morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-15 08:56:15 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
625077264ba01a108386eeea733ee244e6b7ff14
systemd/units
History
Iain Lane 625077264b units: Split modprobing out into a separate service unit 
Devices referred to by `DeviceAllow=` sandboxing are resolved into their
corresponding major numbers when the unit is loaded by looking at
`/proc/devices`. If a reference is made to a device which is not yet
available, the `DeviceAllow` is ignored and the unit's processes cannot
access that device.

In both logind and nspawn, we have `DeviceAllow=` lines, and `modprobe`
in `ExecStartPre=` to load some kernel modules. Those kernel modules
cause device nodes to become available when they are loaded: the device
nodes may not exist when the unit itself is loaded. This means that the
unit's processes will not be able to access the device since the
`DeviceAllow=` will have been resolved earlier and denied it.

One way to fix this would be to re-evaluate the available devices and
re-apply the policy to the cgroup, but this cannot work atomically on
cgroupsv1. So we fall back to a second approach: instead of running
`modprobe` via `ExecStartPre`, we move this out to a separate unit and
order it before the units which want the module.

Closes #14322.
Fixes: #13943.
2020-01-07 18:37:30 +01:00
..
user
units: use symbolic exit code names
2019-07-29 15:54:53 +02:00
user-.slice.d
units: set StopWhenUnneeded= for the user slice units too
2018-10-13 12:59:29 +02:00
basic.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
bluetooth.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
boot-complete.target
units: add generic boot-complete.target
2018-10-19 22:34:50 +02:00
console-getty.service.m4
unit,meson: drop .in suffix if no substitution is required (#8740)
2018-04-17 19:49:10 +02:00
container-getty@.service.m4
unit,meson: drop .in suffix if no substitution is required (#8740)
2018-04-17 19:49:10 +02:00
cryptsetup-pre.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
cryptsetup.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
debug-shell.service.in
units: drop reference to sushell man page
2019-04-29 17:06:52 +02:00
dev-hugepages.mount
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
dev-mqueue.mount
units: set nodev,nosuid,noexec flags for various secondary API VFS
2019-03-25 19:39:00 +01:00
emergency.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
emergency.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
exit.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
final.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
getty-pre.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
getty.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
getty@.service.m4
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
graphical.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
halt.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
hibernate.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
hybrid-sleep.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
initrd-cleanup.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
initrd-fs.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
initrd-parse-etc.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
initrd-root-device.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
initrd-root-fs.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
initrd-switch-root.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
initrd-switch-root.target
units: make sure initrd-cleanup.service terminates before switching to rootfs
2019-01-28 13:41:28 +01:00
initrd-udevadm-cleanup-db.service.in
initrd: make udev cleanup service confict trigger and settle too
2019-12-17 21:38:11 +01:00
initrd.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
kexec.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
kmod-static-nodes.service.in
Rename tmpfiles.d/kmod.conf to static-nodes.conf
2019-08-19 11:05:58 +02:00
ldconfig.service
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
local-fs-pre.target
Revert "cryptsetup: umount encrypted devices before detaching it during shutdown"
2019-12-19 10:42:14 +01:00
local-fs.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
machine.slice
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
machines.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
meson-add-wants.sh
scripts: use 4 space indentation
2019-04-12 08:30:31 +02:00
meson.build
units: Split modprobing out into a separate service unit
2020-01-07 18:37:30 +01:00
modprobe@.service
units: Split modprobing out into a separate service unit
2020-01-07 18:37:30 +01:00
multi-user.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
network-online.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
network-pre.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
network.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
nss-lookup.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
nss-user-lookup.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
paths.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
poweroff.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
printer.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
proc-sys-fs-binfmt_misc.automount
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
proc-sys-fs-binfmt_misc.mount
units: make systemd-binfmt.service easier to work with no autofs
2019-09-25 23:44:01 +09:00
quotaon.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
rc-local.service.in
man: add a systemd-rc-local-generator(8) man page
2017-12-26 12:13:51 +01:00
reboot.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
remote-cryptsetup.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
remote-fs-pre.target
Revert "cryptsetup: umount encrypted devices before detaching it during shutdown"
2019-12-19 10:42:14 +01:00
remote-fs.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
rescue.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
rescue.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
rpcbind.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
serial-getty@.service.m4
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
shutdown.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
sigpwr.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
sleep.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
slices.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
smartcard.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
sockets.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
sound.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
suspend-then-hibernate.target
Fix description on suspend-then-hibernate units.
2018-03-28 15:26:18 -05:00
suspend.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
swap.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
sys-fs-fuse-connections.mount
units: set nodev,nosuid,noexec flags for various secondary API VFS
2019-03-25 19:39:00 +01:00
sys-kernel-config.mount
units: set nodev,nosuid,noexec flags for various secondary API VFS
2019-03-25 19:39:00 +01:00
sys-kernel-debug.mount
units: set nodev,nosuid,noexec flags for various secondary API VFS
2019-03-25 19:39:00 +01:00
sysinit.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
syslog.socket
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
system-systemd\x2dcryptsetup.slice
crypsetup: introduce x-initrd.attach option
2019-12-05 11:43:02 +01:00
system-update-cleanup.service
service: tweak capitalization of unit description
2019-05-24 10:48:28 +02:00
system-update-pre.target
units: make system-update-pre.target a passive unit (#9349)
2018-06-20 12:46:18 +02:00
system-update.target
units: fix typo in After=
2018-06-20 18:14:43 +02:00
systemd-ask-password-console.path
emergency: make sure console password agents don't interfere with the emergency shell
2018-09-26 18:13:32 +02:00
systemd-ask-password-console.service.in
emergency: make sure console password agents don't interfere with the emergency shell
2018-09-26 18:13:32 +02:00
systemd-ask-password-wall.path
emergency: make sure console password agents don't interfere with the emergency shell
2018-09-26 18:13:32 +02:00
systemd-ask-password-wall.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-backlight@.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-binfmt.service.in
units: make systemd-binfmt.service easier to work with no autofs
2019-09-25 23:44:01 +09:00
systemd-bless-boot.service.in
add new systemd-bless-boot.service that marks boots as successful
2018-10-19 22:34:50 +02:00
systemd-boot-check-no-failures.service.in
units: add simple boot check unit
2018-10-19 22:34:50 +02:00
systemd-boot-system-token.service.in
bootctl: make 'random-seed' handle inability to write system token EFI variable gracefully
2019-11-21 19:55:17 +01:00
systemd-coredump.socket
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-coredump@.service.in
units: set ProtectKernelLogs=yes on relevant units
2019-11-15 00:59:54 -08:00
systemd-exit.service
units: fix Description= of systemd-exit.service
2018-11-16 12:25:35 +01:00
systemd-firstboot.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-fsck-root.service.in
units: make fsck/grows/makefs/makeswap units conflict against shutdown.target
2018-11-26 22:18:16 +01:00
systemd-fsck@.service.in
units: make fsck/grows/makefs/makeswap units conflict against shutdown.target
2018-11-26 22:18:16 +01:00
systemd-halt.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-hibernate-resume@.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-hibernate.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-hostnamed.service.in
units: set ProtectKernelLogs=yes on relevant units
2019-11-15 00:59:54 -08:00
systemd-hwdb-update.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-hybrid-sleep.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-importd.service.in
meson: allow WatchdogSec= in services to be configured
2019-10-25 17:20:24 +02:00
systemd-initctl.service.in
units: set NoNewPrivileges= for all long-running services
2018-11-12 19:02:55 +01:00
systemd-initctl.socket
units: initctl: move the fifo to /run/initctl to match sysvinit
2018-03-30 16:52:14 -04:00
systemd-journal-catalog-update.service.in
units: update catalog after systemd-tmpfiles runs
2019-03-14 11:28:19 +01:00
systemd-journal-flush.service.in
units: automatically revert to /run logging on shutdown if necessary
2019-05-09 14:26:42 -04:00
systemd-journal-gatewayd.service.in
units: set ProtectKernelLogs=yes on relevant units
2019-11-15 00:59:54 -08:00
systemd-journal-gatewayd.socket
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-journal-remote.service.in
units: set ProtectKernelLogs=yes on relevant units
2019-11-15 00:59:54 -08:00
systemd-journal-remote.socket
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-journal-upload.service.in
units: set ProtectKernelLogs=yes on relevant units
2019-11-15 00:59:54 -08:00
systemd-journald-audit.socket
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-journald-dev-log.socket
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-journald.service.in
meson: allow WatchdogSec= in services to be configured
2019-10-25 17:20:24 +02:00
systemd-journald.socket
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-kexec.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-localed.service.in
units: set ProtectKernelLogs=yes on relevant units
2019-11-15 00:59:54 -08:00
systemd-logind.service.in
units: Split modprobing out into a separate service unit
2020-01-07 18:37:30 +01:00
systemd-machine-id-commit.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-machined.service.in
units: set ProtectKernelLogs=yes on relevant units
2019-11-15 00:59:54 -08:00
systemd-modules-load.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-network-generator.service.in
unit: rename initrd-network-generator.service -> systemd-network-generator.service
2019-07-30 02:30:09 +09:00
systemd-networkd-wait-online.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-networkd.service.in
units: set ProtectKernelLogs=yes on relevant units
2019-11-15 00:59:54 -08:00
systemd-networkd.socket
network: bump netlink receive buffer size to 128M
2020-01-02 10:29:41 +01:00
systemd-nspawn@.service.in
units: Split modprobing out into a separate service unit
2020-01-07 18:37:30 +01:00
systemd-portabled.service.in
units: set ProtectKernelLogs=yes on relevant units
2019-11-15 00:59:54 -08:00
systemd-poweroff.service
units: use SuccessAction=poweroff-force in systemd-poweroff.service
2018-10-17 19:31:50 +02:00
systemd-pstore.service.in
pstore: run only when /sys/fs/pstore is not empty
2019-07-22 14:31:21 +09:00
systemd-quotacheck.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-random-seed.service.in
unit: drop Before=sysinit.target from systemd-random-seed.service
2019-08-05 20:21:38 +02:00
systemd-reboot.service
units: use SuccessAction=reboot-force in systemd-reboot.service
2018-10-17 19:31:50 +02:00
systemd-remount-fs.service.in
Pull in systemd-remount-fs.service only when required
2019-01-03 15:30:28 +01:00
systemd-resolved.service.in
units: set ProtectKernelLogs=yes on relevant units
2019-11-15 00:59:54 -08:00
systemd-rfkill.service.in
units: set NoNewPrivileges= for all long-running services
2018-11-12 19:02:55 +01:00
systemd-rfkill.socket
units: order systemd-rfkill.socket after /var/lib/systemd/rfkill (#10904)
2018-11-24 23:59:37 +09:00
systemd-suspend-then-hibernate.service.in
Fix description on suspend-then-hibernate units.
2018-03-28 15:26:18 -05:00
systemd-suspend.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-sysctl.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-sysusers.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-time-wait-sync.service.in
units: document why systemd-time-wait-sync.service conditions on CAP_SYS_TIME (#8555)
2018-03-22 23:41:54 +03:00
systemd-timedated.service.in
units: set ProtectKernelLogs=yes on relevant units
2019-11-15 00:59:54 -08:00
systemd-timesyncd.service.in
units: set ProtectKernelLogs=yes on relevant units
2019-11-15 00:59:54 -08:00
systemd-tmpfiles-clean.service.in
units: use symbolic exit code names
2019-07-29 15:54:53 +02:00
systemd-tmpfiles-clean.timer
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-tmpfiles-setup-dev.service.in
units: use symbolic exit code names
2019-07-29 15:54:53 +02:00
systemd-tmpfiles-setup.service.in
units: use symbolic exit code names
2019-07-29 15:54:53 +02:00
systemd-udev-settle.service.in
man: add a page for systemd-udev-settle.service
2019-04-10 10:12:43 +02:00
systemd-udev-trigger.service.in
units: let's use two ExecStart= lines instead of ;
2018-06-20 23:59:29 +02:00
systemd-udevd-control.socket
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-udevd-kernel.socket
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-udevd.service.in
meson: allow WatchdogSec= in services to be configured
2019-10-25 17:20:24 +02:00
systemd-update-done.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-update-utmp-runlevel.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-update-utmp.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-user-sessions.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-vconsole-setup.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
systemd-volatile-root.service.in
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
time-set.target
units: add time-set.target
2019-04-08 14:34:05 +02:00
time-sync.target
units: add time-set.target
2019-04-08 14:34:05 +02:00
timers.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
tmp.mount
man,units: link up new documentation about temporary directories
2019-02-20 18:31:18 +01:00
umount.target
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
usb-gadget.target
units: add usb-gadget target
2019-02-15 18:16:27 +01:00
user-runtime-dir@.service.in
units: use =yes rather than =true everywhere
2018-10-13 12:59:29 +02:00
user.slice
Add SPDX license headers to unit files
2017-11-19 19:08:15 +01:00
user@.service.in
units: turn off keyring handling for user@.service
2019-03-19 10:58:20 +01:00
var-lib-machines.mount
import: drop logic of setting up /var/lib/machines as btrfs loopback mount
2018-11-26 18:09:01 +01:00