2020-11-09 07:23:58 +03:00
# SPDX-License-Identifier: LGPL-2.1-or-later
2017-11-18 19:35:03 +03:00
#
2012-05-21 17:12:18 +04:00
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
2010-06-25 03:31:57 +04:00
[Unit]
2020-06-02 15:14:20 +03:00
Description = Rule-based Manager for Device Events and Files
2012-06-27 03:06:35 +04:00
Documentation = man:systemd-udevd.service(8) man:udev(7)
2013-03-26 00:22:52 +04:00
DefaultDependencies = no
2017-08-15 16:22:44 +03:00
After = systemd-sysusers.service systemd-hwdb-update.service
2013-06-15 00:56:39 +04:00
Before = sysinit.target
ConditionPathIsReadWrite = /sys
2010-06-25 03:31:57 +04:00
[Service]
2022-03-16 14:46:49 +03:00
Delegate = pids
2020-04-02 21:18:11 +03:00
DeviceAllow = block-* rwm
DeviceAllow = char-* rwm
2010-06-25 03:31:57 +04:00
Type = notify
2020-11-20 11:16:44 +03:00
# Note that udev will reset the value internally for its workers
2011-04-14 16:44:21 +04:00
OOMScoreAdjust = -1000
2012-07-02 23:35:14 +04:00
Sockets = systemd-udevd-control.socket systemd-udevd-kernel.socket
2012-06-28 14:13:52 +04:00
Restart = always
2012-07-18 04:31:52 +04:00
RestartSec = 0
2021-05-16 12:55:36 +03:00
ExecStart = {{ROOTLIBEXECDIR}}/systemd-udevd
2019-12-18 11:14:57 +03:00
ExecReload = udevadm control --reload --timeout 0
2015-04-24 17:12:28 +03:00
KillMode = mixed
2016-06-23 23:31:01 +03:00
TasksMax = infinity
2018-06-01 12:24:40 +03:00
PrivateMounts = yes
2020-04-02 21:18:11 +03:00
ProtectClock = yes
2019-02-19 01:30:12 +03:00
ProtectHostname = yes
2016-08-26 14:23:27 +03:00
MemoryDenyWriteExecute = yes
2016-10-06 16:40:53 +03:00
RestrictAddressFamilies = AF_UNIX AF_NETLINK AF_INET AF_INET6
2019-03-20 21:52:20 +03:00
RestrictRealtime = yes
RestrictSUIDSGID = yes
2021-11-30 13:07:30 +03:00
SystemCallFilter = @system-service @module @raw-io bpf
2018-04-19 12:04:17 +03:00
SystemCallErrorNumber = EPERM
2017-02-09 00:32:37 +03:00
SystemCallArchitectures = native
2017-09-14 20:45:40 +03:00
LockPersonality = yes
2017-10-04 15:16:28 +03:00
IPAddressDeny = any
2021-05-16 12:55:36 +03:00
{ { S E R V I C E _ W A T C H D O G } }