diff options
| author | Adrian Szyndela <adrian.s@samsung.com> | 2020-03-27 09:11:55 +0100 |
|---|---|---|
| committer | Adrian Szyndela <adrian.s@samsung.com> | 2020-03-27 09:11:55 +0100 |
| commit | b0d0a1cb41408251e852bce998aff876fda0b214 (patch) | |
| tree | 7c0539331c52802a9609c708150e3d7fb4283dd7 /units | |
| parent | a70b405fa3b2c4e93db2b3bd858d70b5ef559a1e (diff) | |
| parent | 1e5d2d656420d0e755dbcf72aeba3c3aba54e956 (diff) | |
| download | systemd-b0d0a1cb41408251e852bce998aff876fda0b214.tar.gz systemd-b0d0a1cb41408251e852bce998aff876fda0b214.tar.bz2 systemd-b0d0a1cb41408251e852bce998aff876fda0b214.zip | |
Merge v242 into tizen
systemd v242
Diffstat (limited to 'units')
32 files changed, 86 insertions, 35 deletions
diff --git a/units/dev-mqueue.mount b/units/dev-mqueue.mount index be32433d6c..0114ad31f0 100644 --- a/units/dev-mqueue.mount +++ b/units/dev-mqueue.mount @@ -20,3 +20,4 @@ ConditionCapability=CAP_SYS_ADMIN What=mqueue Where=/dev/mqueue Type=mqueue +Options=nosuid,nodev,noexec diff --git a/units/meson.build b/units/meson.build index 7916ec6466..e862cebb3a 100644 --- a/units/meson.build +++ b/units/meson.build @@ -21,7 +21,7 @@ units = [ ['halt.target', ''], ['hibernate.target', 'ENABLE_HIBERNATE'], ['hybrid-sleep.target', 'ENABLE_HIBERNATE'], - ['suspend-then-hibernate.target', 'ENABLE_HIBERNATE'], + ['suspend-then-hibernate.target', 'ENABLE_HIBERNATE'], ['initrd-fs.target', ''], ['initrd-root-device.target', ''], ['initrd-root-fs.target', ''], @@ -33,8 +33,7 @@ units = [ ['local-fs-pre.target', ''], ['local-fs.target', ''], ['machine.slice', 'ENABLE_MACHINED'], - ['machines.target', 'ENABLE_MACHINED', - join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], + ['machines.target', 'ENABLE_MACHINED'], ['multi-user.target', '', 'runlevel2.target runlevel3.target runlevel4.target'], ['network-online.target', ''], @@ -51,11 +50,9 @@ units = [ ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], ['reboot.target', '', 'runlevel6.target ctrl-alt-del.target'], - ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP', - join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], + ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP'], ['remote-fs-pre.target', ''], - ['remote-fs.target', '', - join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], + ['remote-fs.target', ''], ['rescue.target', '', 'runlevel1.target'], ['rpcbind.target', ''], @@ -97,8 +94,7 @@ units = [ 'sockets.target.wants/'], ['systemd-journald.socket', '', 'sockets.target.wants/'], - ['systemd-networkd.socket', 'ENABLE_NETWORKD', - join_paths(pkgsysconfdir, 'system/sockets.target.wants/')], + ['systemd-networkd.socket', 'ENABLE_NETWORKD'], ['systemd-poweroff.service', ''], ['systemd-reboot.service', ''], ['systemd-rfkill.socket', 'ENABLE_RFKILL'], @@ -108,6 +104,7 @@ units = [ 'sockets.target.wants/'], ['systemd-udevd-kernel.socket', '', 'sockets.target.wants/'], + ['time-set.target', ''], ['time-sync.target', ''], ['timers.target', ''], ['umount.target', ''], @@ -177,22 +174,16 @@ in_units = [ 'dbus-org.freedesktop.machine1.service'], ['systemd-modules-load.service', 'HAVE_KMOD', 'sysinit.target.wants/'], - ['systemd-networkd.service', 'ENABLE_NETWORKD', - join_paths(pkgsysconfdir, 'system/dbus-org.freedesktop.network1.service') + ' ' + - join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], - ['systemd-networkd-wait-online.service', 'ENABLE_NETWORKD', - join_paths(pkgsysconfdir, 'system/network-online.target.wants/')], + ['systemd-networkd.service', 'ENABLE_NETWORKD'], + ['systemd-networkd-wait-online.service', 'ENABLE_NETWORKD'], ['systemd-nspawn@.service', ''], ['systemd-portabled.service', 'ENABLE_PORTABLED', 'dbus-org.freedesktop.portable1.service'], ['systemd-quotacheck.service', 'ENABLE_QUOTACHECK'], ['systemd-random-seed.service', 'ENABLE_RANDOMSEED', 'sysinit.target.wants/'], - ['systemd-remount-fs.service', '', - 'local-fs.target.wants/'], - ['systemd-resolved.service', 'ENABLE_RESOLVE', - join_paths(pkgsysconfdir, 'system/dbus-org.freedesktop.resolve1.service') + ' ' + - join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], + ['systemd-remount-fs.service', ''], + ['systemd-resolved.service', 'ENABLE_RESOLVE'], ['systemd-rfkill.service', 'ENABLE_RFKILL'], ['systemd-suspend.service', ''], ['systemd-sysctl.service', '', @@ -201,8 +192,7 @@ in_units = [ 'sysinit.target.wants/'], ['systemd-timedated.service', 'ENABLE_TIMEDATED', 'dbus-org.freedesktop.timedate1.service'], - ['systemd-timesyncd.service', 'ENABLE_TIMESYNCD', - join_paths(pkgsysconfdir, 'system/sysinit.target.wants/')], + ['systemd-timesyncd.service', 'ENABLE_TIMESYNCD'], ['systemd-time-wait-sync.service', 'ENABLE_TIMESYNCD'], ['systemd-tmpfiles-clean.service', 'ENABLE_TMPFILES'], ['systemd-tmpfiles-setup-dev.service', 'ENABLE_TMPFILES', @@ -239,8 +229,7 @@ m4_units = [ ['console-getty.service', ''], ['container-getty@.service', ''], ['getty@.service', '', - 'autovt@.service ' + - join_paths(pkgsysconfdir, 'system/getty.target.wants/getty@tty1.service')], + 'autovt@.service '], ['serial-getty@.service', ''], ['tmp.mount', '', 'local-fs.target.wants/'], diff --git a/units/proc-sys-fs-binfmt_misc.mount b/units/proc-sys-fs-binfmt_misc.mount index 091191e139..66229ec78e 100644 --- a/units/proc-sys-fs-binfmt_misc.mount +++ b/units/proc-sys-fs-binfmt_misc.mount @@ -17,3 +17,4 @@ DefaultDependencies=no What=binfmt_misc Where=/proc/sys/fs/binfmt_misc Type=binfmt_misc +Options=nosuid,nodev,noexec diff --git a/units/sys-fs-fuse-connections.mount b/units/sys-fs-fuse-connections.mount index 7e7b05c3a2..7bbc342be8 100644 --- a/units/sys-fs-fuse-connections.mount +++ b/units/sys-fs-fuse-connections.mount @@ -22,3 +22,4 @@ Before=sysinit.target What=fusectl Where=/sys/fs/fuse/connections Type=fusectl +Options=nosuid,nodev,noexec diff --git a/units/sys-kernel-config.mount b/units/sys-kernel-config.mount index e213ca58b3..e6997884dc 100644 --- a/units/sys-kernel-config.mount +++ b/units/sys-kernel-config.mount @@ -21,3 +21,4 @@ Before=sysinit.target What=configfs Where=/sys/kernel/config Type=configfs +Options=nosuid,nodev,noexec diff --git a/units/sys-kernel-debug.mount b/units/sys-kernel-debug.mount index 53ce820b87..618270ddae 100644 --- a/units/sys-kernel-debug.mount +++ b/units/sys-kernel-debug.mount @@ -20,3 +20,4 @@ Before=sysinit.target What=debugfs Where=/sys/kernel/debug Type=debugfs +Options=nosuid,nodev,noexec diff --git a/units/system-update-cleanup.service b/units/system-update-cleanup.service index 58baab3023..d5eca2546b 100644 --- a/units/system-update-cleanup.service +++ b/units/system-update-cleanup.service @@ -9,7 +9,7 @@ [Unit] Description=Remove the Offline System Updates symlink -Documentation=man:systemd.special(5) man:systemd.offline-updates(7) +Documentation=man:systemd.special(7) man:systemd.offline-updates(7) After=system-update.target DefaultDependencies=no Conflicts=shutdown.target diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in index ffcb5f36ca..afb2ab9d17 100644 --- a/units/systemd-coredump@.service.in +++ b/units/systemd-coredump@.service.in @@ -29,12 +29,14 @@ PrivateNetwork=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes +ProtectHostname=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectSystem=strict RestrictAddressFamilies=AF_UNIX RestrictNamespaces=yes RestrictRealtime=yes +RestrictSUIDSGID=yes RuntimeMaxSec=5min StateDirectory=systemd/coredump SystemCallArchitectures=native diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in index 6cdbe1bada..d9646c94e4 100644 --- a/units/systemd-hostnamed.service.in +++ b/units/systemd-hostnamed.service.in @@ -32,6 +32,7 @@ ReadWritePaths=/etc RestrictAddressFamilies=AF_UNIX RestrictNamespaces=yes RestrictRealtime=yes +RestrictSUIDSGID=yes SmackProcessLabel=System SystemCallArchitectures=native SystemCallErrorNumber=EPERM diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in index 20704a8232..38b7d7e94b 100644 --- a/units/systemd-importd.service.in +++ b/units/systemd-importd.service.in @@ -20,6 +20,7 @@ KillMode=mixed CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE NoNewPrivileges=yes MemoryDenyWriteExecute=yes +ProtectHostname=yes RestrictRealtime=yes RestrictNamespaces=net RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 diff --git a/units/systemd-journal-catalog-update.service.in b/units/systemd-journal-catalog-update.service.in index f735cd08d7..cc3cdca1bf 100644 --- a/units/systemd-journal-catalog-update.service.in +++ b/units/systemd-journal-catalog-update.service.in @@ -12,7 +12,7 @@ Description=Rebuild Journal Catalog Documentation=man:systemd-journald.service(8) man:journald.conf(5) DefaultDependencies=no Conflicts=shutdown.target -After=local-fs.target +After=local-fs.target systemd-tmpfiles-setup.service Before=sysinit.target shutdown.target systemd-update-done.service ConditionNeedsUpdate=/var diff --git a/units/systemd-journal-gatewayd.service.in b/units/systemd-journal-gatewayd.service.in index ebc8bf9a25..50f774512b 100644 --- a/units/systemd-journal-gatewayd.service.in +++ b/units/systemd-journal-gatewayd.service.in @@ -17,11 +17,11 @@ DynamicUser=yes ExecStart=@rootlibexecdir@/systemd-journal-gatewayd LockPersonality=yes MemoryDenyWriteExecute=yes -NoNewPrivileges=yes PrivateDevices=yes PrivateNetwork=yes ProtectControlGroups=yes ProtectHome=yes +ProtectHostname=yes ProtectKernelModules=yes ProtectKernelTunables=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in index 29a99aaec1..dd6322e62c 100644 --- a/units/systemd-journal-remote.service.in +++ b/units/systemd-journal-remote.service.in @@ -23,12 +23,14 @@ PrivateNetwork=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes +ProtectHostname=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectSystem=strict RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes +RestrictSUIDSGID=yes SystemCallArchitectures=native User=systemd-journal-remote WatchdogSec=3min diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in index 92cd4e5259..e3800473ec 100644 --- a/units/systemd-journal-upload.service.in +++ b/units/systemd-journal-upload.service.in @@ -18,10 +18,10 @@ DynamicUser=yes ExecStart=@rootlibexecdir@/systemd-journal-upload --save-state LockPersonality=yes MemoryDenyWriteExecute=yes -NoNewPrivileges=yes PrivateDevices=yes ProtectControlGroups=yes ProtectHome=yes +ProtectHostname=yes ProtectKernelModules=yes ProtectKernelTunables=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index 3a3153eb94..9c2ebf00c3 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -28,6 +28,7 @@ RestartSec=0 RestrictAddressFamilies=AF_UNIX AF_NETLINK RestrictNamespaces=yes RestrictRealtime=yes +RestrictSUIDSGID=yes SmackProcessLabel=System Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket StandardOutput=null diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in index 32ead88570..e8ab03f120 100644 --- a/units/systemd-localed.service.in +++ b/units/systemd-localed.service.in @@ -25,6 +25,7 @@ PrivateNetwork=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes +ProtectHostname=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectSystem=strict @@ -32,6 +33,7 @@ ReadWritePaths=/etc RestrictAddressFamilies=AF_UNIX RestrictNamespaces=yes RestrictRealtime=yes +RestrictSUIDSGID=yes SmackProcessLabel=System SystemCallArchitectures=native SystemCallErrorNumber=EPERM diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in index 566b8074f0..7b00a081b3 100644 --- a/units/systemd-logind.service.in +++ b/units/systemd-logind.service.in @@ -22,18 +22,28 @@ After=dbus.socket [Service] BusName=org.freedesktop.login1 -CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG CAP_LINUX_IMMUTABLE ExecStart=@rootlibexecdir@/systemd-logind FileDescriptorStoreMax=512 IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelModules=yes +ProtectSystem=strict +ReadWritePaths=/etc /run Restart=always RestartSec=0 RestrictAddressFamilies=AF_UNIX AF_NETLINK RestrictNamespaces=yes RestrictRealtime=yes +RestrictSUIDSGID=yes +RuntimeDirectory=systemd/sessions systemd/seats systemd/users systemd/inhibit systemd/shutdown +RuntimeDirectoryPreserve=yes SmackProcessLabel=System::Privileged SystemCallArchitectures=native SystemCallErrorNumber=EPERM diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in index 6e64be1f33..e7f985922b 100644 --- a/units/systemd-machined.service.in +++ b/units/systemd-machined.service.in @@ -23,6 +23,7 @@ IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes +ProtectHostname=yes RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 RestrictRealtime=yes SmackProcessLabel=System diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in index c4dc6793f4..d296ccb79f 100644 --- a/units/systemd-networkd.service.in +++ b/units/systemd-networkd.service.in @@ -39,6 +39,7 @@ RestartSec=0 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET RestrictNamespaces=yes RestrictRealtime=yes +RestrictSUIDSGID=yes RuntimeDirectory=systemd/netif RuntimeDirectoryPreserve=yes SystemCallArchitectures=native diff --git a/units/systemd-portabled.service.in b/units/systemd-portabled.service.in index a44cdb30a4..a8eab94d02 100644 --- a/units/systemd-portabled.service.in +++ b/units/systemd-portabled.service.in @@ -18,6 +18,7 @@ BusName=org.freedesktop.portable1 WatchdogSec=3min CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD MemoryDenyWriteExecute=yes +ProtectHostname=yes RestrictRealtime=yes RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 SystemCallFilter=@system-service @mount diff --git a/units/systemd-remount-fs.service.in b/units/systemd-remount-fs.service.in index fd645e0882..8c736b89f7 100644 --- a/units/systemd-remount-fs.service.in +++ b/units/systemd-remount-fs.service.in @@ -16,7 +16,6 @@ Conflicts=shutdown.target After=systemd-fsck-root.service Before=local-fs-pre.target local-fs.target shutdown.target Wants=local-fs-pre.target -ConditionPathExists=/etc/fstab [Service] Type=oneshot diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in index c2c783c3bc..26e0f5b21c 100644 --- a/units/systemd-resolved.service.in +++ b/units/systemd-resolved.service.in @@ -43,6 +43,7 @@ RestartSec=0 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes +RestrictSUIDSGID=yes RuntimeDirectory=systemd/resolve RuntimeDirectoryPreserve=yes SystemCallArchitectures=native diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in index 6d53024195..df546f471f 100644 --- a/units/systemd-timedated.service.in +++ b/units/systemd-timedated.service.in @@ -23,6 +23,7 @@ NoNewPrivileges=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes +ProtectHostname=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectSystem=strict @@ -30,6 +31,7 @@ ReadWritePaths=/etc RestrictAddressFamilies=AF_UNIX RestrictNamespaces=yes RestrictRealtime=yes +RestrictSUIDSGID=yes SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service @clock diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in index 03ade45d08..2d8d14f6de 100644 --- a/units/systemd-timesyncd.service.in +++ b/units/systemd-timesyncd.service.in @@ -14,9 +14,9 @@ ConditionCapability=CAP_SYS_TIME ConditionVirtualization=!container DefaultDependencies=no After=systemd-remount-fs.service systemd-sysusers.service -Before=time-sync.target sysinit.target shutdown.target +Before=time-set.target sysinit.target shutdown.target Conflicts=shutdown.target -Wants=time-sync.target +Wants=time-set.target time-sync.target [Service] AmbientCapabilities=CAP_SYS_TIME @@ -29,6 +29,7 @@ PrivateDevices=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes +ProtectHostname=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectSystem=strict @@ -37,6 +38,7 @@ RestartSec=0 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes +RestrictSUIDSGID=yes RuntimeDirectory=systemd/timesync StateDirectory=systemd/timesync SystemCallArchitectures=native diff --git a/units/systemd-tmpfiles-clean.service.in b/units/systemd-tmpfiles-clean.service.in index 7c2a5631dd..485c9bb108 100644 --- a/units/systemd-tmpfiles-clean.service.in +++ b/units/systemd-tmpfiles-clean.service.in @@ -12,7 +12,7 @@ Description=Cleanup of Temporary Directories Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) DefaultDependencies=no Conflicts=shutdown.target -After=local-fs.target time-sync.target +After=local-fs.target time-set.target Before=shutdown.target [Service] diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in index 369e6da4d5..cba13367ff 100644 --- a/units/systemd-udevd.service.in +++ b/units/systemd-udevd.service.in @@ -27,9 +27,11 @@ WatchdogSec=3min TasksMax=infinity SmackProcessLabel=System::Privileged PrivateMounts=yes +ProtectHostname=yes MemoryDenyWriteExecute=yes -RestrictRealtime=yes RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +RestrictRealtime=yes +RestrictSUIDSGID=yes SystemCallFilter=@system-service @module @raw-io SystemCallErrorNumber=EPERM SystemCallArchitectures=native diff --git a/units/time-set.target b/units/time-set.target new file mode 100644 index 0000000000..6b40033529 --- /dev/null +++ b/units/time-set.target @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=System Time Set +Documentation=man:systemd.special(7) +RefuseManualStart=yes diff --git a/units/time-sync.target b/units/time-sync.target index 1533c7c33c..9106502e8b 100644 --- a/units/time-sync.target +++ b/units/time-sync.target @@ -11,3 +11,5 @@ Description=System Time Synchronized Documentation=man:systemd.special(7) RefuseManualStart=yes +After=time-set.target +Wants=time-set.target diff --git a/units/tmp.mount.m4 b/units/tmp.mount.m4 index 3025e919dd..6ef46d32bd 100644 --- a/units/tmp.mount.m4 +++ b/units/tmp.mount.m4 @@ -9,7 +9,8 @@ [Unit] Description=Temporary Directory (/tmp) -Documentation=man:hier(7) +Documentation=https://systemd.io/TEMPORARY_DIRECTORIES +Documentation=man:file-hierarchy(7) Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems ConditionPathIsSymbolicLink=!/tmp DefaultDependencies=no diff --git a/units/usb-gadget.target b/units/usb-gadget.target new file mode 100644 index 0000000000..c666683a98 --- /dev/null +++ b/units/usb-gadget.target @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Hardware activated USB gadget +Documentation=man:systemd.special(7) diff --git a/units/user/default.target b/units/user/default.target index da319ce675..c50638c918 100644 --- a/units/user/default.target +++ b/units/user/default.target @@ -8,7 +8,7 @@ # (at your option) any later version. [Unit] -Description=Default +Description=Main User Target Documentation=man:systemd.special(7) Requires=basic.target After=basic.target diff --git a/units/user@.service.in b/units/user@.service.in index f661e796e5..fe6603b9f6 100644 --- a/units/user@.service.in +++ b/units/user@.service.in @@ -31,3 +31,4 @@ Capabilities=cap_sys_admin,cap_mac_admin,cap_setgid,cap_dac_override=i SecureBits=keep-caps TimeoutStartSec=infinity TimeoutStopSec=120s +KeyringMode=inherit |