1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 17:51:22 +03:00
systemd/units
Lennart Poettering 268b6e1932 Merge pull request #5283 from poettering/tighten-sandbox
Tighten sandbox of long-running services
2017-03-01 23:35:06 +01:00
..
user units: install user units as real files, not symlinks to ../system/ 2016-08-19 09:55:55 -04:00
.gitignore fstab-generator: add support for volatile boots 2016-12-21 19:09:29 +01:00
basic.target Merge pull request #2565 from poettering/fix-2315 2016-02-09 19:13:15 -05:00
bluetooth.target
busnames.target units: install busnames.target by default 2013-12-03 01:18:26 +01:00
console-getty.service.m4.in console-getty.service: don't start when /dev/console is missing 2015-03-17 12:40:56 +01:00
container-getty@.service.m4.in units: fix all TTY paths for container gettys 2015-01-27 14:31:44 +01:00
cryptsetup-pre.target cryptsetup: introduce new cryptsetup-pre.traget unit so that services can make sure they are started before and stopped after any LUKS setup 2014-06-18 00:09:46 +02:00
cryptsetup.target
debug-shell.service.in debug-shell: add condition for tty device to run on 2014-06-12 22:26:43 +02:00
dev-hugepages.mount units: disable /dev/hugepages in private user namespaces 2016-10-26 20:12:52 -04:00
dev-mqueue.mount units: don't try to mount the mqueue fs if we lack the privileges for it 2016-02-11 02:45:11 +00:00
emergency.service.in emergency.service: Don't say "Welcome" when it's an emergency (#3569) 2016-06-21 16:09:47 +02:00
emergency.target
exit.target containers: systemd exits with non-zero code 2015-09-21 17:32:45 +02:00
final.target
getty.target
getty@.service.m4 getty@.service.m4: add Conflicts=/Before= against rescue.service (#3792) 2016-07-25 16:18:00 +02:00
graphical.target units: make graphical.target dependencies more complete and similar to those of multi-user.target 2014-12-29 17:00:05 +01:00
halt-local.service.in
halt.target
hibernate.target
hybrid-sleep.target
initrd-cleanup.service.in core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable 2013-11-26 02:26:31 +01:00
initrd-fs.target core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable 2013-11-26 02:26:31 +01:00
initrd-parse-etc.service.in initrd-parse-etc.service: ignore return code of daemon-reload 2014-09-03 13:28:31 +02:00
initrd-root-device.target Create initrd-root-device.target synchronization point (#3239) 2016-05-12 18:42:39 +02:00
initrd-root-fs.target core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable 2013-11-26 02:26:31 +01:00
initrd-switch-root.service.in units: drop KillMode= from initrd-switch-root.service 2017-01-31 01:34:40 -05:00
initrd-switch-root.target units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) 2016-10-11 14:36:14 +02:00
initrd-udevadm-cleanup-db.service.in
initrd.target Create initrd-root-device.target synchronization point (#3239) 2016-05-12 18:42:39 +02:00
kexec.target
kmod-static-nodes.service.in kmod-static-nodes: don't run if module list is empty 2016-01-11 16:26:17 +01:00
ldconfig.service units: restore ConditionNeesUpdate=/etc in ldconfig.service (#3311) 2016-05-21 17:09:18 -04:00
local-fs-pre.target
local-fs.target units: local-fs.target - don't pull in default dependencies 2014-06-29 16:20:33 +02:00
machine.slice
machines.target units: rework systemd-nspawn@.service unit 2014-12-29 17:00:05 +01:00
Makefile
multi-user.target units: drop [Install] section from multi-user.target and graphical.target 2014-01-17 20:27:35 +01:00
network-online.target units: order network-online.target after network.target 2014-06-11 15:00:45 +02:00
network-pre.target units: introduce network-pre.target as place to hook in firewalls 2014-06-11 12:14:55 +02:00
network.target units: introduce network-pre.target as place to hook in firewalls 2014-06-11 12:14:55 +02:00
nss-lookup.target
nss-user-lookup.target
org.freedesktop.hostname1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
org.freedesktop.import1.busname import: introduce new mini-daemon systemd-importd, and make machinectl a client to it 2015-01-22 04:02:07 +01:00
org.freedesktop.locale1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
org.freedesktop.login1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
org.freedesktop.machine1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
org.freedesktop.network1.busname units: networkd - fix busname to work on kdbus 2015-02-06 12:12:13 +01:00
org.freedesktop.resolve1.busname units: make resolved pull in its own .busname unit, but only on kdbus systems 2015-01-07 23:44:08 +01:00
org.freedesktop.systemd1.busname units: improve Description= for systemd's own busname unit 2015-01-07 23:44:08 +01:00
org.freedesktop.timedate1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
paths.target
poweroff.target units: restore job timeouts for poweroff and reboot 2014-11-06 08:17:45 -05:00
printer.target
proc-sys-fs-binfmt_misc.automount
proc-sys-fs-binfmt_misc.mount
quotaon.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
rc-local.service.in units: Add "GuessMainPID=no" to compatibility unit for rc-local (#3018) 2016-04-21 19:16:28 +02:00
reboot.target units: restore job timeouts for poweroff and reboot 2014-11-06 08:17:45 -05:00
remote-fs-pre.target
remote-fs.target filesystem targets: disable default dependencies 2013-09-11 14:40:58 +02:00
rescue.service.in emergency.service: Don't say "Welcome" when it's an emergency (#3569) 2016-06-21 16:09:47 +02:00
rescue.target
rpcbind.target
serial-getty@.service.m4 units/serial-getty@.service: use the default RestartSec 2014-07-15 23:51:10 -04:00
shutdown.target
sigpwr.target
sleep.target
slices.target
smartcard.target
sockets.target
sound.target
suspend.target
swap.target
sys-fs-fuse-connections.mount units: disable /sys/fs/fuse/connections in private user namespaces (#4592) 2016-11-11 19:00:33 +01:00
sys-kernel-config.mount units: conditionalize configfs and debugfs with CAP_SYS_RAWIO 2014-07-04 03:24:42 +02:00
sys-kernel-debug.mount units: conditionalize configfs and debugfs with CAP_SYS_RAWIO 2014-07-04 03:24:42 +02:00
sysinit.target units: remove RefuseManualStart from units which are always around 2014-06-28 00:06:30 -04:00
syslog.socket
system-update-cleanup.service.in units: add system-update-cleanup.service to guard against offline-update loops 2016-11-29 01:40:34 -05:00
system-update.target units: add system-update-cleanup.service to guard against offline-update loops 2016-11-29 01:40:34 -05:00
system.slice units: fix system.slice to require -.slice, instead of just want it 2015-11-11 16:04:16 +01:00
systemd-ask-password-console.path systemd-ask-password: make sure directory watch is started before cryptsetup (#3850) 2016-08-02 08:55:25 -04:00
systemd-ask-password-console.service.in units: set SystemCallArchitectures=native on all our long-running services 2017-02-09 16:12:03 +01:00
systemd-ask-password-wall.path systemd-ask-password: make sure directory watch is started before cryptsetup (#3850) 2016-08-02 08:55:25 -04:00
systemd-ask-password-wall.service.in units: set SystemCallArchitectures=native on all our long-running services 2017-02-09 16:12:03 +01:00
systemd-backlight@.service.in units: so far we defaulted to 90s as default timeout for most things, let's do so for our oneshot services too 2015-02-02 21:34:32 +01:00
systemd-binfmt.service.in units: specify timeouts for more oneshot services 2015-04-28 08:52:17 -04:00
systemd-coredump.socket coredump: rework coredumping logic 2016-02-10 16:08:32 +01:00
systemd-coredump@.service.in units: lock down coredump service a bit 2017-02-09 16:12:03 +01:00
systemd-exit.service.in containers: systemd exits with non-zero code 2015-09-21 17:32:45 +02:00
systemd-firstboot.service.in units: run firstboot before sysusers, so that firstboot can initialize the root password 2014-10-23 01:24:59 +02:00
systemd-fsck-root.service.in fsck: remove fsckd again, but keep the door open for external replacement 2015-04-28 17:30:00 +02:00
systemd-fsck@.service.in units: make sure that fsck is executed before quotacheck 2016-05-10 14:10:17 +02:00
systemd-halt.service.in
systemd-hibernate-resume@.service.in systemd-hibernate-resume@.service: remove unnecessary ordering 2014-10-09 23:53:15 -04:00
systemd-hibernate.service.in
systemd-hostnamed.service.in units: make use of @reboot and @swap in our long-running service SystemCallFilter= settings 2017-02-09 16:12:03 +01:00
systemd-hwdb-update.service.in Revert "hwdb: actually search /run/udev/hwdb.d" 2015-06-09 11:26:06 +02:00
systemd-hybrid-sleep.service.in
systemd-importd.service.in units: make use of @reboot and @swap in our long-running service SystemCallFilter= settings 2017-02-09 16:12:03 +01:00
systemd-initctl.service.in units: set SystemCallArchitectures=native on all our long-running services 2017-02-09 16:12:03 +01:00
systemd-initctl.socket initctl: move /dev/initctl fifo into /run, replace it by symlink 2014-06-04 16:53:58 +02:00
systemd-journal-catalog-update.service.in units: fix condition for systemd-journal-catalog-update.service (#4990) 2016-12-29 10:38:52 +01:00
systemd-journal-flush.service.in units: so far we defaulted to 90s as default timeout for most things, let's do so for our oneshot services too 2015-02-02 21:34:32 +01:00
systemd-journal-gatewayd.service.in units: turn on ProtectKernelModules= for most long-running services 2017-02-09 16:12:03 +01:00
systemd-journal-gatewayd.socket journal-remote: add documents in the unit files 2015-12-15 10:51:12 +09:00
systemd-journal-remote.service.in units: turn on ProtectKernelModules= for most long-running services 2017-02-09 16:12:03 +01:00
systemd-journal-remote.socket journal-remote: add units and read certs from default locations 2014-07-15 22:23:49 -04:00
systemd-journal-upload.service.in units: turn on ProtectKernelModules= for most long-running services 2017-02-09 16:12:03 +01:00
systemd-journald-audit.socket units: conditionalize audit multicast socket on CAP_AUDIT_READ 2015-05-20 17:40:05 +02:00
systemd-journald-dev-log.socket journald: also increase the SendBuffer of /dev/log to 8M 2014-08-13 18:53:05 +02:00
systemd-journald.service.in units: make use of @reboot and @swap in our long-running service SystemCallFilter= settings 2017-02-09 16:12:03 +01:00
systemd-journald.socket journald: move /dev/log socket to /run 2014-06-04 16:53:58 +02:00
systemd-kexec.service.in
systemd-localed.service.in units: make use of @reboot and @swap in our long-running service SystemCallFilter= settings 2017-02-09 16:12:03 +01:00
systemd-logind.service.in units: make use of @reboot and @swap in our long-running service SystemCallFilter= settings 2017-02-09 16:12:03 +01:00
systemd-machine-id-commit.service.in machine-id-commit: merge machine-id-commit functionality into machine-id-setup 2015-09-29 21:55:51 +02:00
systemd-machined.service.in units: make use of @reboot and @swap in our long-running service SystemCallFilter= settings 2017-02-09 16:12:03 +01:00
systemd-modules-load.service.in units: specify timeouts for more oneshot services 2015-04-28 08:52:17 -04:00
systemd-networkd-wait-online.service.in units: networkd - don't order wait-online.service before network.target 2014-06-30 13:06:33 +02:00
systemd-networkd.service.m4.in units: make use of @reboot and @swap in our long-running service SystemCallFilter= settings 2017-02-09 16:12:03 +01:00
systemd-networkd.socket networkd: route - track routes 2015-10-30 12:32:48 +01:00
systemd-nspawn@.service.in units: order systemd-nspawn@.service after systemd-resolved.service 2017-02-17 16:06:31 -05:00
systemd-poweroff.service.in
systemd-quotacheck.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-random-seed.service.in units: do not start load-random-seed in containers (#3941) 2016-08-13 17:15:19 +02:00
systemd-reboot.service.in
systemd-remount-fs.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-resolved.service.m4.in Merge pull request #5283 from poettering/tighten-sandbox 2017-03-01 23:35:06 +01:00
systemd-rfkill.service.in rfkill: rework and make it listen on /dev/rfkill 2015-10-01 16:21:09 +02:00
systemd-rfkill.socket rfkill: rework and make it listen on /dev/rfkill 2015-10-01 16:21:09 +02:00
systemd-suspend.service.in
systemd-sysctl.service.in sysctl: run sysctl service if /proc/sys/net is writable (#4425) 2016-10-20 19:36:28 +02:00
systemd-sysusers.service.in units: specify timeouts for more oneshot services 2015-04-28 08:52:17 -04:00
systemd-timedated.service.in units: make use of @reboot and @swap in our long-running service SystemCallFilter= settings 2017-02-09 16:12:03 +01:00
systemd-timesyncd.service.in units: make use of @reboot and @swap in our long-running service SystemCallFilter= settings 2017-02-09 16:12:03 +01:00
systemd-tmpfiles-clean.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-tmpfiles-clean.timer
systemd-tmpfiles-setup-dev.service.in units: tmpfiles-setup-dev - allow unsafe file creation to happen in /dev at boot 2014-10-27 17:40:24 +01:00
systemd-tmpfiles-setup.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-udev-settle.service.in udev: replace CAP_MKNOD by writable /sys condition 2013-08-17 19:07:42 +02:00
systemd-udev-trigger.service.in units: move After=systemd-hwdb-update.service dependency from udev to udev-trigger 2015-04-03 14:27:16 +02:00
systemd-udevd-control.socket units: remove udev control socket when systemd stops the socket unit (#4039) 2016-08-26 00:07:58 +02:00
systemd-udevd-kernel.socket units: make ReceiveBuffer= line more readable by using M suffix 2014-11-03 21:51:28 +01:00
systemd-udevd.service.in units: set SystemCallArchitectures=native on all our long-running services 2017-02-09 16:12:03 +01:00
systemd-update-done.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-update-utmp-runlevel.service.in
systemd-update-utmp.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-user-sessions.service.in units: order systemd-user-sessions.service after network.target 2016-04-22 16:17:00 +02:00
systemd-vconsole-setup.service.in units: restore Before dependencies for systemd-vconsole-setup.service 2017-01-31 01:34:40 -05:00
systemd-volatile-root.service.in fstab-generator: add support for volatile boots 2016-12-21 19:09:29 +01:00
time-sync.target units: time-sync.target probably makes sense, is not just sysv compat 2014-06-11 12:14:55 +02:00
timers.target unit: do not order timers.target before basic.target 2014-11-02 12:33:54 -05:00
tmp.mount.m4 units: add nosuid and nodev options to tmp.mount (#3575) 2016-06-22 12:32:59 +02:00
umount.target
user.slice
user@.service.m4.in units: extend stop timeout for user@.service to 120s (#4426) 2016-10-20 17:45:27 +02:00
var-lib-machines.mount units: add missing unit file 2015-02-24 18:46:49 +01:00