1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 17:51:22 +03:00
systemd/units
Zbigniew Jędrzejewski-Szmek b878b618ad units: disable /sys/fs/fuse/connections in private user namespaces (#4592)
The mount fails, even though CAP_SYS_ADMIN is granted.

Only file systems with FU_USERNS_MOUNT in .fs_flags may be mounted in userns,
and the patch to add that fusectl was rejected [1]. It would be nice if we
could check if the kernel has FU_USERNS_MOUNT for a given fs type, since this
could change over time, but this information doesn't seem to be exported.
So let's just skip this mount in userns to avoid an error during boot.

[1] https://patchwork.kernel.org/patch/2828269/
2016-11-11 19:00:33 +01:00
..
user units: install user units as real files, not symlinks to ../system/ 2016-08-19 09:55:55 -04:00
.gitignore unit: drop console-shell.service (#4298) (#4325) 2016-10-10 12:06:26 +02:00
basic.target Merge pull request #2565 from poettering/fix-2315 2016-02-09 19:13:15 -05:00
bluetooth.target
busnames.target units: install busnames.target by default 2013-12-03 01:18:26 +01:00
console-getty.service.m4.in console-getty.service: don't start when /dev/console is missing 2015-03-17 12:40:56 +01:00
container-getty@.service.m4.in units: fix all TTY paths for container gettys 2015-01-27 14:31:44 +01:00
cryptsetup-pre.target cryptsetup: introduce new cryptsetup-pre.traget unit so that services can make sure they are started before and stopped after any LUKS setup 2014-06-18 00:09:46 +02:00
cryptsetup.target
debug-shell.service.in debug-shell: add condition for tty device to run on 2014-06-12 22:26:43 +02:00
dev-hugepages.mount units: disable /dev/hugepages in private user namespaces 2016-10-26 20:12:52 -04:00
dev-mqueue.mount units: don't try to mount the mqueue fs if we lack the privileges for it 2016-02-11 02:45:11 +00:00
emergency.service.in emergency.service: Don't say "Welcome" when it's an emergency (#3569) 2016-06-21 16:09:47 +02:00
emergency.target
exit.target containers: systemd exits with non-zero code 2015-09-21 17:32:45 +02:00
final.target
getty.target
getty@.service.m4 getty@.service.m4: add Conflicts=/Before= against rescue.service (#3792) 2016-07-25 16:18:00 +02:00
graphical.target units: make graphical.target dependencies more complete and similar to those of multi-user.target 2014-12-29 17:00:05 +01:00
halt-local.service.in
halt.target
hibernate.target
hybrid-sleep.target
initrd-cleanup.service.in core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable 2013-11-26 02:26:31 +01:00
initrd-fs.target core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable 2013-11-26 02:26:31 +01:00
initrd-parse-etc.service.in initrd-parse-etc.service: ignore return code of daemon-reload 2014-09-03 13:28:31 +02:00
initrd-root-device.target Create initrd-root-device.target synchronization point (#3239) 2016-05-12 18:42:39 +02:00
initrd-root-fs.target core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable 2013-11-26 02:26:31 +01:00
initrd-switch-root.service.in core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable 2013-11-26 02:26:31 +01:00
initrd-switch-root.target units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) 2016-10-11 14:36:14 +02:00
initrd-udevadm-cleanup-db.service.in Move udevadm to rootbindir 2013-03-11 07:18:33 +01:00
initrd.target Create initrd-root-device.target synchronization point (#3239) 2016-05-12 18:42:39 +02:00
kexec.target
kmod-static-nodes.service.in kmod-static-nodes: don't run if module list is empty 2016-01-11 16:26:17 +01:00
ldconfig.service units: restore ConditionNeesUpdate=/etc in ldconfig.service (#3311) 2016-05-21 17:09:18 -04:00
local-fs-pre.target units: disallow manual starting of passive units 2013-03-26 15:15:39 +01:00
local-fs.target units: local-fs.target - don't pull in default dependencies 2014-06-29 16:20:33 +02:00
machine.slice logind: add infrastructure to keep track of machines, and move to slices 2013-06-20 03:49:59 +02:00
machines.target units: rework systemd-nspawn@.service unit 2014-12-29 17:00:05 +01:00
Makefile
multi-user.target units: drop [Install] section from multi-user.target and graphical.target 2014-01-17 20:27:35 +01:00
network-online.target units: order network-online.target after network.target 2014-06-11 15:00:45 +02:00
network-pre.target units: introduce network-pre.target as place to hook in firewalls 2014-06-11 12:14:55 +02:00
network.target units: introduce network-pre.target as place to hook in firewalls 2014-06-11 12:14:55 +02:00
nss-lookup.target units: disallow manual starting of passive units 2013-03-26 15:15:39 +01:00
nss-user-lookup.target units: disallow manual starting of passive units 2013-03-26 15:15:39 +01:00
org.freedesktop.hostname1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
org.freedesktop.import1.busname import: introduce new mini-daemon systemd-importd, and make machinectl a client to it 2015-01-22 04:02:07 +01:00
org.freedesktop.locale1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
org.freedesktop.login1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
org.freedesktop.machine1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
org.freedesktop.network1.busname units: networkd - fix busname to work on kdbus 2015-02-06 12:12:13 +01:00
org.freedesktop.resolve1.busname units: make resolved pull in its own .busname unit, but only on kdbus systems 2015-01-07 23:44:08 +01:00
org.freedesktop.systemd1.busname units: improve Description= for systemd's own busname unit 2015-01-07 23:44:08 +01:00
org.freedesktop.timedate1.busname units: remove "AllowUser=root own", the bus owner can always own names 2014-03-08 19:38:06 +01:00
paths.target units: introduce new timers.target and paths.target to hook timer/path units into for boot 2013-03-25 21:28:30 +01:00
poweroff.target units: restore job timeouts for poweroff and reboot 2014-11-06 08:17:45 -05:00
printer.target
proc-sys-fs-binfmt_misc.automount
proc-sys-fs-binfmt_misc.mount
quotaon.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
rc-local.service.in units: Add "GuessMainPID=no" to compatibility unit for rc-local (#3018) 2016-04-21 19:16:28 +02:00
reboot.target units: restore job timeouts for poweroff and reboot 2014-11-06 08:17:45 -05:00
remote-fs-pre.target units: disallow manual starting of passive units 2013-03-26 15:15:39 +01:00
remote-fs.target filesystem targets: disable default dependencies 2013-09-11 14:40:58 +02:00
rescue.service.in emergency.service: Don't say "Welcome" when it's an emergency (#3569) 2016-06-21 16:09:47 +02:00
rescue.target
rpcbind.target units: disallow manual starting of passive units 2013-03-26 15:15:39 +01:00
serial-getty@.service.m4 units/serial-getty@.service: use the default RestartSec 2014-07-15 23:51:10 -04:00
shutdown.target
sigpwr.target
sleep.target
slices.target core: general cgroup rework 2013-06-27 04:17:34 +02:00
smartcard.target
sockets.target
sound.target
suspend.target
swap.target
sys-fs-fuse-connections.mount units: disable /sys/fs/fuse/connections in private user namespaces (#4592) 2016-11-11 19:00:33 +01:00
sys-kernel-config.mount units: conditionalize configfs and debugfs with CAP_SYS_RAWIO 2014-07-04 03:24:42 +02:00
sys-kernel-debug.mount units: conditionalize configfs and debugfs with CAP_SYS_RAWIO 2014-07-04 03:24:42 +02:00
sysinit.target units: remove RefuseManualStart from units which are always around 2014-06-28 00:06:30 -04:00
syslog.socket
system-update.target readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
system.slice units: fix system.slice to require -.slice, instead of just want it 2015-11-11 16:04:16 +01:00
systemd-ask-password-console.path systemd-ask-password: make sure directory watch is started before cryptsetup (#3850) 2016-08-02 08:55:25 -04:00
systemd-ask-password-console.service.in units: run systemd-ask-password-console.service after systemd-vconsole-setup.service 2013-03-06 15:39:37 +01:00
systemd-ask-password-wall.path systemd-ask-password: make sure directory watch is started before cryptsetup (#3850) 2016-08-02 08:55:25 -04:00
systemd-ask-password-wall.service.in
systemd-backlight@.service.in units: so far we defaulted to 90s as default timeout for most things, let's do so for our oneshot services too 2015-02-02 21:34:32 +01:00
systemd-binfmt.service.in units: specify timeouts for more oneshot services 2015-04-28 08:52:17 -04:00
systemd-coredump.socket coredump: rework coredumping logic 2016-02-10 16:08:32 +01:00
systemd-coredump@.service.in coredump: rework coredumping logic 2016-02-10 16:08:32 +01:00
systemd-exit.service.in containers: systemd exits with non-zero code 2015-09-21 17:32:45 +02:00
systemd-firstboot.service.in units: run firstboot before sysusers, so that firstboot can initialize the root password 2014-10-23 01:24:59 +02:00
systemd-fsck-root.service.in fsck: remove fsckd again, but keep the door open for external replacement 2015-04-28 17:30:00 +02:00
systemd-fsck@.service.in units: make sure that fsck is executed before quotacheck 2016-05-10 14:10:17 +02:00
systemd-halt.service.in
systemd-hibernate-resume@.service.in systemd-hibernate-resume@.service: remove unnecessary ordering 2014-10-09 23:53:15 -04:00
systemd-hibernate.service.in
systemd-hostnamed.service.in units: further lock down our long-running services 2016-09-25 10:52:57 +02:00
systemd-hwdb-update.service.in Revert "hwdb: actually search /run/udev/hwdb.d" 2015-06-09 11:26:06 +02:00
systemd-hybrid-sleep.service.in
systemd-importd.service.in units: further lock down our long-running services 2016-09-25 10:52:57 +02:00
systemd-initctl.service.in
systemd-initctl.socket initctl: move /dev/initctl fifo into /run, replace it by symlink 2014-06-04 16:53:58 +02:00
systemd-journal-catalog-update.service.in units: so far we defaulted to 90s as default timeout for most things, let's do so for our oneshot services too 2015-02-02 21:34:32 +01:00
systemd-journal-flush.service.in units: so far we defaulted to 90s as default timeout for most things, let's do so for our oneshot services too 2015-02-02 21:34:32 +01:00
systemd-journal-gatewayd.service.in units: further lock down our long-running services 2016-09-25 10:52:57 +02:00
systemd-journal-gatewayd.socket journal-remote: add documents in the unit files 2015-12-15 10:51:12 +09:00
systemd-journal-remote.service.in units: further lock down our long-running services 2016-09-25 10:52:57 +02:00
systemd-journal-remote.socket journal-remote: add units and read certs from default locations 2014-07-15 22:23:49 -04:00
systemd-journal-upload.service.in units: journal-upload Wants= and After=network-online.target (#4354) 2016-10-12 11:13:13 +02:00
systemd-journald-audit.socket units: conditionalize audit multicast socket on CAP_AUDIT_READ 2015-05-20 17:40:05 +02:00
systemd-journald-dev-log.socket journald: also increase the SendBuffer of /dev/log to 8M 2014-08-13 18:53:05 +02:00
systemd-journald.service.in units: further lock down our long-running services 2016-09-25 10:52:57 +02:00
systemd-journald.socket journald: move /dev/log socket to /run 2014-06-04 16:53:58 +02:00
systemd-kexec.service.in
systemd-localed.service.in units: further lock down our long-running services 2016-09-25 10:52:57 +02:00
systemd-logind.service.in units: further lock down our long-running services 2016-09-25 10:52:57 +02:00
systemd-machine-id-commit.service.in machine-id-commit: merge machine-id-commit functionality into machine-id-setup 2015-09-29 21:55:51 +02:00
systemd-machined.service.in units: further lock down our long-running services 2016-09-25 10:52:57 +02:00
systemd-modules-load.service.in units: specify timeouts for more oneshot services 2015-04-28 08:52:17 -04:00
systemd-networkd-wait-online.service.in units: networkd - don't order wait-online.service before network.target 2014-06-30 13:06:33 +02:00
systemd-networkd.service.m4.in units: further lock down our long-running services 2016-09-25 10:52:57 +02:00
systemd-networkd.socket networkd: route - track routes 2015-10-30 12:32:48 +01:00
systemd-nspawn@.service.in nspawn: set DevicesPolicy closed and clean up duplicated devices 2016-07-22 16:08:26 +02:00
systemd-poweroff.service.in
systemd-quotacheck.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-random-seed.service.in units: do not start load-random-seed in containers (#3941) 2016-08-13 17:15:19 +02:00
systemd-reboot.service.in
systemd-remount-fs.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-resolved.service.m4.in units: further lock down our long-running services 2016-09-25 10:52:57 +02:00
systemd-rfkill.service.in rfkill: rework and make it listen on /dev/rfkill 2015-10-01 16:21:09 +02:00
systemd-rfkill.socket rfkill: rework and make it listen on /dev/rfkill 2015-10-01 16:21:09 +02:00
systemd-suspend.service.in
systemd-sysctl.service.in sysctl: run sysctl service if /proc/sys/net is writable (#4425) 2016-10-20 19:36:28 +02:00
systemd-sysusers.service.in units: specify timeouts for more oneshot services 2015-04-28 08:52:17 -04:00
systemd-timedated.service.in units: further lock down our long-running services 2016-09-25 10:52:57 +02:00
systemd-timesyncd.service.in units: further lock down our long-running services 2016-09-25 10:52:57 +02:00
systemd-tmpfiles-clean.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-tmpfiles-clean.timer man: link systemd-tmpfiles-setup-dev.service 2013-04-23 12:55:44 +02:00
systemd-tmpfiles-setup-dev.service.in units: tmpfiles-setup-dev - allow unsafe file creation to happen in /dev at boot 2014-10-27 17:40:24 +01:00
systemd-tmpfiles-setup.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-udev-settle.service.in udev: replace CAP_MKNOD by writable /sys condition 2013-08-17 19:07:42 +02:00
systemd-udev-trigger.service.in units: move After=systemd-hwdb-update.service dependency from udev to udev-trigger 2015-04-03 14:27:16 +02:00
systemd-udevd-control.socket units: remove udev control socket when systemd stops the socket unit (#4039) 2016-08-26 00:07:58 +02:00
systemd-udevd-kernel.socket units: make ReceiveBuffer= line more readable by using M suffix 2014-11-03 21:51:28 +01:00
systemd-udevd.service.in units: systemd-udevd: add AF_INET and AF_INET6 to RestrictAddressFamilies= (#4296) 2016-10-06 15:40:53 +02:00
systemd-update-done.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-update-utmp-runlevel.service.in utmp: turn systemd-update-utmp-shutdown.service into a normal runtime service 2013-05-16 00:19:03 +02:00
systemd-update-utmp.service.in readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
systemd-user-sessions.service.in units: order systemd-user-sessions.service after network.target 2016-04-22 16:17:00 +02:00
systemd-vconsole-setup.service.in vconsole: Don't do static installation under sysinit.target 2016-07-27 00:57:01 +02:00
time-sync.target units: time-sync.target probably makes sense, is not just sysv compat 2014-06-11 12:14:55 +02:00
timers.target unit: do not order timers.target before basic.target 2014-11-02 12:33:54 -05:00
tmp.mount.m4 units: add nosuid and nodev options to tmp.mount (#3575) 2016-06-22 12:32:59 +02:00
umount.target
user.slice logind: add infrastructure to keep track of machines, and move to slices 2013-06-20 03:49:59 +02:00
user@.service.m4.in units: extend stop timeout for user@.service to 120s (#4426) 2016-10-20 17:45:27 +02:00
var-lib-machines.mount units: add missing unit file 2015-02-24 18:46:49 +01:00