From 29317f9074b2899b2d8ae4dd6b07a2dde6b210c4 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 4 Sep 2018 13:27:20 +0200 Subject: [systemd] Fix syslog, fix systemd user session pam config --- core/modules/systemd/data/etc/pam.d/systemd-user | 12 +++++ .../modules/systemd/data/etc/systemd/journald.conf | 41 ++++++++++++++ core/modules/systemd/data/etc/systemd/logind.conf | 37 +++++++++++++ core/modules/systemd/data/etc/systemd/system.conf | 62 ++++++++++++++++++++++ .../usr/lib/systemd/system/console-getty.service | 11 ++-- .../usr/lib/systemd/system/dev-hugepages.mount | 4 +- .../data/usr/lib/systemd/system/dev-mqueue.mount | 3 +- .../data/usr/lib/systemd/system/emergency.service | 14 ++--- .../data/usr/lib/systemd/system/final.target | 2 +- .../data/usr/lib/systemd/system/graphical.target | 7 +-- .../usr/lib/systemd/system/network-online.target | 3 +- .../data/usr/lib/systemd/system/poweroff.target | 2 + .../system/proc-sys-fs-binfmt_misc.automount | 4 +- .../systemd/system/proc-sys-fs-binfmt_misc.mount | 4 +- .../data/usr/lib/systemd/system/reboot.target | 2 + .../data/usr/lib/systemd/system/remote-fs.target | 15 +++++- .../usr/lib/systemd/system/serial-getty@.service | 18 +++++-- .../systemd-journald-dev-log.socket | 1 + .../systemd/system/sys-fs-fuse-connections.mount | 4 +- .../usr/lib/systemd/system/sys-kernel-config.mount | 5 +- .../data/usr/lib/systemd/system/sysinit.target | 5 +- .../usr/lib/systemd/system/systemd-halt.service | 4 +- .../systemd/system/systemd-journal-flush.service | 22 ++++++++ .../systemd/system/systemd-journald-dev-log.socket | 32 +++++++++++ .../systemd/system/systemd-modules-load.service | 2 +- .../usr/lib/systemd/system/systemd-reboot.service | 4 +- .../usr/lib/systemd/system/systemd-sysctl.service | 11 ++-- .../lib/systemd/system/systemd-udevd-kernel.socket | 4 +- .../systemd/system/systemd-user-sessions.service | 2 +- .../data/usr/lib/systemd/system/timers.target | 3 ++ 30 files changed, 285 insertions(+), 55 deletions(-) create mode 100644 core/modules/systemd/data/etc/pam.d/systemd-user create mode 100644 core/modules/systemd/data/etc/systemd/journald.conf create mode 100644 core/modules/systemd/data/etc/systemd/logind.conf create mode 100644 core/modules/systemd/data/etc/systemd/system.conf create mode 120000 core/modules/systemd/data/usr/lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket create mode 100644 core/modules/systemd/data/usr/lib/systemd/system/systemd-journal-flush.service create mode 100644 core/modules/systemd/data/usr/lib/systemd/system/systemd-journald-dev-log.socket (limited to 'core/modules/systemd') diff --git a/core/modules/systemd/data/etc/pam.d/systemd-user b/core/modules/systemd/data/etc/pam.d/systemd-user new file mode 100644 index 00000000..a8d4ce36 --- /dev/null +++ b/core/modules/systemd/data/etc/pam.d/systemd-user @@ -0,0 +1,12 @@ +# This file is part of systemd. +# +# Used by systemd --user instances. + +@include common-account + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +@include common-session-noninteractive +session optional pam_systemd.so + diff --git a/core/modules/systemd/data/etc/systemd/journald.conf b/core/modules/systemd/data/etc/systemd/journald.conf new file mode 100644 index 00000000..80ddb673 --- /dev/null +++ b/core/modules/systemd/data/etc/systemd/journald.conf @@ -0,0 +1,41 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See journald.conf(5) for details. + +[Journal] +#Storage=auto +#Compress=yes +#Seal=yes +#SplitMode=uid +#SyncIntervalSec=5m +#RateLimitIntervalSec=30s +#RateLimitBurst=1000 +#SystemMaxUse= +#SystemKeepFree= +#SystemMaxFileSize= +#SystemMaxFiles=100 +RuntimeMaxUse=20M +#RuntimeKeepFree= +#RuntimeMaxFileSize= +#RuntimeMaxFiles=100 +#MaxRetentionSec= +#MaxFileSec=1month +ForwardToSyslog=yes +#ForwardToKMsg=no +#ForwardToConsole=no +#ForwardToWall=yes +#TTYPath=/dev/console +#MaxLevelStore=debug +#MaxLevelSyslog=debug +#MaxLevelKMsg=notice +#MaxLevelConsole=info +#MaxLevelWall=emerg diff --git a/core/modules/systemd/data/etc/systemd/logind.conf b/core/modules/systemd/data/etc/systemd/logind.conf new file mode 100644 index 00000000..eda23484 --- /dev/null +++ b/core/modules/systemd/data/etc/systemd/logind.conf @@ -0,0 +1,37 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See logind.conf(5) for details. + +[Login] +#NAutoVTs=6 +#ReserveVT=6 +KillUserProcesses=yes +#KillOnlyUsers= +#KillExcludeUsers=root +#InhibitDelayMaxSec=5 +HandlePowerKey=poweroff +#HandleSuspendKey=suspend +#HandleHibernateKey=hibernate +#HandleLidSwitch=suspend +#HandleLidSwitchDocked=ignore +#PowerKeyIgnoreInhibited=no +#SuspendKeyIgnoreInhibited=no +#HibernateKeyIgnoreInhibited=no +#LidSwitchIgnoreInhibited=yes +#HoldoffTimeoutSec=30s +IdleAction=ignore +#IdleActionSec=30min +RuntimeDirectorySize=5% +#RemoveIPC=yes +#InhibitorsMax=8192 +#SessionsMax=8192 +#UserTasksMax=33% diff --git a/core/modules/systemd/data/etc/systemd/system.conf b/core/modules/systemd/data/etc/systemd/system.conf new file mode 100644 index 00000000..7efc9b25 --- /dev/null +++ b/core/modules/systemd/data/etc/systemd/system.conf @@ -0,0 +1,62 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See systemd-system.conf(5) for details. + +[Manager] +#LogLevel=info +#LogTarget=journal-or-kmsg +#LogColor=yes +#LogLocation=no +#DumpCore=yes +#ShowStatus=yes +#CrashChangeVT=no +#CrashShell=no +#CrashReboot=no +CtrlAltDelBurstAction=reboot-force +#CPUAffinity=1 2 +#JoinControllers=cpu,cpuacct net_cls,net_prio +#RuntimeWatchdogSec=0 +#ShutdownWatchdogSec=10min +#CapabilityBoundingSet= +#SystemCallArchitectures= +#TimerSlackNSec= +#DefaultTimerAccuracySec=1min +#DefaultStandardOutput=journal +#DefaultStandardError=inherit +#DefaultTimeoutStartSec=90s +#DefaultTimeoutStopSec=90s +#DefaultRestartSec=100ms +#DefaultStartLimitIntervalSec=10s +#DefaultStartLimitBurst=5 +#DefaultEnvironment= +#DefaultCPUAccounting=no +#DefaultIOAccounting=no +#DefaultBlockIOAccounting=no +#DefaultMemoryAccounting=no +#DefaultTasksAccounting=yes +#DefaultTasksMax=15% +#DefaultLimitCPU= +#DefaultLimitFSIZE= +#DefaultLimitDATA= +#DefaultLimitSTACK= +#DefaultLimitCORE= +#DefaultLimitRSS= +#DefaultLimitNOFILE= +#DefaultLimitAS= +#DefaultLimitNPROC= +#DefaultLimitMEMLOCK= +#DefaultLimitLOCKS= +#DefaultLimitSIGPENDING= +#DefaultLimitMSGQUEUE= +#DefaultLimitNICE= +#DefaultLimitRTPRIO= +#DefaultLimitRTTIME= diff --git a/core/modules/systemd/data/usr/lib/systemd/system/console-getty.service b/core/modules/systemd/data/usr/lib/systemd/system/console-getty.service index 74a220e2..5c9c01c7 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/console-getty.service +++ b/core/modules/systemd/data/usr/lib/systemd/system/console-getty.service @@ -9,11 +9,15 @@ Description=Console Getty Documentation=man:agetty(8) After=systemd-user-sessions.service plymouth-quit-wait.service +ConditionPathExists=/dev/console After=rc-local.service Before=getty.target [Service] -ExecStart=-/sbin/agetty --noclear -s console 115200,38400,9600 +# The '-o' option value tells agetty to replace 'login' arguments with an +# option to preserve environment (-p), followed by '--' for safety, and then +# the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud console 115200,38400,9600 $TERM Type=idle Restart=always RestartSec=0 @@ -23,10 +27,7 @@ TTYReset=yes TTYVHangup=yes KillMode=process IgnoreSIGPIPE=no - -# Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash -# terminates cleanly. -KillSignal=SIGHUP +SendSIGHUP=yes [Install] WantedBy=getty.target diff --git a/core/modules/systemd/data/usr/lib/systemd/system/dev-hugepages.mount b/core/modules/systemd/data/usr/lib/systemd/system/dev-hugepages.mount index d711faed..86ad7ac2 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/dev-hugepages.mount +++ b/core/modules/systemd/data/usr/lib/systemd/system/dev-hugepages.mount @@ -8,10 +8,12 @@ [Unit] Description=Huge Pages File System Documentation=https://www.kernel.org/doc/Documentation/vm/hugetlbpage.txt -Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems DefaultDependencies=no Before=sysinit.target ConditionPathExists=/sys/kernel/mm/hugepages +ConditionCapability=CAP_SYS_ADMIN +ConditionVirtualization=!private-users [Mount] What=hugetlbfs diff --git a/core/modules/systemd/data/usr/lib/systemd/system/dev-mqueue.mount b/core/modules/systemd/data/usr/lib/systemd/system/dev-mqueue.mount index 5c11ca7d..b2adfeb8 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/dev-mqueue.mount +++ b/core/modules/systemd/data/usr/lib/systemd/system/dev-mqueue.mount @@ -8,10 +8,11 @@ [Unit] Description=POSIX Message Queue File System Documentation=man:mq_overview(7) -Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems DefaultDependencies=no Before=sysinit.target ConditionPathExists=/proc/sys/fs/mqueue +ConditionCapability=CAP_SYS_ADMIN [Mount] What=mqueue diff --git a/core/modules/systemd/data/usr/lib/systemd/system/emergency.service b/core/modules/systemd/data/usr/lib/systemd/system/emergency.service index 72fcff2d..9f7db1db 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/emergency.service +++ b/core/modules/systemd/data/usr/lib/systemd/system/emergency.service @@ -10,22 +10,18 @@ Description=Emergency Shell Documentation=man:sulogin(8) DefaultDependencies=no Conflicts=shutdown.target +Conflicts=rescue.service +Conflicts=syslog.socket Before=shutdown.target [Service] Environment=HOME=/root -WorkingDirectory=/root -ExecStartPre=-/bin/plymouth quit -ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.' -ExecStart=-/sbin/sulogin -ExecStopPost=/usr/bin/systemctl --fail --no-block default +WorkingDirectory=-/root +ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency Type=idle StandardInput=tty-force StandardOutput=inherit StandardError=inherit KillMode=process IgnoreSIGPIPE=no - -# Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash -# terminates cleanly. -KillSignal=SIGHUP +SendSIGHUP=yes diff --git a/core/modules/systemd/data/usr/lib/systemd/system/final.target b/core/modules/systemd/data/usr/lib/systemd/system/final.target index c7cf18e0..42819105 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/final.target +++ b/core/modules/systemd/data/usr/lib/systemd/system/final.target @@ -10,4 +10,4 @@ Description=Final Step Documentation=man:systemd.special(7) DefaultDependencies=no RefuseManualStart=yes -After=shutdown.target +After=shutdown.target umount.target diff --git a/core/modules/systemd/data/usr/lib/systemd/system/graphical.target b/core/modules/systemd/data/usr/lib/systemd/system/graphical.target index 65f2521d..87be97e1 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/graphical.target +++ b/core/modules/systemd/data/usr/lib/systemd/system/graphical.target @@ -9,10 +9,7 @@ Description=Graphical Interface Documentation=man:systemd.special(7) Requires=multi-user.target -After=multi-user.target -Conflicts=rescue.target Wants=display-manager.service +Conflicts=rescue.service rescue.target +After=multi-user.target rescue.service rescue.target display-manager.service AllowIsolate=yes - -[Install] -Alias=default.target diff --git a/core/modules/systemd/data/usr/lib/systemd/system/network-online.target b/core/modules/systemd/data/usr/lib/systemd/system/network-online.target index a40c44c9..5130d8c5 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/network-online.target +++ b/core/modules/systemd/data/usr/lib/systemd/system/network-online.target @@ -8,4 +8,5 @@ [Unit] Description=Network is Online Documentation=man:systemd.special(7) -Documentation=http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget +Documentation=https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget +After=network.target diff --git a/core/modules/systemd/data/usr/lib/systemd/system/poweroff.target b/core/modules/systemd/data/usr/lib/systemd/system/poweroff.target index 71871033..dd92d816 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/poweroff.target +++ b/core/modules/systemd/data/usr/lib/systemd/system/poweroff.target @@ -12,6 +12,8 @@ DefaultDependencies=no Requires=systemd-poweroff.service After=systemd-poweroff.service AllowIsolate=yes +JobTimeoutSec=30min +JobTimeoutAction=poweroff-force [Install] Alias=ctrl-alt-del.target diff --git a/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.automount b/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.automount index 6be38937..1067bcd8 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.automount +++ b/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.automount @@ -7,8 +7,8 @@ [Unit] Description=Arbitrary Executable File Formats File System Automount Point -Documentation=https://www.kernel.org/doc/Documentation/binfmt_misc.txt -Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +Documentation=https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems DefaultDependencies=no Before=sysinit.target ConditionPathExists=/proc/sys/fs/binfmt_misc/ diff --git a/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.mount b/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.mount index 8c7c3863..27773cd4 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.mount +++ b/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.mount @@ -7,8 +7,8 @@ [Unit] Description=Arbitrary Executable File Formats File System -Documentation=https://www.kernel.org/doc/Documentation/binfmt_misc.txt -Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +Documentation=https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems DefaultDependencies=no [Mount] diff --git a/core/modules/systemd/data/usr/lib/systemd/system/reboot.target b/core/modules/systemd/data/usr/lib/systemd/system/reboot.target index dec8f567..668b98d9 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/reboot.target +++ b/core/modules/systemd/data/usr/lib/systemd/system/reboot.target @@ -12,6 +12,8 @@ DefaultDependencies=no Requires=systemd-reboot.service After=systemd-reboot.service AllowIsolate=yes +JobTimeoutSec=30min +JobTimeoutAction=reboot-force [Install] Alias=ctrl-alt-del.target diff --git a/core/modules/systemd/data/usr/lib/systemd/system/remote-fs.target b/core/modules/systemd/data/usr/lib/systemd/system/remote-fs.target index 0821987d..43ffa5c1 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/remote-fs.target +++ b/core/modules/systemd/data/usr/lib/systemd/system/remote-fs.target @@ -1,3 +1,16 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + [Unit] -Description=Remote File Systems Impostor +Description=Remote File Systems +Documentation=man:systemd.special(7) +After=remote-fs-pre.target +DefaultDependencies=no +Conflicts=shutdown.target +[Install] +WantedBy=multi-user.target diff --git a/core/modules/systemd/data/usr/lib/systemd/system/serial-getty@.service b/core/modules/systemd/data/usr/lib/systemd/system/serial-getty@.service index 5f289500..fb7b6e78 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/serial-getty@.service +++ b/core/modules/systemd/data/usr/lib/systemd/system/serial-getty@.service @@ -19,18 +19,26 @@ After=rc-local.service Before=getty.target IgnoreOnIsolate=yes +# IgnoreOnIsolate causes issues with sulogin, if someone isolates +# rescue.target or starts rescue.service from multi-user.target or +# graphical.target. +Conflicts=rescue.service +Before=rescue.service + [Service] -ExecStart=-/sbin/agetty -s %I 115200,38400,9600 vt102 +# The '-o' option value tells agetty to replace 'login' arguments with an +# option to preserve environment (-p), followed by '--' for safety, and then +# the entered username. +ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,38400,9600 %I $TERM Type=idle Restart=always -RestartSec=0 UtmpIdentifier=%I TTYPath=/dev/%I TTYReset=yes TTYVHangup=yes KillMode=process IgnoreSIGPIPE=no +SendSIGHUP=yes -# Some login implementations ignore SIGTERM, so we send SIGHUP -# instead, to ensure that login terminates cleanly. -KillSignal=SIGHUP +[Install] +WantedBy=getty.target diff --git a/core/modules/systemd/data/usr/lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket b/core/modules/systemd/data/usr/lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket new file mode 120000 index 00000000..b7cca50f --- /dev/null +++ b/core/modules/systemd/data/usr/lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket @@ -0,0 +1 @@ +../systemd-journald-dev-log.socket \ No newline at end of file diff --git a/core/modules/systemd/data/usr/lib/systemd/system/sys-fs-fuse-connections.mount b/core/modules/systemd/data/usr/lib/systemd/system/sys-fs-fuse-connections.mount index ebd93e2c..492ceb16 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/sys-fs-fuse-connections.mount +++ b/core/modules/systemd/data/usr/lib/systemd/system/sys-fs-fuse-connections.mount @@ -8,9 +8,11 @@ [Unit] Description=FUSE Control File System Documentation=https://www.kernel.org/doc/Documentation/filesystems/fuse.txt -Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems DefaultDependencies=no ConditionPathExists=/sys/fs/fuse/connections +ConditionCapability=CAP_SYS_ADMIN +ConditionVirtualization=!private-users After=systemd-modules-load.service Before=sysinit.target diff --git a/core/modules/systemd/data/usr/lib/systemd/system/sys-kernel-config.mount b/core/modules/systemd/data/usr/lib/systemd/system/sys-kernel-config.mount index 020101c0..b585f325 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/sys-kernel-config.mount +++ b/core/modules/systemd/data/usr/lib/systemd/system/sys-kernel-config.mount @@ -6,11 +6,12 @@ # (at your option) any later version. [Unit] -Description=Configuration File System +Description=Kernel Configuration File System Documentation=https://www.kernel.org/doc/Documentation/filesystems/configfs/configfs.txt -Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems DefaultDependencies=no ConditionPathExists=/sys/kernel/config +ConditionCapability=CAP_SYS_RAWIO After=systemd-modules-load.service Before=sysinit.target diff --git a/core/modules/systemd/data/usr/lib/systemd/system/sysinit.target b/core/modules/systemd/data/usr/lib/systemd/system/sysinit.target index ec6fbefc..ec335033 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/sysinit.target +++ b/core/modules/systemd/data/usr/lib/systemd/system/sysinit.target @@ -9,6 +9,5 @@ Description=System Initialization Documentation=man:systemd.special(7) Conflicts=emergency.service emergency.target -Wants= swap.target -After= swap.target emergency.service emergency.target -RefuseManualStart=yes +Wants=local-fs.target swap.target +After=local-fs.target swap.target emergency.service emergency.target diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-halt.service b/core/modules/systemd/data/usr/lib/systemd/system/systemd-halt.service index a13d67c6..4bd1afb8 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/systemd-halt.service +++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-halt.service @@ -9,8 +9,8 @@ Description=Halt Documentation=man:systemd-halt.service(8) DefaultDependencies=no -Requires=shutdown.target final.target -After=shutdown.target final.target +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target [Service] Type=oneshot diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-journal-flush.service b/core/modules/systemd/data/usr/lib/systemd/system/systemd-journal-flush.service new file mode 100644 index 00000000..74342665 --- /dev/null +++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-journal-flush.service @@ -0,0 +1,22 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Flush Journal to Persistent Storage +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Requires=systemd-journald.service +After=systemd-journald.service +After=systemd-remount-fs.service +Before=systemd-user-sessions.service systemd-tmpfiles-setup.service +RequiresMountsFor=/var/log/journal + +[Service] +ExecStart=/usr/bin/journalctl --flush +Type=oneshot +RemainAfterExit=yes +TimeoutSec=90s diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-journald-dev-log.socket b/core/modules/systemd/data/usr/lib/systemd/system/systemd-journald-dev-log.socket new file mode 100644 index 00000000..ffd44bb5 --- /dev/null +++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-journald-dev-log.socket @@ -0,0 +1,32 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Socket (/dev/log) +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target + +# Mount and swap units need this. If this socket unit is removed by an +# isolate request the mount and swap units would be removed too, +# hence let's exclude this from isolate requests. +IgnoreOnIsolate=yes + +[Socket] +Service=systemd-journald.service +ListenDatagram=/run/systemd/journal/dev-log +Symlinks=/dev/log +SocketMode=0666 +PassCredentials=yes +PassSecurity=yes + +# Increase both the send and receive buffer, so that things don't +# block early. Note that journald internally uses the this socket both +# for receiving syslog messages, and for forwarding them to any other +# syslog, hence we bump both values. +ReceiveBuffer=8M +SendBuffer=8M diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-modules-load.service b/core/modules/systemd/data/usr/lib/systemd/system/systemd-modules-load.service index 3ff810f7..0f1a8521 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/systemd-modules-load.service +++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-modules-load.service @@ -10,7 +10,6 @@ Description=Load Kernel Modules Documentation=man:systemd-modules-load.service(8) man:modules-load.d(5) DefaultDependencies=no Conflicts=shutdown.target -After= Before=sysinit.target shutdown.target ConditionCapability=CAP_SYS_MODULE ConditionDirectoryNotEmpty=|/lib/modules-load.d @@ -25,3 +24,4 @@ ConditionKernelCommandLine=|rd.modules-load Type=oneshot RemainAfterExit=yes ExecStart=/usr/lib/systemd/systemd-modules-load +TimeoutSec=90s diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-reboot.service b/core/modules/systemd/data/usr/lib/systemd/system/systemd-reboot.service index b2d27c8e..49acabc9 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/systemd-reboot.service +++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-reboot.service @@ -9,8 +9,8 @@ Description=Reboot Documentation=man:systemd-halt.service(8) DefaultDependencies=no -Requires=shutdown.target final.target -After=shutdown.target final.target +Requires=shutdown.target umount.target final.target +After=shutdown.target umount.target final.target [Service] Type=oneshot diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-sysctl.service b/core/modules/systemd/data/usr/lib/systemd/system/systemd-sysctl.service index 46e2475e..1a150fd6 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/systemd-sysctl.service +++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-sysctl.service @@ -10,17 +10,12 @@ Description=Apply Kernel Variables Documentation=man:systemd-sysctl.service(8) man:sysctl.d(5) DefaultDependencies=no Conflicts=shutdown.target -After= +After=systemd-modules-load.service Before=sysinit.target shutdown.target -ConditionPathIsReadWrite=/proc/sys/ -ConditionPathExists=|/etc/sysctl.conf -ConditionDirectoryNotEmpty=|/lib/sysctl.d -ConditionDirectoryNotEmpty=|/usr/lib/sysctl.d -ConditionDirectoryNotEmpty=|/usr/local/lib/sysctl.d -ConditionDirectoryNotEmpty=|/etc/sysctl.d -ConditionDirectoryNotEmpty=|/run/sysctl.d +ConditionPathIsReadWrite=/proc/sys/net/ [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/lib/systemd/systemd-sysctl +TimeoutSec=90s diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-udevd-kernel.socket b/core/modules/systemd/data/usr/lib/systemd/system/systemd-udevd-kernel.socket index 4b8a5b0f..1a162069 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/systemd-udevd-kernel.socket +++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-udevd-kernel.socket @@ -10,10 +10,10 @@ Description=udev Kernel Socket Documentation=man:systemd-udevd.service(8) man:udev(7) DefaultDependencies=no Before=sockets.target -ConditionCapability=CAP_MKNOD +ConditionPathIsReadWrite=/sys [Socket] Service=systemd-udevd.service -ReceiveBuffer=134217728 +ReceiveBuffer=128M ListenNetlink=kobject-uevent 1 PassCredentials=yes diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-user-sessions.service b/core/modules/systemd/data/usr/lib/systemd/system/systemd-user-sessions.service index 9226e3ea..612c3a0b 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/systemd-user-sessions.service +++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-user-sessions.service @@ -8,7 +8,7 @@ [Unit] Description=Permit User Sessions Documentation=man:systemd-user-sessions.service(8) -After= +After=remote-fs.target nss-user-lookup.target network.target [Service] Type=oneshot diff --git a/core/modules/systemd/data/usr/lib/systemd/system/timers.target b/core/modules/systemd/data/usr/lib/systemd/system/timers.target index 07fda3d9..251fa680 100644 --- a/core/modules/systemd/data/usr/lib/systemd/system/timers.target +++ b/core/modules/systemd/data/usr/lib/systemd/system/timers.target @@ -8,3 +8,6 @@ [Unit] Description=Timers Documentation=man:systemd.special(7) + +DefaultDependencies=no +Conflicts=shutdown.target -- cgit v1.2.3-55-g7522