1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-14 15:21:37 +03:00
Commit Graph

9 Commits

Author SHA1 Message Date
Kay Sievers
72543b361d remove ReadOnlySystem and ProtectedHome from udevd and logind
logind needs access to /run/user/, udevd fails during early boot
with these settings
2014-06-04 01:41:15 +02:00
Lennart Poettering
417116f234 core: add new ReadOnlySystem= and ProtectedHome= settings for service units
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for
a service.

ProtectedHome= uses fs namespaces to mount /home and /run/user
inaccessible or read-only for a service.

This patch also enables these settings for all our long-running services.

Together they should be good building block for a minimal service
sandbox, removing the ability for services to modify the operating
system or access the user's private data.
2014-06-03 23:57:51 +02:00
Lennart Poettering
c2c13f2df4 unit: turn off mount propagation for udevd
Keep mounts done by udev rules private to udevd. Also, document how
MountFlags= may be used for this.
2014-03-20 04:16:39 +01:00
Tom Gundersen
edeb68c53f static-nodes: move creation of static nodes from udevd to tmpfiles
As of kmod v14, it is possible to export the static node information from
/lib/modules/`uname -r`/modules.devname in tmpfiles.d(5) format.

Use this functionality to let systemd-tmpfilesd create the static device nodes
at boot, and drop the functionality from systemd-udevd.

As an effect of this we can move from systemd-udevd to systemd-tmpfiles-setup-dev:

 * the conditional CAP_MKNOD (replaced by checking if /sys is mounted rw)
 * ordering before local-fs-pre.target (see 89d09e1b5c)
2013-07-08 21:26:24 +02:00
Lennart Poettering
b0afe214c0 units: order all udev services before sysinit.target, too
Not that it would matter much, but let's make things a bit more
systematic: early boot services shall order themselves before
sysinit.target, and nothing else.
2013-03-25 21:29:09 +01:00
Frederic Crozat
89d09e1b5c udevd: ensure static nodes are created before local-fs mount
static nodes (like /dev/loop-control) are created when systemd-udevd
is started and needed to mount loopback devices. Therefore,
local-fs-pre.target should be only started after systemd-udevd is
started.
2013-03-23 15:17:39 +01:00
Kay Sievers
3bf3cd95ab udevd: sort into sysinit instead of basic target 2013-03-12 15:56:19 +01:00
Lennart Poettering
47ec118473 units: don't enforce a holdoff time for journald, logind, udevd
These services should be restarted as quickly as possible if they fail,
and the extra safety net of the holdoff time is not necessary.
2012-07-18 02:31:52 +02:00
Colin Guthrie
51dfddc2cc units: Rename systemd-udev.service to systemd-udevd.service
This naming convention is more inline with other systemd daemon
unit names (systemd-logind.service, systemd-localed.service etc)

The companion .socket units have also been renamed, however the
-trigger and -settle units keep their current name as these are
not directly related to daemon process itself.
2012-07-02 23:21:51 +02:00