mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
d1f6e01e47
Let's explicitly deactivate all home dirs on shutdown, in order to properly synchronizing unmounting and avoiding blocking devices. Previously, we'd rely on automatic deactivation when home directories become unused. However, that scheme is asynchronous, and ongoing deactviations might conflicts with attempts to unmount /home. Let's fix that by providing an explicit service systemd-homed-activate.service whose only job is to have a ExecStop= line that explicitly deactivates all home directories on shutdown. This service can the be ordered after home.mount and similar, ensuring that we'll first deactivate all homes before deactivating /home itself during shutdown. This is kept separate from systemd-homed.service so that it is possible to restart systemd-homed.service without deactivating all home directories. Fixes: #16842
43 lines
1.3 KiB
SYSTEMD
43 lines
1.3 KiB
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1+
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Home Area Manager
|
|
Documentation=man:systemd-homed.service(8)
|
|
Documentation=man:org.freedesktop.home1(5)
|
|
|
|
After=home.mount
|
|
|
|
[Service]
|
|
BusName=org.freedesktop.home1
|
|
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
|
|
DeviceAllow=/dev/loop-control rw
|
|
DeviceAllow=/dev/mapper/control rw
|
|
DeviceAllow=block-* rw
|
|
ExecStart=@rootlibexecdir@/systemd-homed
|
|
IPAddressDeny=any
|
|
KillMode=mixed
|
|
LimitNOFILE=@HIGH_RLIMIT_NOFILE@
|
|
LockPersonality=yes
|
|
MemoryDenyWriteExecute=yes
|
|
NoNewPrivileges=yes
|
|
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_ALG
|
|
RestrictNamespaces=mnt
|
|
RestrictRealtime=yes
|
|
StateDirectory=systemd/home
|
|
SystemCallArchitectures=native
|
|
SystemCallErrorNumber=EPERM
|
|
SystemCallFilter=@system-service @mount
|
|
@SERVICE_WATCHDOG@
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
Alias=dbus-org.freedesktop.home1.service
|
|
Also=systemd-homed-activate.service systemd-userdbd.service
|