diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:35:18 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:35:18 +0000 |
commit | b750101eb236130cf056c675997decbac904cc49 (patch) | |
tree | a5df1a06754bdd014cb975c051c83b01c9a97532 /units | |
parent | Initial commit. (diff) | |
download | systemd-b750101eb236130cf056c675997decbac904cc49.tar.xz systemd-b750101eb236130cf056c675997decbac904cc49.zip |
Adding upstream version 252.22.upstream/252.22upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
223 files changed, 5554 insertions, 0 deletions
diff --git a/units/basic.target b/units/basic.target new file mode 100644 index 0000000..d8cdd5a --- /dev/null +++ b/units/basic.target @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Basic System +Documentation=man:systemd.special(7) +Requires=sysinit.target +Wants=sockets.target timers.target paths.target slices.target +After=sysinit.target sockets.target paths.target slices.target tmp.mount + +# We support /var, /tmp, /var/tmp, being on NFS, but we don't pull in +# remote-fs.target by default, hence pull them in explicitly here. Note that we +# require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as +# we support that unit being masked, and this should not be considered an error. +RequiresMountsFor=/var /var/tmp +Wants=tmp.mount diff --git a/units/blockdev@.target b/units/blockdev@.target new file mode 100644 index 0000000..ddc85bf --- /dev/null +++ b/units/blockdev@.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Block Device Preparation for %f +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/bluetooth.target b/units/bluetooth.target new file mode 100644 index 0000000..ab23c85 --- /dev/null +++ b/units/bluetooth.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Bluetooth Support +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/boot-complete.target b/units/boot-complete.target new file mode 100644 index 0000000..f302384 --- /dev/null +++ b/units/boot-complete.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Boot Completion Check +Documentation=man:systemd.special(7) +Requires=sysinit.target +After=sysinit.target diff --git a/units/console-getty.service.in b/units/console-getty.service.in new file mode 100644 index 0000000..606b7db --- /dev/null +++ b/units/console-getty.service.in @@ -0,0 +1,41 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Console Getty +Documentation=man:agetty(8) man:systemd-getty-generator(8) +After=systemd-user-sessions.service plymouth-quit-wait.service +{% if HAVE_SYSV_COMPAT %} +After=rc-local.service getty-pre.target +{% endif %} +Before=getty.target + +# OCI containers may be run without a console +ConditionPathExists=/dev/console + +[Service] +# The '-o' option value tells agetty to replace 'login' arguments with an option to preserve environment (-p), +# followed by '--' for safety, and then the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud - 115200,38400,9600 $TERM +Type=idle +Restart=always +UtmpIdentifier=cons +StandardInput=tty +StandardOutput=tty +TTYPath=/dev/console +TTYReset=yes +TTYVHangup=yes +{% if not ENABLE_LOGIND %} +KillMode=process +{% endif %} +IgnoreSIGPIPE=no +SendSIGHUP=yes + +[Install] +WantedBy=getty.target diff --git a/units/container-getty@.service.in b/units/container-getty@.service.in new file mode 100644 index 0000000..8d7e20d --- /dev/null +++ b/units/container-getty@.service.in @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Container Getty on /dev/pts/%I +Documentation=man:agetty(8) man:systemd-getty-generator(8) +Documentation=man:machinectl(1) +After=systemd-user-sessions.service plymouth-quit-wait.service +{% if HAVE_SYSV_COMPAT %} +After=rc-local.service getty-pre.target +{% endif %} +Before=getty.target +IgnoreOnIsolate=yes +ConditionPathExists=/dev/pts/%I + +# IgnoreOnIsolate is an issue: when someone isolates rescue.target, +# tradition expects that we shut down all but the main console. +Conflicts=rescue.service +Before=rescue.service + +[Service] +# The '-o' option value tells agetty to replace 'login' arguments with an option to preserve environment (-p), +# followed by '--' for safety, and then the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM +Type=idle +Restart=always +RestartSec=0 +UtmpIdentifier=pts/%I +StandardInput=tty +StandardOutput=tty +TTYPath=/dev/pts/%I +TTYReset=yes +TTYVHangup=yes +{% if not ENABLE_LOGIND %} +KillMode=process +{% endif %} +IgnoreSIGPIPE=no +SendSIGHUP=yes diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target new file mode 100644 index 0000000..6bb8ff7 --- /dev/null +++ b/units/cryptsetup-pre.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Encrypted Volumes (Pre) +Documentation=man:systemd.special(7) +RefuseManualStart=yes +Before=cryptsetup.target diff --git a/units/cryptsetup.target b/units/cryptsetup.target new file mode 100644 index 0000000..b8eecbd --- /dev/null +++ b/units/cryptsetup.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Encrypted Volumes +Documentation=man:systemd.special(7) diff --git a/units/debug-shell.service.in b/units/debug-shell.service.in new file mode 100644 index 0000000..1588bb9 --- /dev/null +++ b/units/debug-shell.service.in @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Early root shell on {{DEBUGTTY}} FOR DEBUGGING ONLY +Documentation=man:systemd-debug-generator(8) +DefaultDependencies=no +IgnoreOnIsolate=yes +ConditionPathExists={{DEBUGTTY}} + +[Service] +Environment=TERM=linux +ExecStart={{SUSHELL}} +Restart=always +RestartSec=0 +StandardInput=tty +TTYPath={{DEBUGTTY}} +TTYReset=yes +TTYVHangup=yes +KillMode=process +IgnoreSIGPIPE=no +# bash ignores SIGTERM +KillSignal=SIGHUP + +# Unset locale for the console getty since the console has problems +# displaying some internationalized messages. +UnsetEnvironment=LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION + +[Install] +WantedBy=sysinit.target diff --git a/units/dev-hugepages.mount b/units/dev-hugepages.mount new file mode 100644 index 0000000..1a34da1 --- /dev/null +++ b/units/dev-hugepages.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Huge Pages File System +Documentation=https://docs.kernel.org/admin-guide/mm/hugetlbpage.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Before=sysinit.target +ConditionPathExists=/sys/kernel/mm/hugepages +ConditionCapability=CAP_SYS_ADMIN +ConditionVirtualization=!private-users + +[Mount] +What=hugetlbfs +Where=/dev/hugepages +Type=hugetlbfs diff --git a/units/dev-mqueue.mount b/units/dev-mqueue.mount new file mode 100644 index 0000000..02683a9 --- /dev/null +++ b/units/dev-mqueue.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=POSIX Message Queue File System +Documentation=man:mq_overview(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Before=sysinit.target +ConditionPathExists=/proc/sys/fs/mqueue +ConditionCapability=CAP_SYS_ADMIN + +[Mount] +What=mqueue +Where=/dev/mqueue +Type=mqueue +Options=nosuid,nodev,noexec diff --git a/units/emergency.service.in b/units/emergency.service.in new file mode 100644 index 0000000..a126ad9 --- /dev/null +++ b/units/emergency.service.in @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Emergency Shell +Documentation=man:sulogin(8) +DefaultDependencies=no +Conflicts=shutdown.target +Conflicts=rescue.service +Before=shutdown.target +Before=rescue.service + +[Service] +Environment=HOME=/root +WorkingDirectory=-/root +ExecStartPre=-{{ROOTBINDIR}}/plymouth --wait quit +ExecStart=-{{ROOTLIBEXECDIR}}/systemd-sulogin-shell emergency +Type=idle +StandardInput=tty-force +StandardOutput=inherit +StandardError=inherit +KillMode=process +IgnoreSIGPIPE=no +SendSIGHUP=yes diff --git a/units/emergency.target b/units/emergency.target new file mode 100644 index 0000000..e7f34be --- /dev/null +++ b/units/emergency.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Emergency Mode +Documentation=man:systemd.special(7) +Requires=emergency.service +After=emergency.service +AllowIsolate=yes diff --git a/units/exit.target b/units/exit.target new file mode 100644 index 0000000..f8a22e5 --- /dev/null +++ b/units/exit.target @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Exit the Container +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-exit.service +After=systemd-exit.service +AllowIsolate=yes + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/factory-reset.target b/units/factory-reset.target new file mode 100644 index 0000000..d2c35ee --- /dev/null +++ b/units/factory-reset.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Factory Reset +Documentation=man:systemd.special(7) diff --git a/units/final.target b/units/final.target new file mode 100644 index 0000000..36cea57 --- /dev/null +++ b/units/final.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Late Shutdown Services +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes +After=shutdown.target umount.target diff --git a/units/first-boot-complete.target b/units/first-boot-complete.target new file mode 100644 index 0000000..b971496 --- /dev/null +++ b/units/first-boot-complete.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=First Boot Complete +Documentation=man:systemd.special(7) +RefuseManualStart=yes +ConditionFirstBoot=yes diff --git a/units/getty-pre.target b/units/getty-pre.target new file mode 100644 index 0000000..fee65c0 --- /dev/null +++ b/units/getty-pre.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Preparation for Logins +Documentation=man:systemd.special(7) man:systemd-getty-generator(8) +Documentation=https://0pointer.de/blog/projects/serial-console.html diff --git a/units/getty.target b/units/getty.target new file mode 100644 index 0000000..eebb616 --- /dev/null +++ b/units/getty.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Login Prompts +Documentation=man:systemd.special(7) man:systemd-getty-generator(8) +Documentation=https://0pointer.de/blog/projects/serial-console.html diff --git a/units/getty@.service.in b/units/getty@.service.in new file mode 100644 index 0000000..8537224 --- /dev/null +++ b/units/getty@.service.in @@ -0,0 +1,64 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Getty on %I +Documentation=man:agetty(8) man:systemd-getty-generator(8) +Documentation=https://0pointer.de/blog/projects/serial-console.html +After=systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target +{% if HAVE_SYSV_COMPAT %} +After=rc-local.service +{% endif %} + +# If additional gettys are spawned during boot then we should make +# sure that this is synchronized before getty.target, even though +# getty.target didn't actually pull it in. +Before=getty.target +IgnoreOnIsolate=yes + +# IgnoreOnIsolate causes issues with sulogin, if someone isolates +# rescue.target or starts rescue.service from multi-user.target or +# graphical.target. +Conflicts=rescue.service +Before=rescue.service + +# On systems without virtual consoles, don't start any getty. Note +# that serial gettys are covered by serial-getty@.service, not this +# unit. +ConditionPathExists=/dev/tty0 + +[Service] +# the VT is cleared by TTYVTDisallocate +# The '-o' option value tells agetty to replace 'login' arguments with an +# option to preserve environment (-p), followed by '--' for safety, and then +# the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM +Type=idle +Restart=always +RestartSec=0 +UtmpIdentifier=%I +StandardInput=tty +StandardOutput=tty +TTYPath=/dev/%I +TTYReset=yes +TTYVHangup=yes +TTYVTDisallocate=yes +{% if not ENABLE_LOGIND %} +KillMode=process +{% endif %} +IgnoreSIGPIPE=no +SendSIGHUP=yes + +# Unset locale for the console getty since the console has problems +# displaying some internationalized messages. +UnsetEnvironment=LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION + +[Install] +WantedBy=getty.target +DefaultInstance=tty1 diff --git a/units/graphical.target b/units/graphical.target new file mode 100644 index 0000000..4b2087f --- /dev/null +++ b/units/graphical.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Graphical Interface +Documentation=man:systemd.special(7) +Requires=multi-user.target +Wants=display-manager.service +Conflicts=rescue.service rescue.target +After=multi-user.target rescue.service rescue.target display-manager.service +AllowIsolate=yes diff --git a/units/halt.target b/units/halt.target new file mode 100644 index 0000000..bfa5f23 --- /dev/null +++ b/units/halt.target @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Halt +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-halt.service +After=systemd-halt.service +AllowIsolate=yes + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/hibernate.target b/units/hibernate.target new file mode 100644 index 0000000..838c5a3 --- /dev/null +++ b/units/hibernate.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Hibernation +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-hibernate.service +After=systemd-hibernate.service +StopWhenUnneeded=yes diff --git a/units/hybrid-sleep.target b/units/hybrid-sleep.target new file mode 100644 index 0000000..4ed0b35 --- /dev/null +++ b/units/hybrid-sleep.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Hybrid Suspend+Hibernate +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-hybrid-sleep.service +After=systemd-hybrid-sleep.service +StopWhenUnneeded=yes diff --git a/units/initrd-cleanup.service b/units/initrd-cleanup.service new file mode 100644 index 0000000..08ab503 --- /dev/null +++ b/units/initrd-cleanup.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cleaning Up and Shutting Down Daemons +DefaultDependencies=no +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +After=initrd-root-fs.target initrd-fs.target initrd.target + +[Service] +Type=oneshot +ExecStart=systemctl --no-block isolate initrd-switch-root.target diff --git a/units/initrd-fs.target b/units/initrd-fs.target new file mode 100644 index 0000000..674b7ae --- /dev/null +++ b/units/initrd-fs.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd File Systems +Documentation=man:systemd.special(7) +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +After=initrd-parse-etc.service +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/initrd-parse-etc.service.in b/units/initrd-parse-etc.service.in new file mode 100644 index 0000000..b04e69f --- /dev/null +++ b/units/initrd-parse-etc.service.in @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Mountpoints Configured in the Real Root +AssertPathExists=/etc/initrd-release + +DefaultDependencies=no +Requires=initrd-root-fs.target +After=initrd-root-fs.target + +Conflicts=emergency.target + +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly + +[Service] +Type=oneshot + +# FIXME: once dracut is patched to install the symlink, change to: +# ExecStart={{ROOTLIBEXECDIR}}/systemd-sysroot-fstab-check +ExecStart=@{{SYSTEM_GENERATOR_DIR}}/systemd-fstab-generator systemd-sysroot-fstab-check + +# We want to enqueue initrd-cleanup.service/start after we finished the part +# above. It can't be part of the initial transaction, because non-oneshot units +# use Conflicts=initrd-cleanup.service to be terminated before we switch root. +# Effectively, initrd-parse-etc.service acts as a synchronization point after +# which cleanup of the initrd processes starts. +ExecStart=systemctl --no-block start initrd-cleanup.service diff --git a/units/initrd-root-device.target b/units/initrd-root-device.target new file mode 100644 index 0000000..f3c3d79 --- /dev/null +++ b/units/initrd-root-device.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd Root Device +Documentation=man:systemd.special(7) +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/initrd-root-fs.target b/units/initrd-root-fs.target new file mode 100644 index 0000000..4037ac4 --- /dev/null +++ b/units/initrd-root-fs.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd Root File System +Documentation=man:systemd.special(7) +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/initrd-switch-root.service b/units/initrd-switch-root.service new file mode 100644 index 0000000..b19b7bb --- /dev/null +++ b/units/initrd-switch-root.service @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Switch Root + +AssertPathExists=/etc/initrd-release + +DefaultDependencies=no +Wants=initrd-switch-root.target +AllowIsolate=yes +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly + +[Service] +Type=oneshot +ExecStart=systemctl --no-block switch-root /sysroot diff --git a/units/initrd-switch-root.target b/units/initrd-switch-root.target new file mode 100644 index 0000000..1e32ec5 --- /dev/null +++ b/units/initrd-switch-root.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Switch Root +AssertPathExists=/etc/initrd-release +DefaultDependencies=no +Wants=initrd-switch-root.service +Before=initrd-switch-root.service +AllowIsolate=yes +Wants=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target systemd-journald.service initrd-cleanup.service +After=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target emergency.service emergency.target initrd-cleanup.service diff --git a/units/initrd-udevadm-cleanup-db.service b/units/initrd-udevadm-cleanup-db.service new file mode 100644 index 0000000..bc44473 --- /dev/null +++ b/units/initrd-udevadm-cleanup-db.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cleanup udev Database +DefaultDependencies=no +AssertPathExists=/etc/initrd-release +Conflicts=systemd-udevd.service systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udev-trigger.service systemd-udev-settle.service +After=systemd-udevd.service systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udev-trigger.service systemd-udev-settle.service +Before=initrd-switch-root.target + +[Service] +Type=oneshot +ExecStart=-udevadm info --cleanup-db diff --git a/units/initrd-usr-fs.target b/units/initrd-usr-fs.target new file mode 100644 index 0000000..7219655 --- /dev/null +++ b/units/initrd-usr-fs.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd /usr File System +Documentation=man:systemd.special(7) +AssertPathExists=/etc/initrd-release +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/initrd.target b/units/initrd.target new file mode 100644 index 0000000..fc8fbff --- /dev/null +++ b/units/initrd.target @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Initrd Default Target +Documentation=man:systemd.special(7) +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly +AssertPathExists=/etc/initrd-release +Requires=basic.target +Wants=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-usr-fs.target initrd-parse-etc.service +After=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-usr-fs.target basic.target rescue.service rescue.target +AllowIsolate=yes diff --git a/units/integritysetup-pre.target b/units/integritysetup-pre.target new file mode 100644 index 0000000..da2aca9 --- /dev/null +++ b/units/integritysetup-pre.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Integrity Protected Volumes (Pre) +Documentation=man:systemd.special(7) +RefuseManualStart=yes +Before=integritysetup.target diff --git a/units/integritysetup.target b/units/integritysetup.target new file mode 100644 index 0000000..371490f --- /dev/null +++ b/units/integritysetup.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Integrity Protected Volumes +Documentation=man:systemd.special(7) diff --git a/units/kexec.target b/units/kexec.target new file mode 100644 index 0000000..5d8f8cd --- /dev/null +++ b/units/kexec.target @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot via kexec +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-kexec.service +After=systemd-kexec.service +AllowIsolate=yes + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in new file mode 100644 index 0000000..777e82d --- /dev/null +++ b/units/kmod-static-nodes.service.in @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create List of Static Device Nodes +DefaultDependencies=no +Before=sysinit.target systemd-tmpfiles-setup-dev.service +ConditionCapability=CAP_SYS_MODULE +ConditionFileNotEmpty=/lib/modules/%v/modules.devname + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{KMOD}} static-nodes --format=tmpfiles --output=/run/tmpfiles.d/static-nodes.conf diff --git a/units/ldconfig.service b/units/ldconfig.service new file mode 100644 index 0000000..53c6d4e --- /dev/null +++ b/units/ldconfig.service @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rebuild Dynamic Linker Cache +Documentation=man:ldconfig(8) + +ConditionNeedsUpdate=|/etc +ConditionFileNotEmpty=|!/etc/ld.so.cache + +DefaultDependencies=no +After=local-fs.target +Before=sysinit.target systemd-update-done.service +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/sbin/ldconfig -X diff --git a/units/local-fs-pre.target b/units/local-fs-pre.target new file mode 100644 index 0000000..8e0f4b8 --- /dev/null +++ b/units/local-fs-pre.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Preparation for Local File Systems +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/local-fs.target b/units/local-fs.target new file mode 100644 index 0000000..0279795 --- /dev/null +++ b/units/local-fs.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local File Systems +Documentation=man:systemd.special(7) +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs-pre.target +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly diff --git a/units/machine.slice b/units/machine.slice new file mode 100644 index 0000000..501d353 --- /dev/null +++ b/units/machine.slice @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Virtual Machine and Container Slice +Documentation=man:systemd.special(7) +Before=slices.target diff --git a/units/machines.target b/units/machines.target new file mode 100644 index 0000000..165839a --- /dev/null +++ b/units/machines.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Containers +Documentation=man:systemd.special(7) +Before=multi-user.target + +[Install] +WantedBy=multi-user.target diff --git a/units/meson-add-wants.sh b/units/meson-add-wants.sh new file mode 100755 index 0000000..6d8da57 --- /dev/null +++ b/units/meson-add-wants.sh @@ -0,0 +1,41 @@ +#!/bin/sh +# SPDX-License-Identifier: LGPL-2.1-or-later +# shellcheck disable=SC2154,SC2174 +set -eu + +i=1 +while [ $i -lt $# ] ; do + eval unitdir="\${$i}" + eval target="\${$((i + 1))}" + eval unit="\${$((i + 2))}" + + if [ "${MESON_INSTALL_QUIET:-0}" = 1 ] ; then + VERBOSE="" + else + VERBOSE="v" + fi + + case "$target" in + */?*) # a path, but not just a slash at the end + dir="${DESTDIR:-}${target}" + ;; + *) + dir="${DESTDIR:-}${unitdir}/${target}" + ;; + esac + + unitpath="${DESTDIR:-}${unitdir}/${unit}" + + case "$target" in + */) + mkdir -${VERBOSE}p -m 0755 "$dir" + ;; + *) + mkdir -${VERBOSE}p -m 0755 "$(dirname "$dir")" + ;; + esac + + ln -${VERBOSE}fs --relative "$unitpath" "$dir" + + i=$((i + 3)) +done diff --git a/units/meson.build b/units/meson.build new file mode 100644 index 0000000..25e9209 --- /dev/null +++ b/units/meson.build @@ -0,0 +1,344 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +with_runlevels = conf.get('HAVE_SYSV_COMPAT') == 1 + +units = [ + ['basic.target', ''], + ['blockdev@.target', ''], + ['bluetooth.target', ''], + ['boot-complete.target', ''], + ['cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'], + ['cryptsetup.target', 'HAVE_LIBCRYPTSETUP', + 'sysinit.target.wants/'], + ['veritysetup-pre.target', 'HAVE_LIBCRYPTSETUP'], + ['veritysetup.target', 'HAVE_LIBCRYPTSETUP', + 'sysinit.target.wants/'], + ['integritysetup-pre.target', 'HAVE_LIBCRYPTSETUP'], + ['integritysetup.target', 'HAVE_LIBCRYPTSETUP', + 'sysinit.target.wants/'], + ['dev-hugepages.mount', '', + 'sysinit.target.wants/'], + ['dev-mqueue.mount', '', + 'sysinit.target.wants/'], + ['emergency.target', ''], + ['exit.target', ''], + ['factory-reset.target', ''], + ['final.target', ''], + ['first-boot-complete.target', ''], + ['getty.target', '', + 'multi-user.target.wants/'], + ['getty-pre.target', ''], + ['graphical.target', '', + 'default.target' + (with_runlevels ? ' runlevel5.target' : '')], + ['halt.target', ''], + ['hibernate.target', 'ENABLE_HIBERNATE'], + ['hybrid-sleep.target', 'ENABLE_HIBERNATE'], + ['suspend-then-hibernate.target', 'ENABLE_HIBERNATE'], + ['initrd-cleanup.service', 'ENABLE_INITRD'], + ['initrd-fs.target', 'ENABLE_INITRD'], + ['initrd-root-device.target', 'ENABLE_INITRD'], + ['initrd-root-fs.target', 'ENABLE_INITRD'], + ['initrd-switch-root.service', 'ENABLE_INITRD'], + ['initrd-switch-root.target', 'ENABLE_INITRD'], + ['initrd-udevadm-cleanup-db.service', 'ENABLE_INITRD'], + ['initrd-usr-fs.target', 'ENABLE_INITRD'], + ['initrd.target', 'ENABLE_INITRD'], + ['kexec.target', ''], + ['ldconfig.service', 'ENABLE_LDCONFIG', + 'sysinit.target.wants/'], + ['local-fs-pre.target', ''], + ['local-fs.target', ''], + ['machine.slice', 'ENABLE_MACHINED'], + ['machines.target', 'ENABLE_MACHINED'], + ['modprobe@.service', ''], + ['multi-user.target', '', + (with_runlevels ? 'runlevel2.target runlevel3.target runlevel4.target' : '')], + ['network-online.target', ''], + ['network-pre.target', ''], + ['network.target', ''], + ['nss-lookup.target', ''], + ['nss-user-lookup.target', ''], + ['paths.target', ''], + ['poweroff.target', '', + (with_runlevels ? 'runlevel0.target' : '')], + ['printer.target', ''], + ['proc-sys-fs-binfmt_misc.automount', 'ENABLE_BINFMT', + 'sysinit.target.wants/'], + ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], + ['reboot.target', '', + 'ctrl-alt-del.target' + (with_runlevels ? ' runlevel6.target' : '')], + ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP', + 'initrd-root-device.target.wants/'], + ['remote-veritysetup.target', 'HAVE_LIBCRYPTSETUP', + 'initrd-root-device.target.wants/'], + ['remote-fs-pre.target', ''], + ['remote-fs.target', ''], + ['rescue.target', '', + (with_runlevels ? 'runlevel1.target' : '')], + ['rpcbind.target', ''], + ['shutdown.target', ''], + ['sigpwr.target', ''], + ['sleep.target', ''], + ['slices.target', ''], + ['smartcard.target', ''], + ['sockets.target', ''], + ['sound.target', ''], + ['suspend.target', ''], + ['swap.target', ''], + ['sys-fs-fuse-connections.mount', '', + 'sysinit.target.wants/'], + ['sys-kernel-config.mount', '', + 'sysinit.target.wants/'], + ['sys-kernel-debug.mount', '', + 'sysinit.target.wants/'], + ['sys-kernel-tracing.mount', '', + 'sysinit.target.wants/'], + ['sysinit.target', ''], + ['syslog.socket', ''], + ['system-systemd\\x2dcryptsetup.slice', 'HAVE_LIBCRYPTSETUP'], + ['system-update.target', ''], + ['system-update-pre.target', ''], + ['system-update-cleanup.service', ''], + ['systemd-ask-password-console.path', '', + 'sysinit.target.wants/'], + ['systemd-ask-password-console.service', ''], + ['systemd-ask-password-wall.path', '', + 'multi-user.target.wants/'], + ['systemd-ask-password-wall.service', ''], + ['systemd-boot-system-token.service', 'HAVE_GNU_EFI', + 'sysinit.target.wants/'], + ['systemd-boot-update.service', 'HAVE_GNU_EFI'], + ['systemd-coredump.socket', 'ENABLE_COREDUMP', + 'sockets.target.wants/'], + ['systemd-exit.service', ''], + ['systemd-firstboot.service', 'ENABLE_FIRSTBOOT', + 'sysinit.target.wants/'], + ['systemd-halt.service', ''], + ['systemd-homed-activate.service', 'ENABLE_HOMED'], + ['systemd-initctl.socket', 'HAVE_SYSV_COMPAT', + 'sockets.target.wants/'], + ['systemd-journal-catalog-update.service', '', + 'sysinit.target.wants/'], + ['systemd-journal-flush.service', '', + 'sysinit.target.wants/'], + ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], + ['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], + ['systemd-journald-audit.socket', '', + 'sockets.target.wants/'], + ['systemd-journald-dev-log.socket', '', + 'sockets.target.wants/'], + ['systemd-journald.socket', '', + 'sockets.target.wants/'], + ['systemd-kexec.service', ''], + ['systemd-machine-id-commit.service', '', + 'sysinit.target.wants/'], + ['systemd-journald@.socket', ''], + ['systemd-journald-varlink@.socket', ''], + ['systemd-networkd.socket', 'ENABLE_NETWORKD'], + ['systemd-poweroff.service', ''], + ['systemd-reboot.service', ''], + ['systemd-rfkill.socket', 'ENABLE_RFKILL'], + ['systemd-sysext.service', 'ENABLE_SYSEXT'], + ['systemd-sysupdate.timer', 'ENABLE_SYSUPDATE'], + ['systemd-sysupdate-reboot.timer', 'ENABLE_SYSUPDATE'], + ['systemd-sysusers.service', 'ENABLE_SYSUSERS', + 'sysinit.target.wants/'], + ['systemd-tmpfiles-clean.service', 'ENABLE_TMPFILES'], + ['systemd-tmpfiles-clean.timer', 'ENABLE_TMPFILES', + 'timers.target.wants/'], + ['systemd-tmpfiles-setup-dev.service', 'ENABLE_TMPFILES', + 'sysinit.target.wants/'], + ['systemd-tmpfiles-setup.service', 'ENABLE_TMPFILES', + 'sysinit.target.wants/'], + ['systemd-udevd-control.socket', '', + 'sockets.target.wants/'], + ['systemd-udev-settle.service', ''], + ['systemd-udev-trigger.service', '', + 'sysinit.target.wants/'], + ['systemd-udevd-kernel.socket', '', + 'sockets.target.wants/'], + ['systemd-userdbd.socket', 'ENABLE_USERDB'], + ['time-set.target', ''], + ['time-sync.target', ''], + ['timers.target', ''], + ['tmp.mount', '', + 'local-fs.target.wants/'], + ['umount.target', ''], + ['usb-gadget.target', ''], + ['user.slice', ''], + ['var-lib-machines.mount', 'ENABLE_MACHINED', + 'remote-fs.target.wants/ machines.target.wants/'], + ['systemd-oomd.socket', 'ENABLE_OOMD'], +] + +in_units = [ + ['console-getty.service', ''], + ['container-getty@.service', ''], + ['debug-shell.service', ''], + ['emergency.service', ''], + ['getty@.service', '', + 'autovt@.service'], + ['initrd-parse-etc.service', 'ENABLE_INITRD'], + ['kmod-static-nodes.service', 'HAVE_KMOD ENABLE_TMPFILES', + 'sysinit.target.wants/'], + ['quotaon.service', 'ENABLE_QUOTACHECK'], + ['rc-local.service', 'HAVE_SYSV_COMPAT'], + ['rescue.service', ''], + ['serial-getty@.service', ''], + ['systemd-backlight@.service', 'ENABLE_BACKLIGHT'], + ['systemd-binfmt.service', 'ENABLE_BINFMT', + 'sysinit.target.wants/'], + ['systemd-bless-boot.service', 'HAVE_GNU_EFI HAVE_BLKID'], + ['systemd-boot-check-no-failures.service', ''], + ['systemd-coredump@.service', 'ENABLE_COREDUMP'], + ['systemd-pstore.service', 'ENABLE_PSTORE'], + ['systemd-fsck-root.service', ''], + ['systemd-fsck@.service', ''], + ['systemd-hibernate-resume@.service', 'ENABLE_HIBERNATE'], + ['systemd-hibernate.service', 'ENABLE_HIBERNATE'], + ['systemd-hybrid-sleep.service', 'ENABLE_HIBERNATE'], + ['systemd-suspend-then-hibernate.service', 'ENABLE_HIBERNATE'], + ['systemd-hostnamed.service', 'ENABLE_HOSTNAMED', + 'dbus-org.freedesktop.hostname1.service'], + ['systemd-hwdb-update.service', 'ENABLE_HWDB', + 'sysinit.target.wants/'], + ['systemd-importd.service', 'ENABLE_IMPORTD', + 'dbus-org.freedesktop.import1.service'], + ['systemd-initctl.service', 'HAVE_SYSV_COMPAT'], + ['systemd-journal-gatewayd.service', 'ENABLE_REMOTE HAVE_MICROHTTPD'], + ['systemd-journal-remote.service', 'ENABLE_REMOTE HAVE_MICROHTTPD'], + ['systemd-journal-upload.service', 'ENABLE_REMOTE HAVE_LIBCURL'], + ['systemd-journald.service', '', + 'sysinit.target.wants/'], + ['systemd-journald@.service', ''], + ['systemd-localed.service', 'ENABLE_LOCALED', + 'dbus-org.freedesktop.locale1.service'], + ['systemd-logind.service', 'ENABLE_LOGIND', + 'multi-user.target.wants/ dbus-org.freedesktop.login1.service'], + ['systemd-machined.service', 'ENABLE_MACHINED', + 'dbus-org.freedesktop.machine1.service'], + ['systemd-modules-load.service', 'HAVE_KMOD', + 'sysinit.target.wants/'], + ['systemd-network-generator.service', ''], + ['systemd-networkd.service', 'ENABLE_NETWORKD'], + ['systemd-networkd-wait-online.service', 'ENABLE_NETWORKD'], + ['systemd-networkd-wait-online@.service','ENABLE_NETWORKD'], + ['systemd-nspawn@.service', ''], + ['systemd-oomd.service', 'ENABLE_OOMD'], + ['systemd-portabled.service', 'ENABLE_PORTABLED', + 'dbus-org.freedesktop.portable1.service'], + ['systemd-userdbd.service', 'ENABLE_USERDB'], + ['systemd-homed.service', 'ENABLE_HOMED'], + ['systemd-quotacheck.service', 'ENABLE_QUOTACHECK'], + ['systemd-random-seed.service', 'ENABLE_RANDOMSEED', + 'sysinit.target.wants/'], + ['systemd-remount-fs.service', ''], + ['systemd-resolved.service', 'ENABLE_RESOLVE'], + ['systemd-rfkill.service', 'ENABLE_RFKILL'], + ['systemd-suspend.service', ''], + ['systemd-sysctl.service', '', + 'sysinit.target.wants/'], + ['systemd-sysupdate.service', 'ENABLE_SYSUPDATE'], + ['systemd-sysupdate-reboot.service', 'ENABLE_SYSUPDATE'], + ['systemd-timedated.service', 'ENABLE_TIMEDATED', + 'dbus-org.freedesktop.timedate1.service'], + ['systemd-timesyncd.service', 'ENABLE_TIMESYNCD'], + ['systemd-time-wait-sync.service', 'ENABLE_TIMESYNCD'], + ['systemd-udevd.service', '', + 'sysinit.target.wants/'], + ['systemd-update-done.service', '', + 'sysinit.target.wants/'], + ['systemd-update-utmp-runlevel.service', 'ENABLE_UTMP HAVE_SYSV_COMPAT', + 'multi-user.target.wants/ graphical.target.wants/ rescue.target.wants/'], + ['systemd-update-utmp.service', 'ENABLE_UTMP', + 'sysinit.target.wants/'], + ['systemd-user-sessions.service', 'HAVE_PAM', + 'multi-user.target.wants/'], + ['systemd-vconsole-setup.service', 'ENABLE_VCONSOLE'], + ['systemd-volatile-root.service', 'ENABLE_INITRD'], + ['systemd-repart.service', 'ENABLE_REPART', + 'sysinit.target.wants/ initrd-root-fs.target.wants/'], + ['user-runtime-dir@.service', ''], + ['user@.service', ''], + ['systemd-pcrphase-initrd.service', 'HAVE_GNU_EFI HAVE_OPENSSL HAVE_TPM2 ENABLE_INITRD', + 'initrd.target.wants/'], + ['systemd-pcrphase-sysinit.service', 'HAVE_GNU_EFI HAVE_OPENSSL HAVE_TPM2', + 'sysinit.target.wants/'], + ['systemd-pcrphase.service', 'HAVE_GNU_EFI HAVE_OPENSSL HAVE_TPM2', + 'sysinit.target.wants/'], +] + +add_wants = [] + +foreach tuple : in_units + file = tuple[0] + + # we do this here because install_data does not accept custom_target output + conds = tuple[1].split(' ') + install = ((conds.get(0, '') == '' or conf.get(conds[0]) == 1) and + (conds.get(1, '') == '' or conf.get(conds[1]) == 1)) + + custom_target( + file, + input : file + '.in', + output : file, + command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'], + install : install, + install_dir : systemunitdir) + + if install and tuple.length() > 2 + foreach target : tuple[2].split() + add_wants += [systemunitdir, target, file] + endforeach + endif +endforeach + +foreach tuple : units + file = tuple[0] + input = tuple.get(3, file) + + conds = tuple[1].split(' ') + install = ((conds.get(0, '') == '' or conf.get(conds[0]) == 1) and + (conds.get(1, '') == '' or conf.get(conds[1]) == 1)) + + if install + install_data(input, + install_dir : systemunitdir) + + if tuple.length() > 2 + foreach target : tuple[2].split() + add_wants += [systemunitdir, target, file] + endforeach + endif + endif +endforeach + +meson.add_install_script('meson-add-wants.sh', add_wants) + +install_data('user-.slice.d/10-defaults.conf', + install_dir : systemunitdir + '/user-.slice.d') + +install_data('user@.service.d/10-login-barrier.conf', + install_dir : systemunitdir + '/user@.service.d') +install_data('user@0.service.d/10-login-barrier.conf', + install_dir : systemunitdir + '/user@0.service.d') + +############################################################ + +if install_sysconfdir + meson.add_install_script(meson_make_symlink, + pkgsysconfdir / 'user', + sysconfdir / 'xdg/systemd/user') +endif +meson.add_install_script(meson_make_symlink, + dbussystemservicedir / 'org.freedesktop.systemd1.service', + dbussessionservicedir / 'org.freedesktop.systemd1.service') +if conf.get('HAVE_SYSV_COMPAT') == 1 + foreach i : [1, 2, 3, 4, 5] + meson.add_install_script( + 'sh', '-c', + mkdir_p.format(systemunitdir / 'runlevel@0@.target.wants'.format(i))) + endforeach +endif + +subdir('user') diff --git a/units/modprobe@.service b/units/modprobe@.service new file mode 100644 index 0000000..fe631ff --- /dev/null +++ b/units/modprobe@.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load Kernel Module %i +DefaultDependencies=no +Before=sysinit.target +Documentation=man:modprobe(8) +ConditionCapability=CAP_SYS_MODULE +StartLimitIntervalSec=0 + +[Service] +Type=oneshot +ExecStart=-/sbin/modprobe -abq %i diff --git a/units/multi-user.target b/units/multi-user.target new file mode 100644 index 0000000..53eb2b7 --- /dev/null +++ b/units/multi-user.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Multi-User System +Documentation=man:systemd.special(7) +Requires=basic.target +Conflicts=rescue.service rescue.target +After=basic.target rescue.service rescue.target +AllowIsolate=yes diff --git a/units/network-online.target b/units/network-online.target new file mode 100644 index 0000000..67c6d40 --- /dev/null +++ b/units/network-online.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network is Online +Documentation=man:systemd.special(7) +Documentation=https://systemd.io/NETWORK_ONLINE +After=network.target diff --git a/units/network-pre.target b/units/network-pre.target new file mode 100644 index 0000000..213ba99 --- /dev/null +++ b/units/network-pre.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Preparation for Network +Documentation=man:systemd.special(7) +Documentation=https://systemd.io/NETWORK_ONLINE +RefuseManualStart=yes diff --git a/units/network.target b/units/network.target new file mode 100644 index 0000000..aab8e68 --- /dev/null +++ b/units/network.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network +Documentation=man:systemd.special(7) +Documentation=https://systemd.io/NETWORK_ONLINE +After=network-pre.target +RefuseManualStart=yes diff --git a/units/nss-lookup.target b/units/nss-lookup.target new file mode 100644 index 0000000..53e7a31 --- /dev/null +++ b/units/nss-lookup.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This exists mostly for compatibility with SysV/LSB units, and +# implementations lacking socket/bus activation. + +[Unit] +Description=Host and Network Name Lookups +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/nss-user-lookup.target b/units/nss-user-lookup.target new file mode 100644 index 0000000..9f0d619 --- /dev/null +++ b/units/nss-user-lookup.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This exists mostly for implementations lacking socket/bus +# activation. + +[Unit] +Description=User and Group Name Lookups +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/paths.target b/units/paths.target new file mode 100644 index 0000000..fb8dc64 --- /dev/null +++ b/units/paths.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Path Units +Documentation=man:systemd.special(7) diff --git a/units/poweroff.target b/units/poweroff.target new file mode 100644 index 0000000..c17c123 --- /dev/null +++ b/units/poweroff.target @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Power Off +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-poweroff.service +After=systemd-poweroff.service +AllowIsolate=yes +JobTimeoutSec=30min +JobTimeoutAction=poweroff-force + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/printer.target b/units/printer.target new file mode 100644 index 0000000..043bfbd --- /dev/null +++ b/units/printer.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Printer Support +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/proc-sys-fs-binfmt_misc.automount b/units/proc-sys-fs-binfmt_misc.automount new file mode 100644 index 0000000..6b1bbdc --- /dev/null +++ b/units/proc-sys-fs-binfmt_misc.automount @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Arbitrary Executable File Formats File System Automount Point +Documentation=https://docs.kernel.org/admin-guide/binfmt-misc.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Before=sysinit.target +Conflicts=shutdown.target +ConditionPathExists=/proc/sys/fs/binfmt_misc/ +ConditionPathIsReadWrite=/proc/sys/ + +[Automount] +Where=/proc/sys/fs/binfmt_misc diff --git a/units/proc-sys-fs-binfmt_misc.mount b/units/proc-sys-fs-binfmt_misc.mount new file mode 100644 index 0000000..88a7748 --- /dev/null +++ b/units/proc-sys-fs-binfmt_misc.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Arbitrary Executable File Formats File System +Documentation=https://docs.kernel.org/admin-guide/binfmt-misc.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no + +[Mount] +What=binfmt_misc +Where=/proc/sys/fs/binfmt_misc +Type=binfmt_misc +Options=nosuid,nodev,noexec + +[Install] +WantedBy=sysinit.target diff --git a/units/quotaon.service.in b/units/quotaon.service.in new file mode 100644 index 0000000..ffabebf --- /dev/null +++ b/units/quotaon.service.in @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Enable File System Quotas +Documentation=man:quotaon(8) +DefaultDependencies=no +After=systemd-quotacheck.service +Before=remote-fs.target shutdown.target +ConditionPathExists={{QUOTAON}} + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{QUOTAON}} -aug diff --git a/units/rc-local.service.in b/units/rc-local.service.in new file mode 100644 index 0000000..55e83df --- /dev/null +++ b/units/rc-local.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This unit gets pulled automatically into multi-user.target by +# systemd-rc-local-generator if {{RC_LOCAL_PATH}} is executable. +[Unit] +Description={{RC_LOCAL_PATH}} Compatibility +Documentation=man:systemd-rc-local-generator(8) +ConditionFileIsExecutable={{RC_LOCAL_PATH}} +After=network.target + +[Service] +Type=forking +ExecStart={{RC_LOCAL_PATH}} start +TimeoutSec=0 +RemainAfterExit=yes +GuessMainPID=no diff --git a/units/reboot.target b/units/reboot.target new file mode 100644 index 0000000..5ad9419 --- /dev/null +++ b/units/reboot.target @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Reboot +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-reboot.service +After=systemd-reboot.service +AllowIsolate=yes +JobTimeoutSec=30min +JobTimeoutAction=reboot-force + +[Install] +Alias=ctrl-alt-del.target diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target new file mode 100644 index 0000000..0a689bf --- /dev/null +++ b/units/remote-cryptsetup.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remote Encrypted Volumes +Documentation=man:systemd.special(7) +After=remote-fs-pre.target cryptsetup-pre.target +DefaultDependencies=no +Conflicts=shutdown.target + +[Install] +WantedBy=multi-user.target diff --git a/units/remote-fs-pre.target b/units/remote-fs-pre.target new file mode 100644 index 0000000..1ede280 --- /dev/null +++ b/units/remote-fs-pre.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Preparation for Remote File Systems +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/remote-fs.target b/units/remote-fs.target new file mode 100644 index 0000000..74011d8 --- /dev/null +++ b/units/remote-fs.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remote File Systems +Documentation=man:systemd.special(7) +After=remote-fs-pre.target +DefaultDependencies=no +Conflicts=shutdown.target + +[Install] +WantedBy=multi-user.target diff --git a/units/remote-veritysetup.target b/units/remote-veritysetup.target new file mode 100644 index 0000000..bad28c3 --- /dev/null +++ b/units/remote-veritysetup.target @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remote Verity Protected Volumes +Documentation=man:systemd.special(7) +After=remote-fs-pre.target veritysetup-pre.target +DefaultDependencies=no +Conflicts=shutdown.target + +[Install] +WantedBy=multi-user.target diff --git a/units/rescue.service.in b/units/rescue.service.in new file mode 100644 index 0000000..74b9337 --- /dev/null +++ b/units/rescue.service.in @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rescue Shell +Documentation=man:sulogin(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=sysinit.target plymouth-start.service +Before=shutdown.target + +[Service] +Environment=HOME=/root +WorkingDirectory=-/root +ExecStartPre=-{{ROOTBINDIR}}/plymouth --wait quit +ExecStart=-{{ROOTLIBEXECDIR}}/systemd-sulogin-shell rescue +Type=idle +StandardInput=tty-force +StandardOutput=inherit +StandardError=inherit +KillMode=process +IgnoreSIGPIPE=no +SendSIGHUP=yes diff --git a/units/rescue.target b/units/rescue.target new file mode 100644 index 0000000..1128083 --- /dev/null +++ b/units/rescue.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rescue Mode +Documentation=man:systemd.special(7) +Requires=sysinit.target rescue.service +After=sysinit.target rescue.service +AllowIsolate=yes diff --git a/units/rpcbind.target b/units/rpcbind.target new file mode 100644 index 0000000..8bd853b --- /dev/null +++ b/units/rpcbind.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This exists mostly for compatibility with SysV/LSB units, and +# implementations lacking socket/bus activation. + +[Unit] +Description=RPC Port Mapper +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/serial-getty@.service.in b/units/serial-getty@.service.in new file mode 100644 index 0000000..9e2b49c --- /dev/null +++ b/units/serial-getty@.service.in @@ -0,0 +1,52 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Serial Getty on %I +Documentation=man:agetty(8) man:systemd-getty-generator(8) +Documentation=https://0pointer.de/blog/projects/serial-console.html +BindsTo=dev-%i.device +After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target +{% if HAVE_SYSV_COMPAT %} +After=rc-local.service +{% endif %} + +# If additional gettys are spawned during boot then we should make +# sure that this is synchronized before getty.target, even though +# getty.target didn't actually pull it in. +Before=getty.target +IgnoreOnIsolate=yes + +# IgnoreOnIsolate causes issues with sulogin, if someone isolates +# rescue.target or starts rescue.service from multi-user.target or +# graphical.target. +Conflicts=rescue.service +Before=rescue.service + +[Service] +# The '-o' option value tells agetty to replace 'login' arguments with an +# option to preserve environment (-p), followed by '--' for safety, and then +# the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 - $TERM +Type=idle +Restart=always +UtmpIdentifier=%I +StandardInput=tty +StandardOutput=tty +TTYPath=/dev/%I +TTYReset=yes +TTYVHangup=yes +{% if not ENABLE_LOGIND %} +KillMode=process +{% endif %} +IgnoreSIGPIPE=no +SendSIGHUP=yes + +[Install] +WantedBy=getty.target diff --git a/units/shutdown.target b/units/shutdown.target new file mode 100644 index 0000000..8b3c0b6 --- /dev/null +++ b/units/shutdown.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Shutdown +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes diff --git a/units/sigpwr.target b/units/sigpwr.target new file mode 100644 index 0000000..beda318 --- /dev/null +++ b/units/sigpwr.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Power Failure +Documentation=man:systemd.special(7) diff --git a/units/sleep.target b/units/sleep.target new file mode 100644 index 0000000..a38a431 --- /dev/null +++ b/units/sleep.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Sleep +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes +StopWhenUnneeded=yes diff --git a/units/slices.target b/units/slices.target new file mode 100644 index 0000000..72701bd --- /dev/null +++ b/units/slices.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Slice Units +Documentation=man:systemd.special(7) +Wants=-.slice system.slice +After=-.slice system.slice diff --git a/units/smartcard.target b/units/smartcard.target new file mode 100644 index 0000000..0c3fe72 --- /dev/null +++ b/units/smartcard.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Smart Card +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/sockets.target b/units/sockets.target new file mode 100644 index 0000000..e53d1eb --- /dev/null +++ b/units/sockets.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Socket Units +Documentation=man:systemd.special(7) diff --git a/units/sound.target b/units/sound.target new file mode 100644 index 0000000..99e68af --- /dev/null +++ b/units/sound.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Sound Card +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/suspend-then-hibernate.target b/units/suspend-then-hibernate.target new file mode 100644 index 0000000..e998763 --- /dev/null +++ b/units/suspend-then-hibernate.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Suspend; Hibernate if not used for a period of time +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-suspend-then-hibernate.service +After=systemd-suspend-then-hibernate.service +StopWhenUnneeded=yes diff --git a/units/suspend.target b/units/suspend.target new file mode 100644 index 0000000..bf228f9 --- /dev/null +++ b/units/suspend.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Suspend +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-suspend.service +After=systemd-suspend.service +StopWhenUnneeded=yes diff --git a/units/swap.target b/units/swap.target new file mode 100644 index 0000000..1f21607 --- /dev/null +++ b/units/swap.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Swaps +Documentation=man:systemd.special(7) diff --git a/units/sys-fs-fuse-connections.mount b/units/sys-fs-fuse-connections.mount new file mode 100644 index 0000000..929d8e3 --- /dev/null +++ b/units/sys-fs-fuse-connections.mount @@ -0,0 +1,32 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=FUSE Control File System +Documentation=https://docs.kernel.org/filesystems/fuse.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +ConditionPathExists=/sys/fs/fuse/connections +ConditionCapability=CAP_SYS_ADMIN +ConditionVirtualization=!private-users +Before=sysinit.target + +# These dependencies are used to make certain that the module is fully +# loaded. Indeed udev starts this unit when it receives an uevent for the +# module but the kernel sends it too early, ie before the init() of the module +# is fully operational and /sys/fs/fuse/connections is created, see issue#17586. + +After=modprobe@fuse.service +Requires=modprobe@fuse.service + +[Mount] +What=fusectl +Where=/sys/fs/fuse/connections +Type=fusectl +Options=nosuid,nodev,noexec diff --git a/units/sys-kernel-config.mount b/units/sys-kernel-config.mount new file mode 100644 index 0000000..dca94a8 --- /dev/null +++ b/units/sys-kernel-config.mount @@ -0,0 +1,31 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Kernel Configuration File System +Documentation=https://docs.kernel.org/filesystems/configfs.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +ConditionPathExists=/sys/kernel/config +ConditionCapability=CAP_SYS_RAWIO +Before=sysinit.target + +# These dependencies are used to make certain that the module is fully +# loaded. Indeed udev starts this unit when it receives an uevent for the +# module but the kernel sends it too early, ie before the init() of the module +# is fully operational and /sys/kernel/config is created, see issue#17586. + +After=modprobe@configfs.service +Requires=modprobe@configfs.service + +[Mount] +What=configfs +Where=/sys/kernel/config +Type=configfs +Options=nosuid,nodev,noexec diff --git a/units/sys-kernel-debug.mount b/units/sys-kernel-debug.mount new file mode 100644 index 0000000..6c77ef5 --- /dev/null +++ b/units/sys-kernel-debug.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Kernel Debug File System +Documentation=https://docs.kernel.org/filesystems/debugfs.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +ConditionPathExists=/sys/kernel/debug +ConditionCapability=CAP_SYS_RAWIO +Before=sysinit.target + +[Mount] +What=debugfs +Where=/sys/kernel/debug +Type=debugfs +Options=nosuid,nodev,noexec diff --git a/units/sys-kernel-tracing.mount b/units/sys-kernel-tracing.mount new file mode 100644 index 0000000..f3cd47f --- /dev/null +++ b/units/sys-kernel-tracing.mount @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Kernel Trace File System +Documentation=https://docs.kernel.org/trace/ftrace.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +ConditionVirtualization=!lxc +ConditionPathExists=/sys/kernel/tracing +ConditionCapability=CAP_SYS_RAWIO +Before=sysinit.target + +[Mount] +What=tracefs +Where=/sys/kernel/tracing +Type=tracefs +Options=nosuid,nodev,noexec diff --git a/units/sysinit.target b/units/sysinit.target new file mode 100644 index 0000000..5187605 --- /dev/null +++ b/units/sysinit.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Initialization +Documentation=man:systemd.special(7) + +Wants=local-fs.target swap.target +After=local-fs.target swap.target +Conflicts=emergency.service emergency.target +Before=emergency.service emergency.target diff --git a/units/syslog.socket b/units/syslog.socket new file mode 100644 index 0000000..ff76bc5 --- /dev/null +++ b/units/syslog.socket @@ -0,0 +1,47 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Syslog Socket +Documentation=man:systemd.special(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/syslog +DefaultDependencies=no +Before=sockets.target + +# Don't allow logging until the very end +Conflicts=shutdown.target +Before=shutdown.target + +# Don't try to activate syslog.service if sysinit.target has failed. +Conflicts=emergency.service +Before=emergency.service + +[Socket] +ListenDatagram=/run/systemd/journal/syslog +SocketMode=0666 +PassCredentials=yes +PassSecurity=yes +ReceiveBuffer=8M + +# The default syslog implementation should make syslog.service a +# symlink to itself, so that this socket activates the right actual +# syslog service. +# +# Examples: +# +# /etc/systemd/system/syslog.service -> /lib/systemd/system/rsyslog.service +# /etc/systemd/system/syslog.service -> /lib/systemd/system/syslog-ng.service +# +# Best way to achieve that is by adding this to your unit file +# (i.e. to rsyslog.service or syslog-ng.service): +# +# [Install] +# Alias=syslog.service +# +# See https://www.freedesktop.org/wiki/Software/systemd/syslog for details. diff --git a/units/system-systemd\x2dcryptsetup.slice b/units/system-systemd\x2dcryptsetup.slice new file mode 100644 index 0000000..98206a9 --- /dev/null +++ b/units/system-systemd\x2dcryptsetup.slice @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cryptsetup Units Slice +Documentation=man:systemd-cryptsetup@.service(8) +DefaultDependencies=no diff --git a/units/system-update-cleanup.service b/units/system-update-cleanup.service new file mode 100644 index 0000000..5a5dd72 --- /dev/null +++ b/units/system-update-cleanup.service @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remove the Offline System Updates Symlink +Documentation=man:systemd.special(7) man:systemd.offline-updates(7) +After=system-update.target +DefaultDependencies=no +Conflicts=shutdown.target +Before=shutdown.target +SuccessAction=reboot + +# system-update-generator uses laccess("/system-update"), while a plain +# ConditionPathExists=/system-update uses access("/system-update"), so +# we need an alternate condition to cover the case of a dangling symlink. +# +# This service is only invoked if /system-update exists, i.e. if the +# condition tested by system-update-generator remains true and the system +# would be diverted into system-update.target again after reboot. This way +# we guard against being diverted into system-update.target again, which +# works as a safety measure, but we will not step on the toes of the +# update script if it successfully removed the symlink and scheduled a +# reboot or some other action on its own. +ConditionPathExists=|/system-update +ConditionPathIsSymbolicLink=|/system-update + +[Service] +Type=oneshot +ExecStart=rm -fv /system-update diff --git a/units/system-update-pre.target b/units/system-update-pre.target new file mode 100644 index 0000000..0410138 --- /dev/null +++ b/units/system-update-pre.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Offline System Update (Pre) +Documentation=man:systemd.offline-updates(7) +Documentation=man:systemd.special(7) man:systemd-system-update-generator(8) +RefuseManualStart=yes +After=sysinit.target diff --git a/units/system-update.target b/units/system-update.target new file mode 100644 index 0000000..dcddfc2 --- /dev/null +++ b/units/system-update.target @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Offline System Update +Documentation=man:systemd.offline-updates(7) +Documentation=man:systemd.special(7) man:systemd-system-update-generator(8) +Requires=sysinit.target +After=sysinit.target system-update-pre.target +AllowIsolate=yes +Wants=system-update-cleanup.service diff --git a/units/systemd-ask-password-console.path b/units/systemd-ask-password-console.path new file mode 100644 index 0000000..5277db9 --- /dev/null +++ b/units/systemd-ask-password-console.path @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Dispatch Password Requests to Console Directory Watch +Documentation=man:systemd-ask-password-console.path(8) + +ConditionPathExists=!/run/plymouth/pid + +DefaultDependencies=no +After=plymouth-start.service +Before=paths.target cryptsetup.target +Conflicts=emergency.service +Before=emergency.service +Conflicts=shutdown.target +Before=shutdown.target + +[Path] +DirectoryNotEmpty=/run/systemd/ask-password +MakeDirectory=yes diff --git a/units/systemd-ask-password-console.service b/units/systemd-ask-password-console.service new file mode 100644 index 0000000..afd0f0b --- /dev/null +++ b/units/systemd-ask-password-console.service @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Dispatch Password Requests to Console +Documentation=man:systemd-ask-password-console.service(8) + +ConditionPathExists=!/run/plymouth/pid + +DefaultDependencies=no +After=plymouth-start.service systemd-vconsole-setup.service +Conflicts=emergency.service +Before=emergency.service +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +ExecStart=systemd-tty-ask-password-agent --watch --console +SystemCallArchitectures=native diff --git a/units/systemd-ask-password-wall.path b/units/systemd-ask-password-wall.path new file mode 100644 index 0000000..161562a --- /dev/null +++ b/units/systemd-ask-password-wall.path @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Forward Password Requests to Wall Directory Watch +Documentation=man:systemd-ask-password-wall.path(8) + +DefaultDependencies=no +Before=paths.target cryptsetup.target +Conflicts=emergency.service +Before=emergency.service +Conflicts=shutdown.target +Before=shutdown.target + +[Path] +DirectoryNotEmpty=/run/systemd/ask-password +MakeDirectory=yes diff --git a/units/systemd-ask-password-wall.service b/units/systemd-ask-password-wall.service new file mode 100644 index 0000000..18b59d9 --- /dev/null +++ b/units/systemd-ask-password-wall.service @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Forward Password Requests to Wall +Documentation=man:systemd-ask-password-wall.service(8) +After=systemd-user-sessions.service + +[Service] +ExecStartPre=-systemctl stop systemd-ask-password-console.path systemd-ask-password-console.service systemd-ask-password-plymouth.path systemd-ask-password-plymouth.service +ExecStart=systemd-tty-ask-password-agent --wall +SystemCallArchitectures=native diff --git a/units/systemd-backlight@.service.in b/units/systemd-backlight@.service.in new file mode 100644 index 0000000..4830a6a --- /dev/null +++ b/units/systemd-backlight@.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load/Save Screen Backlight Brightness of %i +Documentation=man:systemd-backlight@.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-backlight load %i +ExecStop={{ROOTLIBEXECDIR}}/systemd-backlight save %i +TimeoutSec=90s +StateDirectory=systemd/backlight diff --git a/units/systemd-binfmt.service.in b/units/systemd-binfmt.service.in new file mode 100644 index 0000000..b04412e --- /dev/null +++ b/units/systemd-binfmt.service.in @@ -0,0 +1,33 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Set Up Additional Binary Formats +Documentation=man:systemd-binfmt.service(8) man:binfmt.d(5) +Documentation=https://docs.kernel.org/admin-guide/binfmt-misc.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Conflicts=shutdown.target +After=proc-sys-fs-binfmt_misc.automount +After=proc-sys-fs-binfmt_misc.mount +After=local-fs.target +Before=sysinit.target shutdown.target +ConditionPathIsMountPoint=/proc/sys/fs/binfmt_misc +ConditionDirectoryNotEmpty=|/lib/binfmt.d +ConditionDirectoryNotEmpty=|/usr/lib/binfmt.d +ConditionDirectoryNotEmpty=|/usr/local/lib/binfmt.d +ConditionDirectoryNotEmpty=|/etc/binfmt.d +ConditionDirectoryNotEmpty=|/run/binfmt.d + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-binfmt +ExecStop={{ROOTLIBEXECDIR}}/systemd-binfmt --unregister +TimeoutSec=90s diff --git a/units/systemd-bless-boot.service.in b/units/systemd-bless-boot.service.in new file mode 100644 index 0000000..557f77b --- /dev/null +++ b/units/systemd-bless-boot.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Mark the Current Boot Loader Entry as Good +Documentation=man:systemd-bless-boot.service(8) +DefaultDependencies=no +Requires=boot-complete.target +After=local-fs.target boot-complete.target +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-bless-boot good diff --git a/units/systemd-boot-check-no-failures.service.in b/units/systemd-boot-check-no-failures.service.in new file mode 100644 index 0000000..47f1822 --- /dev/null +++ b/units/systemd-boot-check-no-failures.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Check if Any System Units Failed +Documentation=man:systemd-boot-check-no-failures.service(8) +After=default.target graphical.target multi-user.target +Before=boot-complete.target +Conflicts=shutdown.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-boot-check-no-failures + +[Install] +RequiredBy=boot-complete.target diff --git a/units/systemd-boot-system-token.service b/units/systemd-boot-system-token.service new file mode 100644 index 0000000..662a1fd --- /dev/null +++ b/units/systemd-boot-system-token.service @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Store a System Token in an EFI Variable +Documentation=man:systemd-boot-system-token.service(8) + +DefaultDependencies=no +After=local-fs.target systemd-random-seed.service +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +# Don't run this in a VM environment, because there EFI variables are not +# actually stored in NVRAM, independent of regular storage. +ConditionVirtualization=no + +# Only run this if the boot loader can support random seed initialization. +ConditionPathExists=/sys/firmware/efi/efivars/LoaderFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +# Only run this if there is no system token defined yet, or … +ConditionPathExists=|!/sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +# … if the boot loader didn't pass the OS a random seed (and thus probably was missing the random seed file) +ConditionPathExists=|!/sys/firmware/efi/efivars/LoaderRandomSeed-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=bootctl random-seed --graceful diff --git a/units/systemd-boot-update.service b/units/systemd-boot-update.service new file mode 100644 index 0000000..61ff127 --- /dev/null +++ b/units/systemd-boot-update.service @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Automatic Boot Loader Update +Documentation=man:bootctl(1) +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs.target +Before=sysinit.target shutdown.target systemd-update-done.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=bootctl --no-variables --graceful update + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-coredump.socket b/units/systemd-coredump.socket new file mode 100644 index 0000000..a2d457f --- /dev/null +++ b/units/systemd-coredump.socket @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Process Core Dump Socket +Documentation=man:systemd-coredump(8) +DefaultDependencies=no +Before=shutdown.target systemd-sysctl.service +Conflicts=shutdown.target + +[Socket] +ListenSequentialPacket=/run/systemd/coredump +SocketMode=0600 +Accept=yes +MaxConnections=16 diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in new file mode 100644 index 0000000..15bfb24 --- /dev/null +++ b/units/systemd-coredump@.service.in @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Process Core Dump +Documentation=man:systemd-coredump(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-journald.socket +Requires=systemd-journald.socket +Before=shutdown.target + +[Service] +ExecStart=-{{ROOTLIBEXECDIR}}/systemd-coredump +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +Nice=9 +NoNewPrivileges=yes +OOMScoreAdjust=500 +PrivateDevices=yes +PrivateNetwork=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectKernelLogs=yes +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeMaxSec=5min +StateDirectory=systemd/coredump +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @mount diff --git a/units/systemd-exit.service b/units/systemd-exit.service new file mode 100644 index 0000000..df6e671 --- /dev/null +++ b/units/systemd-exit.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Exit the Container +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target +SuccessAction=exit-force diff --git a/units/systemd-firstboot.service b/units/systemd-firstboot.service new file mode 100644 index 0000000..2e57b06 --- /dev/null +++ b/units/systemd-firstboot.service @@ -0,0 +1,38 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=First Boot Wizard +Documentation=man:systemd-firstboot(1) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-remount-fs.service +Before=systemd-sysusers.service systemd-vconsole-setup.service sysinit.target first-boot-complete.target shutdown.target +Wants=first-boot-complete.target +ConditionPathIsReadWrite=/etc +ConditionFirstBoot=yes + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-firstboot --prompt-locale --prompt-timezone --prompt-root-password +StandardOutput=tty +StandardInput=tty +StandardError=tty + +# Optionally, pick up basic fields from credentials passed to the service +# manager. This is useful for importing this data from nspawn's +# --set-credential= switch. +LoadCredential=passwd.hashed-password.root +LoadCredential=passwd.plaintext-password.root +LoadCredential=passwd.shell.root +LoadCredential=firstboot.locale +LoadCredential=firstboot.locale-messages +LoadCredential=firstboot.keymap +LoadCredential=firstboot.timezone diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in new file mode 100644 index 0000000..8378df8 --- /dev/null +++ b/units/systemd-fsck-root.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=File System Check on Root Device +Documentation=man:systemd-fsck-root.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=local-fs.target shutdown.target +ConditionPathIsReadWrite=!/ +OnFailure=emergency.target +OnFailureJobMode=replace-irreversibly + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-fsck +TimeoutSec=0 diff --git a/units/systemd-fsck@.service.in b/units/systemd-fsck@.service.in new file mode 100644 index 0000000..06b91ae --- /dev/null +++ b/units/systemd-fsck@.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=File System Check on %f +Documentation=man:systemd-fsck@.service(8) +DefaultDependencies=no +BindsTo=%i.device +Conflicts=shutdown.target +After=%i.device systemd-fsck-root.service local-fs-pre.target +Before=systemd-quotacheck.service shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-fsck %f +TimeoutSec=0 diff --git a/units/systemd-halt.service b/units/systemd-halt.service new file mode 100644 index 0000000..3ce976f --- /dev/null +++ b/units/systemd-halt.service @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Halt +Documentation=man:systemd-halt.service(8) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target + +[Service] +Type=oneshot +ExecStart=systemctl --force halt diff --git a/units/systemd-hibernate-resume@.service.in b/units/systemd-hibernate-resume@.service.in new file mode 100644 index 0000000..142bb33 --- /dev/null +++ b/units/systemd-hibernate-resume@.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Resume from hibernation using device %f +Documentation=man:systemd-hibernate-resume@.service(8) +DefaultDependencies=no +BindsTo=%i.device +Wants=local-fs-pre.target +After=%i.device +Before=local-fs-pre.target +AssertPathExists=/etc/initrd-release + +[Service] +Type=oneshot +ExecStart={{ROOTLIBEXECDIR}}/systemd-hibernate-resume %f diff --git a/units/systemd-hibernate.service.in b/units/systemd-hibernate.service.in new file mode 100644 index 0000000..94181fc --- /dev/null +++ b/units/systemd-hibernate.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Hibernate +Documentation=man:systemd-hibernate.service(8) +DefaultDependencies=no +Requires=sleep.target +After=sleep.target + +[Service] +Type=oneshot +ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep hibernate diff --git a/units/systemd-homed-activate.service b/units/systemd-homed-activate.service new file mode 100644 index 0000000..b16fedb --- /dev/null +++ b/units/systemd-homed-activate.service @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Home Area Activation +Documentation=man:systemd-homed.service(8) +After=home.mount systemd-homed.service +Before=systemd-user-sessions.service + +[Service] +ExecStop=homectl deactivate-all +RemainAfterExit=true +Type=oneshot + +[Install] +WantedBy=systemd-homed.service +Also=systemd-homed.service diff --git a/units/systemd-homed.service.in b/units/systemd-homed.service.in new file mode 100644 index 0000000..52caa4e --- /dev/null +++ b/units/systemd-homed.service.in @@ -0,0 +1,42 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Home Area Manager +Documentation=man:systemd-homed.service(8) +Documentation=man:org.freedesktop.home1(5) +After=home.mount dbus.service + +[Service] +BusName=org.freedesktop.home1 +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE CAP_SETPCAP CAP_DAC_READ_SEARCH CAP_SETFCAP +DeviceAllow=/dev/loop-control rw +DeviceAllow=/dev/mapper/control rw +DeviceAllow=block-* rw +DeviceAllow=char-hidraw rw +ExecStart={{ROOTLIBEXECDIR}}/systemd-homed +KillMode=mixed +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_ALG AF_INET AF_INET6 +RestrictNamespaces=mnt user +RestrictRealtime=yes +StateDirectory=systemd/home +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @mount +TimeoutStopSec=3min +{{SERVICE_WATCHDOG}} + +[Install] +WantedBy=multi-user.target +Alias=dbus-org.freedesktop.home1.service +Also=systemd-homed-activate.service systemd-userdbd.service diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in new file mode 100644 index 0000000..9ac56ba --- /dev/null +++ b/units/systemd-hostnamed.service.in @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Hostname Service +Documentation=man:systemd-hostnamed.service(8) +Documentation=man:hostname(5) +Documentation=man:machine-info(5) +Documentation=man:org.freedesktop.hostname1(5) + +[Service] +BusName=org.freedesktop.hostname1 +CapabilityBoundingSet=CAP_SYS_ADMIN +ExecStart={{ROOTLIBEXECDIR}}/systemd-hostnamed +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateNetwork=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +ReadWritePaths=/etc /run/systemd +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service sethostname +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-hwdb-update.service.in b/units/systemd-hwdb-update.service.in new file mode 100644 index 0000000..a09fe8a --- /dev/null +++ b/units/systemd-hwdb-update.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rebuild Hardware Database +Documentation=man:hwdb(7) man:systemd-hwdb(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-remount-fs.service +Before=sysinit.target shutdown.target systemd-update-done.service +ConditionNeedsUpdate=/etc +ConditionPathExists=|!{{UDEVLIBEXECDIR}}/hwdb.bin +ConditionPathExists=|/etc/udev/hwdb.bin +ConditionDirectoryNotEmpty=|/etc/udev/hwdb.d/ + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-hwdb update +TimeoutSec=90s diff --git a/units/systemd-hybrid-sleep.service.in b/units/systemd-hybrid-sleep.service.in new file mode 100644 index 0000000..ec51420 --- /dev/null +++ b/units/systemd-hybrid-sleep.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Hybrid Suspend+Hibernate +Documentation=man:systemd-hybrid-sleep.service(8) +DefaultDependencies=no +Requires=sleep.target +After=sleep.target + +[Service] +Type=oneshot +ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep hybrid-sleep diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in new file mode 100644 index 0000000..080cc64 --- /dev/null +++ b/units/systemd-importd.service.in @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Virtual Machine and Container Download Service +Documentation=man:systemd-importd.service(8) +Documentation=man:org.freedesktop.import1(5) + +[Service] +ExecStart={{ROOTLIBEXECDIR}}/systemd-importd +BusName=org.freedesktop.import1 +KillMode=mixed +CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE CAP_LINUX_IMMUTABLE +NoNewPrivileges=yes +MemoryDenyWriteExecute=yes +ProtectHostname=yes +RestrictRealtime=yes +RestrictNamespaces=net +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +SystemCallFilter=@system-service @mount +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +LockPersonality=yes +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-initctl.service.in b/units/systemd-initctl.service.in new file mode 100644 index 0000000..efac5c4 --- /dev/null +++ b/units/systemd-initctl.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=initctl Compatibility Daemon +Documentation=man:systemd-initctl.service(8) +DefaultDependencies=no + +[Service] +ExecStart={{ROOTLIBEXECDIR}}/systemd-initctl +NoNewPrivileges=yes +NotifyAccess=all +SystemCallArchitectures=native diff --git a/units/systemd-initctl.socket b/units/systemd-initctl.socket new file mode 100644 index 0000000..4102131 --- /dev/null +++ b/units/systemd-initctl.socket @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=initctl Compatibility Named Pipe +Documentation=man:systemd-initctl.socket(8) +DefaultDependencies=no +Before=sockets.target + +[Socket] +ListenFIFO=/run/initctl +Symlinks=/dev/initctl +SocketMode=0600 diff --git a/units/systemd-journal-catalog-update.service b/units/systemd-journal-catalog-update.service new file mode 100644 index 0000000..4779256 --- /dev/null +++ b/units/systemd-journal-catalog-update.service @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rebuild Journal Catalog +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs.target systemd-tmpfiles-setup.service +Before=sysinit.target shutdown.target systemd-update-done.service +ConditionNeedsUpdate=/var + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=journalctl --update-catalog +TimeoutSec=90s diff --git a/units/systemd-journal-flush.service b/units/systemd-journal-flush.service new file mode 100644 index 0000000..5d0b811 --- /dev/null +++ b/units/systemd-journal-flush.service @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Flush Journal to Persistent Storage +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Wants=systemd-journald.service +After=systemd-journald.service systemd-remount-fs.service +Before=systemd-tmpfiles-setup.service +RequiresMountsFor=/var/log/journal +ConditionPathExists=!/etc/initrd-release + +[Service] +ExecStart=journalctl --flush +ExecStop=journalctl --smart-relinquish-var +Type=oneshot +RemainAfterExit=yes +TimeoutSec=90s diff --git a/units/systemd-journal-gatewayd.service.in b/units/systemd-journal-gatewayd.service.in new file mode 100644 index 0000000..81c53fa --- /dev/null +++ b/units/systemd-journal-gatewayd.service.in @@ -0,0 +1,41 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Gateway Service +Documentation=man:systemd-journal-gatewayd(8) +Requires=systemd-journal-gatewayd.socket + +[Service] +DynamicUser=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-gatewayd +LockPersonality=yes +MemoryDenyWriteExecute=yes +PrivateDevices=yes +PrivateNetwork=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +SupplementaryGroups=systemd-journal +SystemCallArchitectures=native +User=systemd-journal-gateway + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} + +[Install] +Also=systemd-journal-gatewayd.socket diff --git a/units/systemd-journal-gatewayd.socket b/units/systemd-journal-gatewayd.socket new file mode 100644 index 0000000..30e74e3 --- /dev/null +++ b/units/systemd-journal-gatewayd.socket @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Gateway Service Socket +Documentation=man:systemd-journal-gatewayd(8) + +[Socket] +ListenStream=19531 + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in new file mode 100644 index 0000000..d8f28f2 --- /dev/null +++ b/units/systemd-journal-remote.service.in @@ -0,0 +1,46 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Remote Sink Service +Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5) +Requires=systemd-journal-remote.socket + +[Service] +ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-remote --listen-https=-3 --output=/var/log/journal/remote/ +LockPersonality=yes +LogsDirectory=journal/remote +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateNetwork=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +User=systemd-journal-remote +{{SERVICE_WATCHDOG}} + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} + +[Install] +Also=systemd-journal-remote.socket diff --git a/units/systemd-journal-remote.socket b/units/systemd-journal-remote.socket new file mode 100644 index 0000000..2956819 --- /dev/null +++ b/units/systemd-journal-remote.socket @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Remote Sink Socket + +[Socket] +ListenStream=19532 + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in new file mode 100644 index 0000000..7e64870 --- /dev/null +++ b/units/systemd-journal-upload.service.in @@ -0,0 +1,46 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Remote Upload Service +Documentation=man:systemd-journal-upload(8) +Wants=network-online.target +After=network-online.target + +[Service] +DynamicUser=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-upload --save-state +LockPersonality=yes +MemoryDenyWriteExecute=yes +PrivateDevices=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +Restart=on-failure +RestartSteps=10 +RestartMaxDelaySec=60 +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +StateDirectory=systemd/journal-upload +SupplementaryGroups=systemd-journal +SystemCallArchitectures=native +User=systemd-journal-upload +{{SERVICE_WATCHDOG}} + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} + +[Install] +WantedBy=multi-user.target diff --git a/units/systemd-journald-audit.socket b/units/systemd-journald-audit.socket new file mode 100644 index 0000000..f0c0aeb --- /dev/null +++ b/units/systemd-journald-audit.socket @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Audit Socket +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target +ConditionSecurity=audit +ConditionCapability=CAP_AUDIT_READ + +[Socket] +Service=systemd-journald.service +ReceiveBuffer=128M +ListenNetlink=audit 1 +PassCredentials=yes diff --git a/units/systemd-journald-dev-log.socket b/units/systemd-journald-dev-log.socket new file mode 100644 index 0000000..e2a9352 --- /dev/null +++ b/units/systemd-journald-dev-log.socket @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Socket (/dev/log) +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target + +# Mount and swap units need this. If this socket unit is removed by an isolate +# request the mount and swap units would be removed too, hence let's exclude +# systemd-journald and its sockets from isolate requests. +IgnoreOnIsolate=yes + +[Socket] +ListenDatagram=/run/systemd/journal/dev-log +PassCredentials=yes +PassSecurity=yes +Service=systemd-journald.service +SocketMode=0666 +Symlinks=/dev/log +Timestamping=us + +# Increase both the send and receive buffer, so that things don't +# block early. Note that journald internally uses the this socket both +# for receiving syslog messages, and for forwarding them to any other +# syslog, hence we bump both values. +ReceiveBuffer=8M +SendBuffer=8M diff --git a/units/systemd-journald-varlink@.socket b/units/systemd-journald-varlink@.socket new file mode 100644 index 0000000..05d8cf6 --- /dev/null +++ b/units/systemd-journald-varlink@.socket @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Varlink Socket for Namespace %i +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +StopWhenUnneeded=yes + +[Socket] +Service=systemd-journald@%i.service +ListenStream=/run/systemd/journal.%i/io.systemd.journal +SocketMode=0600 diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in new file mode 100644 index 0000000..38ba3e2 --- /dev/null +++ b/units/systemd-journald.service.in @@ -0,0 +1,56 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Service +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Requires=systemd-journald.socket +After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket +Before=sysinit.target + +# Mount and swap units need the journal socket units. If they were removed by +# an isolate request the mount and swap units would be removed too, hence let's +# exclude systemd-journald and its sockets from isolate requests. +IgnoreOnIsolate=yes + +[Service] +DeviceAllow=char-* rw +ExecStart={{ROOTLIBEXECDIR}}/systemd-journald +FileDescriptorStoreMax=4224 +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +OOMScoreAdjust=-250 +ProtectClock=yes +Restart=always +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/journal +RuntimeDirectoryPreserve=yes +Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket +StandardOutput=null +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +{{SERVICE_WATCHDOG}} + +# In case you're wondering why CAP_SYS_PTRACE is needed, access to +# /proc/<pid>/exe requires this capability. Thus if this capability is missing +# the _EXE=/OBJECT_EXE= fields will be missing from the journal entries. +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} diff --git a/units/systemd-journald.socket b/units/systemd-journald.socket new file mode 100644 index 0000000..1e2178e --- /dev/null +++ b/units/systemd-journald.socket @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Socket +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target + +# Mount and swap units need this. If this socket unit is removed by an isolate +# request the mount and swap units would be removed too, hence let's exclude +# systemd-journald and its sockets from isolate requests. +IgnoreOnIsolate=yes + +[Socket] +ListenDatagram=/run/systemd/journal/socket +ListenStream=/run/systemd/journal/stdout +PassCredentials=yes +PassSecurity=yes +ReceiveBuffer=8M +Service=systemd-journald.service +SocketMode=0666 +Timestamping=us diff --git a/units/systemd-journald@.service.in b/units/systemd-journald@.service.in new file mode 100644 index 0000000..35c9982 --- /dev/null +++ b/units/systemd-journald@.service.in @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Service for Namespace %i +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +Requires=systemd-journald@%i.socket systemd-journald-varlink@%i.socket +After=systemd-journald@%i.socket systemd-journald-varlink@%i.socket + +[Service] +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE +DevicePolicy=closed +ExecStart={{ROOTLIBEXECDIR}}/systemd-journald %i +FileDescriptorStoreMax=4224 +Group=systemd-journal +IPAddressDeny=any +LockPersonality=yes +LogsDirectory=journal/%m.%i +LogsDirectoryMode=02755 +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/journal.%i +RuntimeDirectoryPreserve=yes +Sockets=systemd-journald@%i.socket +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +{{SERVICE_WATCHDOG}} + +# If there are many split up journal files we need a lot of fds to access them +# all in parallel. +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} diff --git a/units/systemd-journald@.socket b/units/systemd-journald@.socket new file mode 100644 index 0000000..60c025f --- /dev/null +++ b/units/systemd-journald@.socket @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Socket for Namespace %i +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +StopWhenUnneeded=yes + +[Socket] +Service=systemd-journald@%i.service +ListenStream=/run/systemd/journal.%i/stdout +ListenDatagram=/run/systemd/journal.%i/socket +ListenDatagram=/run/systemd/journal.%i/dev-log +SocketMode=0666 +PassCredentials=yes +PassSecurity=yes +ReceiveBuffer=8M +SendBuffer=8M diff --git a/units/systemd-kexec.service b/units/systemd-kexec.service new file mode 100644 index 0000000..916995c --- /dev/null +++ b/units/systemd-kexec.service @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot via kexec +Documentation=man:systemd-kexec.service(8) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target + +[Service] +Type=oneshot +ExecStart=systemctl --force kexec diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in new file mode 100644 index 0000000..f9a92fe --- /dev/null +++ b/units/systemd-localed.service.in @@ -0,0 +1,47 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Locale Service +Documentation=man:systemd-localed.service(8) +Documentation=man:locale.conf(5) +Documentation=man:vconsole.conf(5) +Documentation=man:org.freedesktop.locale1(5) + +[Service] +BusName=org.freedesktop.locale1 +CapabilityBoundingSet= +ExecStart={{ROOTLIBEXECDIR}}/systemd-localed +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateNetwork=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +ReadWritePaths=/etc +{% if HAVE_LOCALEGEN %} +ReadWritePaths=/usr/lib/locale +{% endif %} +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in new file mode 100644 index 0000000..042ea75 --- /dev/null +++ b/units/systemd-logind.service.in @@ -0,0 +1,65 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Login Management +Documentation=man:sd-login(3) +Documentation=man:systemd-logind.service(8) +Documentation=man:logind.conf(5) +Documentation=man:org.freedesktop.login1(5) + +Wants=user.slice modprobe@drm.service +After=nss-user-lookup.target user.slice modprobe@drm.service + +# Ask for the dbus socket. +Wants=dbus.socket +After=dbus.socket + +[Service] +BusName=org.freedesktop.login1 +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG CAP_LINUX_IMMUTABLE +DeviceAllow=block-* r +DeviceAllow=char-/dev/console rw +DeviceAllow=char-drm rw +DeviceAllow=char-input rw +DeviceAllow=char-tty rw +DeviceAllow=char-vcs rw +ExecStart={{ROOTLIBEXECDIR}}/systemd-logind +FileDescriptorStoreMax=512 +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateTmp=yes +# We don't use ProtectProc= since we need to look for usernames and tty for wall messages +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectSystem=strict +ReadWritePaths=/etc /run +Restart=always +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/sessions systemd/seats systemd/users systemd/inhibit systemd/shutdown +RuntimeDirectoryPreserve=yes +StateDirectory=systemd/linger +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +{{SERVICE_WATCHDOG}} + +# Increase the default a bit in order to allow many simultaneous logins since +# we keep one fd open per session. +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} diff --git a/units/systemd-machine-id-commit.service b/units/systemd-machine-id-commit.service new file mode 100644 index 0000000..89e0613 --- /dev/null +++ b/units/systemd-machine-id-commit.service @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Commit a transient machine-id on disk +Documentation=man:systemd-machine-id-commit.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=shutdown.target +After=local-fs.target first-boot-complete.target +ConditionPathIsReadWrite=/etc +ConditionPathIsMountPoint=/etc/machine-id + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-machine-id-setup --commit +TimeoutSec=30s diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in new file mode 100644 index 0000000..d3f8abd --- /dev/null +++ b/units/systemd-machined.service.in @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Virtual Machine and Container Registration Service +Documentation=man:systemd-machined.service(8) +Documentation=man:org.freedesktop.machine1(5) + +Wants=machine.slice +After=machine.slice +RequiresMountsFor=/var/lib/machines + +[Service] +BusName=org.freedesktop.machine1 +CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_LINUX_IMMUTABLE +ExecStart={{ROOTLIBEXECDIR}}/systemd-machined +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +ProtectHostname=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +RestrictRealtime=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @mount +{{SERVICE_WATCHDOG}} + +# Note that machined cannot be placed in a mount namespace, since it +# needs access to the host's mount namespace in order to implement the +# "machinectl bind" operation. diff --git a/units/systemd-modules-load.service.in b/units/systemd-modules-load.service.in new file mode 100644 index 0000000..604d871 --- /dev/null +++ b/units/systemd-modules-load.service.in @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load Kernel Modules +Documentation=man:systemd-modules-load.service(8) man:modules-load.d(5) +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target +ConditionCapability=CAP_SYS_MODULE +ConditionDirectoryNotEmpty=|/lib/modules-load.d +ConditionDirectoryNotEmpty=|/usr/lib/modules-load.d +ConditionDirectoryNotEmpty=|/usr/local/lib/modules-load.d +ConditionDirectoryNotEmpty=|/etc/modules-load.d +ConditionDirectoryNotEmpty=|/run/modules-load.d +ConditionKernelCommandLine=|modules-load +ConditionKernelCommandLine=|rd.modules-load + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-modules-load +TimeoutSec=90s diff --git a/units/systemd-network-generator.service.in b/units/systemd-network-generator.service.in new file mode 100644 index 0000000..2b79ca6 --- /dev/null +++ b/units/systemd-network-generator.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Generate network units from Kernel command line +Documentation=man:systemd-network-generator.service(8) + +DefaultDependencies=no +Before=network-pre.target systemd-udevd.service +Wants=network-pre.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-network-generator + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-networkd-wait-online.service.in b/units/systemd-networkd-wait-online.service.in new file mode 100644 index 0000000..09698fc --- /dev/null +++ b/units/systemd-networkd-wait-online.service.in @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Wait for Network to be Configured +Documentation=man:systemd-networkd-wait-online.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +BindsTo=systemd-networkd.service +After=systemd-networkd.service +Before=network-online.target shutdown.target + +[Service] +Type=oneshot +ExecStart={{ROOTLIBEXECDIR}}/systemd-networkd-wait-online +RemainAfterExit=yes + +[Install] +WantedBy=network-online.target diff --git a/units/systemd-networkd-wait-online@.service.in b/units/systemd-networkd-wait-online@.service.in new file mode 100644 index 0000000..b7a1e40 --- /dev/null +++ b/units/systemd-networkd-wait-online@.service.in @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Wait for Network Interface %i to be Configured +Documentation=man:systemd-networkd-wait-online.service(8) +ConditionCapability=CAP_NET_ADMIN +DefaultDependencies=no +Conflicts=shutdown.target +BindsTo=systemd-networkd.service +After=systemd-networkd.service +Before=network-online.target shutdown.target + +[Service] +Type=oneshot +ExecStart={{ROOTLIBEXECDIR}}/systemd-networkd-wait-online -i %i +RemainAfterExit=yes + +[Install] +WantedBy=network-online.target diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in new file mode 100644 index 0000000..8b5dd0b --- /dev/null +++ b/units/systemd-networkd.service.in @@ -0,0 +1,69 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Configuration +Documentation=man:systemd-networkd.service(8) +Documentation=man:org.freedesktop.network1(5) +ConditionCapability=CAP_NET_ADMIN +DefaultDependencies=no +# systemd-udevd.service can be dropped once tuntap is moved to netlink +After=systemd-networkd.socket systemd-udevd.service network-pre.target systemd-sysusers.service systemd-sysctl.service +Before=network.target multi-user.target shutdown.target initrd-switch-root.target +Conflicts=shutdown.target initrd-switch-root.target +Wants=systemd-networkd.socket network.target + +[Service] +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW +BusName=org.freedesktop.network1 +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW +DeviceAllow=char-* rw +ExecStart=!!{{ROOTLIBEXECDIR}}/systemd-networkd +ExecReload=networkctl reload +FileDescriptorStoreMax=512 +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +ProtectProc=invisible +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectSystem=strict +Restart=on-failure +RestartKillSignal=SIGUSR2 +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/netif +RuntimeDirectoryPreserve=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +User=systemd-network +{{SERVICE_WATCHDOG}} + +[Install] +WantedBy=multi-user.target +Also=systemd-networkd.socket +Alias=dbus-org.freedesktop.network1.service + +# The output from this generator is used by udevd and networkd. Enable it by +# default when enabling systemd-networkd.service. +Also=systemd-network-generator.service + +# We want to enable systemd-networkd-wait-online.service whenever this service +# is enabled. systemd-networkd-wait-online.service has +# WantedBy=network-online.target, so enabling it only has an effect if +# network-online.target itself is enabled or pulled in by some other unit. +Also=systemd-networkd-wait-online.service diff --git a/units/systemd-networkd.socket b/units/systemd-networkd.socket new file mode 100644 index 0000000..2d8d1c3 --- /dev/null +++ b/units/systemd-networkd.socket @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Service Netlink Socket +Documentation=man:systemd-networkd.service(8) man:rtnetlink(7) +ConditionCapability=CAP_NET_ADMIN +DefaultDependencies=no +Before=sockets.target shutdown.target +Conflicts=shutdown.target + +[Socket] +ReceiveBuffer=128M +ListenNetlink=route 1361 +PassPacketInfo=yes + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in new file mode 100644 index 0000000..b013381 --- /dev/null +++ b/units/systemd-nspawn@.service.in @@ -0,0 +1,50 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Container %i +Documentation=man:systemd-nspawn(1) +Wants=modprobe@tun.service modprobe@loop.service modprobe@dm_mod.service +PartOf=machines.target +Before=machines.target +After=network.target modprobe@tun.service modprobe@loop.service modprobe@dm-mod.service +RequiresMountsFor=/var/lib/machines/%i + +[Service] +# Make sure the DeviceAllow= lines below can properly resolve the 'block-loop' expression (and others) +ExecStart=systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth -U --settings=override --machine=%i +KillMode=mixed +Type=notify +RestartForceExitStatus=133 +SuccessExitStatus=133 +Slice=machine.slice +Delegate=yes +TasksMax=16384 +{{SERVICE_WATCHDOG}} + +{# Enforce a strict device policy, similar to the one nspawn configures when it + # allocates its own scope unit. Make sure to keep these policies in sync if you + # change them! #} +DevicePolicy=closed +DeviceAllow=/dev/net/tun rwm +DeviceAllow=char-pts rw + +# nspawn itself needs access to /dev/loop-control and /dev/loop, to implement +# the --image= option. Add these here, too. +DeviceAllow=/dev/loop-control rw +DeviceAllow=block-loop rw +DeviceAllow=block-blkext rw + +# nspawn can set up LUKS encrypted loopback files, in which case it needs +# access to /dev/mapper/control and the block devices /dev/mapper/*. +DeviceAllow=/dev/mapper/control rw +DeviceAllow=block-device-mapper rw + +[Install] +WantedBy=machines.target diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in new file mode 100644 index 0000000..c138f5e --- /dev/null +++ b/units/systemd-oomd.service.in @@ -0,0 +1,62 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Userspace Out-Of-Memory (OOM) Killer +Documentation=man:systemd-oomd.service(8) +Documentation=man:org.freedesktop.oom1(5) +DefaultDependencies=no +Before=multi-user.target shutdown.target +Conflicts=shutdown.target +ConditionControlGroupController=v2 +ConditionControlGroupController=memory +ConditionPathExists=/proc/pressure/cpu +ConditionPathExists=/proc/pressure/io +ConditionPathExists=/proc/pressure/memory +Requires=systemd-oomd.socket +After=systemd-oomd.socket + +[Service] +AmbientCapabilities=CAP_KILL CAP_DAC_OVERRIDE +BusName=org.freedesktop.oom1 +CapabilityBoundingSet=CAP_KILL CAP_DAC_OVERRIDE +ExecStart={{ROOTLIBEXECDIR}}/systemd-oomd +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +# Reserve some minimum amount of memory so that systemd-oomd can continue to +# run in resource starved scenarios. +MemoryMin=64M +MemoryLow=64M +NoNewPrivileges=yes +OOMScoreAdjust=-900 +PrivateDevices=yes +PrivateTmp=yes +ProtectClock=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +Restart=on-failure +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +User=systemd-oom +{{SERVICE_WATCHDOG}} + +[Install] +WantedBy=multi-user.target +Alias=dbus-org.freedesktop.oom1.service diff --git a/units/systemd-oomd.socket b/units/systemd-oomd.socket new file mode 100644 index 0000000..70eb6b7 --- /dev/null +++ b/units/systemd-oomd.socket @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Userspace Out-Of-Memory (OOM) Killer Socket +Documentation=man:systemd-oomd.service(8) +DefaultDependencies=no +Before=sockets.target shutdown.target +Conflicts=shutdown.target +ConditionControlGroupController=v2 +ConditionControlGroupController=memory +ConditionPathExists=/proc/pressure/cpu +ConditionPathExists=/proc/pressure/io +ConditionPathExists=/proc/pressure/memory + +[Socket] +ListenStream=/run/systemd/oom/io.system.ManagedOOM +SocketMode=0666 + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-pcrphase-initrd.service.in b/units/systemd-pcrphase-initrd.service.in new file mode 100644 index 0000000..6320dcc --- /dev/null +++ b/units/systemd-pcrphase-initrd.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR Barrier (initrd) +Documentation=man:systemd-pcrphase-initrd.service(8) +DefaultDependencies=no +Conflicts=shutdown.target initrd-switch-root.target +Before=sysinit.target cryptsetup-pre.target cryptsetup.target shutdown.target initrd-switch-root.target systemd-sysext.service +ConditionPathExists=/etc/initrd-release +ConditionSecurity=tpm2 +ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-pcrphase --graceful enter-initrd +ExecStop={{ROOTLIBEXECDIR}}/systemd-pcrphase --graceful leave-initrd diff --git a/units/systemd-pcrphase-sysinit.service.in b/units/systemd-pcrphase-sysinit.service.in new file mode 100644 index 0000000..f00ad61 --- /dev/null +++ b/units/systemd-pcrphase-sysinit.service.in @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR Barrier (Initialization) +Documentation=man:systemd-pcrphase-sysinit.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=sysinit.target +Before=basic.target shutdown.target +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=tpm2 +ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-pcrphase --graceful sysinit +ExecStop={{ROOTLIBEXECDIR}}/systemd-pcrphase --graceful final diff --git a/units/systemd-pcrphase.service.in b/units/systemd-pcrphase.service.in new file mode 100644 index 0000000..558f268 --- /dev/null +++ b/units/systemd-pcrphase.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR Barrier (User) +Documentation=man:systemd-pcrphase.service(8) +After=remote-fs.target remote-cryptsetup.target +Before=systemd-user-sessions.service +ConditionPathExists=!/etc/initrd-release +ConditionSecurity=tpm2 +ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-pcrphase --graceful ready +ExecStop={{ROOTLIBEXECDIR}}/systemd-pcrphase --graceful shutdown diff --git a/units/systemd-portabled.service.in b/units/systemd-portabled.service.in new file mode 100644 index 0000000..ab660ce --- /dev/null +++ b/units/systemd-portabled.service.in @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Portable Service Manager +Documentation=man:systemd-portabled.service(8) +Documentation=man:org.freedesktop.portable1(5) +RequiresMountsFor=/var/lib/portables + +[Service] +ExecStart={{ROOTLIBEXECDIR}}/systemd-portabled +BusName=org.freedesktop.portable1 +CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD +MemoryDenyWriteExecute=yes +ProtectHostname=yes +ProtectKernelLogs=yes +RestrictRealtime=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +SystemCallFilter=@system-service @mount +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +LockPersonality=yes +IPAddressDeny=any +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-poweroff.service b/units/systemd-poweroff.service new file mode 100644 index 0000000..254188d --- /dev/null +++ b/units/systemd-poweroff.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Power Off +Documentation=man:systemd-poweroff.service(8) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target +SuccessAction=poweroff-force diff --git a/units/systemd-pstore.service.in b/units/systemd-pstore.service.in new file mode 100644 index 0000000..02ac29c --- /dev/null +++ b/units/systemd-pstore.service.in @@ -0,0 +1,28 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Platform Persistent Storage Archival +Documentation=man:systemd-pstore(8) +ConditionDirectoryNotEmpty=/sys/fs/pstore +ConditionVirtualization=!container +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target +After=modprobe@efi_pstore.service +Wants=modprobe@efi_pstore.service + +[Service] +Type=oneshot +ExecStart={{ROOTLIBEXECDIR}}/systemd-pstore +RemainAfterExit=yes +StateDirectory=systemd/pstore + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-quotacheck.service.in b/units/systemd-quotacheck.service.in new file mode 100644 index 0000000..c3e936d --- /dev/null +++ b/units/systemd-quotacheck.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=File System Quota Check +Documentation=man:systemd-quotacheck.service(8) +DefaultDependencies=no +After=systemd-remount-fs.service +Before=remote-fs.target shutdown.target +ConditionPathExists={{QUOTACHECK}} + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-quotacheck +TimeoutSec=0 diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in new file mode 100644 index 0000000..1aa9af9 --- /dev/null +++ b/units/systemd-random-seed.service.in @@ -0,0 +1,32 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load/Save Random Seed +Documentation=man:systemd-random-seed.service(8) man:random(4) +DefaultDependencies=no +RequiresMountsFor={{RANDOM_SEED}} +Conflicts=shutdown.target +After=systemd-remount-fs.service +Before=first-boot-complete.target shutdown.target +Wants=first-boot-complete.target +ConditionVirtualization=!container +ConditionPathExists=!/etc/initrd-release + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-random-seed load +ExecStop={{ROOTLIBEXECDIR}}/systemd-random-seed save + +# This service waits until the kernel's entropy pool is initialized, and may be +# used as ordering barrier for service that require an initialized entropy +# pool. Since initialization can take a while on entropy-starved systems, let's +# increase the timeout substantially here. +TimeoutSec=10min diff --git a/units/systemd-reboot.service b/units/systemd-reboot.service new file mode 100644 index 0000000..79176ad --- /dev/null +++ b/units/systemd-reboot.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Reboot +Documentation=man:systemd-reboot.service(8) +DefaultDependencies=no +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target +SuccessAction=reboot-force diff --git a/units/systemd-remount-fs.service.in b/units/systemd-remount-fs.service.in new file mode 100644 index 0000000..2abed1d --- /dev/null +++ b/units/systemd-remount-fs.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remount Root and Kernel File Systems +Documentation=man:systemd-remount-fs.service(8) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-fsck-root.service +Before=local-fs-pre.target local-fs.target shutdown.target +Wants=local-fs-pre.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-remount-fs diff --git a/units/systemd-repart.service.in b/units/systemd-repart.service.in new file mode 100644 index 0000000..105be68 --- /dev/null +++ b/units/systemd-repart.service.in @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Repartition Root Disk +Documentation=man:systemd-repart.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +Wants=modprobe@loop.service modprobe@dm_mod.service +After=initrd-usr-fs.target modprobe@loop.service modprobe@dm_mod.service +Before=initrd-root-fs.target shutdown.target +ConditionVirtualization=!container +ConditionDirectoryNotEmpty=|/usr/lib/repart.d +ConditionDirectoryNotEmpty=|/usr/local/lib/repart.d +ConditionDirectoryNotEmpty=|/etc/repart.d +ConditionDirectoryNotEmpty=|/run/repart.d +ConditionDirectoryNotEmpty=|/sysroot/usr/lib/repart.d +ConditionDirectoryNotEmpty=|/sysroot/usr/local/lib/repart.d +ConditionDirectoryNotEmpty=|/sysroot/etc/repart.d +ConditionDirectoryNotEmpty=|/sysusr/usr/lib/repart.d +ConditionDirectoryNotEmpty=|/sysusr/usr/local/lib/repart.d + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTBINDIR}}/systemd-repart --dry-run=no + +# The tool returns 77 if there's no existing GPT partition table +SuccessExitStatus=77 diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in new file mode 100644 index 0000000..1ca7e7f --- /dev/null +++ b/units/systemd-resolved.service.in @@ -0,0 +1,58 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Name Resolution +Documentation=man:systemd-resolved.service(8) +Documentation=man:org.freedesktop.resolve1(5) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers +Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients + +DefaultDependencies=no +After=systemd-sysctl.service systemd-sysusers.service +Before=sysinit.target network.target nss-lookup.target shutdown.target initrd-switch-root.target +Conflicts=shutdown.target initrd-switch-root.target +Wants=nss-lookup.target + +[Service] +AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE +BusName=org.freedesktop.resolve1 +CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE +ExecStart=!!{{ROOTLIBEXECDIR}}/systemd-resolved +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +Restart=always +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/resolve +RuntimeDirectoryPreserve=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +User=systemd-resolve +{{SERVICE_WATCHDOG}} + +[Install] +WantedBy=sysinit.target +Alias=dbus-org.freedesktop.resolve1.service diff --git a/units/systemd-rfkill.service.in b/units/systemd-rfkill.service.in new file mode 100644 index 0000000..56de1a1 --- /dev/null +++ b/units/systemd-rfkill.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load/Save RF Kill Switch Status +Documentation=man:systemd-rfkill.service(8) +DefaultDependencies=no +BindsTo=sys-devices-virtual-misc-rfkill.device +Conflicts=shutdown.target +After=sys-devices-virtual-misc-rfkill.device +Before=shutdown.target + +[Service] +ExecStart={{ROOTLIBEXECDIR}}/systemd-rfkill +NoNewPrivileges=yes +StateDirectory=systemd/rfkill +TimeoutSec=30s +Type=notify diff --git a/units/systemd-rfkill.socket b/units/systemd-rfkill.socket new file mode 100644 index 0000000..4ca8d6f --- /dev/null +++ b/units/systemd-rfkill.socket @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Load/Save RF Kill Switch Status /dev/rfkill Watch +Documentation=man:systemd-rfkill.socket(8) +DefaultDependencies=no +BindsTo=sys-devices-virtual-misc-rfkill.device +After=sys-devices-virtual-misc-rfkill.device systemd-remount-fs.service +RequiresMountsFor=/var/lib/systemd/rfkill +Conflicts=shutdown.target +Before=shutdown.target + +[Socket] +ListenSpecial=/dev/rfkill +Writable=yes diff --git a/units/systemd-suspend-then-hibernate.service.in b/units/systemd-suspend-then-hibernate.service.in new file mode 100644 index 0000000..f9c9675 --- /dev/null +++ b/units/systemd-suspend-then-hibernate.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Suspend then Hibernate +Documentation=man:systemd-suspend-then-hibernate.service(8) +DefaultDependencies=no +Requires=sleep.target +After=sleep.target + +[Service] +Type=oneshot +ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep suspend-then-hibernate diff --git a/units/systemd-suspend.service.in b/units/systemd-suspend.service.in new file mode 100644 index 0000000..2515575 --- /dev/null +++ b/units/systemd-suspend.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Suspend +Documentation=man:systemd-suspend.service(8) +DefaultDependencies=no +Requires=sleep.target +After=sleep.target + +[Service] +Type=oneshot +ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep suspend diff --git a/units/systemd-sysctl.service.in b/units/systemd-sysctl.service.in new file mode 100644 index 0000000..77793f3 --- /dev/null +++ b/units/systemd-sysctl.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Apply Kernel Variables +Documentation=man:systemd-sysctl.service(8) man:sysctl.d(5) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-modules-load.service +Before=sysinit.target shutdown.target +ConditionPathIsReadWrite=/proc/sys/net/ + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-sysctl +TimeoutSec=90s +LoadCredential=sysctl.extra diff --git a/units/systemd-sysext.service b/units/systemd-sysext.service new file mode 100644 index 0000000..f8c26f5 --- /dev/null +++ b/units/systemd-sysext.service @@ -0,0 +1,34 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Merge System Extension Images into /usr/ and /opt/ +Documentation=man:systemd-sysext.service(8) + +ConditionCapability=CAP_SYS_ADMIN +ConditionDirectoryNotEmpty=|/etc/extensions +ConditionDirectoryNotEmpty=|/run/extensions +ConditionDirectoryNotEmpty=|/var/lib/extensions +ConditionDirectoryNotEmpty=|/usr/local/lib/extensions +ConditionDirectoryNotEmpty=|/usr/lib/extensions + +DefaultDependencies=no +After=local-fs.target +Before=sysinit.target systemd-tmpfiles-setup.service +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-sysext merge +ExecStop=systemd-sysext unmerge + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-sysupdate-reboot.service.in b/units/systemd-sysupdate-reboot.service.in new file mode 100644 index 0000000..9d7b7d1 --- /dev/null +++ b/units/systemd-sysupdate-reboot.service.in @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot Automatically After System Update +Documentation=man:systemd-sysupdate-reboot.service(8) +ConditionVirtualization=!container + +[Service] +Type=oneshot +ExecStart={{ROOTLIBEXECDIR}}/systemd-sysupdate reboot + +[Install] +Also=systemd-sysupdate-reboot.timer diff --git a/units/systemd-sysupdate-reboot.timer b/units/systemd-sysupdate-reboot.timer new file mode 100644 index 0000000..95a44bf --- /dev/null +++ b/units/systemd-sysupdate-reboot.timer @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Reboot Automatically After System Update +Documentation=man:systemd-sysupdate-reboot.service(8) +ConditionVirtualization=!container + +[Timer] +OnCalendar=4:10 +RandomizedDelaySec=30min + +[Install] +WantedBy=timers.target diff --git a/units/systemd-sysupdate.service.in b/units/systemd-sysupdate.service.in new file mode 100644 index 0000000..085a9c4 --- /dev/null +++ b/units/systemd-sysupdate.service.in @@ -0,0 +1,34 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Automatic System Update +Documentation=man:systemd-sysupdate.service(8) +Wants=network-online.target +After=network-online.target +ConditionVirtualization=!container + +[Service] +Type=simple +NotifyAccess=main +ExecStart={{ROOTLIBEXECDIR}}/systemd-sysupdate update +CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE CAP_LINUX_IMMUTABLE +NoNewPrivileges=yes +MemoryDenyWriteExecute=yes +ProtectHostname=yes +RestrictRealtime=yes +RestrictNamespaces=net +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +SystemCallFilter=@system-service @mount +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +LockPersonality=yes + +[Install] +Also=systemd-sysupdate.timer diff --git a/units/systemd-sysupdate.timer b/units/systemd-sysupdate.timer new file mode 100644 index 0000000..6ecd98d --- /dev/null +++ b/units/systemd-sysupdate.timer @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Automatic System Update +Documentation=man:systemd-sysupdate.service(8) + +# For containers we assume that the manager will handle updates. And we likely +# can't even access our backing block device anyway. +ConditionVirtualization=!container + +[Timer] +# Trigger the update 15min after boot, and then – on average – every 6h, but +# randomly distributed in a 2h…6h interval. In addition trigger things +# persistently once on each Saturday, to ensure that even on systems that are +# never booted up for long we have a chance to to do the update. +OnBootSec=15min +OnUnitActiveSec=2h +OnCalendar=Sat +RandomizedDelaySec=4h +Persistent=yes + +[Install] +WantedBy=timers.target diff --git a/units/systemd-sysusers.service b/units/systemd-sysusers.service new file mode 100644 index 0000000..0eb4029 --- /dev/null +++ b/units/systemd-sysusers.service @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create System Users +Documentation=man:sysusers.d(5) man:systemd-sysusers.service(8) + +DefaultDependencies=no +After=systemd-remount-fs.service +Before=sysinit.target systemd-update-done.service +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +ConditionNeedsUpdate=|/etc +ConditionCredential=|sysusers.extra + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-sysusers +TimeoutSec=90s + +# Optionally, pick up a root password and shell for the root user from a +# credential passed to the service manager. This is useful for importing this +# data from nspawn's --set-credential= switch. +LoadCredential=passwd.hashed-password.root +LoadCredential=passwd.plaintext-password.root +LoadCredential=passwd.shell.root + +# Also, allow configuring extra sysusers lines via a credential +LoadCredential=sysusers.extra diff --git a/units/systemd-time-wait-sync.service.in b/units/systemd-time-wait-sync.service.in new file mode 100644 index 0000000..d14491a --- /dev/null +++ b/units/systemd-time-wait-sync.service.in @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Wait Until Kernel Time Synchronized +Documentation=man:systemd-time-wait-sync.service(8) + +# Note that this tool doesn't need CAP_SYS_TIME itself, but its primary +# usecase is to run in conjunction with a local NTP service such as +# systemd-timesyncd.service, which is conditioned this way. There might be +# niche usecases where running this service independently is desired, but let's +# make this all "just work" for the general case, and leave it to local +# modifications to make it work in the remaining cases. + +ConditionCapability=CAP_SYS_TIME +ConditionVirtualization=!container + +DefaultDependencies=no +Before=time-sync.target shutdown.target +Wants=time-sync.target +Conflicts=shutdown.target + +[Service] +Type=oneshot +ExecStart={{ROOTLIBEXECDIR}}/systemd-time-wait-sync +TimeoutStartSec=infinity +RemainAfterExit=yes + +[Install] +WantedBy=sysinit.target diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in new file mode 100644 index 0000000..a8da138 --- /dev/null +++ b/units/systemd-timedated.service.in @@ -0,0 +1,42 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Time & Date Service +Documentation=man:systemd-timedated.service(8) +Documentation=man:localtime(5) +Documentation=man:org.freedesktop.timedate1(5) + +[Service] +BusName=org.freedesktop.timedate1 +CapabilityBoundingSet=CAP_SYS_TIME +DeviceAllow=char-rtc r +ExecStart={{ROOTLIBEXECDIR}}/systemd-timedated +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +ReadWritePaths=/etc +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @clock +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in new file mode 100644 index 0000000..c606461 --- /dev/null +++ b/units/systemd-timesyncd.service.in @@ -0,0 +1,60 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Time Synchronization +Documentation=man:systemd-timesyncd.service(8) +ConditionCapability=CAP_SYS_TIME +ConditionVirtualization=!container +DefaultDependencies=no +After=systemd-sysusers.service +Before=time-set.target sysinit.target shutdown.target +Conflicts=shutdown.target +Wants=time-set.target + +[Service] +AmbientCapabilities=CAP_SYS_TIME +BusName=org.freedesktop.timesync1 +CapabilityBoundingSet=CAP_SYS_TIME +# Turn off DNSSEC validation for hostname look-ups, since those need the +# correct time to work, but we likely won't acquire that without NTP. Let's +# break this chicken-and-egg cycle here. +Environment=SYSTEMD_NSS_RESOLVE_VALIDATE=0 +ExecStart=!!{{ROOTLIBEXECDIR}}/systemd-timesyncd +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +Restart=always +RestartSec=0 +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/timesync +StateDirectory=systemd/timesync +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service @clock +Type=notify +User=systemd-timesync +{{SERVICE_WATCHDOG}} + +[Install] +WantedBy=sysinit.target +Alias=dbus-org.freedesktop.timesync1.service diff --git a/units/systemd-tmpfiles-clean.service b/units/systemd-tmpfiles-clean.service new file mode 100644 index 0000000..4163aef --- /dev/null +++ b/units/systemd-tmpfiles-clean.service @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cleanup of Temporary Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + +DefaultDependencies=no +After=local-fs.target time-set.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +ExecStart=systemd-tmpfiles --clean +SuccessExitStatus=DATAERR +IOSchedulingClass=idle +LoadCredential=tmpfiles.extra diff --git a/units/systemd-tmpfiles-clean.timer b/units/systemd-tmpfiles-clean.timer new file mode 100644 index 0000000..310cfe2 --- /dev/null +++ b/units/systemd-tmpfiles-clean.timer @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Daily Cleanup of Temporary Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) +ConditionPathExists=!/etc/initrd-release + +[Timer] +OnBootSec=15min +OnUnitActiveSec=1d diff --git a/units/systemd-tmpfiles-setup-dev.service b/units/systemd-tmpfiles-setup-dev.service new file mode 100644 index 0000000..c65539a --- /dev/null +++ b/units/systemd-tmpfiles-setup-dev.service @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create Static Device Nodes in /dev +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + +DefaultDependencies=no +After=systemd-sysusers.service +Before=sysinit.target local-fs-pre.target systemd-udevd.service +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-tmpfiles --prefix=/dev --create --boot +SuccessExitStatus=DATAERR CANTCREAT +LoadCredential=tmpfiles.extra diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service new file mode 100644 index 0000000..a420465 --- /dev/null +++ b/units/systemd-tmpfiles-setup.service @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create Volatile Files and Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + +DefaultDependencies=no +After=local-fs.target systemd-sysusers.service systemd-journald.service +Before=sysinit.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target +RefuseManualStop=yes + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev +SuccessExitStatus=DATAERR CANTCREAT +LoadCredential=tmpfiles.extra +LoadCredential=login.motd +LoadCredential=login.issue +LoadCredential=network.hosts +LoadCredential=ssh.authorized_keys.root diff --git a/units/systemd-udev-settle.service b/units/systemd-udev-settle.service new file mode 100644 index 0000000..994c47f --- /dev/null +++ b/units/systemd-udev-settle.service @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This service can dynamically be pulled-in by legacy services which +# cannot reliably cope with dynamic device configurations, and wrongfully +# expect a populated /dev during bootup. + +[Unit] +Description=Wait for udev To Complete Device Initialization +Documentation=man:systemd-udev-settle.service(8) +DefaultDependencies=no +Wants=systemd-udevd.service +After=systemd-udev-trigger.service +Before=sysinit.target +ConditionPathIsReadWrite=/sys + +[Service] +Type=oneshot +TimeoutSec=180 +RemainAfterExit=yes +ExecStart=udevadm settle diff --git a/units/systemd-udev-trigger.service b/units/systemd-udev-trigger.service new file mode 100644 index 0000000..cb1e4f9 --- /dev/null +++ b/units/systemd-udev-trigger.service @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Coldplug All udev Devices +Documentation=man:udev(7) man:systemd-udevd.service(8) +DefaultDependencies=no +Wants=systemd-udevd.service +After=systemd-udevd-kernel.socket systemd-udevd-control.socket +Before=sysinit.target +ConditionPathIsReadWrite=/sys + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=-udevadm trigger --type=all --action=add --prioritized-subsystem=module,block,tpmrm,net,tty,input diff --git a/units/systemd-udevd-control.socket b/units/systemd-udevd-control.socket new file mode 100644 index 0000000..89304ab --- /dev/null +++ b/units/systemd-udevd-control.socket @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=udev Control Socket +Documentation=man:systemd-udevd-control.socket(8) man:udev(7) +DefaultDependencies=no +Before=sockets.target +ConditionPathIsReadWrite=/sys + +[Socket] +Service=systemd-udevd.service +ListenSequentialPacket=/run/udev/control +SocketMode=0600 +PassCredentials=yes +RemoveOnStop=yes diff --git a/units/systemd-udevd-kernel.socket b/units/systemd-udevd-kernel.socket new file mode 100644 index 0000000..0d46043 --- /dev/null +++ b/units/systemd-udevd-kernel.socket @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=udev Kernel Socket +Documentation=man:systemd-udevd-kernel.socket(8) man:udev(7) +DefaultDependencies=no +Before=sockets.target +ConditionPathIsReadWrite=/sys + +[Socket] +Service=systemd-udevd.service +ReceiveBuffer=128M +ListenNetlink=kobject-uevent 1 +PassCredentials=yes diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in new file mode 100644 index 0000000..e9dbe85 --- /dev/null +++ b/units/systemd-udevd.service.in @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rule-based Manager for Device Events and Files +Documentation=man:systemd-udevd.service(8) man:udev(7) +DefaultDependencies=no +After=systemd-sysusers.service systemd-hwdb-update.service +Before=sysinit.target +ConditionPathIsReadWrite=/sys + +[Service] +CapabilityBoundingSet=~CAP_SYS_TIME CAP_WAKE_ALARM +Delegate=pids +Type=notify +# Note that udev will reset the value internally for its workers +OOMScoreAdjust=-1000 +Sockets=systemd-udevd-control.socket systemd-udevd-kernel.socket +Restart=always +RestartSec=0 +ExecStart={{ROOTLIBEXECDIR}}/systemd-udevd +ExecReload=udevadm control --reload --timeout 0 +KillMode=mixed +TasksMax=infinity +PrivateMounts=yes +ProtectHostname=yes +MemoryDenyWriteExecute=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallFilter=@system-service @module @raw-io bpf +SystemCallFilter=~@clock +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +LockPersonality=yes +IPAddressDeny=any +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-update-done.service.in b/units/systemd-update-done.service.in new file mode 100644 index 0000000..53cc6dd --- /dev/null +++ b/units/systemd-update-done.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Update is Completed +Documentation=man:systemd-update-done.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs.target +Before=sysinit.target shutdown.target +ConditionNeedsUpdate=|/etc +ConditionNeedsUpdate=|/var + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-update-done diff --git a/units/systemd-update-utmp-runlevel.service.in b/units/systemd-update-utmp-runlevel.service.in new file mode 100644 index 0000000..11177dc --- /dev/null +++ b/units/systemd-update-utmp-runlevel.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Record Runlevel Change in UTMP +Documentation=man:systemd-update-utmp-runlevel.service(8) man:utmp(5) +DefaultDependencies=no +RequiresMountsFor=/var/log/wtmp +Conflicts=shutdown.target +Requisite=systemd-update-utmp.service +After=systemd-update-utmp.service +After=runlevel1.target runlevel2.target runlevel3.target runlevel4.target runlevel5.target +Before=shutdown.target + +[Service] +Type=oneshot +ExecStart={{ROOTLIBEXECDIR}}/systemd-update-utmp runlevel diff --git a/units/systemd-update-utmp.service.in b/units/systemd-update-utmp.service.in new file mode 100644 index 0000000..cedefa8 --- /dev/null +++ b/units/systemd-update-utmp.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Record System Boot/Shutdown in UTMP +Documentation=man:systemd-update-utmp.service(8) man:utmp(5) +DefaultDependencies=no +RequiresMountsFor=/var/log/wtmp +Conflicts=shutdown.target +After=systemd-remount-fs.service systemd-tmpfiles-setup.service auditd.service +Before=sysinit.target shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-update-utmp reboot +ExecStop={{ROOTLIBEXECDIR}}/systemd-update-utmp shutdown diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in new file mode 100644 index 0000000..adca848 --- /dev/null +++ b/units/systemd-user-sessions.service.in @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Permit User Sessions +Documentation=man:systemd-user-sessions.service(8) +After=remote-fs.target nss-user-lookup.target network.target home.mount + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-user-sessions start +ExecStop={{ROOTLIBEXECDIR}}/systemd-user-sessions stop diff --git a/units/systemd-userdbd.service.in b/units/systemd-userdbd.service.in new file mode 100644 index 0000000..b576611 --- /dev/null +++ b/units/systemd-userdbd.service.in @@ -0,0 +1,45 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Database Manager +Documentation=man:systemd-userdbd.service(8) +Requires=systemd-userdbd.socket +After=systemd-userdbd.socket +Before=sysinit.target +DefaultDependencies=no + +[Service] +CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_RESOURCE +ExecStart={{ROOTLIBEXECDIR}}/systemd-userdbd +IPAddressDeny=any +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +Type=notify +{{SERVICE_WATCHDOG}} + +[Install] +Also=systemd-userdbd.socket diff --git a/units/systemd-userdbd.socket b/units/systemd-userdbd.socket new file mode 100644 index 0000000..768253a --- /dev/null +++ b/units/systemd-userdbd.socket @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Database Manager Socket +Documentation=man:systemd-userdbd.service(8) +DefaultDependencies=no +Before=sockets.target + +[Socket] +ListenStream=/run/systemd/userdb/io.systemd.Multiplexer +Symlinks=/run/systemd/userdb/io.systemd.NameServiceSwitch /run/systemd/userdb/io.systemd.DropIn +SocketMode=0666 + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-vconsole-setup.service.in b/units/systemd-vconsole-setup.service.in new file mode 100644 index 0000000..23f5ac2 --- /dev/null +++ b/units/systemd-vconsole-setup.service.in @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Setup Virtual Console +Documentation=man:systemd-vconsole-setup.service(8) man:vconsole.conf(5) +DefaultDependencies=no +Before=initrd-switch-root.target shutdown.target +ConditionPathExists=/dev/tty0 + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-vconsole-setup diff --git a/units/systemd-volatile-root.service.in b/units/systemd-volatile-root.service.in new file mode 100644 index 0000000..5a0ec89 --- /dev/null +++ b/units/systemd-volatile-root.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Enforce Volatile Root File Systems +Documentation=man:systemd-volatile-root.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=sysroot.mount sysroot-usr.mount systemd-repart.service +Before=initrd-root-fs.target shutdown.target +AssertPathExists=/etc/initrd-release + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-volatile-root yes /sysroot diff --git a/units/time-set.target b/units/time-set.target new file mode 100644 index 0000000..daac8ef --- /dev/null +++ b/units/time-set.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Time Set +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/time-sync.target b/units/time-sync.target new file mode 100644 index 0000000..e730bbd --- /dev/null +++ b/units/time-sync.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Time Synchronized +Documentation=man:systemd.special(7) +RefuseManualStart=yes +After=time-set.target +Wants=time-set.target diff --git a/units/timers.target b/units/timers.target new file mode 100644 index 0000000..2e626be --- /dev/null +++ b/units/timers.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Timer Units +Documentation=man:systemd.special(7) + +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/tmp.mount b/units/tmp.mount new file mode 100644 index 0000000..734acea --- /dev/null +++ b/units/tmp.mount @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Temporary Directory /tmp +Documentation=https://systemd.io/TEMPORARY_DIRECTORIES +Documentation=man:file-hierarchy(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +ConditionPathIsSymbolicLink=!/tmp +DefaultDependencies=no +Conflicts=umount.target +Before=local-fs.target umount.target +After=swap.target + +[Mount] +What=tmpfs +Where=/tmp +Type=tmpfs +Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m diff --git a/units/umount.target b/units/umount.target new file mode 100644 index 0000000..319b503 --- /dev/null +++ b/units/umount.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Unmount All Filesystems +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes diff --git a/units/usb-gadget.target b/units/usb-gadget.target new file mode 100644 index 0000000..46de5b8 --- /dev/null +++ b/units/usb-gadget.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Hardware activated USB gadget +Documentation=man:systemd.special(7) diff --git a/units/user-.slice.d/10-defaults.conf b/units/user-.slice.d/10-defaults.conf new file mode 100644 index 0000000..f688eac --- /dev/null +++ b/units/user-.slice.d/10-defaults.conf @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Slice of UID %j +Documentation=man:user@.service(5) +StopWhenUnneeded=yes + +[Slice] +TasksMax=33% diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in new file mode 100644 index 0000000..7314173 --- /dev/null +++ b/units/user-runtime-dir@.service.in @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Runtime Directory /run/user/%i +Documentation=man:user@.service(5) +After=dbus.service +StopWhenUnneeded=yes +IgnoreOnIsolate=yes + +[Service] +ExecStart={{ROOTLIBEXECDIR}}/systemd-user-runtime-dir start %i +ExecStop={{ROOTLIBEXECDIR}}/systemd-user-runtime-dir stop %i +Type=oneshot +RemainAfterExit=yes +Slice=user-%i.slice diff --git a/units/user.slice b/units/user.slice new file mode 100644 index 0000000..3e49064 --- /dev/null +++ b/units/user.slice @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User and Session Slice +Documentation=man:systemd.special(7) +Before=slices.target diff --git a/units/user/app.slice b/units/user/app.slice new file mode 100644 index 0000000..eac5064 --- /dev/null +++ b/units/user/app.slice @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Application Slice +Documentation=man:systemd.special(7) + +[Slice] +CPUWeight=100 diff --git a/units/user/background.slice b/units/user/background.slice new file mode 100644 index 0000000..a976775 --- /dev/null +++ b/units/user/background.slice @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Background Tasks Slice +Documentation=man:systemd.special(7) + +[Slice] +CPUWeight=30 diff --git a/units/user/basic.target b/units/user/basic.target new file mode 100644 index 0000000..6c79304 --- /dev/null +++ b/units/user/basic.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Basic System +Documentation=man:systemd.special(7) +Wants=sockets.target timers.target paths.target +After=sockets.target timers.target paths.target diff --git a/units/user/bluetooth.target b/units/user/bluetooth.target new file mode 100644 index 0000000..8333c23 --- /dev/null +++ b/units/user/bluetooth.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Bluetooth +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/user/default.target b/units/user/default.target new file mode 100644 index 0000000..b182431 --- /dev/null +++ b/units/user/default.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Main User Target +Documentation=man:systemd.special(7) +Requires=basic.target +After=basic.target +AllowIsolate=yes diff --git a/units/user/exit.target b/units/user/exit.target new file mode 100644 index 0000000..ec2dde2 --- /dev/null +++ b/units/user/exit.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Exit the Session +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=systemd-exit.service +After=systemd-exit.service +AllowIsolate=yes diff --git a/units/user/graphical-session-pre.target b/units/user/graphical-session-pre.target new file mode 100644 index 0000000..4b9e3dc --- /dev/null +++ b/units/user/graphical-session-pre.target @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Session services which should run early before the graphical session is brought up +Documentation=man:systemd.special(7) +Requires=basic.target +Before=graphical-session.target +RefuseManualStart=yes +StopWhenUnneeded=yes diff --git a/units/user/graphical-session.target b/units/user/graphical-session.target new file mode 100644 index 0000000..1f8fafc --- /dev/null +++ b/units/user/graphical-session.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Current graphical user session +Documentation=man:systemd.special(7) +Requires=basic.target +RefuseManualStart=yes +StopWhenUnneeded=yes diff --git a/units/user/meson.build b/units/user/meson.build new file mode 100644 index 0000000..850ac2c --- /dev/null +++ b/units/user/meson.build @@ -0,0 +1,33 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +units = [ + 'app.slice', + 'background.slice', + 'basic.target', + 'bluetooth.target', + 'default.target', + 'exit.target', + 'graphical-session-pre.target', + 'graphical-session.target', + 'paths.target', + 'printer.target', + 'session.slice', + 'shutdown.target', + 'smartcard.target', + 'sockets.target', + 'sound.target', + 'systemd-exit.service', + 'systemd-tmpfiles-clean.service', + 'systemd-tmpfiles-clean.timer', + 'systemd-tmpfiles-setup.service', + 'timers.target', +] + +if conf.get('ENABLE_XDG_AUTOSTART') == 1 + units += 'xdg-desktop-autostart.target' +endif + +foreach file : units + install_data(file, + install_dir : userunitdir) +endforeach diff --git a/units/user/paths.target b/units/user/paths.target new file mode 100644 index 0000000..1bec148 --- /dev/null +++ b/units/user/paths.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Paths +Documentation=man:systemd.special(7) diff --git a/units/user/printer.target b/units/user/printer.target new file mode 100644 index 0000000..c695669 --- /dev/null +++ b/units/user/printer.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Printer +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/user/session.slice b/units/user/session.slice new file mode 100644 index 0000000..aa12b7d --- /dev/null +++ b/units/user/session.slice @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Core Session Slice +Documentation=man:systemd.special(7) + +[Slice] +CPUWeight=100 diff --git a/units/user/shutdown.target b/units/user/shutdown.target new file mode 100644 index 0000000..582ae6b --- /dev/null +++ b/units/user/shutdown.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Shutdown +Documentation=man:systemd.special(7) +DefaultDependencies=no +RefuseManualStart=yes diff --git a/units/user/smartcard.target b/units/user/smartcard.target new file mode 100644 index 0000000..0c3fe72 --- /dev/null +++ b/units/user/smartcard.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Smart Card +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/user/sockets.target b/units/user/sockets.target new file mode 100644 index 0000000..c6e20d7 --- /dev/null +++ b/units/user/sockets.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Sockets +Documentation=man:systemd.special(7) diff --git a/units/user/sound.target b/units/user/sound.target new file mode 100644 index 0000000..99e68af --- /dev/null +++ b/units/user/sound.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Sound Card +Documentation=man:systemd.special(7) +StopWhenUnneeded=yes diff --git a/units/user/systemd-exit.service b/units/user/systemd-exit.service new file mode 100644 index 0000000..1872525 --- /dev/null +++ b/units/user/systemd-exit.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Exit the Session +Documentation=man:systemd.special(7) +DefaultDependencies=no +Requires=shutdown.target +After=shutdown.target +SuccessAction=exit-force + +[Service] +# Place into the root slice to not keep another slice unit alive +Slice=-.slice diff --git a/units/user/systemd-tmpfiles-clean.service b/units/user/systemd-tmpfiles-clean.service new file mode 100644 index 0000000..6a93707 --- /dev/null +++ b/units/user/systemd-tmpfiles-clean.service @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Cleanup of User's Temporary Files and Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=basic.target shutdown.target + +[Service] +Type=oneshot +ExecStart=systemd-tmpfiles --user --clean +SuccessExitStatus=DATAERR +IOSchedulingClass=idle +Slice=background.slice diff --git a/units/user/systemd-tmpfiles-clean.timer b/units/user/systemd-tmpfiles-clean.timer new file mode 100644 index 0000000..f8f6ef4 --- /dev/null +++ b/units/user/systemd-tmpfiles-clean.timer @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Daily Cleanup of User's Temporary Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + +[Timer] +OnStartupSec=5min +OnUnitActiveSec=1d + +[Install] +WantedBy=timers.target diff --git a/units/user/systemd-tmpfiles-setup.service b/units/user/systemd-tmpfiles-setup.service new file mode 100644 index 0000000..156689e --- /dev/null +++ b/units/user/systemd-tmpfiles-setup.service @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Create User's Volatile Files and Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) +DefaultDependencies=no +Conflicts=shutdown.target +Before=basic.target shutdown.target +RefuseManualStop=yes + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-tmpfiles --user --create --remove --boot +SuccessExitStatus=DATAERR + +[Install] +WantedBy=basic.target diff --git a/units/user/timers.target b/units/user/timers.target new file mode 100644 index 0000000..99f82e3 --- /dev/null +++ b/units/user/timers.target @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Timers +Documentation=man:systemd.special(7) + +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/units/user/xdg-desktop-autostart.target b/units/user/xdg-desktop-autostart.target new file mode 100644 index 0000000..1be7c4b --- /dev/null +++ b/units/user/xdg-desktop-autostart.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Startup of XDG autostart applications +Documentation=man:systemd.special(7) +RefuseManualStart=yes +StopWhenUnneeded=yes diff --git a/units/user@.service.d/10-login-barrier.conf b/units/user@.service.d/10-login-barrier.conf new file mode 100644 index 0000000..d88df10 --- /dev/null +++ b/units/user@.service.d/10-login-barrier.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +# Make sure user instances are started after logins are allowed. However this +# is not desirable for user@0.service since root should be able to log in +# earlier during the boot process especially if something goes wrong. +After=systemd-user-sessions.service diff --git a/units/user@.service.in b/units/user@.service.in new file mode 100644 index 0000000..1735e8e --- /dev/null +++ b/units/user@.service.in @@ -0,0 +1,28 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Manager for UID %i +Documentation=man:user@.service(5) +After=user-runtime-dir@%i.service dbus.service systemd-oomd.service +Requires=user-runtime-dir@%i.service +IgnoreOnIsolate=yes + +[Service] +User=%i +PAMName=systemd-user +Type=notify +ExecStart={{ROOTLIBEXECDIR}}/systemd --user +Slice=user-%i.slice +KillMode=mixed +Delegate=pids memory cpu +TasksMax=infinity +TimeoutStopSec=120s +KeyringMode=inherit +OOMScoreAdjust=100 diff --git a/units/user@0.service.d/10-login-barrier.conf b/units/user@0.service.d/10-login-barrier.conf new file mode 100644 index 0000000..b777009 --- /dev/null +++ b/units/user@0.service.d/10-login-barrier.conf @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# Empty file to mask its counterpart for unprivileged users and thus cancels +# "After=systemd-user-session.service" ordering constraint so that root can log +# in even if the boot process is not yet finished. diff --git a/units/var-lib-machines.mount b/units/var-lib-machines.mount new file mode 100644 index 0000000..82ebfa5 --- /dev/null +++ b/units/var-lib-machines.mount @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This unit is required for pre-240 versions of systemd that automatically set +# up /var/lib/machines.raw as loopback-mounted btrfs file system. Later +# versions don't do that anymore, but let's keep minimal compatibility by +# mounting the image still, if it exists. + +[Unit] +Description=Virtual Machine and Container Storage (Compatibility) +ConditionPathExists=/var/lib/machines.raw + +[Mount] +What=/var/lib/machines.raw +Where=/var/lib/machines +Type=btrfs +Options=loop diff --git a/units/veritysetup-pre.target b/units/veritysetup-pre.target new file mode 100644 index 0000000..869575a --- /dev/null +++ b/units/veritysetup-pre.target @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Verity Protected Volumes (Pre) +Documentation=man:systemd.special(7) +RefuseManualStart=yes +Before=veritysetup.target diff --git a/units/veritysetup.target b/units/veritysetup.target new file mode 100644 index 0000000..c75b153 --- /dev/null +++ b/units/veritysetup.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Local Verity Protected Volumes +Documentation=man:systemd.special(7) |