summaryrefslogtreecommitdiff
path: root/units/systemd-portabled.service.in
Commit message (Collapse)AuthorAgeFilesLines
* meson: use jinja2 for unit templatesZbigniew Jędrzejewski-Szmek2021-05-191-2/+2
| | | | | | | | | We don't need two (and half) templating systems anymore, yay! I'm keeping the changes minimal, to make the diff manageable. Some enhancements due to a better templating system might be possible in the future. For handling of '## ' — see the next commit.
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* units: set ProtectKernelLogs=yes on relevant unitsKevin Kuehler2019-11-151-0/+1
| | | | | | We set ProtectKernelLogs=yes on all long running services except for udevd, since it accesses /dev/kmsg, and journald, since it calls syslog and accesses /dev/kmsg.
* meson: allow WatchdogSec= in services to be configuredZbigniew Jędrzejewski-Szmek2019-10-251-1/+1
| | | | | | | | | | | | | | | | As discussed on systemd-devel [1], in Fedora we get lots of abrt reports about the watchdog firing [2], but 100% of them seem to be caused by resource starvation in the machine, and never actual deadlocks in the services being monitored. Killing the services not only does not improve anything, but it makes the resource starvation worse, because the service needs cycles to restart, and coredump processing is also fairly expensive. This adds a configuration option to allow the value to be changed. If the setting is not set, there is no change. My plan is to set it to some ridiculusly high value, maybe 1h, to catch cases where a service is actually hanging. [1] https://lists.freedesktop.org/archives/systemd-devel/2019-October/043618.html [2] https://bugzilla.redhat.com/show_bug.cgi?id=1300212
* units: add SystemCallErrorNumber=EPERM to systemd-portabled.serviceLennart Poettering2019-07-081-0/+1
| | | | | | We use that on all other services, and hence should here too. Otherwise the service will be killed with SIGSYS when doing something not whitelisted, which is a bit crass.
* units: enable ProtectHostname=yesTopi Miettinen2019-02-201-0/+1
|
* units: also change portabled's syscall filter to a whitelistLennart Poettering2018-11-131-1/+1
|
* add new portable service frameworkLennart Poettering2018-05-241-0/+26
This adds a small service "systemd-portabled" and a matching client "portablectl", which implement the "portable service" concept. The daemon implements the actual operations, is PolicyKit-enabled and is activated on demand with exit-on-idle. Both the daemon and the client are an optional build artifact, enabled by default rhough.