diff --git a/meson.build b/meson.build index 9dbdf340804..44931368de1 100644 --- a/meson.build +++ b/meson.build @@ -242,6 +242,7 @@ conf.set_quoted('SYSTEMD_SHUTDOWN_BINARY_PATH', join_paths(rootlib conf.set_quoted('SYSTEMCTL_BINARY_PATH', join_paths(rootbindir, 'systemctl')) conf.set_quoted('SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH', join_paths(rootbindir, 'systemd-tty-ask-password-agent')) conf.set_quoted('SYSTEMD_STDIO_BRIDGE_BINARY_PATH', join_paths(bindir, 'systemd-stdio-bridge')) +conf.set_quoted('ROOTBINDIR', rootbindir) conf.set_quoted('ROOTPREFIX', rootprefixdir) conf.set_quoted('ROOTPREFIX_NOSLASH', rootprefixdir_noslash) conf.set_quoted('RANDOM_SEED_DIR', randomseeddir) @@ -842,6 +843,7 @@ substs.set('TTY_GID', tty_gid) # Ensure provided GID argument is numeric, otherwise fall back to default assignment users_gid = get_option('users-gid') +conf.set('USERS_GID', users_gid < 0 ? '-' : users_gid) substs.set('USERS_GID', users_gid < 0 ? '-' : users_gid) conf.set10('ENABLE_ADM_GROUP', get_option('adm-group')) @@ -887,6 +889,7 @@ if localegen_path != '' writable = ' /usr/lib/locale' endif substs.set('SERVICE_LOCALEGEN_WRITABLE', writable) +conf.set_quoted('SERVICE_LOCALEGEN_WRITABLE', writable) conf.set10('HAVE_LOCALEGEN', have) conf.set_quoted('GETTEXT_PACKAGE', meson.project_name()) @@ -894,7 +897,9 @@ conf.set_quoted('GETTEXT_PACKAGE', meson.project_name()) service_watchdog = get_option('service-watchdog') watchdog_value = service_watchdog == '' ? '' : 'WatchdogSec=' + service_watchdog substs.set('SERVICE_WATCHDOG', watchdog_value) +conf.set_quoted('SERVICE_WATCHDOG', watchdog_value) +conf.set_quoted('SUSHELL', get_option('debug-shell')) substs.set('SUSHELL', get_option('debug-shell')) substs.set('DEBUGTTY', get_option('debug-tty')) conf.set_quoted('DEBUGTTY', get_option('debug-tty')) @@ -3741,7 +3746,7 @@ status = [ 'debug shell: @0@ @ @1@'.format(get_option('debug-shell'), get_option('debug-tty')), 'TTY GID: @0@'.format(tty_gid), - 'users GID: @0@'.format(substs.get('USERS_GID')), + 'users GID: @0@'.format(conf.get('USERS_GID')), 'system UIDs: <=@0@ (alloc >=@1@)'.format(conf.get('SYSTEM_UID_MAX'), conf.get('SYSTEM_ALLOC_UID_MIN')), 'system GIDs: <=@0@ (alloc >=@1@)'.format(conf.get('SYSTEM_GID_MAX'), diff --git a/units/console-getty.service.m4 b/units/console-getty.service.in similarity index 93% rename from units/console-getty.service.m4 rename to units/console-getty.service.in index d61a490be32..bb67541dceb 100644 --- a/units/console-getty.service.m4 +++ b/units/console-getty.service.in @@ -11,9 +11,9 @@ Description=Console Getty Documentation=man:agetty(8) man:systemd-getty-generator(8) After=systemd-user-sessions.service plymouth-quit-wait.service -m4_ifdef(`HAVE_SYSV_COMPAT', +{% if HAVE_SYSV_COMPAT %} After=rc-local.service getty-pre.target -)m4_dnl +{% endif %} Before=getty.target # OCI containers may be run without a console @@ -30,9 +30,9 @@ UtmpIdentifier=cons TTYPath=/dev/console TTYReset=yes TTYVHangup=yes -m4_ifdef(`ENABLE_LOGIND',, +{% if not ENABLE_LOGIND %} KillMode=process -)m4_dnl +{% endif %} IgnoreSIGPIPE=no SendSIGHUP=yes diff --git a/units/container-getty@.service.m4 b/units/container-getty@.service.in similarity index 94% rename from units/container-getty@.service.m4 rename to units/container-getty@.service.in index 92307a3ccb5..ed1eb7bde10 100644 --- a/units/container-getty@.service.m4 +++ b/units/container-getty@.service.in @@ -12,9 +12,9 @@ Description=Container Getty on /dev/pts/%I Documentation=man:agetty(8) man:systemd-getty-generator(8) Documentation=man:machinectl(1) After=systemd-user-sessions.service plymouth-quit-wait.service -m4_ifdef(`HAVE_SYSV_COMPAT', +{% if HAVE_SYSV_COMPAT %} After=rc-local.service getty-pre.target -)m4_dnl +{% endif %} Before=getty.target IgnoreOnIsolate=yes ConditionPathExists=/dev/pts/%I @@ -36,8 +36,8 @@ UtmpIdentifier=pts/%I TTYPath=/dev/pts/%I TTYReset=yes TTYVHangup=yes -m4_ifdef(`ENABLE_LOGIND',, +{% if not ENABLE_LOGIND %} KillMode=process -)m4_dnl +{% endif %} IgnoreSIGPIPE=no SendSIGHUP=yes diff --git a/units/debug-shell.service.in b/units/debug-shell.service.in index 5b4de84eaca..1588bb95966 100644 --- a/units/debug-shell.service.in +++ b/units/debug-shell.service.in @@ -8,19 +8,19 @@ # (at your option) any later version. [Unit] -Description=Early root shell on @DEBUGTTY@ FOR DEBUGGING ONLY +Description=Early root shell on {{DEBUGTTY}} FOR DEBUGGING ONLY Documentation=man:systemd-debug-generator(8) DefaultDependencies=no IgnoreOnIsolate=yes -ConditionPathExists=@DEBUGTTY@ +ConditionPathExists={{DEBUGTTY}} [Service] Environment=TERM=linux -ExecStart=@SUSHELL@ +ExecStart={{SUSHELL}} Restart=always RestartSec=0 StandardInput=tty -TTYPath=@DEBUGTTY@ +TTYPath={{DEBUGTTY}} TTYReset=yes TTYVHangup=yes KillMode=process diff --git a/units/emergency.service.in b/units/emergency.service.in index 9418f5e7173..a126ad9bb12 100644 --- a/units/emergency.service.in +++ b/units/emergency.service.in @@ -19,8 +19,8 @@ Before=rescue.service [Service] Environment=HOME=/root WorkingDirectory=-/root -ExecStartPre=-@rootbindir@/plymouth --wait quit -ExecStart=-@rootlibexecdir@/systemd-sulogin-shell emergency +ExecStartPre=-{{ROOTBINDIR}}/plymouth --wait quit +ExecStart=-{{ROOTLIBEXECDIR}}/systemd-sulogin-shell emergency Type=idle StandardInput=tty-force StandardOutput=inherit diff --git a/units/getty@.service.m4 b/units/getty@.service.in similarity index 96% rename from units/getty@.service.m4 rename to units/getty@.service.in index 4c21002619e..78deb7cffed 100644 --- a/units/getty@.service.m4 +++ b/units/getty@.service.in @@ -12,9 +12,9 @@ Description=Getty on %I Documentation=man:agetty(8) man:systemd-getty-generator(8) Documentation=http://0pointer.de/blog/projects/serial-console.html After=systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target -m4_ifdef(`HAVE_SYSV_COMPAT', +{% if HAVE_SYSV_COMPAT %} After=rc-local.service -)m4_dnl +{% endif %} # If additional gettys are spawned during boot then we should make # sure that this is synchronized before getty.target, even though @@ -47,9 +47,9 @@ TTYPath=/dev/%I TTYReset=yes TTYVHangup=yes TTYVTDisallocate=yes -m4_ifdef(`ENABLE_LOGIND',, +{% if not ENABLE_LOGIND %} KillMode=process -)m4_dnl +{% endif %} IgnoreSIGPIPE=no SendSIGHUP=yes diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in index f4170d6a99f..fd5e6d7ca60 100644 --- a/units/kmod-static-nodes.service.in +++ b/units/kmod-static-nodes.service.in @@ -17,4 +17,4 @@ ConditionFileNotEmpty=/lib/modules/%v/modules.devname [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@KMOD@ static-nodes --format=tmpfiles --output=/run/tmpfiles.d/static-nodes.conf +ExecStart={{KMOD}} static-nodes --format=tmpfiles --output=/run/tmpfiles.d/static-nodes.conf diff --git a/units/meson.build b/units/meson.build index 01850a82472..17e9ead9c19 100644 --- a/units/meson.build +++ b/units/meson.build @@ -165,13 +165,18 @@ units = [ ] in_units = [ + ['console-getty.service', ''], + ['container-getty@.service', ''], ['debug-shell.service', ''], ['emergency.service', ''], + ['getty@.service', '', + 'autovt@.service'], ['kmod-static-nodes.service', 'HAVE_KMOD ENABLE_TMPFILES', 'sysinit.target.wants/'], ['quotaon.service', 'ENABLE_QUOTACHECK'], ['rc-local.service', 'HAVE_SYSV_COMPAT'], ['rescue.service', ''], + ['serial-getty@.service', ''], ['systemd-backlight@.service', 'ENABLE_BACKLIGHT'], ['systemd-binfmt.service', 'ENABLE_BINFMT', 'sysinit.target.wants/'], @@ -247,14 +252,6 @@ in_units = [ ['user@.service', ''], ] -m4_units = [ - ['console-getty.service', ''], - ['container-getty@.service', ''], - ['getty@.service', '', - 'autovt@.service '], - ['serial-getty@.service', ''], -] - add_wants = [] foreach tuple : in_units @@ -265,15 +262,11 @@ foreach tuple : in_units install = ((conds.get(0, '') == '' or conf.get(conds[0]) == 1) and (conds.get(1, '') == '' or conf.get(conds[1]) == 1)) - gen1 = configure_file( - input : file + '.in', - output : file + '.tmp', - configuration : substs) - gen2 = custom_target( + custom_target( file, - input : gen1, + input : file + '.in', output : file, - command : [sed, '/^## /d', '@INPUT@'], + command : [meson_render_jinja2, config_h, '@INPUT@'], capture : true, install : install, install_dir : systemunitdir) @@ -285,31 +278,6 @@ foreach tuple : in_units endif endforeach -foreach tuple : m4_units - file = tuple[0] - input = tuple.get(3, file + '.m4') - - # we do this here because install_data does not accept custom_target output - conds = tuple[1].split(' ') - install = ((conds.get(0, '') == '' or conf.get(conds[0]) == 1) and - (conds.get(1, '') == '' or conf.get(conds[1]) == 1)) - - custom_target( - file, - input : input, - output: file, - command : [meson_apply_m4, config_h, '@INPUT@'], - capture : true, - install : install, - install_dir : systemunitdir) - - if tuple.length() > 2 and install - foreach target : tuple[2].split() - add_wants += [systemunitdir, target, file] - endforeach - endif -endforeach - foreach tuple : units file = tuple[0] input = tuple.get(3, file) diff --git a/units/quotaon.service.in b/units/quotaon.service.in index fa6b4c82393..ffabebfafe6 100644 --- a/units/quotaon.service.in +++ b/units/quotaon.service.in @@ -13,9 +13,9 @@ Documentation=man:quotaon(8) DefaultDependencies=no After=systemd-quotacheck.service Before=remote-fs.target shutdown.target -ConditionPathExists=@QUOTAON@ +ConditionPathExists={{QUOTAON}} [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@QUOTAON@ -aug +ExecStart={{QUOTAON}} -aug diff --git a/units/rc-local.service.in b/units/rc-local.service.in index f7ce98f18ea..55e83dfe007 100644 --- a/units/rc-local.service.in +++ b/units/rc-local.service.in @@ -8,16 +8,16 @@ # (at your option) any later version. # This unit gets pulled automatically into multi-user.target by -# systemd-rc-local-generator if @RC_LOCAL_PATH@ is executable. +# systemd-rc-local-generator if {{RC_LOCAL_PATH}} is executable. [Unit] -Description=@RC_LOCAL_PATH@ Compatibility +Description={{RC_LOCAL_PATH}} Compatibility Documentation=man:systemd-rc-local-generator(8) -ConditionFileIsExecutable=@RC_LOCAL_PATH@ +ConditionFileIsExecutable={{RC_LOCAL_PATH}} After=network.target [Service] Type=forking -ExecStart=@RC_LOCAL_PATH@ start +ExecStart={{RC_LOCAL_PATH}} start TimeoutSec=0 RemainAfterExit=yes GuessMainPID=no diff --git a/units/rescue.service.in b/units/rescue.service.in index 20185160033..74b933726e2 100644 --- a/units/rescue.service.in +++ b/units/rescue.service.in @@ -18,8 +18,8 @@ Before=shutdown.target [Service] Environment=HOME=/root WorkingDirectory=-/root -ExecStartPre=-@rootbindir@/plymouth --wait quit -ExecStart=-@rootlibexecdir@/systemd-sulogin-shell rescue +ExecStartPre=-{{ROOTBINDIR}}/plymouth --wait quit +ExecStart=-{{ROOTLIBEXECDIR}}/systemd-sulogin-shell rescue Type=idle StandardInput=tty-force StandardOutput=inherit diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.in similarity index 95% rename from units/serial-getty@.service.m4 rename to units/serial-getty@.service.in index 72c1df590db..bb7af3105d0 100644 --- a/units/serial-getty@.service.m4 +++ b/units/serial-getty@.service.in @@ -13,9 +13,9 @@ Documentation=man:agetty(8) man:systemd-getty-generator(8) Documentation=http://0pointer.de/blog/projects/serial-console.html BindsTo=dev-%i.device After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target -m4_ifdef(`HAVE_SYSV_COMPAT', +{% if HAVE_SYSV_COMPAT %} After=rc-local.service -)m4_dnl +{% endif %} # If additional gettys are spawned during boot then we should make # sure that this is synchronized before getty.target, even though @@ -40,9 +40,9 @@ UtmpIdentifier=%I TTYPath=/dev/%I TTYReset=yes TTYVHangup=yes -m4_ifdef(`ENABLE_LOGIND',, +{% if not ENABLE_LOGIND %} KillMode=process -)m4_dnl +{% endif %} IgnoreSIGPIPE=no SendSIGHUP=yes diff --git a/units/systemd-backlight@.service.in b/units/systemd-backlight@.service.in index 317aa387455..4830a6a2177 100644 --- a/units/systemd-backlight@.service.in +++ b/units/systemd-backlight@.service.in @@ -17,7 +17,7 @@ Before=sysinit.target shutdown.target [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-backlight load %i -ExecStop=@rootlibexecdir@/systemd-backlight save %i +ExecStart={{ROOTLIBEXECDIR}}/systemd-backlight load %i +ExecStop={{ROOTLIBEXECDIR}}/systemd-backlight save %i TimeoutSec=90s StateDirectory=systemd/backlight diff --git a/units/systemd-binfmt.service.in b/units/systemd-binfmt.service.in index ca76750c0a8..fdafce7ff72 100644 --- a/units/systemd-binfmt.service.in +++ b/units/systemd-binfmt.service.in @@ -27,6 +27,6 @@ ConditionDirectoryNotEmpty=|/run/binfmt.d [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-binfmt -ExecStop=@rootlibexecdir@/systemd-binfmt --unregister +ExecStart={{ROOTLIBEXECDIR}}/systemd-binfmt +ExecStop={{ROOTLIBEXECDIR}}/systemd-binfmt --unregister TimeoutSec=90s diff --git a/units/systemd-bless-boot.service.in b/units/systemd-bless-boot.service.in index 601588fc619..557f77b16f6 100644 --- a/units/systemd-bless-boot.service.in +++ b/units/systemd-bless-boot.service.in @@ -19,4 +19,4 @@ Before=shutdown.target [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-bless-boot good +ExecStart={{ROOTLIBEXECDIR}}/systemd-bless-boot good diff --git a/units/systemd-boot-check-no-failures.service.in b/units/systemd-boot-check-no-failures.service.in index 1bf74c21291..47f182226b2 100644 --- a/units/systemd-boot-check-no-failures.service.in +++ b/units/systemd-boot-check-no-failures.service.in @@ -18,7 +18,7 @@ Before=shutdown.target [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-boot-check-no-failures +ExecStart={{ROOTLIBEXECDIR}}/systemd-boot-check-no-failures [Install] RequiredBy=boot-complete.target diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in index 219f2078353..6bf2817a8ca 100644 --- a/units/systemd-coredump@.service.in +++ b/units/systemd-coredump@.service.in @@ -17,7 +17,7 @@ Requires=systemd-journald.socket Before=shutdown.target [Service] -ExecStart=-@rootlibexecdir@/systemd-coredump +ExecStart=-{{ROOTLIBEXECDIR}}/systemd-coredump IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in index c4a2948120b..6897f13159e 100644 --- a/units/systemd-fsck-root.service.in +++ b/units/systemd-fsck-root.service.in @@ -18,5 +18,5 @@ ConditionPathIsReadWrite=!/ [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-fsck +ExecStart={{ROOTLIBEXECDIR}}/systemd-fsck TimeoutSec=0 diff --git a/units/systemd-fsck@.service.in b/units/systemd-fsck@.service.in index 6d9c9aba695..06b91aea39c 100644 --- a/units/systemd-fsck@.service.in +++ b/units/systemd-fsck@.service.in @@ -19,5 +19,5 @@ Before=systemd-quotacheck.service shutdown.target [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-fsck %f +ExecStart={{ROOTLIBEXECDIR}}/systemd-fsck %f TimeoutSec=0 diff --git a/units/systemd-hibernate-resume@.service.in b/units/systemd-hibernate-resume@.service.in index 85e0c88169a..142bb339e15 100644 --- a/units/systemd-hibernate-resume@.service.in +++ b/units/systemd-hibernate-resume@.service.in @@ -19,4 +19,4 @@ AssertPathExists=/etc/initrd-release [Service] Type=oneshot -ExecStart=@rootlibexecdir@/systemd-hibernate-resume %f +ExecStart={{ROOTLIBEXECDIR}}/systemd-hibernate-resume %f diff --git a/units/systemd-hibernate.service.in b/units/systemd-hibernate.service.in index 30965411ff3..ad5343f93c4 100644 --- a/units/systemd-hibernate.service.in +++ b/units/systemd-hibernate.service.in @@ -16,4 +16,4 @@ After=sleep.target [Service] Type=oneshot -ExecStart=@rootlibexecdir@/systemd-sleep hibernate +ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep hibernate diff --git a/units/systemd-homed.service.in b/units/systemd-homed.service.in index 5ac53ca9dc5..678bbab65c4 100644 --- a/units/systemd-homed.service.in +++ b/units/systemd-homed.service.in @@ -20,10 +20,10 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FS DeviceAllow=/dev/loop-control rw DeviceAllow=/dev/mapper/control rw DeviceAllow=block-* rw -ExecStart=@rootlibexecdir@/systemd-homed +ExecStart={{ROOTLIBEXECDIR}}/systemd-homed IPAddressDeny=any KillMode=mixed -LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes @@ -34,7 +34,7 @@ StateDirectory=systemd/home SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service @mount -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} [Install] WantedBy=multi-user.target diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in index 222700564e8..75652e626e6 100644 --- a/units/systemd-hostnamed.service.in +++ b/units/systemd-hostnamed.service.in @@ -17,7 +17,7 @@ Documentation=man:org.freedesktop.resolve1(5) [Service] BusName=org.freedesktop.hostname1 CapabilityBoundingSet=CAP_SYS_ADMIN -ExecStart=@rootlibexecdir@/systemd-hostnamed +ExecStart={{ROOTLIBEXECDIR}}/systemd-hostnamed IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes @@ -40,4 +40,4 @@ RestrictSUIDSGID=yes SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service sethostname -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-hwdb-update.service.in b/units/systemd-hwdb-update.service.in index 57398e52147..a09fe8aa52d 100644 --- a/units/systemd-hwdb-update.service.in +++ b/units/systemd-hwdb-update.service.in @@ -15,7 +15,7 @@ Conflicts=shutdown.target After=systemd-remount-fs.service Before=sysinit.target shutdown.target systemd-update-done.service ConditionNeedsUpdate=/etc -ConditionPathExists=|!@udevlibexecdir@/hwdb.bin +ConditionPathExists=|!{{UDEVLIBEXECDIR}}/hwdb.bin ConditionPathExists=|/etc/udev/hwdb.bin ConditionDirectoryNotEmpty=|/etc/udev/hwdb.d/ diff --git a/units/systemd-hybrid-sleep.service.in b/units/systemd-hybrid-sleep.service.in index 6fe37daacd3..5fbd99fb744 100644 --- a/units/systemd-hybrid-sleep.service.in +++ b/units/systemd-hybrid-sleep.service.in @@ -16,4 +16,4 @@ After=sleep.target [Service] Type=oneshot -ExecStart=@rootlibexecdir@/systemd-sleep hybrid-sleep +ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep hybrid-sleep diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in index afe395687dd..da31b2dc20c 100644 --- a/units/systemd-importd.service.in +++ b/units/systemd-importd.service.in @@ -13,7 +13,7 @@ Documentation=man:systemd-importd.service(8) Documentation=man:org.freedesktop.import1(5) [Service] -ExecStart=@rootlibexecdir@/systemd-importd +ExecStart={{ROOTLIBEXECDIR}}/systemd-importd BusName=org.freedesktop.import1 KillMode=mixed CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE @@ -27,4 +27,4 @@ SystemCallFilter=@system-service @mount SystemCallErrorNumber=EPERM SystemCallArchitectures=native LockPersonality=yes -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-initctl.service.in b/units/systemd-initctl.service.in index 6367433682b..efac5c4b114 100644 --- a/units/systemd-initctl.service.in +++ b/units/systemd-initctl.service.in @@ -13,7 +13,7 @@ Documentation=man:systemd-initctl.service(8) DefaultDependencies=no [Service] -ExecStart=@rootlibexecdir@/systemd-initctl +ExecStart={{ROOTLIBEXECDIR}}/systemd-initctl NoNewPrivileges=yes NotifyAccess=all SystemCallArchitectures=native diff --git a/units/systemd-journal-gatewayd.service.in b/units/systemd-journal-gatewayd.service.in index 7944d6fd9aa..81c53fa01f4 100644 --- a/units/systemd-journal-gatewayd.service.in +++ b/units/systemd-journal-gatewayd.service.in @@ -14,7 +14,7 @@ Requires=systemd-journal-gatewayd.socket [Service] DynamicUser=yes -ExecStart=@rootlibexecdir@/systemd-journal-gatewayd +ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-gatewayd LockPersonality=yes MemoryDenyWriteExecute=yes PrivateDevices=yes @@ -35,7 +35,7 @@ User=systemd-journal-gateway # If there are many split up journal files we need a lot of fds to access them # all in parallel. -LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} [Install] Also=systemd-journal-gatewayd.socket diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in index e48df81e70b..d8f28f252c0 100644 --- a/units/systemd-journal-remote.service.in +++ b/units/systemd-journal-remote.service.in @@ -13,7 +13,7 @@ Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5) Requires=systemd-journal-remote.socket [Service] -ExecStart=@rootlibexecdir@/systemd-journal-remote --listen-https=-3 --output=/var/log/journal/remote/ +ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-remote --listen-https=-3 --output=/var/log/journal/remote/ LockPersonality=yes LogsDirectory=journal/remote MemoryDenyWriteExecute=yes @@ -36,11 +36,11 @@ RestrictRealtime=yes RestrictSUIDSGID=yes SystemCallArchitectures=native User=systemd-journal-remote -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} # If there are many split up journal files we need a lot of fds to access them # all in parallel. -LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} [Install] Also=systemd-journal-remote.socket diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in index ba6b6e73444..e4359a80e41 100644 --- a/units/systemd-journal-upload.service.in +++ b/units/systemd-journal-upload.service.in @@ -15,7 +15,7 @@ After=network-online.target [Service] DynamicUser=yes -ExecStart=@rootlibexecdir@/systemd-journal-upload --save-state +ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-upload --save-state LockPersonality=yes MemoryDenyWriteExecute=yes PrivateDevices=yes @@ -33,11 +33,11 @@ StateDirectory=systemd/journal-upload SupplementaryGroups=systemd-journal SystemCallArchitectures=native User=systemd-journal-upload -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} # If there are many split up journal files we need a lot of fds to access them # all in parallel. -LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} [Install] WantedBy=multi-user.target diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index c7432541370..cd17b6b4e7e 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -17,7 +17,7 @@ Before=sysinit.target [Service] DeviceAllow=char-* rw -ExecStart=@rootlibexecdir@/systemd-journald +ExecStart={{ROOTLIBEXECDIR}}/systemd-journald FileDescriptorStoreMax=4224 IPAddressDeny=any LockPersonality=yes @@ -39,7 +39,7 @@ SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service Type=notify -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} # In case you're wondering why CAP_SYS_PTRACE is needed, access to # /proc//exe requires this capability. Thus if this capability is missing @@ -48,4 +48,4 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG C # If there are many split up journal files we need a lot of fds to access them # all in parallel. -LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} diff --git a/units/systemd-journald@.service.in b/units/systemd-journald@.service.in index 14a217d025f..2863691c2d9 100644 --- a/units/systemd-journald@.service.in +++ b/units/systemd-journald@.service.in @@ -16,7 +16,7 @@ After=systemd-journald@%i.socket systemd-journald-varlink@%i.socket [Service] CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE DevicePolicy=closed -ExecStart=@rootlibexecdir@/systemd-journald %i +ExecStart={{ROOTLIBEXECDIR}}/systemd-journald %i FileDescriptorStoreMax=4224 Group=systemd-journal IPAddressDeny=any @@ -37,8 +37,8 @@ SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service Type=notify -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} # If there are many split up journal files we need a lot of fds to access them # all in parallel. -LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in index e60a1735911..abd32266aeb 100644 --- a/units/systemd-localed.service.in +++ b/units/systemd-localed.service.in @@ -17,7 +17,7 @@ Documentation=man:org.freedesktop.locale1(5) [Service] BusName=org.freedesktop.locale1 CapabilityBoundingSet= -ExecStart=@rootlibexecdir@/systemd-localed +ExecStart={{ROOTLIBEXECDIR}}/systemd-localed IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes @@ -33,7 +33,7 @@ ProtectKernelLogs=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectSystem=strict -ReadWritePaths=/etc@SERVICE_LOCALEGEN_WRITABLE@ +ReadWritePaths=/etc{{SERVICE_LOCALEGEN_WRITABLE}} RestrictAddressFamilies=AF_UNIX RestrictNamespaces=yes RestrictRealtime=yes @@ -41,4 +41,4 @@ RestrictSUIDSGID=yes SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in index f131b60d4fb..ab874253a40 100644 --- a/units/systemd-logind.service.in +++ b/units/systemd-logind.service.in @@ -30,7 +30,7 @@ DeviceAllow=char-drm rw DeviceAllow=char-input rw DeviceAllow=char-tty rw DeviceAllow=char-vcs rw -ExecStart=@rootlibexecdir@/systemd-logind +ExecStart={{ROOTLIBEXECDIR}}/systemd-logind FileDescriptorStoreMax=512 IPAddressDeny=any LockPersonality=yes @@ -58,8 +58,8 @@ StateDirectory=systemd/linger SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} # Increase the default a bit in order to allow many simultaneous logins since # we keep one fd open per session. -LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in index 56c95326594..e92f436dfdf 100644 --- a/units/systemd-machined.service.in +++ b/units/systemd-machined.service.in @@ -19,7 +19,7 @@ RequiresMountsFor=/var/lib/machines [Service] BusName=org.freedesktop.machine1 CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD -ExecStart=@rootlibexecdir@/systemd-machined +ExecStart={{ROOTLIBEXECDIR}}/systemd-machined IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes @@ -30,7 +30,7 @@ RestrictRealtime=yes SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service @mount -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} # Note that machined cannot be placed in a mount namespace, since it # needs access to the host's mount namespace in order to implement the diff --git a/units/systemd-modules-load.service.in b/units/systemd-modules-load.service.in index fdb5b3a41ea..604d8712a04 100644 --- a/units/systemd-modules-load.service.in +++ b/units/systemd-modules-load.service.in @@ -25,5 +25,5 @@ ConditionKernelCommandLine=|rd.modules-load [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-modules-load +ExecStart={{ROOTLIBEXECDIR}}/systemd-modules-load TimeoutSec=90s diff --git a/units/systemd-network-generator.service.in b/units/systemd-network-generator.service.in index bda84261916..2799de08445 100644 --- a/units/systemd-network-generator.service.in +++ b/units/systemd-network-generator.service.in @@ -17,7 +17,7 @@ Wants=network-pre.target [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-network-generator +ExecStart={{ROOTLIBEXECDIR}}/systemd-network-generator [Install] WantedBy=sysinit.target diff --git a/units/systemd-networkd-wait-online.service.in b/units/systemd-networkd-wait-online.service.in index d868e777755..10d8b08c8e0 100644 --- a/units/systemd-networkd-wait-online.service.in +++ b/units/systemd-networkd-wait-online.service.in @@ -18,7 +18,7 @@ Before=network-online.target shutdown.target [Service] Type=oneshot -ExecStart=@rootlibexecdir@/systemd-networkd-wait-online +ExecStart={{ROOTLIBEXECDIR}}/systemd-networkd-wait-online RemainAfterExit=yes [Install] diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in index d5b0a9b96e0..9a40d2afa56 100644 --- a/units/systemd-networkd.service.in +++ b/units/systemd-networkd.service.in @@ -23,7 +23,7 @@ AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET BusName=org.freedesktop.network1 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW DeviceAllow=char-* rw -ExecStart=!!@rootlibexecdir@/systemd-networkd +ExecStart=!!{{ROOTLIBEXECDIR}}/systemd-networkd ExecReload=networkctl reload LockPersonality=yes MemoryDenyWriteExecute=yes @@ -49,7 +49,7 @@ SystemCallErrorNumber=EPERM SystemCallFilter=@system-service Type=notify User=systemd-network -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} [Install] WantedBy=multi-user.target diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in index a6551f91527..83761e7e8bc 100644 --- a/units/systemd-nspawn@.service.in +++ b/units/systemd-nspawn@.service.in @@ -26,7 +26,7 @@ SuccessExitStatus=133 Slice=machine.slice Delegate=yes TasksMax=16384 -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} # Enforce a strict device policy, similar to the one nspawn configures when it # allocates its own scope unit. Make sure to keep these policies in sync if you diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in index f264a1bef02..0d2d409881b 100644 --- a/units/systemd-oomd.service.in +++ b/units/systemd-oomd.service.in @@ -22,7 +22,7 @@ ConditionPathExists=/proc/pressure/memory AmbientCapabilities=CAP_KILL CAP_DAC_OVERRIDE BusName=org.freedesktop.oom1 CapabilityBoundingSet=CAP_KILL CAP_DAC_OVERRIDE -ExecStart=@rootlibexecdir@/systemd-oomd +ExecStart={{ROOTLIBEXECDIR}}/systemd-oomd IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes @@ -51,7 +51,7 @@ SystemCallErrorNumber=EPERM SystemCallFilter=@system-service Type=notify User=systemd-oom -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} [Install] WantedBy=multi-user.target diff --git a/units/systemd-portabled.service.in b/units/systemd-portabled.service.in index e00a0065e39..e0afe9eabe4 100644 --- a/units/systemd-portabled.service.in +++ b/units/systemd-portabled.service.in @@ -13,7 +13,7 @@ Documentation=man:systemd-portabled.service(8) RequiresMountsFor=/var/lib/portables [Service] -ExecStart=@rootlibexecdir@/systemd-portabled +ExecStart={{ROOTLIBEXECDIR}}/systemd-portabled BusName=org.freedesktop.portable1 CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD MemoryDenyWriteExecute=yes @@ -26,4 +26,4 @@ SystemCallErrorNumber=EPERM SystemCallArchitectures=native LockPersonality=yes IPAddressDeny=any -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-pstore.service.in b/units/systemd-pstore.service.in index 624ee704d53..848e311e964 100644 --- a/units/systemd-pstore.service.in +++ b/units/systemd-pstore.service.in @@ -18,7 +18,7 @@ Before=sysinit.target shutdown.target [Service] Type=oneshot -ExecStart=@rootlibexecdir@/systemd-pstore +ExecStart={{ROOTLIBEXECDIR}}/systemd-pstore RemainAfterExit=yes StateDirectory=systemd/pstore diff --git a/units/systemd-quotacheck.service.in b/units/systemd-quotacheck.service.in index 3e10378a89e..c3e936d2203 100644 --- a/units/systemd-quotacheck.service.in +++ b/units/systemd-quotacheck.service.in @@ -13,10 +13,10 @@ Documentation=man:systemd-quotacheck.service(8) DefaultDependencies=no After=systemd-remount-fs.service Before=remote-fs.target shutdown.target -ConditionPathExists=@QUOTACHECK@ +ConditionPathExists={{QUOTACHECK}} [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-quotacheck +ExecStart={{ROOTLIBEXECDIR}}/systemd-quotacheck TimeoutSec=0 diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in index a7d4acb898e..5c542ec8464 100644 --- a/units/systemd-random-seed.service.in +++ b/units/systemd-random-seed.service.in @@ -11,7 +11,7 @@ Description=Load/Save Random Seed Documentation=man:systemd-random-seed.service(8) man:random(4) DefaultDependencies=no -RequiresMountsFor=@RANDOM_SEED@ +RequiresMountsFor={{RANDOM_SEED}} Conflicts=shutdown.target After=systemd-remount-fs.service Before=first-boot-complete.target shutdown.target @@ -21,8 +21,8 @@ ConditionVirtualization=!container [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-random-seed load -ExecStop=@rootlibexecdir@/systemd-random-seed save +ExecStart={{ROOTLIBEXECDIR}}/systemd-random-seed load +ExecStop={{ROOTLIBEXECDIR}}/systemd-random-seed save # This service waits until the kernel's entropy pool is initialized, and may be # used as ordering barrier for service that require an initialized entropy diff --git a/units/systemd-remount-fs.service.in b/units/systemd-remount-fs.service.in index 51985a793aa..2abed1d0a9c 100644 --- a/units/systemd-remount-fs.service.in +++ b/units/systemd-remount-fs.service.in @@ -20,4 +20,4 @@ Wants=local-fs-pre.target [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-remount-fs +ExecStart={{ROOTLIBEXECDIR}}/systemd-remount-fs diff --git a/units/systemd-repart.service.in b/units/systemd-repart.service.in index 4634d983c18..92e0a9b3cd1 100644 --- a/units/systemd-repart.service.in +++ b/units/systemd-repart.service.in @@ -28,7 +28,7 @@ ConditionDirectoryNotEmpty=|/sysusr/usr/local/lib/repart.d [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootbindir@/systemd-repart --dry-run=no +ExecStart={{ROOTBINDIR}}/systemd-repart --dry-run=no # The tool returns 77 if there's no existing GPT partition table SuccessExitStatus=77 diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in index 29adb6bf219..00812fb26c9 100644 --- a/units/systemd-resolved.service.in +++ b/units/systemd-resolved.service.in @@ -24,7 +24,7 @@ Wants=nss-lookup.target AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE BusName=org.freedesktop.resolve1 CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE -ExecStart=!!@rootlibexecdir@/systemd-resolved +ExecStart=!!{{ROOTLIBEXECDIR}}/systemd-resolved LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes @@ -51,7 +51,7 @@ SystemCallErrorNumber=EPERM SystemCallFilter=@system-service Type=notify User=systemd-resolve -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} [Install] WantedBy=multi-user.target diff --git a/units/systemd-rfkill.service.in b/units/systemd-rfkill.service.in index 40a80a0b39f..56de1a15379 100644 --- a/units/systemd-rfkill.service.in +++ b/units/systemd-rfkill.service.in @@ -17,7 +17,7 @@ After=sys-devices-virtual-misc-rfkill.device Before=shutdown.target [Service] -ExecStart=@rootlibexecdir@/systemd-rfkill +ExecStart={{ROOTLIBEXECDIR}}/systemd-rfkill NoNewPrivileges=yes StateDirectory=systemd/rfkill TimeoutSec=30s diff --git a/units/systemd-suspend-then-hibernate.service.in b/units/systemd-suspend-then-hibernate.service.in index 3f811e7e1a4..bfa9051afaa 100644 --- a/units/systemd-suspend-then-hibernate.service.in +++ b/units/systemd-suspend-then-hibernate.service.in @@ -16,4 +16,4 @@ After=sleep.target [Service] Type=oneshot -ExecStart=@rootlibexecdir@/systemd-sleep suspend-then-hibernate +ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep suspend-then-hibernate diff --git a/units/systemd-suspend.service.in b/units/systemd-suspend.service.in index 40cc83e1929..1ae32af5f7c 100644 --- a/units/systemd-suspend.service.in +++ b/units/systemd-suspend.service.in @@ -16,4 +16,4 @@ After=sleep.target [Service] Type=oneshot -ExecStart=@rootlibexecdir@/systemd-sleep suspend +ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep suspend diff --git a/units/systemd-sysctl.service.in b/units/systemd-sysctl.service.in index c4a34a81a20..44b88535214 100644 --- a/units/systemd-sysctl.service.in +++ b/units/systemd-sysctl.service.in @@ -19,5 +19,5 @@ ConditionPathIsReadWrite=/proc/sys/net/ [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-sysctl +ExecStart={{ROOTLIBEXECDIR}}/systemd-sysctl TimeoutSec=90s diff --git a/units/systemd-time-wait-sync.service.in b/units/systemd-time-wait-sync.service.in index 212d0e5a155..8ef3db0d5df 100644 --- a/units/systemd-time-wait-sync.service.in +++ b/units/systemd-time-wait-sync.service.in @@ -28,7 +28,7 @@ Conflicts=shutdown.target [Service] Type=oneshot -ExecStart=@rootlibexecdir@/systemd-time-wait-sync +ExecStart={{ROOTLIBEXECDIR}}/systemd-time-wait-sync TimeoutStartSec=infinity RemainAfterExit=yes diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in index 6f476173b66..a8da1387614 100644 --- a/units/systemd-timedated.service.in +++ b/units/systemd-timedated.service.in @@ -17,7 +17,7 @@ Documentation=man:org.freedesktop.timedate1(5) BusName=org.freedesktop.timedate1 CapabilityBoundingSet=CAP_SYS_TIME DeviceAllow=char-rtc r -ExecStart=@rootlibexecdir@/systemd-timedated +ExecStart={{ROOTLIBEXECDIR}}/systemd-timedated IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes @@ -39,4 +39,4 @@ RestrictSUIDSGID=yes SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service @clock -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in index 6226ab7a40c..c6064610913 100644 --- a/units/systemd-timesyncd.service.in +++ b/units/systemd-timesyncd.service.in @@ -26,7 +26,7 @@ CapabilityBoundingSet=CAP_SYS_TIME # correct time to work, but we likely won't acquire that without NTP. Let's # break this chicken-and-egg cycle here. Environment=SYSTEMD_NSS_RESOLVE_VALIDATE=0 -ExecStart=!!@rootlibexecdir@/systemd-timesyncd +ExecStart=!!{{ROOTLIBEXECDIR}}/systemd-timesyncd LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes @@ -53,7 +53,7 @@ SystemCallErrorNumber=EPERM SystemCallFilter=@system-service @clock Type=notify User=systemd-timesync -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} [Install] WantedBy=sysinit.target diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in index f3458d98e6c..c146b0f7f85 100644 --- a/units/systemd-udevd.service.in +++ b/units/systemd-udevd.service.in @@ -24,7 +24,7 @@ OOMScoreAdjust=-1000 Sockets=systemd-udevd-control.socket systemd-udevd-kernel.socket Restart=always RestartSec=0 -ExecStart=@rootlibexecdir@/systemd-udevd +ExecStart={{ROOTLIBEXECDIR}}/systemd-udevd ExecReload=udevadm control --reload --timeout 0 KillMode=mixed TasksMax=infinity @@ -40,4 +40,4 @@ SystemCallErrorNumber=EPERM SystemCallArchitectures=native LockPersonality=yes IPAddressDeny=any -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} diff --git a/units/systemd-update-done.service.in b/units/systemd-update-done.service.in index b4aa7466731..53cc6dd621b 100644 --- a/units/systemd-update-done.service.in +++ b/units/systemd-update-done.service.in @@ -20,4 +20,4 @@ ConditionNeedsUpdate=|/var [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-update-done +ExecStart={{ROOTLIBEXECDIR}}/systemd-update-done diff --git a/units/systemd-update-utmp-runlevel.service.in b/units/systemd-update-utmp-runlevel.service.in index 042145cc2ca..4bfadd1abd3 100644 --- a/units/systemd-update-utmp-runlevel.service.in +++ b/units/systemd-update-utmp-runlevel.service.in @@ -20,4 +20,4 @@ Before=shutdown.target [Service] Type=oneshot -ExecStart=@rootlibexecdir@/systemd-update-utmp runlevel +ExecStart={{ROOTLIBEXECDIR}}/systemd-update-utmp runlevel diff --git a/units/systemd-update-utmp.service.in b/units/systemd-update-utmp.service.in index e2fa2d83bab..89bfd636217 100644 --- a/units/systemd-update-utmp.service.in +++ b/units/systemd-update-utmp.service.in @@ -19,5 +19,5 @@ Before=sysinit.target shutdown.target [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-update-utmp reboot -ExecStop=@rootlibexecdir@/systemd-update-utmp shutdown +ExecStart={{ROOTLIBEXECDIR}}/systemd-update-utmp reboot +ExecStop={{ROOTLIBEXECDIR}}/systemd-update-utmp shutdown diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in index b15a6516826..adca848c2a6 100644 --- a/units/systemd-user-sessions.service.in +++ b/units/systemd-user-sessions.service.in @@ -15,5 +15,5 @@ After=remote-fs.target nss-user-lookup.target network.target home.mount [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-user-sessions start -ExecStop=@rootlibexecdir@/systemd-user-sessions stop +ExecStart={{ROOTLIBEXECDIR}}/systemd-user-sessions start +ExecStop={{ROOTLIBEXECDIR}}/systemd-user-sessions stop diff --git a/units/systemd-userdbd.service.in b/units/systemd-userdbd.service.in index 9b36a170253..84dea04f55a 100644 --- a/units/systemd-userdbd.service.in +++ b/units/systemd-userdbd.service.in @@ -17,9 +17,9 @@ DefaultDependencies=no [Service] CapabilityBoundingSet=CAP_DAC_READ_SEARCH -ExecStart=@rootlibexecdir@/systemd-userdbd +ExecStart={{ROOTLIBEXECDIR}}/systemd-userdbd IPAddressDeny=any -LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +LimitNOFILE={{HIGH_RLIMIT_NOFILE}} LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes @@ -39,7 +39,7 @@ SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service Type=notify -@SERVICE_WATCHDOG@ +{{SERVICE_WATCHDOG}} [Install] Also=systemd-userdbd.socket diff --git a/units/systemd-vconsole-setup.service.in b/units/systemd-vconsole-setup.service.in index 45da0563959..23f5ac2f50b 100644 --- a/units/systemd-vconsole-setup.service.in +++ b/units/systemd-vconsole-setup.service.in @@ -17,4 +17,4 @@ ConditionPathExists=/dev/tty0 [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-vconsole-setup +ExecStart={{ROOTLIBEXECDIR}}/systemd-vconsole-setup diff --git a/units/systemd-volatile-root.service.in b/units/systemd-volatile-root.service.in index 468d85f9683..5a0ec89fd68 100644 --- a/units/systemd-volatile-root.service.in +++ b/units/systemd-volatile-root.service.in @@ -19,4 +19,4 @@ AssertPathExists=/etc/initrd-release [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootlibexecdir@/systemd-volatile-root yes /sysroot +ExecStart={{ROOTLIBEXECDIR}}/systemd-volatile-root yes /sysroot diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in index ff23e01af8f..61becff2c63 100644 --- a/units/user-runtime-dir@.service.in +++ b/units/user-runtime-dir@.service.in @@ -15,8 +15,8 @@ StopWhenUnneeded=yes IgnoreOnIsolate=yes [Service] -ExecStart=@rootlibexecdir@/systemd-user-runtime-dir start %i -ExecStop=@rootlibexecdir@/systemd-user-runtime-dir stop %i +ExecStart={{ROOTLIBEXECDIR}}/systemd-user-runtime-dir start %i +ExecStop={{ROOTLIBEXECDIR}}/systemd-user-runtime-dir stop %i Type=oneshot RemainAfterExit=yes Slice=user-%i.slice diff --git a/units/user@.service.in b/units/user@.service.in index 8c6c6d1157c..fec9afe1305 100644 --- a/units/user@.service.in +++ b/units/user@.service.in @@ -18,7 +18,7 @@ IgnoreOnIsolate=yes User=%i PAMName=systemd-user Type=notify -ExecStart=@rootlibexecdir@/systemd --user +ExecStart={{ROOTLIBEXECDIR}}/systemd --user Slice=user-%i.slice KillMode=mixed Delegate=pids memory