systemd-userdbd.service.in', + 'conditions' : ['ENABLE_USERDB'], + }, + { + 'file' : 'systemd-userdbd.socket', + 'conditions' : ['ENABLE_USERDB'], + }, + { + 'file' : 'systemd-vconsole-setup.service.in', + 'conditions' : ['ENABLE_VCONSOLE'], + }, + { + 'file' : 'systemd-volatile-root.service.in', + 'conditions' : ['ENABLE_INITRD'], + }, + { 'file' : 'time-set.target' }, + { 'file' : 'time-sync.target' }, + { 'file' : 'timers.target' }, + { + 'file' : 'tmp.mount', + 'symlinks' : ['local-fs.target.wants/'], + }, + { 'file' : 'umount.target' }, + { 'file' : 'usb-gadget.target' }, + { 'file' : 'user-runtime-dir@.service.in' }, + { 'file' : 'user.slice' }, + { 'file' : 'user@.service.in' }, + { + 'file' : 'var-lib-machines.mount', + 'conditions' : ['ENABLE_MACHINED'], + 'symlinks' : ['remote-fs.target.wants/', 'machines.target.wants/'], + }, + { + 'file' : 'veritysetup-pre.target', + 'conditions' : ['HAVE_LIBCRYPTSETUP'], + }, + { + 'file' : 'veritysetup.target', + 'conditions' : ['HAVE_LIBCRYPTSETUP'], + 'symlinks' : ['sysinit.target.wants/'], + }, +] + +foreach unit : units + source = unit.get('file') + + if source.endswith('.in') + needs_jinja = true + name = source.substring(0, -3) + assert(name + '.in' == source) + else + needs_jinja = false + name = source + endif + source = files(source) + + install = true + foreach cond : unit.get('conditions', []) + if conf.get(cond) != 1 + install = false + break + endif + endforeach + + if needs_jinja + custom_target( + name, + input : source, + output : name, + command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'], + install : install, + install_dir : systemunitdir) + elif install + install_data(source, + install_dir : systemunitdir) + endif + + if install + foreach target : unit.get('symlinks', []) + if target.endswith('/') + install_emptydir(systemunitdir / target) + meson.add_install_script(sh, '-c', + ln_s.format(systemunitdir / name, + systemunitdir / target / name)) + else + meson.add_install_script(sh, '-c', + ln_s.format(systemunitdir / name, + systemunitdir / target)) + endif + endforeach + endif +endforeach + +install_data('user-.slice.d/10-defaults.conf', + install_dir : systemunitdir + '/user-.slice.d') + +install_data('user@.service.d/10-login-barrier.conf', + install_dir : systemunitdir + '/user@.service.d') +install_data('user@0.service.d/10-login-barrier.conf', + install_dir : systemunitdir + '/user@0.service.d') + +############################################################ + +install_emptydir(dbussessionservicedir) +meson.add_install_script(sh, '-c', + ln_s.format(dbussystemservicedir / 'org.freedesktop.systemd1.service', + dbussessionservicedir / 'org.freedesktop.systemd1.service')) + +if conf.get('HAVE_SYSV_COMPAT') == 1 + foreach i : [1, 2, 3, 4, 5] + install_emptydir(systemunitdir / 'runlevel@0@.target.wants'.format(i)) + endforeach +endif + +subdir('user') diff --git a/units/modprobe@.service b/units/modprobe@.service new file mode 100644 index 0000000..fe631ff --- /dev/null +++ b/units/modprobe@.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load Kernel Module %i +DefaultDependencies=no +Before=sysinit.target +Documentation=man:modprobe(8) +ConditionCapability=CAP_SYS_MODULE +StartLimitIntervalSec=0 + +[Service] +Type=oneshot +ExecStart=-/sbin/modprobe -abq %i diff --git a/units/multi-user.target b/units/multi-user.target new file mode 100644 index 0000000..53eb2b7 --- /dev/null +++ b/units/multi-user.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Multi-User System +Documentation=man:systemd.special(7) +Requires=basic.target +Conflicts=rescue.service rescue.target +After=basic.target rescue.service rescue.target +AllowIsolate=yes diff --git a/units/network-online.target b/units/network-online.target new file mode 100644 index 0000000..67c6d40 --- /dev/null +++ b/units/network-online.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network is Online +Documentation=man:systemd.special(7) +Documentation=https://systemd.io/NETWORK_ONLINE +After=network.target diff --git a/units/network-pre.target b/units/network-pre.target new file mode 100644 index 0000000..213ba99 --- /dev/null +++ b/units/network-pre.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Preparation for Network +Documentation=man:systemd.special(7) +Documentation=https://systemd.io/NETWORK_ONLINE +RefuseManualStart=yes diff --git a/units/network.target b/units/network.target new file mode 100644 index 0000000..aab8e68 --- /dev/null +++ b/units/network.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network +Documentation=man:systemd.special(7) +Documentation=https://systemd.io/NETWORK_ONLINE +After=network-pre.target +RefuseManualStart=yes diff --git a/units/nss-lookup.target b/units/nss-lookup.target new file mode 100644 index 0000000..53e7a31 --- /dev/null +++ b/units/nss-lookup.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This exists mostly for compatibility with SysV/LSB units, and +# implementations lacking socket/bus activation. + +[Unit] +Description=Host and Network Name Lookups +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/nss-user-lookup.target b/units/nss-user-lookup.target new file mode 100644 index 0000000..9f0d619 --- /dev/null +++ b/units/nss-user-lookup.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This exists mostly for implementations lacking socket/bus +# activation. + +[Unit] +Description=User and Group Name Lookups +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/paths.target b/units/paths.target new file mode 100644 index 0000000..fb8dc64 --- /dev/null +++ b/units/paths.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Path Units +Documentation=man:systemd.special(7) diff --git a/units/poweroff.target b/units/poweroff.target new file mode 100644 index 0000000..c17c123 --- /dev/null +++ b/units/poweroff.target @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Power Off +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-poweroff.service +After=systemd-poweroff.service +AllowIsolate=yes +JobTimeoutSec=30min +JobTimeoutAction=poweroff-force + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/printer.target b/units/printer.target new file mode 100644 index 0000000..043bfbd --- /dev/null +++ b/units/printer.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Printer Support +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/proc-sys-fs-binfmt_misc.automount b/units/proc-sys-fs-binfmt_misc.automount new file mode 100644 index 0000000..5d21201 --- /dev/null +++ b/units/proc-sys-fs-binfmt_misc.automount @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Arbitrary Executable File Formats File System Automount Point +Documentation=https://docs.kernel.org/admin-guide/binfmt-misc.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems + +ConditionPathExists=/proc/sys/fs/binfmt_misc/ +ConditionPathIsReadWrite=/proc/sys/ + +DefaultDependencies=no +Before=sysinit.target +Conflicts=shutdown.target +Before=shutdown.target + +[Automount] +Where=/proc/sys/fs/binfmt_misc diff --git a/units/proc-sys-fs-binfmt_misc.mount b/units/proc-sys-fs-binfmt_misc.mount new file mode 100644 index 0000000..88a7748 --- /dev/null +++ b/units/proc-sys-fs-binfmt_misc.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Arbitrary Executable File Formats File System +Documentation=https://docs.kernel.org/admin-guide/binfmt-misc.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no + +[Mount] +What=binfmt_misc +Where=/proc/sys/fs/binfmt_misc +Type=binfmt_misc +Options=nosuid,nodev,noexec + +[Install] +WantedBy=sysinit.target diff --git a/units/quotaon.service.in b/units/quotaon.service.in new file mode 100644 index 0000000..7fa7061 --- /dev/null +++ b/units/quotaon.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Enable File System Quotas +Documentation=man:quotaon(8) + +ConditionPathExists={{QUOTAON}} + +DefaultDependencies=no +After=systemd-quotacheck.service +Before=remote-fs.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{QUOTAON}} -aug diff --git a/units/rc-local.service.in b/units/rc-local.service.in new file mode 100644 index 0000000..6fb0838 --- /dev/null +++ b/units/rc-local.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This unit gets pulled automatically into multi-user.target by +# systemd-rc-local-generator if {{RC_LOCAL_PATH}} is executable. +[Unit] +Description={{RC_LOCAL_PATH}} Compatibility +Documentation=man:systemd-rc-local-generator(8) +ConditionFileIsExecutable={{RC_LOCAL_PATH}} +After=network.target + +[Service] +Type=forking +ExecStart={{RC_LOCAL_PATH}} start +TimeoutSec=infinity +RemainAfterExit=yes +GuessMainPID=no diff --git a/units/reboot.target b/units/reboot.target new file mode 100644 index 0000000..5ad9419 --- /dev/null +++ b/units/reboot.target @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Reboot +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-reboot.service +After=systemd-reboot.service +AllowIsolate=yes +JobTimeoutSec=30min +JobTimeoutAction=reboot-force + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target new file mode 100644 index 0000000..0a689bf --- /dev/null +++ b/units/remote-cryptsetup.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remote Encrypted Volumes +Documentation=man:systemd.special(7) +After=remote-fs-pre.target cryptsetup-pre.target +DefaultDependencies=no +Conflicts=shutdown.target + +[Install] +WantedBy=multi-user.target diff --git a/units/remote-fs-pre.target b/units/remote-fs-pre.target new file mode 100644 index 0000000..1ede280 --- /dev/null +++ b/units/remote-fs-pre.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Preparation for Remote File Systems +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/remote-fs.target b/units/remote-fs.target new file mode 100644 index 0000000..74011d8 --- /dev/null +++ b/units/remote-fs.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remote File Systems +Documentation=man:systemd.special(7) +After=remote-fs-pre.target +DefaultDependencies=no +Conflicts=shutdown.target + +[Install] +WantedBy=multi-user.target diff --git a/units/remote-veritysetup.target b/units/remote-veritysetup.target new file mode 100644 index 0000000..bad28c3 --- /dev/null +++ b/units/remote-veritysetup.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remote Verity Protected Volumes +Documentation=man:systemd.special(7) +After=remote-fs-pre.target veritysetup-pre.target +DefaultDependencies=no +Conflicts=shutdown.target + +[Install] +WantedBy=multi-user.target diff --git a/units/rescue.service.in b/units/rescue.service.in new file mode 100644 index 0000000..5113408 --- /dev/null +++ b/units/rescue.service.in @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rescue Shell +Documentation=man:sulogin(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=sysinit.target plymouth-start.service +Before=shutdown.target + +[Service] +Environment=HOME=/root +WorkingDirectory=-/root +ExecStartPre=-{{BINDIR}}/plymouth --wait quit +ExecStart=-{{LIBEXECDIR}}/systemd-sulogin-shell rescue +Type=idle +StandardInput=tty-force +StandardOutput=inherit +StandardError=inherit +KillMode=process +IgnoreSIGPIPE=no +SendSIGHUP=yes diff --git a/units/rescue.target b/units/rescue.target new file mode 100644 index 0000000..1128083 --- /dev/null +++ b/units/rescue.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rescue Mode +Documentation=man:systemd.special(7) +Requires=sysinit.target rescue.service +After=sysinit.target rescue.service +AllowIsolate=yes diff --git a/units/rpcbind.target b/units/rpcbind.target new file mode 100644 index 0000000..8bd853b --- /dev/null +++ b/units/rpcbind.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This exists mostly for compatibility with SysV/LSB units, and +# implementations lacking socket/bus activation. + +[Unit] +Description=RPC Port Mapper +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/serial-getty@.service.in b/units/serial-getty@.service.in new file mode 100644 index 0000000..6bf101e --- /dev/null +++ b/units/serial-getty@.service.in @@ -0,0 +1,54 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Serial Getty on %I +Documentation=man:agetty(8) man:systemd-getty-generator(8) +Documentation=https://0pointer.de/blog/projects/serial-console.html +BindsTo=dev-%i.device +After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target +{% if HAVE_SYSV_COMPAT %} +After=rc-local.service +{% endif %} + +# If additional gettys are spawned during boot then we should make +# sure that this is synchronized before getty.target, even though +# getty.target didn't actually pull it in. +Before=getty.target +IgnoreOnIsolate=yes + +# IgnoreOnIsolate causes issues with sulogin, if someone isolates +# rescue.target or starts rescue.service from multi-user.target or +# graphical.target. +Conflicts=rescue.service +Before=rescue.service + +[Service] +# The '-o' option value tells agetty to replace 'login' arguments with an +# option to preserve environment (-p), followed by '--' for safety, and then +# the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 - $TERM +Type=idle +Restart=always +UtmpIdentifier=%I +StandardInput=tty +StandardOutput=tty +TTYPath=/dev/%I +TTYReset=yes +TTYVHangup=yes +{% if not ENABLE_LOGIND %} +KillMode=process +{% endif %} +IgnoreSIGPIPE=no +SendSIGHUP=yes +ImportCredential=agetty.* +ImportCredential=login.* + +[Install] +WantedBy=getty.target diff --git a/units/shutdown.target b/units/shutdown.target new file mode 100644 index 0000000..8b3c0b6 --- /dev/null +++ b/units/shutdown.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Shutdown +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes diff --git a/units/sigpwr.target b/units/sigpwr.target new file mode 100644 index 0000000..beda318 --- /dev/null +++ b/units/sigpwr.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Power Failure +Documentation=man:systemd.special(7) diff --git a/units/sleep.target b/units/sleep.target new file mode 100644 index 0000000..a38a431 --- /dev/null +++ b/units/sleep.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Sleep +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes +StopWhenUnneeded=yes diff --git a/units/slices.target b/units/slices.target new file mode 100644 index 0000000..72701bd --- /dev/null +++ b/units/slices.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Slice Units +Documentation=man:systemd.special(7) +Wants=-.slice system.slice +After=-.slice system.slice diff --git a/units/smartcard.target b/units/smartcard.target new file mode 100644 index 0000000..0c3fe72 --- /dev/null +++ b/units/smartcard.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Smart Card +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/sockets.target b/units/sockets.target new file mode 100644 index 0000000..e53d1eb --- /dev/null +++ b/units/sockets.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Socket Units +Documentation=man:systemd.special(7) diff --git a/units/soft-reboot.target b/units/soft-reboot.target new file mode 100644 index 0000000..6a6c772 --- /dev/null +++ b/units/soft-reboot.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot System Userspace +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-soft-reboot.service +After=systemd-soft-reboot.service +AllowIsolate=yes +JobTimeoutSec=30min +JobTimeoutAction=soft-reboot-force diff --git a/units/sound.target b/units/sound.target new file mode 100644 index 0000000..99e68af --- /dev/null +++ b/units/sound.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Sound Card +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/storage-target-mode.target b/units/storage-target-mode.target new file mode 100644 index 0000000..e5c6778 --- /dev/null +++ b/units/storage-target-mode.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Storage Target Mode +Documentation=man:systemd.special(7) +Wants=systemd-storagetm.service systemd-udevd.service systemd-udev-trigger.service systemd-networkd.service systemd-network-generator.service systemd-journald.socket systemd-journald-dev-log.socket plymouth-start.service +Conflicts=rescue.service rescue.target +After=systemd-storagetm.service systemd-udevd.service systemd-udev-trigger.service systemd-networkd.service systemd-network-generator.service systemd-journald.socket systemd-journald-dev-log.socket plymouth-start.service rescue.service rescue.target +AllowIsolate=yes diff --git a/units/suspend-then-hibernate.target b/units/suspend-then-hibernate.target new file mode 100644 index 0000000..e998763 --- /dev/null +++ b/units/suspend-then-hibernate.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Suspend; Hibernate if not used for a period of time +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-suspend-then-hibernate.service +After=systemd-suspend-then-hibernate.service +StopWhenUnneeded=yes diff --git a/units/suspend.target b/units/suspend.target new file mode 100644 index 0000000..bf228f9 --- /dev/null +++ b/units/suspend.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Suspend +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-suspend.service +After=systemd-suspend.service +StopWhenUnneeded=yes diff --git a/units/swap.target b/units/swap.target new file mode 100644 index 0000000..1f21607 --- /dev/null +++ b/units/swap.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Swaps +Documentation=man:systemd.special(7) diff --git a/units/sys-fs-fuse-connections.mount b/units/sys-fs-fuse-connections.mount new file mode 100644 index 0000000..929d8e3 --- /dev/null +++ b/units/sys-fs-fuse-connections.mount @@ -0,0 +1,32 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=FUSE Control File System +Documentation=https://docs.kernel.org/filesystems/fuse.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +ConditionPathExists=/sys/fs/fuse/connections +ConditionCapability=CAP_SYS_ADMIN +ConditionVirtualization=!private-users +Before=sysinit.target + +# These dependencies are used to make certain that the module is fully +# loaded. Indeed udev starts this unit when it receives an uevent for the +# module but the kernel sends it too early, ie before the init() of the module +# is fully operational and /sys/fs/fuse/connections is created, see issue#17586. + +After=modprobe@fuse.service +Requires=modprobe@fuse.service + +[Mount] +What=fusectl +Where=/sys/fs/fuse/connections +Type=fusectl +Options=nosuid,nodev,noexec diff --git a/units/sys-kernel-config.mount b/units/sys-kernel-config.mount new file mode 100644 index 0000000..dca94a8 --- /dev/null +++ b/units/sys-kernel-config.mount @@ -0,0 +1,31 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Kernel Configuration File System +Documentation=https://docs.kernel.org/filesystems/configfs.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +ConditionPathExists=/sys/kernel/config +ConditionCapability=CAP_SYS_RAWIO +Before=sysinit.target + +# These dependencies are used to make certain that the module is fully +# loaded. Indeed udev starts this unit when it receives an uevent for the +# module but the kernel sends it too early, ie before the init() of the module +# is fully operational and /sys/kernel/config is created, see issue#17586. + +After=modprobe@configfs.service +Requires=modprobe@configfs.service + +[Mount] +What=configfs +Where=/sys/kernel/config +Type=configfs +Options=nosuid,nodev,noexec diff --git a/units/sys-kernel-debug.mount b/units/sys-kernel-debug.mount new file mode 100644 index 0000000..6c77ef5 --- /dev/null +++ b/units/sys-kernel-debug.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Kernel Debug File System +Documentation=https://docs.kernel.org/filesystems/debugfs.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +ConditionPathExists=/sys/kernel/debug +ConditionCapability=CAP_SYS_RAWIO +Before=sysinit.target + +[Mount] +What=debugfs +Where=/sys/kernel/debug +Type=debugfs +Options=nosuid,nodev,noexec diff --git a/units/sys-kernel-tracing.mount b/units/sys-kernel-tracing.mount new file mode 100644 index 0000000..f3cd47f --- /dev/null +++ b/units/sys-kernel-tracing.mount @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Kernel Trace File System +Documentation=https://docs.kernel.org/trace/ftrace.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +ConditionVirtualization=!lxc +ConditionPathExists=/sys/kernel/tracing +ConditionCapability=CAP_SYS_RAWIO +Before=sysinit.target + +[Mount] +What=tracefs +Where=/sys/kernel/tracing +Type=tracefs +Options=nosuid,nodev,noexec diff --git a/units/sysinit.target b/units/sysinit.target new file mode 100644 index 0000000..5187605 --- /dev/null +++ b/units/sysinit.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Initialization +Documentation=man:systemd.special(7) + +Wants=local-fs.target swap.target +After=local-fs.target swap.target +Conflicts=emergency.service emergency.target +Before=emergency.service emergency.target diff --git a/units/syslog.socket b/units/syslog.socket new file mode 100644 index 0000000..ff76bc5 --- /dev/null +++ b/units/syslog.socket @@ -0,0 +1,47 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Syslog Socket +Documentation=man:systemd.special(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/syslog +DefaultDependencies=no +Before=sockets.target + +# Don't allow logging until the very end +Conflicts=shutdown.target +Before=shutdown.target + +# Don't try to activate syslog.service if sysinit.target has failed. +Conflicts=emergency.service +Before=emergency.service + +[Socket] +ListenDatagram=/run/systemd/journal/syslog +SocketMode=0666 +PassCredentials=yes +PassSecurity=yes +ReceiveBuffer=8M + +# The default syslog implementation should make syslog.service a +# symlink to itself, so that this socket activates the right actual +# syslog service. +# +# Examples: +# +# /etc/systemd/system/syslog.service -> /lib/systemd/system/rsyslog.service +# /etc/systemd/system/syslog.service -> /lib/systemd/system/syslog-ng.service +# +# Best way to achieve that is by adding this to your unit file +# (i.e. to rsyslog.service or syslog-ng.service): +# +# [Install] +# Alias=syslog.service +# +# See https://www.freedesktop.org/wiki/Software/systemd/syslog for details. diff --git a/units/system-systemd\x2dcryptsetup.slice b/units/system-systemd\x2dcryptsetup.slice new file mode 100644 index 0000000..e81925d --- /dev/null +++ b/units/system-systemd\x2dcryptsetup.slice @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Encrypted Volume Units Service Slice +Documentation=man:systemd-cryptsetup@.service(8) +DefaultDependencies=no diff --git a/units/system-systemd\x2dveritysetup.slice b/units/system-systemd\x2dveritysetup.slice new file mode 100644 index 0000000..8ccaac9 --- /dev/null +++ b/units/system-systemd\x2dveritysetup.slice @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Verity Protection Service Slice +Documentation=man:systemd-cryptsetup@.service(8) +DefaultDependencies=no diff --git a/units/system-update-cleanup.service b/units/system-update-cleanup.service new file mode 100644 index 0000000..a54e745 --- /dev/null +++ b/units/system-update-cleanup.service @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remove the Offline System Updates Symlink +Documentation=man:systemd.special(7) man:systemd.offline-updates(7) +After=system-update.target +DefaultDependencies=no +Conflicts=shutdown.target +Before=shutdown.target +SuccessAction=reboot + +# system-update-generator uses laccess("/system-update"), while a plain +# ConditionPathExists=/system-update uses access("/system-update"), so +# we need an alternate condition to cover the case of a dangling symlink. +# +# This service is only invoked if /system-update exists, i.e. if the +# condition tested by system-update-generator remains true and the system +# would be diverted into system-update.target again after reboot. This way +# we guard against being diverted into system-update.target again, which +# works as a safety measure, but we will not step on the toes of the +# update script if it successfully removed the symlink and scheduled a +# reboot or some other action on its own. +ConditionPathExists=|/system-update +ConditionPathIsSymbolicLink=|/system-update +ConditionPathExists=|/etc/system-update +ConditionPathIsSymbolicLink=|/etc/system-update + +[Service] +Type=oneshot +ExecStart=rm -fv /system-update /etc/system-update diff --git a/units/system-update-pre.target b/units/system-update-pre.target new file mode 100644 index 0000000..0410138 --- /dev/null +++ b/units/system-update-pre.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Offline System Update (Pre) +Documentation=man:systemd.offline-updates(7) +Documentation=man:systemd.special(7) man:systemd-system-update-generator(8) +RefuseManualStart=yes +After=sysinit.target diff --git a/units/system-update.target b/units/system-update.target new file mode 100644 index 0000000..dcddfc2 --- /dev/null +++ b/units/system-update.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Offline System Update +Documentation=man:systemd.offline-updates(7) +Documentation=man:systemd.special(7) man:systemd-system-update-generator(8) +Requires=sysinit.target +After=sysinit.target system-update-pre.target +AllowIsolate=yes +Wants=system-update-cleanup.service diff --git a/units/systemd-ask-password-console.path b/units/systemd-ask-password-console.path new file mode 100644 index 0000000..5277db9 --- /dev/null +++ b/units/systemd-ask-password-console.path @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Dispatch Password Requests to Console Directory Watch +Documentation=man:systemd-ask-password-console.path(8) + +ConditionPathExists=!/run/plymouth/pid + +DefaultDependencies=no +After=plymouth-start.service +Before=paths.target cryptsetup.target +Conflicts=emergency.service +Before=emergency.service +Conflicts=shutdown.target +Before=shutdown.target + +[Path] +DirectoryNotEmpty=/run/systemd/ask-password +MakeDirectory=yes diff --git a/units/systemd-ask-password-console.service b/units/systemd-ask-password-console.service new file mode 100644 index 0000000..afd0f0b --- /dev/null +++ b/units/systemd-ask-password-console.service @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Dispatch Password Requests to Console +Documentation=man:systemd-ask-password-console.service(8) + +ConditionPathExists=!/run/plymouth/pid + +DefaultDependencies=no +After=plymouth-start.service systemd-vconsole-setup.service +Conflicts=emergency.service +Before=emergency.service +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +ExecStart=systemd-tty-ask-password-agent --watch --console +SystemCallArchitectures=native diff --git a/units/systemd-ask-password-wall.path b/units/systemd-ask-password-wall.path new file mode 100644 index 0000000..161562a --- /dev/null +++ b/units/systemd-ask-password-wall.path @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Forward Password Requests to Wall Directory Watch +Documentation=man:systemd-ask-password-wall.path(8) + +DefaultDependencies=no +Before=paths.target cryptsetup.target +Conflicts=emergency.service +Before=emergency.service +Conflicts=shutdown.target +Before=shutdown.target + +[Path] +DirectoryNotEmpty=/run/systemd/ask-password +MakeDirectory=yes diff --git a/units/systemd-ask-password-wall.service b/units/systemd-ask-password-wall.service new file mode 100644 index 0000000..18b59d9 --- /dev/null +++ b/units/systemd-ask-password-wall.service @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Forward Password Requests to Wall +Documentation=man:systemd-ask-password-wall.service(8) +After=systemd-user-sessions.service + +[Service] +ExecStartPre=-systemctl stop systemd-ask-password-console.path systemd-ask-password-console.service systemd-ask-password-plymouth.path systemd-ask-password-plymouth.service +ExecStart=systemd-tty-ask-password-agent --wall +SystemCallArchitectures=native diff --git a/units/systemd-backlight@.service.in b/units/systemd-backlight@.service.in new file mode 100644 index 0000000..e7e35ec --- /dev/null +++ b/units/systemd-backlight@.service.in @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load/Save Screen Backlight Brightness of %i +Documentation=man:systemd-backlight@.service(8) +ConditionPathExists=!/etc/initrd-release + +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-backlight load %i +ExecStop={{LIBEXECDIR}}/systemd-backlight save %i +TimeoutSec=90s +StateDirectory=systemd/backlight diff --git a/units/systemd-battery-check.service.in b/units/systemd-battery-check.service.in new file mode 100644 index 0000000..a5f532d --- /dev/null +++ b/units/systemd-battery-check.service.in @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Check battery level during early boot +Documentation=man:systemd-battery-check.service(8) +ConditionVirtualization=no +ConditionDirectoryNotEmpty=/sys/class/power_supply/ +ConditionKernelCommandLine=!systemd.battery-check=0 +AssertPathExists=/etc/initrd-release +DefaultDependencies=no +After=plymouth-start.service +Before=initrd-root-device.target systemd-hibernate-resume.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-battery-check +FailureAction=poweroff-force diff --git a/units/systemd-binfmt.service.in b/units/systemd-binfmt.service.in new file mode 100644 index 0000000..6861c76 --- /dev/null +++ b/units/systemd-binfmt.service.in @@ -0,0 +1,33 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Set Up Additional Binary Formats +Documentation=man:systemd-binfmt.service(8) man:binfmt.d(5) +Documentation=https://docs.kernel.org/admin-guide/binfmt-misc.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Conflicts=shutdown.target +After=proc-sys-fs-binfmt_misc.automount +After=proc-sys-fs-binfmt_misc.mount +After=local-fs.target +Before=sysinit.target shutdown.target +ConditionPathIsMountPoint=/proc/sys/fs/binfmt_misc +ConditionDirectoryNotEmpty=|/lib/binfmt.d +ConditionDirectoryNotEmpty=|/usr/lib/binfmt.d +ConditionDirectoryNotEmpty=|/usr/local/lib/binfmt.d +ConditionDirectoryNotEmpty=|/etc/binfmt.d +ConditionDirectoryNotEmpty=|/run/binfmt.d + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-binfmt +ExecStop={{LIBEXECDIR}}/systemd-binfmt --unregister +TimeoutSec=90s diff --git a/units/systemd-bless-boot.service.in b/units/systemd-bless-boot.service.in new file mode 100644 index 0000000..e7a4548 --- /dev/null +++ b/units/systemd-bless-boot.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Mark the Current Boot Loader Entry as Good +Documentation=man:systemd-bless-boot.service(8) +DefaultDependencies=no +Requires=boot-complete.target +After=local-fs.target boot-complete.target +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-bless-boot good diff --git a/units/systemd-boot-check-no-failures.service.in b/units/systemd-boot-check-no-failures.service.in new file mode 100644 index 0000000..eaadd0e --- /dev/null +++ b/units/systemd-boot-check-no-failures.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Check if Any System Units Failed +Documentation=man:systemd-boot-check-no-failures.service(8) +After=default.target graphical.target multi-user.target +Before=boot-complete.target +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-boot-check-no-failures + +[Install] +RequiredBy=boot-complete.target diff --git a/units/systemd-boot-random-seed.service b/units/systemd-boot-random-seed.service new file mode 100644 index 0000000..4fa2860 --- /dev/null +++ b/units/systemd-boot-random-seed.service @@ -0,0 +1,28 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Update Boot Loader Random Seed +Documentation=man:systemd-boot-random-seed.service(8) man:random(4) + +DefaultDependencies=no +After=local-fs.target systemd-random-seed.service +Conflicts=shutdown.target +Before=sysinit.target shutdown.target + +ConditionVirtualization=!container +ConditionPathExists=!/etc/initrd-release +# Only run this if the boot loader can support random seed initialization. +ConditionPathExists=|/sys/firmware/efi/efivars/LoaderFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f +ConditionPathExists=|/sys/firmware/efi/efivars/StubFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=bootctl --graceful random-seed diff --git a/units/systemd-boot-update.service b/units/systemd-boot-update.service new file mode 100644 index 0000000..f234184 --- /dev/null +++ b/units/systemd-boot-update.service @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Automatic Boot Loader Update +Documentation=man:bootctl(1) +ConditionPathExists=!/etc/initrd-release + +DefaultDependencies=no +After=local-fs.target +Before=sysinit.target systemd-update-done.service +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=bootctl --no-variables --graceful update + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-bsod.service.in b/units/systemd-bsod.service.in new file mode 100644 index 0000000..2d2f988 --- /dev/null +++ b/units/systemd-bsod.service.in @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Displays emergency message in full screen. +Documentation=man:systemd-bsod.service(8) +ConditionVirtualization=no +DefaultDependencies=no +After=systemd-battery-check.service +Before=shutdown.target +Conflicts=shutdown.target + +[Service] +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-bsod --continuous diff --git a/units/systemd-confext.service b/units/systemd-confext.service new file mode 100644 index 0000000..3b46eca --- /dev/null +++ b/units/systemd-confext.service @@ -0,0 +1,34 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Merge System Configuration Images into /etc/ +Documentation=man:systemd-confext.service(8) + +ConditionCapability=CAP_SYS_ADMIN +ConditionDirectoryNotEmpty=|/run/confexts +ConditionDirectoryNotEmpty=|/var/lib/confexts +ConditionDirectoryNotEmpty=|/usr/local/lib/confexts +ConditionDirectoryNotEmpty=|/usr/lib/confexts + +DefaultDependencies=no +After=local-fs.target +Before=sysinit.target systemd-tmpfiles-setup.service +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-confext refresh +ExecReload=systemd-confext refresh +ExecStop=systemd-confext unmerge + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-coredump.socket b/units/systemd-coredump.socket new file mode 100644 index 0000000..a2d457f --- /dev/null +++ b/units/systemd-coredump.socket @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Process Core Dump Socket +Documentation=man:systemd-coredump(8) +DefaultDependencies=no +Before=shutdown.target systemd-sysctl.service +Conflicts=shutdown.target + +[Socket] +ListenSequentialPacket=/run/systemd/coredump +SocketMode=0600 +Accept=yes +MaxConnections=16 diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in new file mode 100644 index 0000000..012c60d --- /dev/null +++ b/units/systemd-coredump@.service.in @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Process Core Dump +Documentation=man:systemd-coredump(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-journald.socket +Requires=systemd-journald.socket +Before=shutdown.target + +[Service] +ExecStart=-{{LIBEXECDIR}}/systemd-coredump +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +Nice=9 +NoNewPrivileges=yes +OOMScoreAdjust=500 +PrivateDevices=yes +PrivateNetwork=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectKernelLogs=yes +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeMaxSec=5min +StateDirectory=systemd/coredump +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @mount diff --git a/units/systemd-exit.service b/units/systemd-exit.service new file mode 100644 index 0000000..df6e671 --- /dev/null +++ b/units/systemd-exit.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Exit the Container +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target +SuccessAction=exit-force diff --git a/units/systemd-firstboot.service b/units/systemd-firstboot.service new file mode 100644 index 0000000..78a4087 --- /dev/null +++ b/units/systemd-firstboot.service @@ -0,0 +1,45 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=First Boot Wizard +Documentation=man:systemd-firstboot(1) + +ConditionPathIsReadWrite=/etc +ConditionFirstBoot=yes + +DefaultDependencies=no +# This service may need to write to the file system: +After=systemd-remount-fs.service +# Both systemd-sysusers and systemd-tmpfiles may create the root account +# (via factory files or credentials), obviating the need for us to do that: +After=systemd-sysusers.service systemd-tmpfiles-setup.service +# Let vconsole-setup do its setup before starting user interaction: +After=systemd-vconsole-setup.service + +Wants=first-boot-complete.target +Before=first-boot-complete.target sysinit.target +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-firstboot --prompt-locale --prompt-timezone --prompt-root-password +StandardOutput=tty +StandardInput=tty +StandardError=tty + +# Optionally, pick up basic fields from credentials passed to the service +# manager. This is useful for importing this data from nspawn's +# --set-credential= switch. +ImportCredential=passwd.hashed-password.root +ImportCredential=passwd.plaintext-password.root +ImportCredential=passwd.shell.root +ImportCredential=firstboot.* diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in new file mode 100644 index 0000000..ebe8262 --- /dev/null +++ b/units/systemd-fsck-root.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=File System Check on Root Device +Documentation=man:systemd-fsck-root.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=local-fs.target shutdown.target +ConditionPathIsReadWrite=!/ +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-fsck +TimeoutSec=infinity diff --git a/units/systemd-fsck@.service.in b/units/systemd-fsck@.service.in new file mode 100644 index 0000000..65521b1 --- /dev/null +++ b/units/systemd-fsck@.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=File System Check on %f +Documentation=man:systemd-fsck@.service(8) +DefaultDependencies=no +BindsTo=%i.device +Conflicts=shutdown.target +After=%i.device systemd-fsck-root.service local-fs-pre.target +Before=systemd-quotacheck.service shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-fsck %f +TimeoutSec=infinity diff --git a/units/systemd-growfs-root.service.in b/units/systemd-growfs-root.service.in new file mode 100644 index 0000000..a656863 --- /dev/null +++ b/units/systemd-growfs-root.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Grow Root File System +Documentation=man:systemd-growfs-root.service(8) + +DefaultDependencies=no +After=systemd-repart.service systemd-remount-fs.service +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-growfs / +TimeoutSec=infinity diff --git a/units/systemd-growfs@.service.in b/units/systemd-growfs@.service.in new file mode 100644 index 0000000..8099b1e --- /dev/null +++ b/units/systemd-growfs@.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Grow File System on %f +Documentation=man:systemd-growfs@.service(8) + +DefaultDependencies=no +BindsTo=%i.mount +After=systemd-repart.service %i.mount +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-growfs %f +TimeoutSec=infinity diff --git a/units/systemd-halt.service b/units/systemd-halt.service new file mode 100644 index 0000000..e3a35cc --- /dev/null +++ b/units/systemd-halt.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Halt +Documentation=man:systemd-halt.service(8) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target +SuccessAction=halt-force diff --git a/units/systemd-hibernate-resume.service.in b/units/systemd-hibernate-resume.service.in new file mode 100644 index 0000000..dce4f0f --- /dev/null +++ b/units/systemd-hibernate-resume.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Resume from hibernation +Documentation=man:systemd-hibernate-resume.service(8) + +ConditionKernelCommandLine=!noresume + +DefaultDependencies=no +Wants=local-fs-pre.target +Before=local-fs-pre.target + +AssertPathExists=/etc/initrd-release + +[Service] +Type=oneshot +ExecStart={{LIBEXECDIR}}/systemd-hibernate-resume diff --git a/units/systemd-hibernate.service.in b/units/systemd-hibernate.service.in new file mode 100644 index 0000000..c43195b --- /dev/null +++ b/units/systemd-hibernate.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Hibernate +Documentation=man:systemd-hibernate.service(8) +DefaultDependencies=no +Requires=sleep.target +After=sleep.target + +[Service] +Type=oneshot +ExecStart={{LIBEXECDIR}}/systemd-sleep hibernate diff --git a/units/systemd-homed-activate.service b/units/systemd-homed-activate.service new file mode 100644 index 0000000..b16fedb --- /dev/null +++ b/units/systemd-homed-activate.service @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Home Area Activation +Documentation=man:systemd-homed.service(8) +After=home.mount systemd-homed.service +Before=systemd-user-sessions.service + +[Service] +ExecStop=homectl deactivate-all +RemainAfterExit=true +Type=oneshot + +[Install] +WantedBy=systemd-homed.service +Also=systemd-homed.service diff --git a/units/systemd-homed.service.in b/units/systemd-homed.service.in new file mode 100644 index 0000000..e629048 --- /dev/null +++ b/units/systemd-homed.service.in @@ -0,0 +1,42 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Home Area Manager +Documentation=man:systemd-homed.service(8) +Documentation=man:org.freedesktop.home1(5) +After=home.mount dbus.service + +[Service] +BusName=org.freedesktop.home1 +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE CAP_SETPCAP CAP_DAC_READ_SEARCH CAP_SETFCAP +DeviceAllow=/dev/loop-control rw +DeviceAllow=/dev/mapper/control rw +DeviceAllow=block-* rw +DeviceAllow=char-hidraw rw +ExecStart={{LIBEXECDIR}}/systemd-homed +KillMode=mixed +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_ALG AF_INET AF_INET6 +RestrictNamespaces=mnt user +RestrictRealtime=yes +StateDirectory=systemd/home +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @mount quotactl +TimeoutStopSec=3min +{{SERVICE_WATCHDOG}} + +[Install] +WantedBy=multi-user.target +Alias=dbus-org.freedesktop.home1.service +Also=systemd-homed-activate.service systemd-userdbd.service diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in new file mode 100644 index 0000000..31b45e0 --- /dev/null +++ b/units/systemd-hostnamed.service.in @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Hostname Service +Documentation=man:systemd-hostnamed.service(8) +Documentation=man:hostname(5) +Documentation=man:machine-info(5) +Documentation=man:org.freedesktop.hostname1(5) + +[Service] +BusName=org.freedesktop.hostname1 +CapabilityBoundingSet=CAP_SYS_ADMIN +ExecStart={{LIBEXECDIR}}/systemd-hostnamed +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateNetwork=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +ReadWritePaths=/etc /run/systemd +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service sethostname +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-hwdb-update.service.in b/units/systemd-hwdb-update.service.in new file mode 100644 index 0000000..4ba36d1 --- /dev/null +++ b/units/systemd-hwdb-update.service.in @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rebuild Hardware Database +Documentation=man:hwdb(7) man:systemd-hwdb(8) + +ConditionNeedsUpdate=/etc +ConditionPathExists=|!{{UDEVLIBEXECDIR}}/hwdb.bin +ConditionPathExists=|/etc/udev/hwdb.bin +ConditionDirectoryNotEmpty=|/etc/udev/hwdb.d/ + +DefaultDependencies=no +After=systemd-remount-fs.service +Before=sysinit.target systemd-update-done.service +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-hwdb update +TimeoutSec=90s diff --git a/units/systemd-hybrid-sleep.service.in b/units/systemd-hybrid-sleep.service.in new file mode 100644 index 0000000..c85215b --- /dev/null +++ b/units/systemd-hybrid-sleep.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Hybrid Suspend+Hibernate +Documentation=man:systemd-hybrid-sleep.service(8) +DefaultDependencies=no +Requires=sleep.target +After=sleep.target + +[Service] +Type=oneshot +ExecStart={{LIBEXECDIR}}/systemd-sleep hybrid-sleep diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in new file mode 100644 index 0000000..fc24a05 --- /dev/null +++ b/units/systemd-importd.service.in @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Virtual Machine and Container Download Service +Documentation=man:systemd-importd.service(8) +Documentation=man:org.freedesktop.import1(5) + +[Service] +ExecStart={{LIBEXECDIR}}/systemd-importd +BusName=org.freedesktop.import1 +KillMode=mixed +CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE CAP_LINUX_IMMUTABLE +NoNewPrivileges=yes +MemoryDenyWriteExecute=yes +ProtectHostname=yes +RestrictRealtime=yes +RestrictNamespaces=net +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +SystemCallFilter=@system-service @mount +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +LockPersonality=yes +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-initctl.service.in b/units/systemd-initctl.service.in new file mode 100644 index 0000000..6a19058 --- /dev/null +++ b/units/systemd-initctl.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=initctl Compatibility Daemon +Documentation=man:systemd-initctl.service(8) +DefaultDependencies=no + +[Service] +ExecStart={{LIBEXECDIR}}/systemd-initctl +NoNewPrivileges=yes +NotifyAccess=all +SystemCallArchitectures=native diff --git a/units/systemd-initctl.socket b/units/systemd-initctl.socket new file mode 100644 index 0000000..4102131 --- /dev/null +++ b/units/systemd-initctl.socket @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=initctl Compatibility Named Pipe +Documentation=man:systemd-initctl.socket(8) +DefaultDependencies=no +Before=sockets.target + +[Socket] +ListenFIFO=/run/initctl +Symlinks=/dev/initctl +SocketMode=0600 diff --git a/units/systemd-journal-catalog-update.service b/units/systemd-journal-catalog-update.service new file mode 100644 index 0000000..691e03f --- /dev/null +++ b/units/systemd-journal-catalog-update.service @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rebuild Journal Catalog +Documentation=man:systemd-journald.service(8) man:journald.conf(5) + +ConditionNeedsUpdate=/var + +DefaultDependencies=no +After=local-fs.target systemd-tmpfiles-setup.service +Before=sysinit.target systemd-update-done.service +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=journalctl --update-catalog +TimeoutSec=90s diff --git a/units/systemd-journal-flush.service b/units/systemd-journal-flush.service new file mode 100644 index 0000000..8c01587 --- /dev/null +++ b/units/systemd-journal-flush.service @@ -0,0 +1,28 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Flush Journal to Persistent Storage +Documentation=man:systemd-journald.service(8) man:journald.conf(5) + +ConditionPathExists=!/etc/initrd-release + +DefaultDependencies=no +After=systemd-remount-fs.service +Before=systemd-tmpfiles-setup.service +Wants=systemd-journald.service +After=systemd-journald.service +RequiresMountsFor=/var/log/journal + +[Service] +ExecStart=journalctl --flush +ExecStop=journalctl --smart-relinquish-var +Type=oneshot +RemainAfterExit=yes +TimeoutSec=90s diff --git a/units/systemd-journal-gatewayd.service.in b/units/systemd-journal-gatewayd.service.in new file mode 100644 index 0000000..27ae42c --- /dev/null +++ b/units/systemd-journal-gatewayd.service.in @@ -0,0 +1,41 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Gateway Service +Documentation=man:systemd-journal-gatewayd(8) +Requires=systemd-journal-gatewayd.socket + +[Service] +DynamicUser=yes +ExecStart={{LIBEXECDIR}}/systemd-journal-gatewayd +LockPersonality=yes +MemoryDenyWriteExecute=yes +PrivateDevices=yes +PrivateNetwork=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +SupplementaryGroups=systemd-journal +SystemCallArchitectures=native +User=systemd-journal-gateway + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} + +[Install] +Also=systemd-journal-gatewayd.socket diff --git a/units/systemd-journal-gatewayd.socket b/units/systemd-journal-gatewayd.socket new file mode 100644 index 0000000..30e74e3 --- /dev/null +++ b/units/systemd-journal-gatewayd.socket @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Gateway Service Socket +Documentation=man:systemd-journal-gatewayd(8) + +[Socket] +ListenStream=19531 + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in new file mode 100644 index 0000000..6517410 --- /dev/null +++ b/units/systemd-journal-remote.service.in @@ -0,0 +1,46 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Remote Sink Service +Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5) +Requires=systemd-journal-remote.socket + +[Service] +ExecStart={{LIBEXECDIR}}/systemd-journal-remote --listen-https=-3 --output=/var/log/journal/remote/ +LockPersonality=yes +LogsDirectory=journal/remote +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateNetwork=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +User=systemd-journal-remote +{{SERVICE_WATCHDOG}} + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} + +[Install] +Also=systemd-journal-remote.socket diff --git a/units/systemd-journal-remote.socket b/units/systemd-journal-remote.socket new file mode 100644 index 0000000..2956819 --- /dev/null +++ b/units/systemd-journal-remote.socket @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Remote Sink Socket + +[Socket] +ListenStream=19532 + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in new file mode 100644 index 0000000..273511e --- /dev/null +++ b/units/systemd-journal-upload.service.in @@ -0,0 +1,46 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Remote Upload Service +Documentation=man:systemd-journal-upload(8) +Wants=network-online.target +After=network-online.target + +[Service] +DynamicUser=yes +ExecStart={{LIBEXECDIR}}/systemd-journal-upload --save-state +LockPersonality=yes +MemoryDenyWriteExecute=yes +PrivateDevices=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +Restart=on-failure +RestartSteps=10 +RestartMaxDelaySec=60 +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +StateDirectory=systemd/journal-upload +SupplementaryGroups=systemd-journal +SystemCallArchitectures=native +User=systemd-journal-upload +{{SERVICE_WATCHDOG}} + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} + +[Install] +WantedBy=multi-user.target diff --git a/units/systemd-journald-audit.socket b/units/systemd-journald-audit.socket new file mode 100644 index 0000000..cf9b6e8 --- /dev/null +++ b/units/systemd-journald-audit.socket @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Audit Socket +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target +ConditionSecurity=audit +ConditionCapability=CAP_AUDIT_READ + +[Socket] +Service=systemd-journald.service +ReceiveBuffer=128M +ListenNetlink=audit 1 +PassCredentials=yes + +[Install] +WantedBy=sockets.target +WantedBy=systemd-journald.service diff --git a/units/systemd-journald-dev-log.socket b/units/systemd-journald-dev-log.socket new file mode 100644 index 0000000..e2a9352 --- /dev/null +++ b/units/systemd-journald-dev-log.socket @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Socket (/dev/log) +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target + +# Mount and swap units need this. If this socket unit is removed by an isolate +# request the mount and swap units would be removed too, hence let's exclude +# systemd-journald and its sockets from isolate requests. +IgnoreOnIsolate=yes + +[Socket] +ListenDatagram=/run/systemd/journal/dev-log +PassCredentials=yes +PassSecurity=yes +Service=systemd-journald.service +SocketMode=0666 +Symlinks=/dev/log +Timestamping=us + +# Increase both the send and receive buffer, so that things don't +# block early. Note that journald internally uses the this socket both +# for receiving syslog messages, and for forwarding them to any other +# syslog, hence we bump both values. +ReceiveBuffer=8M +SendBuffer=8M diff --git a/units/systemd-journald-varlink@.socket b/units/systemd-journald-varlink@.socket new file mode 100644 index 0000000..05d8cf6 --- /dev/null +++ b/units/systemd-journald-varlink@.socket @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Varlink Socket for Namespace %i +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +StopWhenUnneeded=yes + +[Socket] +Service=systemd-journald@%i.service +ListenStream=/run/systemd/journal.%i/io.systemd.journal +SocketMode=0600 diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in new file mode 100644 index 0000000..37eeabc --- /dev/null +++ b/units/systemd-journald.service.in @@ -0,0 +1,65 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Service +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Requires=systemd-journald.socket +After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket +Before=sysinit.target + +# To avoid journald SIGKILLed during soft-reboot and corrupting journals. +# See https://github.com/systemd/systemd/issues/30195 +Before=soft-reboot.target +Conflicts=soft-reboot.target + +# Mount and swap units need the journal socket units. If they were removed by +# an isolate request the mount and swap units would be removed too, hence let's +# exclude systemd-journald and its sockets from isolate requests. +IgnoreOnIsolate=yes + +[Service] +DeviceAllow=char-* rw +ExecStart={{LIBEXECDIR}}/systemd-journald +FileDescriptorStoreMax=4224 +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +OOMScoreAdjust=-250 +ProtectClock=yes +Restart=always +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/journal +RuntimeDirectoryPreserve=yes +# Audit socket is not listed here because this unit can be turned off. However +# the link between the socket and the service units is still created thanks to +# the 'Service=' setting specified in the socket unit. +Sockets=systemd-journald.socket systemd-journald-dev-log.socket +StandardOutput=null +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +PassEnvironment=TERM +{{SERVICE_WATCHDOG}} + +# In case you're wondering why CAP_SYS_PTRACE is needed, access to +# /proc/<pid>/exe requires this capability. Thus if this capability is missing +# the _EXE=/OBJECT_EXE= fields will be missing from the journal entries. +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} diff --git a/units/systemd-journald.socket b/units/systemd-journald.socket new file mode 100644 index 0000000..1e2178e --- /dev/null +++ b/units/systemd-journald.socket @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Socket +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target + +# Mount and swap units need this. If this socket unit is removed by an isolate +# request the mount and swap units would be removed too, hence let's exclude +# systemd-journald and its sockets from isolate requests. +IgnoreOnIsolate=yes + +[Socket] +ListenDatagram=/run/systemd/journal/socket +ListenStream=/run/systemd/journal/stdout +PassCredentials=yes +PassSecurity=yes +ReceiveBuffer=8M +Service=systemd-journald.service +SocketMode=0666 +Timestamping=us diff --git a/units/systemd-journald@.service.in b/units/systemd-journald@.service.in new file mode 100644 index 0000000..c3bcb08 --- /dev/null +++ b/units/systemd-journald@.service.in @@ -0,0 +1,48 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Service for Namespace %i +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +Requires=systemd-journald@%i.socket systemd-journald-varlink@%i.socket +After=systemd-journald@%i.socket systemd-journald-varlink@%i.socket + +# To avoid journald SIGKILLed during soft-reboot and corrupting journals. +# See https://github.com/systemd/systemd/issues/30195 +Before=soft-reboot.target +Conflicts=soft-reboot.target + +[Service] +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE +DevicePolicy=closed +ExecStart={{LIBEXECDIR}}/systemd-journald %i +FileDescriptorStoreMax=4224 +Group=systemd-journal +IPAddressDeny=any +LockPersonality=yes +LogsDirectory=journal/%m.%i +LogsDirectoryMode=02755 +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/journal.%i +RuntimeDirectoryPreserve=yes +Sockets=systemd-journald@%i.socket +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +{{SERVICE_WATCHDOG}} + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} diff --git a/units/systemd-journald@.socket b/units/systemd-journald@.socket new file mode 100644 index 0000000..60c025f --- /dev/null +++ b/units/systemd-journald@.socket @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Socket for Namespace %i +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +StopWhenUnneeded=yes + +[Socket] +Service=systemd-journald@%i.service +ListenStream=/run/systemd/journal.%i/stdout +ListenDatagram=/run/systemd/journal.%i/socket +ListenDatagram=/run/systemd/journal.%i/dev-log +SocketMode=0666 +PassCredentials=yes +PassSecurity=yes +ReceiveBuffer=8M +SendBuffer=8M diff --git a/units/systemd-kexec.service b/units/systemd-kexec.service new file mode 100644 index 0000000..243fa3b --- /dev/null +++ b/units/systemd-kexec.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot via kexec +Documentation=man:systemd-kexec.service(8) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target +SuccessAction=kexec-force diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in new file mode 100644 index 0000000..19383ae --- /dev/null +++ b/units/systemd-localed.service.in @@ -0,0 +1,47 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Locale Service +Documentation=man:systemd-localed.service(8) +Documentation=man:locale.conf(5) +Documentation=man:vconsole.conf(5) +Documentation=man:org.freedesktop.locale1(5) + +[Service] +BusName=org.freedesktop.locale1 +CapabilityBoundingSet= +ExecStart={{LIBEXECDIR}}/systemd-localed +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateNetwork=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +ReadWritePaths=/etc +{% if HAVE_LOCALEGEN %} +ReadWritePaths=/usr/lib/locale +{% endif %} +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in new file mode 100644 index 0000000..39dc0c2 --- /dev/null +++ b/units/systemd-logind.service.in @@ -0,0 +1,66 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Login Management +Documentation=man:sd-login(3) +Documentation=man:systemd-logind.service(8) +Documentation=man:logind.conf(5) +Documentation=man:org.freedesktop.login1(5) + +Wants=user.slice modprobe@drm.service +After=nss-user-lookup.target user.slice modprobe@drm.service + +# Ask for the dbus socket. +Wants=dbus.socket +After=dbus.socket + +[Service] +BusName=org.freedesktop.login1 +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG CAP_LINUX_IMMUTABLE +DeviceAllow=block-* r +DeviceAllow=char-/dev/console rw +DeviceAllow=char-drm rw +DeviceAllow=char-input rw +DeviceAllow=char-tty rw +DeviceAllow=char-vcs rw +ExecStart={{LIBEXECDIR}}/systemd-logind +FileDescriptorStoreMax=512 +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateTmp=yes +# We don't use ProtectProc= since we need to look for usernames and tty for wall messages +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectSystem=strict +ReadWritePaths=/etc /run +Restart=always +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/sessions systemd/seats systemd/users systemd/inhibit systemd/shutdown +RuntimeDirectoryPreserve=yes +StateDirectory=systemd/linger +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify-reload +{{SERVICE_WATCHDOG}} + +# Increase the default a bit in order to allow many simultaneous logins since +# we keep one fd open per session. +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} diff --git a/units/systemd-machine-id-commit.service b/units/systemd-machine-id-commit.service new file mode 100644 index 0000000..89e0613 --- /dev/null +++ b/units/systemd-machine-id-commit.service @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Commit a transient machine-id on disk +Documentation=man:systemd-machine-id-commit.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=shutdown.target +After=local-fs.target first-boot-complete.target +ConditionPathIsReadWrite=/etc +ConditionPathIsMountPoint=/etc/machine-id + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-machine-id-setup --commit +TimeoutSec=30s diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in new file mode 100644 index 0000000..47aa5de --- /dev/null +++ b/units/systemd-machined.service.in @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Virtual Machine and Container Registration Service +Documentation=man:systemd-machined.service(8) +Documentation=man:org.freedesktop.machine1(5) + +Wants=machine.slice +After=machine.slice +RequiresMountsFor=/var/lib/machines + +[Service] +BusName=org.freedesktop.machine1 +CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_LINUX_IMMUTABLE +ExecStart={{LIBEXECDIR}}/systemd-machined +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +ProtectHostname=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +RestrictRealtime=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @mount +{{SERVICE_WATCHDOG}} + +# Note that machined cannot be placed in a mount namespace, since it +# needs access to the host's mount namespace in order to implement the +# "machinectl bind" operation. diff --git a/units/systemd-modules-load.service.in b/units/systemd-modules-load.service.in new file mode 100644 index 0000000..0fe6740 --- /dev/null +++ b/units/systemd-modules-load.service.in @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load Kernel Modules +Documentation=man:systemd-modules-load.service(8) man:modules-load.d(5) +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target +ConditionCapability=CAP_SYS_MODULE +ConditionDirectoryNotEmpty=|/lib/modules-load.d +ConditionDirectoryNotEmpty=|/usr/lib/modules-load.d +ConditionDirectoryNotEmpty=|/usr/local/lib/modules-load.d +ConditionDirectoryNotEmpty=|/etc/modules-load.d +ConditionDirectoryNotEmpty=|/run/modules-load.d +ConditionKernelCommandLine=|modules-load +ConditionKernelCommandLine=|rd.modules-load + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-modules-load +TimeoutSec=90s diff --git a/units/systemd-network-generator.service.in b/units/systemd-network-generator.service.in new file mode 100644 index 0000000..d87e1a4 --- /dev/null +++ b/units/systemd-network-generator.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Generate network units from Kernel command line +Documentation=man:systemd-network-generator.service(8) + +DefaultDependencies=no +Before=network-pre.target systemd-udevd.service +Wants=network-pre.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-network-generator + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-networkd-wait-online.service.in b/units/systemd-networkd-wait-online.service.in new file mode 100644 index 0000000..7768121 --- /dev/null +++ b/units/systemd-networkd-wait-online.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Wait for Network to be Configured +Documentation=man:systemd-networkd-wait-online.service(8) +ConditionCapability=CAP_NET_ADMIN +DefaultDependencies=no +Conflicts=shutdown.target +BindsTo=systemd-networkd.service +After=systemd-networkd.service +Before=network-online.target shutdown.target + +[Service] +Type=oneshot +ExecStart={{LIBEXECDIR}}/systemd-networkd-wait-online +RemainAfterExit=yes + +[Install] +WantedBy=network-online.target diff --git a/units/systemd-networkd-wait-online@.service.in b/units/systemd-networkd-wait-online@.service.in new file mode 100644 index 0000000..60d1734 --- /dev/null +++ b/units/systemd-networkd-wait-online@.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Wait for Network Interface %i to be Configured +Documentation=man:systemd-networkd-wait-online.service(8) +ConditionCapability=CAP_NET_ADMIN +DefaultDependencies=no +Conflicts=shutdown.target +BindsTo=systemd-networkd.service +After=systemd-networkd.service +Before=network-online.target shutdown.target + +[Service] +Type=oneshot +ExecStart={{LIBEXECDIR}}/systemd-networkd-wait-online -i %i +RemainAfterExit=yes + +[Install] +WantedBy=network-online.target diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in new file mode 100644 index 0000000..3608458 --- /dev/null +++ b/units/systemd-networkd.service.in @@ -0,0 +1,68 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Configuration +Documentation=man:systemd-networkd.service(8) +Documentation=man:org.freedesktop.network1(5) +ConditionCapability=CAP_NET_ADMIN +DefaultDependencies=no +# systemd-udevd.service can be dropped once tuntap is moved to netlink +After=systemd-networkd.socket systemd-udevd.service network-pre.target systemd-sysusers.service systemd-sysctl.service +Before=network.target multi-user.target shutdown.target initrd-switch-root.target +Conflicts=shutdown.target initrd-switch-root.target +Wants=systemd-networkd.socket network.target + +[Service] +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW +BusName=org.freedesktop.network1 +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW +DeviceAllow=char-* rw +ExecStart=!!{{LIBEXECDIR}}/systemd-networkd +FileDescriptorStoreMax=512 +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +ProtectProc=invisible +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectSystem=strict +Restart=on-failure +RestartKillSignal=SIGUSR2 +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/netif +RuntimeDirectoryPreserve=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify-reload +User=systemd-network +{{SERVICE_WATCHDOG}} + +[Install] +WantedBy=multi-user.target +Also=systemd-networkd.socket +Alias=dbus-org.freedesktop.network1.service + +# The output from this generator is used by udevd and networkd. Enable it by +# default when enabling systemd-networkd.service. +Also=systemd-network-generator.service + +# We want to enable systemd-networkd-wait-online.service whenever this service +# is enabled. systemd-networkd-wait-online.service has +# WantedBy=network-online.target, so enabling it only has an effect if +# network-online.target itself is enabled or pulled in by some other unit. +Also=systemd-networkd-wait-online.service diff --git a/units/systemd-networkd.socket b/units/systemd-networkd.socket new file mode 100644 index 0000000..2d8d1c3 --- /dev/null +++ b/units/systemd-networkd.socket @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Service Netlink Socket +Documentation=man:systemd-networkd.service(8) man:rtnetlink(7) +ConditionCapability=CAP_NET_ADMIN +DefaultDependencies=no +Before=sockets.target shutdown.target +Conflicts=shutdown.target + +[Socket] +ReceiveBuffer=128M +ListenNetlink=route 1361 +PassPacketInfo=yes + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in new file mode 100644 index 0000000..ff66d40 --- /dev/null +++ b/units/systemd-nspawn@.service.in @@ -0,0 +1,52 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Container %i +Documentation=man:systemd-nspawn(1) +Wants=modprobe@tun.service modprobe@loop.service modprobe@dm_mod.service +PartOf=machines.target +Before=machines.target +After=network.target modprobe@tun.service modprobe@loop.service modprobe@dm_mod.service +RequiresMountsFor=/var/lib/machines/%i + +[Service] +# Make sure the DeviceAllow= lines below can properly resolve the 'block-loop' expression (and others) +ExecStart=systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth -U --settings=override --machine=%i +KillMode=mixed +Type=notify +RestartForceExitStatus=133 +SuccessExitStatus=133 +Slice=machine.slice +Delegate=yes +DelegateSubgroup=supervisor +CoredumpReceive=yes +TasksMax=16384 +{{SERVICE_WATCHDOG}} + +{# Enforce a strict device policy, similar to the one nspawn configures when it + # allocates its own scope unit. Make sure to keep these policies in sync if you + # change them! #} +DevicePolicy=closed +DeviceAllow=/dev/net/tun rwm +DeviceAllow=char-pts rw + +# nspawn itself needs access to /dev/loop-control and /dev/loop, to implement +# the --image= option. Add these here, too. +DeviceAllow=/dev/loop-control rw +DeviceAllow=block-loop rw +DeviceAllow=block-blkext rw + +# nspawn can set up LUKS encrypted loopback files, in which case it needs +# access to /dev/mapper/control and the block devices /dev/mapper/*. +DeviceAllow=/dev/mapper/control rw +DeviceAllow=block-device-mapper rw + +[Install] +WantedBy=machines.target diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in new file mode 100644 index 0000000..82bd624 --- /dev/null +++ b/units/systemd-oomd.service.in @@ -0,0 +1,62 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Userspace Out-Of-Memory (OOM) Killer +Documentation=man:systemd-oomd.service(8) +Documentation=man:org.freedesktop.oom1(5) +DefaultDependencies=no +Before=multi-user.target shutdown.target +Conflicts=shutdown.target +ConditionControlGroupController=v2 +ConditionControlGroupController=memory +ConditionPathExists=/proc/pressure/cpu +ConditionPathExists=/proc/pressure/io +ConditionPathExists=/proc/pressure/memory +Requires=systemd-oomd.socket +After=systemd-oomd.socket + +[Service] +AmbientCapabilities=CAP_KILL CAP_DAC_OVERRIDE +BusName=org.freedesktop.oom1 +CapabilityBoundingSet=CAP_KILL CAP_DAC_OVERRIDE +ExecStart={{LIBEXECDIR}}/systemd-oomd +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +# Reserve some minimum amount of memory so that systemd-oomd can continue to +# run in resource starved scenarios. +MemoryMin=64M +MemoryLow=64M +NoNewPrivileges=yes +OOMScoreAdjust=-900 +PrivateDevices=yes +PrivateTmp=yes +ProtectClock=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +Restart=on-failure +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +User=systemd-oom +{{SERVICE_WATCHDOG}} + +[Install] +WantedBy=multi-user.target +Alias=dbus-org.freedesktop.oom1.service diff --git a/units/systemd-oomd.socket b/units/systemd-oomd.socket new file mode 100644 index 0000000..6953f7e --- /dev/null +++ b/units/systemd-oomd.socket @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Userspace Out-Of-Memory (OOM) Killer Socket +Documentation=man:systemd-oomd.service(8) +DefaultDependencies=no +Before=sockets.target shutdown.target +Conflicts=shutdown.target +ConditionControlGroupController=v2 +ConditionControlGroupController=memory +ConditionPathExists=/proc/pressure/cpu +ConditionPathExists=/proc/pressure/io +ConditionPathExists=/proc/pressure/memory + +[Socket] +ListenStream=/run/systemd/oom/io.systemd.ManagedOOM +SocketMode=0666 + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-pcrextend.socket b/units/systemd-pcrextend.socket new file mode 100644 index 0000000..6d7b8ff --- /dev/null +++ b/units/systemd-pcrextend.socket @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR Extension (Varlink) +Documentation=man:systemd-pcrextend(8) +DefaultDependencies=no +Before=sockets.target +ConditionSecurity=measured-uki + +[Socket] +ListenStream=/run/systemd/io.systemd.PCRExtend +FileDescriptorName=varlink +SocketMode=0600 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-pcrextend@.service.in b/units/systemd-pcrextend@.service.in new file mode 100644 index 0000000..2305b1c --- /dev/null +++ b/units/systemd-pcrextend@.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR Extension (Varlink) +Documentation=man:systemd-pcrphase.service(8) +DefaultDependencies=no +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Environment=LISTEN_FDNAMES=varlink +ExecStart=-{{LIBEXECDIR}}/systemd-pcrextend diff --git a/units/systemd-pcrfs-root.service.in b/units/systemd-pcrfs-root.service.in new file mode 100644 index 0000000..11dc747 --- /dev/null +++ b/units/systemd-pcrfs-root.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR Root File System Measurement +Documentation=man:systemd-pcrfs-root.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-pcrmachine.service +Before=shutdown.target +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=measured-uki + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-pcrextend --graceful --file-system=/ diff --git a/units/systemd-pcrfs@.service.in b/units/systemd-pcrfs@.service.in new file mode 100644 index 0000000..fbaec4b --- /dev/null +++ b/units/systemd-pcrfs@.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR File System Measurement of %f +Documentation=man:systemd-pcrfs@.service(8) +DefaultDependencies=no +BindsTo=%i.mount +Conflicts=shutdown.target +After=%i.mount systemd-pcrfs-root.service +Before=shutdown.target +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=measured-uki + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-pcrextend --graceful --file-system=%f diff --git a/units/systemd-pcrlock-file-system.service.in b/units/systemd-pcrlock-file-system.service.in new file mode 100644 index 0000000..d68a42e --- /dev/null +++ b/units/systemd-pcrlock-file-system.service.in @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Lock File Systems to TPM2 PCR Policy +Documentation=man:systemd-pcrlock(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=measured-uki + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-pcrlock lock-file-system + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-pcrlock-firmware-code.service.in b/units/systemd-pcrlock-firmware-code.service.in new file mode 100644 index 0000000..a24f2ba --- /dev/null +++ b/units/systemd-pcrlock-firmware-code.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Lock Firmware Code to TPM2 PCR Policy +Documentation=man:systemd-pcrlock(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-tpm2-setup.service +Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=measured-uki + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-pcrlock lock-firmware-code + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-pcrlock-firmware-config.service.in b/units/systemd-pcrlock-firmware-config.service.in new file mode 100644 index 0000000..64e63f8 --- /dev/null +++ b/units/systemd-pcrlock-firmware-config.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Lock Firmware Configuration to TPM2 PCR Policy +Documentation=man:systemd-pcrlock(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-tpm2-setup.service +Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=measured-uki + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-pcrlock lock-firmware-config + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-pcrlock-machine-id.service.in b/units/systemd-pcrlock-machine-id.service.in new file mode 100644 index 0000000..0ff22c5 --- /dev/null +++ b/units/systemd-pcrlock-machine-id.service.in @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Lock Machine ID to TPM2 PCR Policy +Documentation=man:systemd-pcrlock(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=measured-uki + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-pcrlock lock-machine-id + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-pcrlock-make-policy.service.in b/units/systemd-pcrlock-make-policy.service.in new file mode 100644 index 0000000..4127cc7 --- /dev/null +++ b/units/systemd-pcrlock-make-policy.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Make TPM2 PCR Policy +Documentation=man:systemd-pcrlock(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-tpm2-setup.service +Before=sysinit.target shutdown.target +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=measured-uki + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-pcrlock make-policy --location=770 + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-pcrlock-secureboot-authority.service.in b/units/systemd-pcrlock-secureboot-authority.service.in new file mode 100644 index 0000000..a8d55ba --- /dev/null +++ b/units/systemd-pcrlock-secureboot-authority.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Lock UEFI SecureBoot Authority to TPM2 PCR Policy +Documentation=man:systemd-pcrlock(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-tpm2-setup.service +Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=measured-uki + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-pcrlock lock-secureboot-authority + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-pcrlock-secureboot-policy.service.in b/units/systemd-pcrlock-secureboot-policy.service.in new file mode 100644 index 0000000..10e603c --- /dev/null +++ b/units/systemd-pcrlock-secureboot-policy.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Lock UEFI SecureBoot Policy to TPM2 PCR Policy +Documentation=man:systemd-pcrlock(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-tpm2-setup.service +Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=measured-uki + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-pcrlock lock-secureboot-policy + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-pcrmachine.service.in b/units/systemd-pcrmachine.service.in new file mode 100644 index 0000000..fb7d3ce --- /dev/null +++ b/units/systemd-pcrmachine.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR Machine ID Measurement +Documentation=man:systemd-pcrmachine.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=measured-uki + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-pcrextend --graceful --machine-id diff --git a/units/systemd-pcrphase-initrd.service.in b/units/systemd-pcrphase-initrd.service.in new file mode 100644 index 0000000..b337d60 --- /dev/null +++ b/units/systemd-pcrphase-initrd.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR Barrier (initrd) +Documentation=man:systemd-pcrphase-initrd.service(8) +DefaultDependencies=no +Conflicts=shutdown.target initrd-switch-root.target +Before=sysinit.target cryptsetup-pre.target cryptsetup.target shutdown.target initrd-switch-root.target systemd-sysext.service +ConditionPathExists=/etc/initrd-release +ConditionSecurity=measured-uki + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-pcrextend --graceful enter-initrd +ExecStop={{LIBEXECDIR}}/systemd-pcrextend --graceful leave-initrd diff --git a/units/systemd-pcrphase-sysinit.service.in b/units/systemd-pcrphase-sysinit.service.in new file mode 100644 index 0000000..08f7397 --- /dev/null +++ b/units/systemd-pcrphase-sysinit.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR Barrier (Initialization) +Documentation=man:systemd-pcrphase-sysinit.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=sysinit.target +Before=basic.target shutdown.target +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=measured-uki + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-pcrextend --graceful sysinit +ExecStop={{LIBEXECDIR}}/systemd-pcrextend --graceful final diff --git a/units/systemd-pcrphase.service.in b/units/systemd-pcrphase.service.in new file mode 100644 index 0000000..c94ad75 --- /dev/null +++ b/units/systemd-pcrphase.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR Barrier (User) +Documentation=man:systemd-pcrphase.service(8) +After=remote-fs.target remote-cryptsetup.target +Before=systemd-user-sessions.service +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=measured-uki + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-pcrextend --graceful ready +ExecStop={{LIBEXECDIR}}/systemd-pcrextend --graceful shutdown diff --git a/units/systemd-portabled.service.in b/units/systemd-portabled.service.in new file mode 100644 index 0000000..b4ec252 --- /dev/null +++ b/units/systemd-portabled.service.in @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Portable Service Manager +Documentation=man:systemd-portabled.service(8) +Documentation=man:org.freedesktop.portable1(5) +RequiresMountsFor=/var/lib/portables + +[Service] +ExecStart={{LIBEXECDIR}}/systemd-portabled +BusName=org.freedesktop.portable1 +CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD +MemoryDenyWriteExecute=yes +ProtectHostname=yes +ProtectKernelLogs=yes +RestrictRealtime=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +SystemCallFilter=@system-service @mount +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +LockPersonality=yes +IPAddressDeny=any +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-poweroff.service b/units/systemd-poweroff.service new file mode 100644 index 0000000..254188d --- /dev/null +++ b/units/systemd-poweroff.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Power Off +Documentation=man:systemd-poweroff.service(8) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target +SuccessAction=poweroff-force diff --git a/units/systemd-pstore.service.in b/units/systemd-pstore.service.in new file mode 100644 index 0000000..0b5a20a --- /dev/null +++ b/units/systemd-pstore.service.in @@ -0,0 +1,28 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Platform Persistent Storage Archival +Documentation=man:systemd-pstore(8) +ConditionDirectoryNotEmpty=/sys/fs/pstore +ConditionVirtualization=!container +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target +After=modprobe@efi_pstore.service +Wants=modprobe@efi_pstore.service + +[Service] +Type=oneshot +ExecStart={{LIBEXECDIR}}/systemd-pstore +RemainAfterExit=yes +StateDirectory=systemd/pstore + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-quotacheck.service.in b/units/systemd-quotacheck.service.in new file mode 100644 index 0000000..0f94e38 --- /dev/null +++ b/units/systemd-quotacheck.service.in @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=File System Quota Check +Documentation=man:systemd-quotacheck.service(8) + +ConditionPathExists={{QUOTACHECK}} + +DefaultDependencies=no +After=systemd-remount-fs.service +Before=remote-fs.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-quotacheck +TimeoutSec=infinity diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in new file mode 100644 index 0000000..99b5f33 --- /dev/null +++ b/units/systemd-random-seed.service.in @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load/Save OS Random Seed +Documentation=man:systemd-random-seed.service(8) man:random(4) + +ConditionVirtualization=!container +ConditionPathExists=!/etc/initrd-release + +DefaultDependencies=no +After=systemd-remount-fs.service +Before=first-boot-complete.target +RequiresMountsFor={{RANDOM_SEED}} +Wants=first-boot-complete.target +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-random-seed load +ExecStop={{LIBEXECDIR}}/systemd-random-seed save + +# This service waits until the kernel's entropy pool is initialized, and may be +# used as ordering barrier for service that require an initialized entropy +# pool. Since initialization can take a while on entropy-starved systems, let's +# increase the timeout substantially here. +TimeoutSec=10min diff --git a/units/systemd-reboot.service b/units/systemd-reboot.service new file mode 100644 index 0000000..79176ad --- /dev/null +++ b/units/systemd-reboot.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Reboot +Documentation=man:systemd-reboot.service(8) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target +SuccessAction=reboot-force diff --git a/units/systemd-remount-fs.service.in b/units/systemd-remount-fs.service.in new file mode 100644 index 0000000..fe3c31b --- /dev/null +++ b/units/systemd-remount-fs.service.in @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remount Root and Kernel File Systems +Documentation=man:systemd-remount-fs.service(8) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems + +DefaultDependencies=no +After=systemd-fsck-root.service +Before=local-fs-pre.target local-fs.target +Wants=local-fs-pre.target +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-remount-fs diff --git a/units/systemd-repart.service.in b/units/systemd-repart.service.in new file mode 100644 index 0000000..2b57b93 --- /dev/null +++ b/units/systemd-repart.service.in @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Repartition Root Disk +Documentation=man:systemd-repart.service(8) + +ConditionVirtualization=!container +ConditionDirectoryNotEmpty=|/usr/lib/repart.d +ConditionDirectoryNotEmpty=|/usr/local/lib/repart.d +ConditionDirectoryNotEmpty=|/etc/repart.d +ConditionDirectoryNotEmpty=|/run/repart.d +ConditionDirectoryNotEmpty=|/sysusr/usr/lib/repart.d +ConditionDirectoryNotEmpty=|/sysusr/usr/local/lib/repart.d + +DefaultDependencies=no +Wants=modprobe@loop.service modprobe@dm_mod.service +After=initrd-usr-fs.target modprobe@loop.service modprobe@dm_mod.service +Before=initrd-root-fs.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{BINDIR}}/systemd-repart --dry-run=no + +# The tool returns 76 if it can't find the root block device +SuccessExitStatus=76 +# The tool returns 77 if there's no existing GPT partition table +SuccessExitStatus=77 diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in new file mode 100644 index 0000000..820aecf --- /dev/null +++ b/units/systemd-resolved.service.in @@ -0,0 +1,59 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Name Resolution +Documentation=man:systemd-resolved.service(8) +Documentation=man:org.freedesktop.resolve1(5) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers +Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients + +DefaultDependencies=no +After=systemd-sysctl.service systemd-sysusers.service +Before=sysinit.target network.target nss-lookup.target shutdown.target initrd-switch-root.target +Conflicts=shutdown.target initrd-switch-root.target +Wants=nss-lookup.target + +[Service] +AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE +BusName=org.freedesktop.resolve1 +CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE +ExecStart=!!{{LIBEXECDIR}}/systemd-resolved +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +Restart=always +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/resolve +RuntimeDirectoryPreserve=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +User=systemd-resolve +ImportCredential=network.dns +ImportCredential=network.search_domains +{{SERVICE_WATCHDOG}} + +[Install] +WantedBy=sysinit.target +Alias=dbus-org.freedesktop.resolve1.service diff --git a/units/systemd-rfkill.service.in b/units/systemd-rfkill.service.in new file mode 100644 index 0000000..c6b32a1 --- /dev/null +++ b/units/systemd-rfkill.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load/Save RF Kill Switch Status +Documentation=man:systemd-rfkill.service(8) +ConditionPathExists=!/etc/initrd-release + +DefaultDependencies=no +BindsTo=sys-devices-virtual-misc-rfkill.device +Conflicts=shutdown.target +After=sys-devices-virtual-misc-rfkill.device +Before=shutdown.target + +[Service] +ExecStart={{LIBEXECDIR}}/systemd-rfkill +NoNewPrivileges=yes +StateDirectory=systemd/rfkill +TimeoutSec=30s +Type=notify diff --git a/units/systemd-rfkill.socket b/units/systemd-rfkill.socket new file mode 100644 index 0000000..588ecd2 --- /dev/null +++ b/units/systemd-rfkill.socket @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load/Save RF Kill Switch Status /dev/rfkill Watch +Documentation=man:systemd-rfkill.socket(8) +ConditionPathExists=!/etc/initrd-release + +DefaultDependencies=no +BindsTo=sys-devices-virtual-misc-rfkill.device +After=sys-devices-virtual-misc-rfkill.device systemd-remount-fs.service +Conflicts=shutdown.target +Before=shutdown.target +RequiresMountsFor=/var/lib/systemd/rfkill + +[Socket] +ListenSpecial=/dev/rfkill +Writable=yes diff --git a/units/systemd-soft-reboot.service b/units/systemd-soft-reboot.service new file mode 100644 index 0000000..35ba3a9 --- /dev/null +++ b/units/systemd-soft-reboot.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot System Userspace +Documentation=man:systemd-soft-reboot.service(8) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target +SuccessAction=soft-reboot-force diff --git a/units/systemd-storagetm.service.in b/units/systemd-storagetm.service.in new file mode 100644 index 0000000..3c26f22 --- /dev/null +++ b/units/systemd-storagetm.service.in @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Storage Target Mode (NVMe-TCP) +Documentation=man:systemd-storagetm.service(8) +ConditionVirtualization=!container +DefaultDependencies=no +Wants=modprobe@nvmet_tcp.service modprobe@thunderbolt_net.service sys-kernel-config.mount +After=modprobe@nvmet_tcp.service modprobe@thunderbolt_net.service sys-kernel-config.mount plymouth-start.service +Conflicts=shutdown.target +Before=shutdown.target +FailureAction=reboot +SuccessAction=reboot + +[Service] +Type=notify +RemainAfterExit=yes +StandardInput=tty +StandardOutput=tty +ExecStart={{LIBEXECDIR}}/systemd-storagetm --all diff --git a/units/systemd-suspend-then-hibernate.service.in b/units/systemd-suspend-then-hibernate.service.in new file mode 100644 index 0000000..d7ab2c1 --- /dev/null +++ b/units/systemd-suspend-then-hibernate.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Suspend then Hibernate +Documentation=man:systemd-suspend-then-hibernate.service(8) +DefaultDependencies=no +Requires=sleep.target +After=sleep.target + +[Service] +Type=oneshot +ExecStart={{LIBEXECDIR}}/systemd-sleep suspend-then-hibernate diff --git a/units/systemd-suspend.service.in b/units/systemd-suspend.service.in new file mode 100644 index 0000000..aa264e8 --- /dev/null +++ b/units/systemd-suspend.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Suspend +Documentation=man:systemd-suspend.service(8) +DefaultDependencies=no +Requires=sleep.target +After=sleep.target + +[Service] +Type=oneshot +ExecStart={{LIBEXECDIR}}/systemd-sleep suspend diff --git a/units/systemd-sysctl.service.in b/units/systemd-sysctl.service.in new file mode 100644 index 0000000..4179753 --- /dev/null +++ b/units/systemd-sysctl.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Apply Kernel Variables +Documentation=man:systemd-sysctl.service(8) man:sysctl.d(5) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-modules-load.service +Before=sysinit.target shutdown.target +ConditionPathIsReadWrite=/proc/sys/net/ + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-sysctl +TimeoutSec=90s +ImportCredential=sysctl.* diff --git a/units/systemd-sysext.service b/units/systemd-sysext.service new file mode 100644 index 0000000..5c11eba --- /dev/null +++ b/units/systemd-sysext.service @@ -0,0 +1,34 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Merge System Extension Images into /usr/ and /opt/ +Documentation=man:systemd-sysext.service(8) + +ConditionCapability=CAP_SYS_ADMIN +ConditionDirectoryNotEmpty=|/etc/extensions +ConditionDirectoryNotEmpty=|/run/extensions +ConditionDirectoryNotEmpty=|/var/lib/extensions +ConditionDirectoryNotEmpty=|/.extra/sysext + +DefaultDependencies=no +After=local-fs.target +Before=sysinit.target systemd-tmpfiles-setup.service +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-sysext refresh +ExecReload=systemd-sysext refresh +ExecStop=systemd-sysext unmerge + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-sysext.socket b/units/systemd-sysext.socket new file mode 100644 index 0000000..ad870c5 --- /dev/null +++ b/units/systemd-sysext.socket @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Extension Image Management (Varlink) +Documentation=man:systemd-sysext(8) +DefaultDependencies=no +After=local-fs.target +Before=sockets.target +ConditionCapability=CAP_SYS_ADMIN + +[Socket] +ListenStream=/run/systemd/io.systemd.sysext +FileDescriptorName=varlink +SocketMode=0600 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-sysext@.service b/units/systemd-sysext@.service new file mode 100644 index 0000000..544e22f --- /dev/null +++ b/units/systemd-sysext@.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Extension Image Management (Varlink) +Documentation=man:systemd-sysext(8) +DefaultDependencies=no +After=local-fs.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Environment=LISTEN_FDNAMES=varlink +ExecStart=-systemd-sysext diff --git a/units/systemd-sysupdate-reboot.service.in b/units/systemd-sysupdate-reboot.service.in new file mode 100644 index 0000000..5d4011a --- /dev/null +++ b/units/systemd-sysupdate-reboot.service.in @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot Automatically After System Update +Documentation=man:systemd-sysupdate-reboot.service(8) +ConditionVirtualization=!container + +[Service] +Type=oneshot +ExecStart={{LIBEXECDIR}}/systemd-sysupdate reboot + +[Install] +Also=systemd-sysupdate-reboot.timer diff --git a/units/systemd-sysupdate-reboot.timer b/units/systemd-sysupdate-reboot.timer new file mode 100644 index 0000000..95a44bf --- /dev/null +++ b/units/systemd-sysupdate-reboot.timer @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot Automatically After System Update +Documentation=man:systemd-sysupdate-reboot.service(8) +ConditionVirtualization=!container + +[Timer] +OnCalendar=4:10 +RandomizedDelaySec=30min + +[Install] +WantedBy=timers.target diff --git a/units/systemd-sysupdate.service.in b/units/systemd-sysupdate.service.in new file mode 100644 index 0000000..1becbec --- /dev/null +++ b/units/systemd-sysupdate.service.in @@ -0,0 +1,34 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Automatic System Update +Documentation=man:systemd-sysupdate.service(8) +Wants=network-online.target +After=network-online.target +ConditionVirtualization=!container + +[Service] +Type=simple +NotifyAccess=main +ExecStart={{LIBEXECDIR}}/systemd-sysupdate update +CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE CAP_LINUX_IMMUTABLE +NoNewPrivileges=yes +MemoryDenyWriteExecute=yes +ProtectHostname=yes +RestrictRealtime=yes +RestrictNamespaces=net +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +SystemCallFilter=@system-service @mount +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +LockPersonality=yes + +[Install] +Also=systemd-sysupdate.timer diff --git a/units/systemd-sysupdate.timer b/units/systemd-sysupdate.timer new file mode 100644 index 0000000..6ecd98d --- /dev/null +++ b/units/systemd-sysupdate.timer @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Automatic System Update +Documentation=man:systemd-sysupdate.service(8) + +# For containers we assume that the manager will handle updates. And we likely +# can't even access our backing block device anyway. +ConditionVirtualization=!container + +[Timer] +# Trigger the update 15min after boot, and then – on average – every 6h, but +# randomly distributed in a 2h…6h interval. In addition trigger things +# persistently once on each Saturday, to ensure that even on systems that are +# never booted up for long we have a chance to to do the update. +OnBootSec=15min +OnUnitActiveSec=2h +OnCalendar=Sat +RandomizedDelaySec=4h +Persistent=yes + +[Install] +WantedBy=timers.target diff --git a/units/systemd-sysusers.service b/units/systemd-sysusers.service new file mode 100644 index 0000000..de6c71a --- /dev/null +++ b/units/systemd-sysusers.service @@ -0,0 +1,39 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create System Users +Documentation=man:sysusers.d(5) man:systemd-sysusers.service(8) + +ConditionNeedsUpdate=|/etc +ConditionCredential=|sysusers.extra + +DefaultDependencies=no +After=systemd-remount-fs.service +After=systemd-tmpfiles-setup-dev-early.service +Before=systemd-tmpfiles-setup-dev.service +Before=sysinit.target systemd-update-done.service +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-sysusers +TimeoutSec=90s + +# Optionally, pick up a root password and shell for the root user from a +# credential passed to the service manager. This is useful for importing this +# data from nspawn's --set-credential= switch. +ImportCredential=passwd.hashed-password.root +ImportCredential=passwd.plaintext-password.root +ImportCredential=passwd.shell.root + +# Also, allow configuring extra sysusers lines via a credential +ImportCredential=sysusers.* diff --git a/units/systemd-time-wait-sync.service.in b/units/systemd-time-wait-sync.service.in new file mode 100644 index 0000000..6b99393 --- /dev/null +++ b/units/systemd-time-wait-sync.service.in @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Wait Until Kernel Time Synchronized +Documentation=man:systemd-time-wait-sync.service(8) + +# Note that this tool doesn't need CAP_SYS_TIME itself, but its primary +# use case is to run in conjunction with a local NTP service such as +# systemd-timesyncd.service, which is conditioned this way. There might be +# niche use cases where running this service independently is desired, but let's +# make this all "just work" for the general case, and leave it to local +# modifications to make it work in the remaining cases. + +ConditionCapability=CAP_SYS_TIME +ConditionVirtualization=!container + +DefaultDependencies=no +Before=time-sync.target shutdown.target +Wants=time-sync.target +Conflicts=shutdown.target + +[Service] +Type=oneshot +ExecStart={{LIBEXECDIR}}/systemd-time-wait-sync +TimeoutStartSec=infinity +RemainAfterExit=yes + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in new file mode 100644 index 0000000..00f6643 --- /dev/null +++ b/units/systemd-timedated.service.in @@ -0,0 +1,42 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Time & Date Service +Documentation=man:systemd-timedated.service(8) +Documentation=man:localtime(5) +Documentation=man:org.freedesktop.timedate1(5) + +[Service] +BusName=org.freedesktop.timedate1 +CapabilityBoundingSet=CAP_SYS_TIME +DeviceAllow=char-rtc r +ExecStart={{LIBEXECDIR}}/systemd-timedated +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +ReadWritePaths=/etc +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @clock +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in new file mode 100644 index 0000000..cf233fb --- /dev/null +++ b/units/systemd-timesyncd.service.in @@ -0,0 +1,60 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Time Synchronization +Documentation=man:systemd-timesyncd.service(8) +ConditionCapability=CAP_SYS_TIME +ConditionVirtualization=!container +DefaultDependencies=no +After=systemd-sysusers.service +Before=time-set.target sysinit.target shutdown.target +Conflicts=shutdown.target +Wants=time-set.target + +[Service] +AmbientCapabilities=CAP_SYS_TIME +BusName=org.freedesktop.timesync1 +CapabilityBoundingSet=CAP_SYS_TIME +# Turn off DNSSEC validation for hostname look-ups, since those need the +# correct time to work, but we likely won't acquire that without NTP. Let's +# break this chicken-and-egg cycle here. +Environment=SYSTEMD_NSS_RESOLVE_VALIDATE=0 +ExecStart=!!{{LIBEXECDIR}}/systemd-timesyncd +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +Restart=always +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/timesync +StateDirectory=systemd/timesync +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @clock +Type=notify +User=systemd-timesync +{{SERVICE_WATCHDOG}} + +[Install] +WantedBy=sysinit.target +Alias=dbus-org.freedesktop.timesync1.service diff --git a/units/systemd-tmpfiles-clean.service b/units/systemd-tmpfiles-clean.service new file mode 100644 index 0000000..7b0edba --- /dev/null +++ b/units/systemd-tmpfiles-clean.service @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cleanup of Temporary Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + +DefaultDependencies=no +After=local-fs.target time-set.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +ExecStart=systemd-tmpfiles --clean +SuccessExitStatus=DATAERR +IOSchedulingClass=idle +ImportCredential=tmpfiles.* diff --git a/units/systemd-tmpfiles-clean.timer b/units/systemd-tmpfiles-clean.timer new file mode 100644 index 0000000..310cfe2 --- /dev/null +++ b/units/systemd-tmpfiles-clean.timer @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Daily Cleanup of Temporary Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) +ConditionPathExists=!/etc/initrd-release + +[Timer] +OnBootSec=15min +OnUnitActiveSec=1d diff --git a/units/systemd-tmpfiles-setup-dev-early.service b/units/systemd-tmpfiles-setup-dev-early.service new file mode 100644 index 0000000..0d6f0da --- /dev/null +++ b/units/systemd-tmpfiles-setup-dev-early.service @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create Static Device Nodes in /dev gracefully +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + +DefaultDependencies=no +Before=sysinit.target local-fs-pre.target systemd-udevd.service +Wants=local-fs-pre.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-tmpfiles --prefix=/dev --create --boot --graceful +SuccessExitStatus=DATAERR CANTCREAT +ImportCredential=tmpfiles.* diff --git a/units/systemd-tmpfiles-setup-dev.service b/units/systemd-tmpfiles-setup-dev.service new file mode 100644 index 0000000..3016b49 --- /dev/null +++ b/units/systemd-tmpfiles-setup-dev.service @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create Static Device Nodes in /dev +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + +DefaultDependencies=no +After=systemd-tmpfiles-setup-dev-early.service +Before=sysinit.target local-fs-pre.target systemd-udevd.service +Wants=local-fs-pre.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-tmpfiles --prefix=/dev --create --boot +SuccessExitStatus=DATAERR CANTCREAT +ImportCredential=tmpfiles.* diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service new file mode 100644 index 0000000..6cae328 --- /dev/null +++ b/units/systemd-tmpfiles-setup.service @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create Volatile Files and Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + +DefaultDependencies=no +After=local-fs.target systemd-sysusers.service systemd-journald.service +Before=sysinit.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target +RefuseManualStop=yes + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev +SuccessExitStatus=DATAERR CANTCREAT +ImportCredential=tmpfiles.* +ImportCredential=login.motd +ImportCredential=login.issue +ImportCredential=network.hosts +ImportCredential=ssh.authorized_keys.root diff --git a/units/systemd-tpm2-setup-early.service.in b/units/systemd-tpm2-setup-early.service.in new file mode 100644 index 0000000..c1597ea --- /dev/null +++ b/units/systemd-tpm2-setup-early.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 SRK Setup (Early) +Documentation=man:systemd-tpm2-setup.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target +ConditionSecurity=measured-uki +ConditionPathExists=!/run/systemd/tpm2-srk-public-key.pem + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --early=yes diff --git a/units/systemd-tpm2-setup.service.in b/units/systemd-tpm2-setup.service.in new file mode 100644 index 0000000..6c99f3a --- /dev/null +++ b/units/systemd-tpm2-setup.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 SRK Setup +Documentation=man:systemd-tpm2-setup.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-tpm2-setup-early.service systemd-remount-fs.service +Before=sysinit.target shutdown.target +RequiresMountsFor=/var/lib/systemd/tpm2-srk-public-key.pem +ConditionSecurity=measured-uki +ConditionPathExists=!/etc/initrd-release + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup diff --git a/units/systemd-udev-settle.service b/units/systemd-udev-settle.service new file mode 100644 index 0000000..994c47f --- /dev/null +++ b/units/systemd-udev-settle.service @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This service can dynamically be pulled-in by legacy services which +# cannot reliably cope with dynamic device configurations, and wrongfully +# expect a populated /dev during bootup. + +[Unit] +Description=Wait for udev To Complete Device Initialization +Documentation=man:systemd-udev-settle.service(8) +DefaultDependencies=no +Wants=systemd-udevd.service +After=systemd-udev-trigger.service +Before=sysinit.target +ConditionPathIsReadWrite=/sys + +[Service] +Type=oneshot +TimeoutSec=180 +RemainAfterExit=yes +ExecStart=udevadm settle diff --git a/units/systemd-udev-trigger.service b/units/systemd-udev-trigger.service new file mode 100644 index 0000000..cb1e4f9 --- /dev/null +++ b/units/systemd-udev-trigger.service @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Coldplug All udev Devices +Documentation=man:udev(7) man:systemd-udevd.service(8) +DefaultDependencies=no +Wants=systemd-udevd.service +After=systemd-udevd-kernel.socket systemd-udevd-control.socket +Before=sysinit.target +ConditionPathIsReadWrite=/sys + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=-udevadm trigger --type=all --action=add --prioritized-subsystem=module,block,tpmrm,net,tty,input diff --git a/units/systemd-udevd-control.socket b/units/systemd-udevd-control.socket new file mode 100644 index 0000000..89304ab --- /dev/null +++ b/units/systemd-udevd-control.socket @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=udev Control Socket +Documentation=man:systemd-udevd-control.socket(8) man:udev(7) +DefaultDependencies=no +Before=sockets.target +ConditionPathIsReadWrite=/sys + +[Socket] +Service=systemd-udevd.service +ListenSequentialPacket=/run/udev/control +SocketMode=0600 +PassCredentials=yes +RemoveOnStop=yes diff --git a/units/systemd-udevd-kernel.socket b/units/systemd-udevd-kernel.socket new file mode 100644 index 0000000..0d46043 --- /dev/null +++ b/units/systemd-udevd-kernel.socket @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=udev Kernel Socket +Documentation=man:systemd-udevd-kernel.socket(8) man:udev(7) +DefaultDependencies=no +Before=sockets.target +ConditionPathIsReadWrite=/sys + +[Socket] +Service=systemd-udevd.service +ReceiveBuffer=128M +ListenNetlink=kobject-uevent 1 +PassCredentials=yes diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in new file mode 100644 index 0000000..b59fdef --- /dev/null +++ b/units/systemd-udevd.service.in @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rule-based Manager for Device Events and Files +Documentation=man:systemd-udevd.service(8) man:udev(7) +DefaultDependencies=no +After=systemd-sysusers.service systemd-hwdb-update.service +Before=sysinit.target +ConditionPathIsReadWrite=/sys + +[Service] +CapabilityBoundingSet=~CAP_SYS_TIME CAP_WAKE_ALARM +Delegate=pids +DelegateSubgroup=udev +Type=notify-reload +# Note that udev will reset the value internally for its workers +OOMScoreAdjust=-1000 +Sockets=systemd-udevd-control.socket systemd-udevd-kernel.socket +Restart=always +RestartSec=0 +ExecStart={{LIBEXECDIR}}/systemd-udevd +KillMode=mixed +TasksMax=infinity +PrivateMounts=yes +ProtectHostname=yes +MemoryDenyWriteExecute=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallFilter=@system-service @module @raw-io bpf +SystemCallFilter=~@clock +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +LockPersonality=yes +IPAddressDeny=any +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-update-done.service.in b/units/systemd-update-done.service.in new file mode 100644 index 0000000..4ea43c7 --- /dev/null +++ b/units/systemd-update-done.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Update is Completed +Documentation=man:systemd-update-done.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs.target +Before=sysinit.target shutdown.target +ConditionNeedsUpdate=|/etc +ConditionNeedsUpdate=|/var + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-update-done diff --git a/units/systemd-update-utmp-runlevel.service.in b/units/systemd-update-utmp-runlevel.service.in new file mode 100644 index 0000000..17772d4 --- /dev/null +++ b/units/systemd-update-utmp-runlevel.service.in @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Record Runlevel Change in UTMP +Documentation=man:systemd-update-utmp-runlevel.service(8) man:utmp(5) +ConditionPathExists=!/etc/initrd-release + +DefaultDependencies=no +RequiresMountsFor=/var/log/wtmp +Conflicts=shutdown.target +Requisite=systemd-update-utmp.service +After=systemd-update-utmp.service +After=runlevel1.target runlevel2.target runlevel3.target runlevel4.target runlevel5.target +Before=shutdown.target + +[Service] +Type=oneshot +ExecStart={{LIBEXECDIR}}/systemd-update-utmp runlevel diff --git a/units/systemd-update-utmp.service.in b/units/systemd-update-utmp.service.in new file mode 100644 index 0000000..1a88b7b --- /dev/null +++ b/units/systemd-update-utmp.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Record System Boot/Shutdown in UTMP +Documentation=man:systemd-update-utmp.service(8) man:utmp(5) +ConditionPathExists=!/etc/initrd-release + +DefaultDependencies=no +After=systemd-remount-fs.service systemd-tmpfiles-setup.service auditd.service +Before=sysinit.target +Conflicts=shutdown.target +Before=shutdown.target +RequiresMountsFor=/var/log/wtmp + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-update-utmp reboot +ExecStop={{LIBEXECDIR}}/systemd-update-utmp shutdown diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in new file mode 100644 index 0000000..ae694bf --- /dev/null +++ b/units/systemd-user-sessions.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Permit User Sessions +Documentation=man:systemd-user-sessions.service(8) +After=remote-fs.target nss-user-lookup.target network.target home.mount + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-user-sessions start +ExecStop={{LIBEXECDIR}}/systemd-user-sessions stop diff --git a/units/systemd-userdbd.service.in b/units/systemd-userdbd.service.in new file mode 100644 index 0000000..1c09265 --- /dev/null +++ b/units/systemd-userdbd.service.in @@ -0,0 +1,45 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Database Manager +Documentation=man:systemd-userdbd.service(8) +Requires=systemd-userdbd.socket +After=systemd-userdbd.socket +Before=sysinit.target +DefaultDependencies=no + +[Service] +CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_RESOURCE +ExecStart={{LIBEXECDIR}}/systemd-userdbd +IPAddressDeny=any +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +{{SERVICE_WATCHDOG}} + +[Install] +Also=systemd-userdbd.socket diff --git a/units/systemd-userdbd.socket b/units/systemd-userdbd.socket new file mode 100644 index 0000000..768253a --- /dev/null +++ b/units/systemd-userdbd.socket @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Database Manager Socket +Documentation=man:systemd-userdbd.service(8) +DefaultDependencies=no +Before=sockets.target + +[Socket] +ListenStream=/run/systemd/userdb/io.systemd.Multiplexer +Symlinks=/run/systemd/userdb/io.systemd.NameServiceSwitch /run/systemd/userdb/io.systemd.DropIn +SocketMode=0666 + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-vconsole-setup.service.in b/units/systemd-vconsole-setup.service.in new file mode 100644 index 0000000..c6c5bc9 --- /dev/null +++ b/units/systemd-vconsole-setup.service.in @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Virtual Console Setup +Documentation=man:systemd-vconsole-setup.service(8) man:vconsole.conf(5) + +ConditionPathExists=/dev/tty0 + +DefaultDependencies=no +Before=sysinit.target +Before=initrd-switch-root.target shutdown.target + +# This unit will be restarted by udev whenever a new vtcon device appears or is +# triggered. Usually that happens just a handful of times during boot, but some +# systems may have hundreds or thousands of serial consoles connected, so let's +# just disable the limit altogether. +StartLimitIntervalSec=0 + +[Service] +Type=oneshot +# This service will be restarted by udev whenever a new vtcon device appears. +# If the previous instance is still running, it shall be interrupted without +# error. +SuccessExitStatus=SIGTERM +RemainAfterExit=yes + +ExecStart={{LIBEXECDIR}}/systemd-vconsole-setup + +ImportCredential=vconsole.* diff --git a/units/systemd-volatile-root.service.in b/units/systemd-volatile-root.service.in new file mode 100644 index 0000000..6f221dc --- /dev/null +++ b/units/systemd-volatile-root.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Enforce Volatile Root File Systems +Documentation=man:systemd-volatile-root.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=sysroot.mount sysroot-usr.mount systemd-repart.service +Before=initrd-root-fs.target shutdown.target +AssertPathExists=/etc/initrd-release + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{LIBEXECDIR}}/systemd-volatile-root yes /sysroot diff --git a/units/time-set.target b/units/time-set.target new file mode 100644 index 0000000..daac8ef --- /dev/null +++ b/units/time-set.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Time Set +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/time-sync.target b/units/time-sync.target new file mode 100644 index 0000000..e730bbd --- /dev/null +++ b/units/time-sync.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Time Synchronized +Documentation=man:systemd.special(7) +RefuseManualStart=yes +After=time-set.target +Wants=time-set.target diff --git a/units/timers.target b/units/timers.target new file mode 100644 index 0000000..2e626be --- /dev/null +++ b/units/timers.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Timer Units +Documentation=man:systemd.special(7) + +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/tmp.mount b/units/tmp.mount new file mode 100644 index 0000000..734acea --- /dev/null +++ b/units/tmp.mount @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Temporary Directory /tmp +Documentation=https://systemd.io/TEMPORARY_DIRECTORIES +Documentation=man:file-hierarchy(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +ConditionPathIsSymbolicLink=!/tmp +DefaultDependencies=no +Conflicts=umount.target +Before=local-fs.target umount.target +After=swap.target + +[Mount] +What=tmpfs +Where=/tmp +Type=tmpfs +Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m diff --git a/units/umount.target b/units/umount.target new file mode 100644 index 0000000..319b503 --- /dev/null +++ b/units/umount.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Unmount All Filesystems +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes diff --git a/units/usb-gadget.target b/units/usb-gadget.target new file mode 100644 index 0000000..46de5b8 --- /dev/null +++ b/units/usb-gadget.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Hardware activated USB gadget +Documentation=man:systemd.special(7) diff --git a/units/user-.slice.d/10-defaults.conf b/units/user-.slice.d/10-defaults.conf new file mode 100644 index 0000000..f688eac --- /dev/null +++ b/units/user-.slice.d/10-defaults.conf @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Slice of UID %j +Documentation=man:user@.service(5) +StopWhenUnneeded=yes + +[Slice] +TasksMax=33% diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in new file mode 100644 index 0000000..0641dd0 --- /dev/null +++ b/units/user-runtime-dir@.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Runtime Directory /run/user/%i +Documentation=man:user@.service(5) +After=dbus.service +StopWhenUnneeded=yes +IgnoreOnIsolate=yes + +[Service] +ExecStart={{LIBEXECDIR}}/systemd-user-runtime-dir start %i +ExecStop={{LIBEXECDIR}}/systemd-user-runtime-dir stop %i +Type=oneshot +RemainAfterExit=yes +Slice=user-%i.slice diff --git a/units/user.slice b/units/user.slice new file mode 100644 index 0000000..3e49064 --- /dev/null +++ b/units/user.slice @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User and Session Slice +Documentation=man:systemd.special(7) +Before=slices.target diff --git a/units/user/app.slice b/units/user/app.slice new file mode 100644 index 0000000..eac5064 --- /dev/null +++ b/units/user/app.slice @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Application Slice +Documentation=man:systemd.special(7) + +[Slice] +CPUWeight=100 diff --git a/units/user/background.slice b/units/user/background.slice new file mode 100644 index 0000000..a976775 --- /dev/null +++ b/units/user/background.slice @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Background Tasks Slice +Documentation=man:systemd.special(7) + +[Slice] +CPUWeight=30 diff --git a/units/user/basic.target b/units/user/basic.target new file mode 100644 index 0000000..6c79304 --- /dev/null +++ b/units/user/basic.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Basic System +Documentation=man:systemd.special(7) +Wants=sockets.target timers.target paths.target +After=sockets.target timers.target paths.target diff --git a/units/user/bluetooth.target b/units/user/bluetooth.target new file mode 100644 index 0000000..8333c23 --- /dev/null +++ b/units/user/bluetooth.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Bluetooth +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/user/default.target b/units/user/default.target new file mode 100644 index 0000000..b182431 --- /dev/null +++ b/units/user/default.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Main User Target +Documentation=man:systemd.special(7) +Requires=basic.target +After=basic.target +AllowIsolate=yes diff --git a/units/user/exit.target b/units/user/exit.target new file mode 100644 index 0000000..ec2dde2 --- /dev/null +++ b/units/user/exit.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Exit the Session +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-exit.service +After=systemd-exit.service +AllowIsolate=yes diff --git a/units/user/graphical-session-pre.target b/units/user/graphical-session-pre.target new file mode 100644 index 0000000..4b9e3dc --- /dev/null +++ b/units/user/graphical-session-pre.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Session services which should run early before the graphical session is brought up +Documentation=man:systemd.special(7) +Requires=basic.target +Before=graphical-session.target +RefuseManualStart=yes +StopWhenUnneeded=yes diff --git a/units/user/graphical-session.target b/units/user/graphical-session.target new file mode 100644 index 0000000..1f8fafc --- /dev/null +++ b/units/user/graphical-session.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Current graphical user session +Documentation=man:systemd.special(7) +Requires=basic.target +RefuseManualStart=yes +StopWhenUnneeded=yes diff --git a/units/user/meson.build b/units/user/meson.build new file mode 100644 index 0000000..850ac2c --- /dev/null +++ b/units/user/meson.build @@ -0,0 +1,33 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +units = [ + 'app.slice', + 'background.slice', + 'basic.target', + 'bluetooth.target', + 'default.target', + 'exit.target', + 'graphical-session-pre.target', + 'graphical-session.target', + 'paths.target', + 'printer.target', + 'session.slice', + 'shutdown.target', + 'smartcard.target', + 'sockets.target', + 'sound.target', + 'systemd-exit.service', + 'systemd-tmpfiles-clean.service', + 'systemd-tmpfiles-clean.timer', + 'systemd-tmpfiles-setup.service', + 'timers.target', +] + +if conf.get('ENABLE_XDG_AUTOSTART') == 1 + units += 'xdg-desktop-autostart.target' +endif + +foreach file : units + install_data(file, + install_dir : userunitdir) +endforeach diff --git a/units/user/paths.target b/units/user/paths.target new file mode 100644 index 0000000..1bec148 --- /dev/null +++ b/units/user/paths.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Paths +Documentation=man:systemd.special(7) diff --git a/units/user/printer.target b/units/user/printer.target new file mode 100644 index 0000000..c695669 --- /dev/null +++ b/units/user/printer.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Printer +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/user/session.slice b/units/user/session.slice new file mode 100644 index 0000000..aa12b7d --- /dev/null +++ b/units/user/session.slice @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Core Session Slice +Documentation=man:systemd.special(7) + +[Slice] +CPUWeight=100 diff --git a/units/user/shutdown.target b/units/user/shutdown.target new file mode 100644 index 0000000..582ae6b --- /dev/null +++ b/units/user/shutdown.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Shutdown +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes diff --git a/units/user/smartcard.target b/units/user/smartcard.target new file mode 100644 index 0000000..0c3fe72 --- /dev/null +++ b/units/user/smartcard.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Smart Card +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/user/sockets.target b/units/user/sockets.target new file mode 100644 index 0000000..c6e20d7 --- /dev/null +++ b/units/user/sockets.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Sockets +Documentation=man:systemd.special(7) diff --git a/units/user/sound.target b/units/user/sound.target new file mode 100644 index 0000000..99e68af --- /dev/null +++ b/units/user/sound.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Sound Card +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/user/systemd-exit.service b/units/user/systemd-exit.service new file mode 100644 index 0000000..1872525 --- /dev/null +++ b/units/user/systemd-exit.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Exit the Session +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=shutdown.target +After=shutdown.target +SuccessAction=exit-force + +[Service] +# Place into the root slice to not keep another slice unit alive +Slice=-.slice diff --git a/units/user/systemd-tmpfiles-clean.service b/units/user/systemd-tmpfiles-clean.service new file mode 100644 index 0000000..6a93707 --- /dev/null +++ b/units/user/systemd-tmpfiles-clean.service @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cleanup of User's Temporary Files and Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=basic.target shutdown.target + +[Service] +Type=oneshot +ExecStart=systemd-tmpfiles --user --clean +SuccessExitStatus=DATAERR +IOSchedulingClass=idle +Slice=background.slice diff --git a/units/user/systemd-tmpfiles-clean.timer b/units/user/systemd-tmpfiles-clean.timer new file mode 100644 index 0000000..f8f6ef4 --- /dev/null +++ b/units/user/systemd-tmpfiles-clean.timer @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Daily Cleanup of User's Temporary Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + +[Timer] +OnStartupSec=5min +OnUnitActiveSec=1d + +[Install] +WantedBy=timers.target diff --git a/units/user/systemd-tmpfiles-setup.service b/units/user/systemd-tmpfiles-setup.service new file mode 100644 index 0000000..156689e --- /dev/null +++ b/units/user/systemd-tmpfiles-setup.service @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create User's Volatile Files and Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=basic.target shutdown.target +RefuseManualStop=yes + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-tmpfiles --user --create --remove --boot +SuccessExitStatus=DATAERR + +[Install] +WantedBy=basic.target diff --git a/units/user/timers.target b/units/user/timers.target new file mode 100644 index 0000000..99f82e3 --- /dev/null +++ b/units/user/timers.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Timers +Documentation=man:systemd.special(7) + +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/user/xdg-desktop-autostart.target b/units/user/xdg-desktop-autostart.target new file mode 100644 index 0000000..1be7c4b --- /dev/null +++ b/units/user/xdg-desktop-autostart.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Startup of XDG autostart applications +Documentation=man:systemd.special(7) +RefuseManualStart=yes +StopWhenUnneeded=yes diff --git a/units/user@.service.d/10-login-barrier.conf b/units/user@.service.d/10-login-barrier.conf new file mode 100644 index 0000000..d88df10 --- /dev/null +++ b/units/user@.service.d/10-login-barrier.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +# Make sure user instances are started after logins are allowed. However this +# is not desirable for user@0.service since root should be able to log in +# earlier during the boot process especially if something goes wrong. +After=systemd-user-sessions.service diff --git a/units/user@.service.in b/units/user@.service.in new file mode 100644 index 0000000..da5f98c --- /dev/null +++ b/units/user@.service.in @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Manager for UID %i +Documentation=man:user@.service(5) +After=user-runtime-dir@%i.service dbus.service systemd-oomd.service +Requires=user-runtime-dir@%i.service +IgnoreOnIsolate=yes + +[Service] +User=%i +PAMName=systemd-user +Type=notify-reload +ExecStart={{LIBEXECDIR}}/systemd --user +Slice=user-%i.slice +KillMode=mixed +Delegate=pids memory cpu +DelegateSubgroup=init.scope +TasksMax=infinity +TimeoutStopSec={{ DEFAULT_USER_TIMEOUT_SEC*4//3 }}s +KeyringMode=inherit +OOMScoreAdjust=100 +MemoryPressureWatch=skip diff --git a/units/user@0.service.d/10-login-barrier.conf b/units/user@0.service.d/10-login-barrier.conf new file mode 100644 index 0000000..b777009 --- /dev/null +++ b/units/user@0.service.d/10-login-barrier.conf @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# Empty file to mask its counterpart for unprivileged users and thus cancels +# "After=systemd-user-session.service" ordering constraint so that root can log +# in even if the boot process is not yet finished. diff --git a/units/var-lib-machines.mount b/units/var-lib-machines.mount new file mode 100644 index 0000000..82ebfa5 --- /dev/null +++ b/units/var-lib-machines.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This unit is required for pre-240 versions of systemd that automatically set +# up /var/lib/machines.raw as loopback-mounted btrfs file system. Later +# versions don't do that anymore, but let's keep minimal compatibility by +# mounting the image still, if it exists. + +[Unit] +Description=Virtual Machine and Container Storage (Compatibility) +ConditionPathExists=/var/lib/machines.raw + +[Mount] +What=/var/lib/machines.raw +Where=/var/lib/machines +Type=btrfs +Options=loop diff --git a/units/veritysetup-pre.target b/units/veritysetup-pre.target new file mode 100644 index 0000000..869575a --- /dev/null +++ b/units/veritysetup-pre.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Verity Protected Volumes (Pre) +Documentation=man:systemd.special(7) +RefuseManualStart=yes +Before=veritysetup.target diff --git a/units/veritysetup.target b/units/veritysetup.target new file mode 100644 index 0000000..c75b153 --- /dev/null +++ b/units/veritysetup.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Verity Protected Volumes +Documentation=man:systemd.special(7) |