Compare commits
No commits in common. "21d0dd5a89fe0ef259ca51ebea9f39dd79a341c2" and "1bcefad91907e134a853430f18689b50e39ac5f7" have entirely different histories.
21d0dd5a89
...
1bcefad919
|
@ -795,10 +795,6 @@ conf.set_quoted('SYSTEMD_DEFAULT_LOCALE', default_locale)
|
||||||
|
|
||||||
conf.set_quoted('GETTEXT_PACKAGE', meson.project_name())
|
conf.set_quoted('GETTEXT_PACKAGE', meson.project_name())
|
||||||
|
|
||||||
service_watchdog = get_option('service-watchdog')
|
|
||||||
substs.set('SERVICE_WATCHDOG',
|
|
||||||
service_watchdog == '' ? '' : 'WatchdogSec=' + service_watchdog)
|
|
||||||
|
|
||||||
substs.set('SUSHELL', get_option('debug-shell'))
|
substs.set('SUSHELL', get_option('debug-shell'))
|
||||||
substs.set('DEBUGTTY', get_option('debug-tty'))
|
substs.set('DEBUGTTY', get_option('debug-tty'))
|
||||||
conf.set_quoted('DEBUGTTY', get_option('debug-tty'))
|
conf.set_quoted('DEBUGTTY', get_option('debug-tty'))
|
||||||
|
@ -3117,8 +3113,7 @@ status = [
|
||||||
'default cgroup hierarchy: @0@'.format(default_hierarchy),
|
'default cgroup hierarchy: @0@'.format(default_hierarchy),
|
||||||
'default net.naming-scheme setting: @0@'.format(default_net_naming_scheme),
|
'default net.naming-scheme setting: @0@'.format(default_net_naming_scheme),
|
||||||
'default KillUserProcesses setting: @0@'.format(kill_user_processes),
|
'default KillUserProcesses setting: @0@'.format(kill_user_processes),
|
||||||
'default locale: @0@'.format(default_locale),
|
'default locale: @0@'.format(default_locale)]
|
||||||
'systemd service watchdog: @0@'.format(service_watchdog == '' ? 'disabled' : service_watchdog)]
|
|
||||||
|
|
||||||
alt_dns_servers = '\n '.join(dns_servers.split(' '))
|
alt_dns_servers = '\n '.join(dns_servers.split(' '))
|
||||||
alt_ntp_servers = '\n '.join(ntp_servers.split(' '))
|
alt_ntp_servers = '\n '.join(ntp_servers.split(' '))
|
||||||
|
|
|
@ -207,8 +207,6 @@ option('gshadow', type : 'boolean',
|
||||||
description : 'support for shadow group')
|
description : 'support for shadow group')
|
||||||
option('default-locale', type : 'string', value : '',
|
option('default-locale', type : 'string', value : '',
|
||||||
description : 'default locale used when /etc/locale.conf does not exist')
|
description : 'default locale used when /etc/locale.conf does not exist')
|
||||||
option('service-watchdog', type : 'string', value : '3min',
|
|
||||||
description : 'default watchdog setting for systemd services')
|
|
||||||
|
|
||||||
option('default-dnssec', type : 'combo',
|
option('default-dnssec', type : 'combo',
|
||||||
description : 'default DNSSEC mode',
|
description : 'default DNSSEC mode',
|
||||||
|
|
|
@ -310,113 +310,6 @@ int verify_file(const char *fn, const char *blob, bool accept_extra_nl) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) {
|
|
||||||
_cleanup_free_ char *buf = NULL;
|
|
||||||
_cleanup_close_ int fd = -1;
|
|
||||||
struct stat st;
|
|
||||||
size_t n, size;
|
|
||||||
int n_retries;
|
|
||||||
char *p;
|
|
||||||
|
|
||||||
assert(ret_contents);
|
|
||||||
|
|
||||||
/* Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work
|
|
||||||
* with two sorts of virtual files. One sort uses "seq_file", and the results of
|
|
||||||
* the first read are buffered for the second read. The other sort uses "raw"
|
|
||||||
* reads which always go direct to the device. In the latter case, the content of
|
|
||||||
* the virtual file must be retrieved with a single read otherwise a second read
|
|
||||||
* might get the new value instead of finding EOF immediately. That's the reason
|
|
||||||
* why the usage of fread(3) is prohibited in this case as it always performs a
|
|
||||||
* second call to read(2) looking for EOF. See issue 13585. */
|
|
||||||
|
|
||||||
fd = open(filename, O_RDONLY|O_CLOEXEC);
|
|
||||||
if (fd < 0)
|
|
||||||
return -errno;
|
|
||||||
|
|
||||||
/* Start size for files in /proc which usually report a file size of 0. */
|
|
||||||
size = LINE_MAX / 2;
|
|
||||||
|
|
||||||
/* Limit the number of attempts to read the number of bytes returned by fstat(). */
|
|
||||||
n_retries = 3;
|
|
||||||
|
|
||||||
for (;;) {
|
|
||||||
if (n_retries <= 0)
|
|
||||||
return -EIO;
|
|
||||||
|
|
||||||
if (fstat(fd, &st) < 0)
|
|
||||||
return -errno;
|
|
||||||
|
|
||||||
if (!S_ISREG(st.st_mode))
|
|
||||||
return -EBADF;
|
|
||||||
|
|
||||||
/* Be prepared for files from /proc which generally report a file size of 0. */
|
|
||||||
if (st.st_size > 0) {
|
|
||||||
size = st.st_size;
|
|
||||||
n_retries--;
|
|
||||||
} else
|
|
||||||
size = size * 2;
|
|
||||||
|
|
||||||
if (size > READ_FULL_BYTES_MAX)
|
|
||||||
return -E2BIG;
|
|
||||||
|
|
||||||
p = realloc(buf, size + 1);
|
|
||||||
if (!p)
|
|
||||||
return -ENOMEM;
|
|
||||||
buf = TAKE_PTR(p);
|
|
||||||
|
|
||||||
for (;;) {
|
|
||||||
ssize_t k;
|
|
||||||
|
|
||||||
/* Read one more byte so we can detect whether the content of the
|
|
||||||
* file has already changed or the guessed size for files from /proc
|
|
||||||
* wasn't large enough . */
|
|
||||||
k = read(fd, buf, size + 1);
|
|
||||||
if (k >= 0) {
|
|
||||||
n = k;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (errno != -EINTR)
|
|
||||||
return -errno;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Consider a short read as EOF */
|
|
||||||
if (n <= size)
|
|
||||||
break;
|
|
||||||
|
|
||||||
/* Hmm... either we read too few bytes from /proc or less likely the content
|
|
||||||
* of the file might have been changed (and is now bigger) while we were
|
|
||||||
* processing, let's try again either with a bigger guessed size or the new
|
|
||||||
* file size. */
|
|
||||||
|
|
||||||
if (lseek(fd, 0, SEEK_SET) < 0)
|
|
||||||
return -errno;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (n < size) {
|
|
||||||
p = realloc(buf, n + 1);
|
|
||||||
if (!p)
|
|
||||||
return -ENOMEM;
|
|
||||||
buf = TAKE_PTR(p);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!ret_size) {
|
|
||||||
/* Safety check: if the caller doesn't want to know the size of what we
|
|
||||||
* just read it will rely on the trailing NUL byte. But if there's an
|
|
||||||
* embedded NUL byte, then we should refuse operation as otherwise
|
|
||||||
* there'd be ambiguity about what we just read. */
|
|
||||||
|
|
||||||
if (memchr(buf, 0, n))
|
|
||||||
return -EBADMSG;
|
|
||||||
} else
|
|
||||||
*ret_size = n;
|
|
||||||
|
|
||||||
buf[n] = 0;
|
|
||||||
*ret_contents = TAKE_PTR(buf);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int read_full_stream_full(
|
int read_full_stream_full(
|
||||||
FILE *f,
|
FILE *f,
|
||||||
const char *filename,
|
const char *filename,
|
||||||
|
@ -449,9 +342,9 @@ int read_full_stream_full(
|
||||||
if (st.st_size > READ_FULL_BYTES_MAX)
|
if (st.st_size > READ_FULL_BYTES_MAX)
|
||||||
return -E2BIG;
|
return -E2BIG;
|
||||||
|
|
||||||
/* Start with the right file size. Note that we increase the size
|
/* Start with the right file size, but be prepared for files from /proc which generally report a file
|
||||||
* to read here by one, so that the first read attempt already
|
* size of 0. Note that we increase the size to read here by one, so that the first read attempt
|
||||||
* makes us notice the EOF. */
|
* already makes us notice the EOF. */
|
||||||
if (st.st_size > 0)
|
if (st.st_size > 0)
|
||||||
n_next = st.st_size + 1;
|
n_next = st.st_size + 1;
|
||||||
|
|
||||||
|
@ -609,7 +502,7 @@ int get_proc_field(const char *filename, const char *pattern, const char *termin
|
||||||
assert(pattern);
|
assert(pattern);
|
||||||
assert(field);
|
assert(field);
|
||||||
|
|
||||||
r = read_full_virtual_file(filename, &status, NULL);
|
r = read_full_file(filename, &status, NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
|
|
@ -56,7 +56,6 @@ int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **co
|
||||||
static inline int read_full_file(const char *filename, char **contents, size_t *size) {
|
static inline int read_full_file(const char *filename, char **contents, size_t *size) {
|
||||||
return read_full_file_full(filename, 0, contents, size);
|
return read_full_file_full(filename, 0, contents, size);
|
||||||
}
|
}
|
||||||
int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size);
|
|
||||||
int read_full_stream_full(FILE *f, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size);
|
int read_full_stream_full(FILE *f, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size);
|
||||||
static inline int read_full_stream(FILE *f, char **contents, size_t *size) {
|
static inline int read_full_stream(FILE *f, char **contents, size_t *size) {
|
||||||
return read_full_stream_full(f, NULL, 0, contents, size);
|
return read_full_stream_full(f, NULL, 0, contents, size);
|
||||||
|
|
|
@ -1786,7 +1786,7 @@ _public_ int sd_device_get_sysattr_value(sd_device *device, const char *sysattr,
|
||||||
size_t size;
|
size_t size;
|
||||||
|
|
||||||
/* read attribute value */
|
/* read attribute value */
|
||||||
r = read_full_virtual_file(path, &value, &size);
|
r = read_full_file(path, &value, &size);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,6 @@
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
#include "alloc-util.h"
|
#include "alloc-util.h"
|
||||||
#include "btrfs-util.h"
|
|
||||||
#include "conf-parser.h"
|
#include "conf-parser.h"
|
||||||
#include "def.h"
|
#include "def.h"
|
||||||
#include "env-util.h"
|
#include "env-util.h"
|
||||||
|
@ -29,7 +28,6 @@
|
||||||
#include "parse-util.h"
|
#include "parse-util.h"
|
||||||
#include "path-util.h"
|
#include "path-util.h"
|
||||||
#include "sleep-config.h"
|
#include "sleep-config.h"
|
||||||
#include "stdio-util.h"
|
|
||||||
#include "string-util.h"
|
#include "string-util.h"
|
||||||
#include "strv.h"
|
#include "strv.h"
|
||||||
#include "time-util.h"
|
#include "time-util.h"
|
||||||
|
@ -167,7 +165,16 @@ int can_sleep_disk(char **types) {
|
||||||
|
|
||||||
#define HIBERNATION_SWAP_THRESHOLD 0.98
|
#define HIBERNATION_SWAP_THRESHOLD 0.98
|
||||||
|
|
||||||
SwapEntry* swap_entry_free(SwapEntry *se) {
|
/* entry in /proc/swaps */
|
||||||
|
typedef struct SwapEntry {
|
||||||
|
char *device;
|
||||||
|
char *type;
|
||||||
|
uint64_t size;
|
||||||
|
uint64_t used;
|
||||||
|
int priority;
|
||||||
|
} SwapEntry;
|
||||||
|
|
||||||
|
static SwapEntry* swap_entry_free(SwapEntry *se) {
|
||||||
if (!se)
|
if (!se)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
|
@ -177,153 +184,24 @@ SwapEntry* swap_entry_free(SwapEntry *se) {
|
||||||
return mfree(se);
|
return mfree(se);
|
||||||
}
|
}
|
||||||
|
|
||||||
HibernateLocation* hibernate_location_free(HibernateLocation *hl) {
|
DEFINE_TRIVIAL_CLEANUP_FUNC(SwapEntry*, swap_entry_free);
|
||||||
if (!hl)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
swap_entry_free(hl->swap);
|
int find_hibernate_location(char **device, char **type, uint64_t *size, uint64_t *used) {
|
||||||
free(hl->resume);
|
|
||||||
|
|
||||||
return mfree(hl);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int swap_device_to_major_minor(const SwapEntry *swap, char **ret) {
|
|
||||||
_cleanup_free_ char *major_minor = NULL;
|
|
||||||
_cleanup_close_ int fd = -1;
|
|
||||||
struct stat sb;
|
|
||||||
dev_t swap_dev;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
assert(swap);
|
|
||||||
assert(swap->device);
|
|
||||||
assert(swap->type);
|
|
||||||
|
|
||||||
fd = open(swap->device, O_RDONLY | O_CLOEXEC | O_NONBLOCK);
|
|
||||||
if (fd < 0)
|
|
||||||
return log_debug_errno(errno, "Unable to open '%s': %m", swap->device);
|
|
||||||
|
|
||||||
r = fstat(fd, &sb);
|
|
||||||
if (r < 0)
|
|
||||||
return log_debug_errno(errno, "Unable to stat %s: %m", swap->device);
|
|
||||||
|
|
||||||
swap_dev = streq(swap->type, "partition") ? sb.st_rdev : sb.st_dev;
|
|
||||||
if (asprintf(&major_minor, "%u:%u", major(swap_dev), minor(swap_dev)) < 0)
|
|
||||||
return log_oom();
|
|
||||||
|
|
||||||
*ret = TAKE_PTR(major_minor);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int calculate_swap_file_offset(const SwapEntry *swap, uint64_t *ret_offset) {
|
|
||||||
_cleanup_close_ int fd = -1;
|
|
||||||
_cleanup_free_ struct fiemap *fiemap = NULL;
|
|
||||||
struct stat sb;
|
|
||||||
int r, btrfs;
|
|
||||||
|
|
||||||
assert(swap);
|
|
||||||
assert(swap->device);
|
|
||||||
assert(streq(swap->type, "file"));
|
|
||||||
|
|
||||||
fd = open(swap->device, O_RDONLY|O_CLOEXEC|O_NOCTTY);
|
|
||||||
if (!fd)
|
|
||||||
return log_error_errno(errno, "Failed to open %s: %m", swap->device);
|
|
||||||
|
|
||||||
r = fstat(fd, &sb);
|
|
||||||
if (r < 0)
|
|
||||||
return log_error_errno(errno, "Failed to stat %s: %m", swap->device);
|
|
||||||
|
|
||||||
btrfs = btrfs_is_filesystem(fd);
|
|
||||||
if (btrfs < 0)
|
|
||||||
return log_error_errno(r, "Error checking %s for Btrfs filesystem: %m", swap->device);
|
|
||||||
else if (btrfs > 0) {
|
|
||||||
log_debug("Detection of swap file offset on Btrfs is not supported: %s; skipping", swap->device);
|
|
||||||
*ret_offset = 0;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
r = read_fiemap(fd, &fiemap);
|
|
||||||
if (r < 0)
|
|
||||||
return log_debug_errno(r, "Unable to read extent map for '%s': %m", swap->device);
|
|
||||||
|
|
||||||
*ret_offset = fiemap->fm_extents[0].fe_physical / page_size();
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int read_resume_files(char **ret_resume, uint64_t *ret_resume_offset) {
|
|
||||||
_cleanup_free_ char *resume, *resume_offset_str = NULL;
|
|
||||||
uint64_t resume_offset = 0;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
r = read_one_line_file("/sys/power/resume", &resume);
|
|
||||||
if (r < 0)
|
|
||||||
return log_debug_errno(r, "Error reading from /sys/power/resume: %m");
|
|
||||||
|
|
||||||
r = read_one_line_file("/sys/power/resume_offset", &resume_offset_str);
|
|
||||||
if (r < 0) {
|
|
||||||
if (r == -ENOENT)
|
|
||||||
log_debug("Kernel does not support resume_offset; swap file offset detection will be skipped.");
|
|
||||||
else
|
|
||||||
return log_debug_errno(r, "Error reading from /sys/power/resume_offset: %m");
|
|
||||||
} else {
|
|
||||||
r = safe_atou64(resume_offset_str, &resume_offset);
|
|
||||||
if (r < 0)
|
|
||||||
return log_error_errno(r, "Failed to parse 'resume_offset' from string: %s", resume_offset_str);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (resume_offset > 0 && streq(*ret_resume, "0:0")) {
|
|
||||||
log_debug("Found offset in /sys/power/resume_offset: %" PRIu64 "; no device id found in /sys/power/resume; ignoring resume_offset", resume_offset);
|
|
||||||
resume_offset = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
*ret_resume = TAKE_PTR(resume);
|
|
||||||
*ret_resume_offset = resume_offset;
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static bool location_is_resume_device(const HibernateLocation *location, const char *sys_resume, const uint64_t sys_offset) {
|
|
||||||
assert(location);
|
|
||||||
assert(location->resume);
|
|
||||||
assert(sys_resume);
|
|
||||||
|
|
||||||
return streq(sys_resume, location->resume) && sys_offset == location->resume_offset;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Attempt to find the hibernation location by parsing /proc/swaps, /sys/power/resume, and
|
|
||||||
* /sys/power/resume_offset.
|
|
||||||
*
|
|
||||||
* Returns:
|
|
||||||
* 1 - HibernateLocation matches values found in /sys/power/resume & /sys/power/resume_offset
|
|
||||||
* 0 - HibernateLocation is highest priority swap with most remaining space; no valid values exist in /sys/power/resume & /sys/power/resume_offset
|
|
||||||
* negative value in the case of error
|
|
||||||
*/
|
|
||||||
int find_hibernate_location(HibernateLocation **ret_hibernate_location) {
|
|
||||||
_cleanup_fclose_ FILE *f;
|
_cleanup_fclose_ FILE *f;
|
||||||
_cleanup_(hibernate_location_freep) HibernateLocation *hibernate_location = NULL;
|
_cleanup_(swap_entry_freep) SwapEntry *selected_swap = NULL;
|
||||||
_cleanup_free_ char *sys_resume = NULL;
|
|
||||||
uint64_t sys_offset = 0;
|
|
||||||
unsigned i;
|
unsigned i;
|
||||||
int r;
|
|
||||||
|
|
||||||
/* read the /sys/power/resume & /sys/power/resume_offset values */
|
|
||||||
r = read_resume_files(&sys_resume, &sys_offset);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
|
|
||||||
f = fopen("/proc/swaps", "re");
|
f = fopen("/proc/swaps", "re");
|
||||||
if (!f) {
|
if (!f) {
|
||||||
log_full(errno == ENOENT ? LOG_DEBUG : LOG_WARNING,
|
log_full(errno == ENOENT ? LOG_DEBUG : LOG_WARNING,
|
||||||
"Failed to open /proc/swaps: %m");
|
"Failed to retrieve open /proc/swaps: %m");
|
||||||
return negative_errno();
|
return negative_errno();
|
||||||
}
|
}
|
||||||
|
|
||||||
(void) fscanf(f, "%*s %*s %*s %*s %*s\n");
|
(void) fscanf(f, "%*s %*s %*s %*s %*s\n");
|
||||||
|
|
||||||
for (i = 1;; i++) {
|
for (i = 1;; i++) {
|
||||||
_cleanup_(swap_entry_freep) SwapEntry *swap = NULL;
|
_cleanup_(swap_entry_freep) SwapEntry *swap = NULL;
|
||||||
uint64_t swap_offset = 0;
|
|
||||||
int k;
|
int k;
|
||||||
|
|
||||||
swap = new0(SwapEntry, 1);
|
swap = new0(SwapEntry, 1);
|
||||||
|
@ -345,14 +223,12 @@ int find_hibernate_location(HibernateLocation **ret_hibernate_location) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (streq(swap->type, "file")) {
|
if (streq(swap->type, "file")) {
|
||||||
|
|
||||||
if (endswith(swap->device, "\\040(deleted)")) {
|
if (endswith(swap->device, "\\040(deleted)")) {
|
||||||
log_warning("Ignoring deleted swap file '%s'.", swap->device);
|
log_warning("Ignoring deleted swap file '%s'.", swap->device);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = calculate_swap_file_offset(swap, &swap_offset);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
} else if (streq(swap->type, "partition")) {
|
} else if (streq(swap->type, "partition")) {
|
||||||
const char *fn;
|
const char *fn;
|
||||||
|
|
||||||
|
@ -361,64 +237,45 @@ int find_hibernate_location(HibernateLocation **ret_hibernate_location) {
|
||||||
log_debug("Ignoring compressed RAM swap device '%s'.", swap->device);
|
log_debug("Ignoring compressed RAM swap device '%s'.", swap->device);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
log_debug("Swap type %s is unsupported for hibernation: %s; skipping", swap->type, swap->device);
|
|
||||||
continue;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* prefer resume device or highest priority swap with most remaining space */
|
/* prefer highest priority or swap with most remaining space when same priority */
|
||||||
if (!hibernate_location || swap->priority > hibernate_location->swap->priority
|
if (!selected_swap || swap->priority > selected_swap->priority
|
||||||
|| ((swap->priority == hibernate_location->swap->priority)
|
|| ((swap->priority == selected_swap->priority)
|
||||||
&& (swap->size - swap->used) > (hibernate_location->swap->size - hibernate_location->swap->used))) {
|
&& (swap->size - swap->used) > (selected_swap->size - selected_swap->used))) {
|
||||||
|
selected_swap = swap_entry_free(selected_swap);
|
||||||
_cleanup_free_ char *swap_device_id = NULL;
|
selected_swap = TAKE_PTR(swap);
|
||||||
r = swap_device_to_major_minor(swap, &swap_device_id);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
|
|
||||||
hibernate_location = hibernate_location_free(hibernate_location);
|
|
||||||
hibernate_location = new0(HibernateLocation, 1);
|
|
||||||
if (!hibernate_location)
|
|
||||||
return log_oom();
|
|
||||||
|
|
||||||
hibernate_location->resume = TAKE_PTR(swap_device_id);
|
|
||||||
hibernate_location->resume_offset = swap_offset;
|
|
||||||
hibernate_location->swap = TAKE_PTR(swap);
|
|
||||||
|
|
||||||
/* if the swap is the resume device, stop looping swaps */
|
|
||||||
if (location_is_resume_device(hibernate_location, sys_resume, sys_offset))
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!hibernate_location)
|
if (!selected_swap)
|
||||||
return log_debug_errno(SYNTHETIC_ERRNO(ENOSYS), "No swap partitions or files were found");
|
return log_debug_errno(SYNTHETIC_ERRNO(ENOSYS), "No swap partitions or files were found.");
|
||||||
|
|
||||||
if (!streq(sys_resume, "0:0") && !location_is_resume_device(hibernate_location, sys_resume, sys_offset))
|
/* use the swap entry with the highest priority */
|
||||||
return log_warning_errno(SYNTHETIC_ERRNO(ENOSYS), "/sys/power/resume and /sys/power/resume_offset has no matching entry in /proc/swaps; Hibernation will fail: resume=%s, resume_offset=%" PRIu64,
|
if (device)
|
||||||
sys_resume, sys_offset);
|
*device = TAKE_PTR(selected_swap->device);
|
||||||
|
if (type)
|
||||||
|
*type = TAKE_PTR(selected_swap->type);
|
||||||
|
if (size)
|
||||||
|
*size = selected_swap->size;
|
||||||
|
if (used)
|
||||||
|
*used = selected_swap->used;
|
||||||
|
|
||||||
log_debug("Hibernation will attempt to use swap entry with path: %s, device: %s, offset: %" PRIu64 ", priority: %i",
|
log_debug("Highest priority swap entry found %s: %i", selected_swap->device, selected_swap->priority);
|
||||||
hibernate_location->swap->device, hibernate_location->resume, hibernate_location->resume_offset, hibernate_location->swap->priority);
|
|
||||||
|
|
||||||
*ret_hibernate_location = TAKE_PTR(hibernate_location);
|
|
||||||
|
|
||||||
if (location_is_resume_device(*ret_hibernate_location, sys_resume, sys_offset))
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool enough_swap_for_hibernation(void) {
|
static bool enough_swap_for_hibernation(void) {
|
||||||
_cleanup_free_ char *active = NULL;
|
_cleanup_free_ char *active = NULL;
|
||||||
_cleanup_(hibernate_location_freep) HibernateLocation *hibernate_location = NULL;
|
|
||||||
unsigned long long act = 0;
|
unsigned long long act = 0;
|
||||||
|
uint64_t size = 0, used = 0;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (getenv_bool("SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK") > 0)
|
if (getenv_bool("SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK") > 0)
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
r = find_hibernate_location(&hibernate_location);
|
r = find_hibernate_location(NULL, NULL, &size, &used);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
@ -434,9 +291,9 @@ static bool enough_swap_for_hibernation(void) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = act <= (hibernate_location->swap->size - hibernate_location->swap->used) * HIBERNATION_SWAP_THRESHOLD;
|
r = act <= (size - used) * HIBERNATION_SWAP_THRESHOLD;
|
||||||
log_debug("%s swap for hibernation, Active(anon)=%llu kB, size=%" PRIu64 " kB, used=%" PRIu64 " kB, threshold=%.2g%%",
|
log_debug("%s swap for hibernation, Active(anon)=%llu kB, size=%" PRIu64 " kB, used=%" PRIu64 " kB, threshold=%.2g%%",
|
||||||
r ? "Enough" : "Not enough", act, hibernate_location->swap->size, hibernate_location->swap->used, 100*HIBERNATION_SWAP_THRESHOLD);
|
r ? "Enough" : "Not enough", act, size, used, 100*HIBERNATION_SWAP_THRESHOLD);
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,36 +23,11 @@ typedef struct SleepConfig {
|
||||||
void free_sleep_config(SleepConfig *sc);
|
void free_sleep_config(SleepConfig *sc);
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(SleepConfig*, free_sleep_config);
|
DEFINE_TRIVIAL_CLEANUP_FUNC(SleepConfig*, free_sleep_config);
|
||||||
|
|
||||||
/* entry in /proc/swaps */
|
|
||||||
typedef struct SwapEntry {
|
|
||||||
char *device;
|
|
||||||
char *type;
|
|
||||||
uint64_t size;
|
|
||||||
uint64_t used;
|
|
||||||
int priority;
|
|
||||||
} SwapEntry;
|
|
||||||
|
|
||||||
SwapEntry* swap_entry_free(SwapEntry *se);
|
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(SwapEntry*, swap_entry_free);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* represents values for /sys/power/resume & /sys/power/resume_offset
|
|
||||||
* and the matching /proc/swap entry.
|
|
||||||
*/
|
|
||||||
typedef struct HibernateLocation {
|
|
||||||
char *resume;
|
|
||||||
uint64_t resume_offset;
|
|
||||||
SwapEntry *swap;
|
|
||||||
} HibernateLocation;
|
|
||||||
|
|
||||||
HibernateLocation* hibernate_location_free(HibernateLocation *hl);
|
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(HibernateLocation*, hibernate_location_free);
|
|
||||||
|
|
||||||
int sleep_settings(const char *verb, const SleepConfig *sleep_config, bool *ret_allow, char ***ret_modes, char ***ret_states);
|
int sleep_settings(const char *verb, const SleepConfig *sleep_config, bool *ret_allow, char ***ret_modes, char ***ret_states);
|
||||||
|
|
||||||
int read_fiemap(int fd, struct fiemap **ret);
|
int read_fiemap(int fd, struct fiemap **ret);
|
||||||
int parse_sleep_config(SleepConfig **sleep_config);
|
int parse_sleep_config(SleepConfig **sleep_config);
|
||||||
int find_hibernate_location(HibernateLocation **ret_hibernate_location);
|
int find_hibernate_location(char **device, char **type, uint64_t *size, uint64_t *used);
|
||||||
|
|
||||||
int can_sleep(const char *verb);
|
int can_sleep(const char *verb);
|
||||||
int can_sleep_disk(char **types);
|
int can_sleep_disk(char **types);
|
||||||
|
|
|
@ -38,47 +38,78 @@ static char* arg_verb = NULL;
|
||||||
|
|
||||||
STATIC_DESTRUCTOR_REGISTER(arg_verb, freep);
|
STATIC_DESTRUCTOR_REGISTER(arg_verb, freep);
|
||||||
|
|
||||||
static int write_hibernate_location_info(const HibernateLocation *hibernate_location) {
|
static int write_hibernate_location_info(void) {
|
||||||
|
_cleanup_free_ char *device = NULL, *type = NULL;
|
||||||
|
_cleanup_free_ struct fiemap *fiemap = NULL;
|
||||||
char offset_str[DECIMAL_STR_MAX(uint64_t)];
|
char offset_str[DECIMAL_STR_MAX(uint64_t)];
|
||||||
|
char device_str[DECIMAL_STR_MAX(uint64_t)];
|
||||||
|
_cleanup_close_ int fd = -1;
|
||||||
|
struct stat stb;
|
||||||
|
uint64_t offset;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(hibernate_location);
|
r = find_hibernate_location(&device, &type, NULL, NULL);
|
||||||
assert(hibernate_location->swap);
|
|
||||||
assert(hibernate_location->resume);
|
|
||||||
|
|
||||||
r = write_string_file("/sys/power/resume", hibernate_location->resume, WRITE_STRING_FILE_DISABLE_BUFFER);
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to write partition device to /sys/power/resume for '%s': '%s': %m",
|
return log_debug_errno(r, "Unable to find hibernation location: %m");
|
||||||
hibernate_location->swap->device, hibernate_location->resume);
|
|
||||||
|
|
||||||
log_debug("Wrote resume= value for %s to /sys/power/resume: %s", hibernate_location->swap->device, hibernate_location->resume);
|
/* if it's a swap partition, we just write the disk to /sys/power/resume */
|
||||||
|
if (streq(type, "partition")) {
|
||||||
|
r = write_string_file("/sys/power/resume", device, WRITE_STRING_FILE_DISABLE_BUFFER);
|
||||||
|
if (r < 0)
|
||||||
|
return log_debug_errno(r, "Failed to write partition device to /sys/power/resume: %m");
|
||||||
|
|
||||||
/* if it's a swap partition, we're done */
|
|
||||||
if (streq(hibernate_location->swap->type, "partition"))
|
|
||||||
return r;
|
return r;
|
||||||
|
}
|
||||||
if (!streq(hibernate_location->swap->type, "file"))
|
if (!streq(type, "file"))
|
||||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
|
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||||
"Invalid hibernate type: %s", hibernate_location->swap->type);
|
"Invalid hibernate type: %s", type);
|
||||||
|
|
||||||
/* Only available in 4.17+ */
|
/* Only available in 4.17+ */
|
||||||
if (hibernate_location->resume_offset > 0 && access("/sys/power/resume_offset", W_OK) < 0) {
|
if (access("/sys/power/resume_offset", W_OK) < 0) {
|
||||||
if (errno == ENOENT) {
|
if (errno == ENOENT) {
|
||||||
log_debug("Kernel too old, can't configure resume_offset for %s, ignoring: %" PRIu64,
|
log_debug("Kernel too old, can't configure resume offset, ignoring.");
|
||||||
hibernate_location->swap->device, hibernate_location->resume_offset);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return log_debug_errno(errno, "/sys/power/resume_offset not writeable: %m");
|
return log_debug_errno(errno, "/sys/power/resume_offset not writeable: %m");
|
||||||
}
|
}
|
||||||
|
|
||||||
xsprintf(offset_str, "%" PRIu64, hibernate_location->resume_offset);
|
fd = open(device, O_RDONLY | O_CLOEXEC | O_NONBLOCK);
|
||||||
|
if (fd < 0)
|
||||||
|
return log_debug_errno(errno, "Unable to open '%s': %m", device);
|
||||||
|
r = fstat(fd, &stb);
|
||||||
|
if (r < 0)
|
||||||
|
return log_debug_errno(errno, "Unable to stat %s: %m", device);
|
||||||
|
|
||||||
|
r = btrfs_is_filesystem(fd);
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Error checking %s for Btrfs filesystem: %m", device);
|
||||||
|
|
||||||
|
if (r)
|
||||||
|
return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||||
|
"Unable to calculate swapfile offset when using Btrfs: %s", device);
|
||||||
|
|
||||||
|
r = read_fiemap(fd, &fiemap);
|
||||||
|
if (r < 0)
|
||||||
|
return log_debug_errno(r, "Unable to read extent map for '%s': %m", device);
|
||||||
|
if (fiemap->fm_mapped_extents == 0)
|
||||||
|
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||||
|
"No extents found in '%s'", device);
|
||||||
|
|
||||||
|
offset = fiemap->fm_extents[0].fe_physical / page_size();
|
||||||
|
xsprintf(offset_str, "%" PRIu64, offset);
|
||||||
r = write_string_file("/sys/power/resume_offset", offset_str, WRITE_STRING_FILE_DISABLE_BUFFER);
|
r = write_string_file("/sys/power/resume_offset", offset_str, WRITE_STRING_FILE_DISABLE_BUFFER);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to write swap file offset to /sys/power/resume_offset for '%s': '%s': %m",
|
return log_debug_errno(r, "Failed to write offset '%s': %m", offset_str);
|
||||||
hibernate_location->swap->device, offset_str);
|
|
||||||
|
|
||||||
log_debug("Wrote resume_offset= value for %s to /sys/power/resume_offset: %s", hibernate_location->swap->device, offset_str);
|
log_debug("Wrote calculated resume_offset value to /sys/power/resume_offset: %s", offset_str);
|
||||||
|
|
||||||
|
xsprintf(device_str, "%lx", (unsigned long)stb.st_dev);
|
||||||
|
r = write_string_file("/sys/power/resume", device_str, WRITE_STRING_FILE_DISABLE_BUFFER);
|
||||||
|
if (r < 0)
|
||||||
|
return log_debug_errno(r, "Failed to write device '%s': %m", device_str);
|
||||||
|
|
||||||
|
log_debug("Wrote device id to /sys/power/resume: %s", device_str);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -125,6 +156,32 @@ static int write_state(FILE **f, char **states) {
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int configure_hibernation(void) {
|
||||||
|
_cleanup_free_ char *resume = NULL, *resume_offset = NULL;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
/* check for proper hibernation configuration */
|
||||||
|
r = read_one_line_file("/sys/power/resume", &resume);
|
||||||
|
if (r < 0)
|
||||||
|
return log_debug_errno(r, "Error reading from /sys/power/resume: %m");
|
||||||
|
|
||||||
|
r = read_one_line_file("/sys/power/resume_offset", &resume_offset);
|
||||||
|
if (r < 0)
|
||||||
|
return log_debug_errno(r, "Error reading from /sys/power/resume_offset: %m");
|
||||||
|
|
||||||
|
if (!streq(resume_offset, "0") && !streq(resume, "0:0")) {
|
||||||
|
log_debug("Hibernating using device id and offset read from /sys/power/resume: %s and /sys/power/resume_offset: %s", resume, resume_offset);
|
||||||
|
return 0;
|
||||||
|
} else if (!streq(resume, "0:0")) {
|
||||||
|
log_debug("Hibernating using device id read from /sys/power/resume: %s", resume);
|
||||||
|
return 0;
|
||||||
|
} else if (!streq(resume_offset, "0"))
|
||||||
|
log_debug("Found offset in /sys/power/resume_offset: %s; no device id found in /sys/power/resume; ignoring offset", resume_offset);
|
||||||
|
|
||||||
|
/* if hibernation is not properly configured, attempt to calculate and write values */
|
||||||
|
return write_hibernate_location_info();
|
||||||
|
}
|
||||||
|
|
||||||
static int execute(char **modes, char **states) {
|
static int execute(char **modes, char **states) {
|
||||||
char *arguments[] = {
|
char *arguments[] = {
|
||||||
NULL,
|
NULL,
|
||||||
|
@ -137,9 +194,8 @@ static int execute(char **modes, char **states) {
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
_cleanup_fclose_ FILE *f = NULL;
|
|
||||||
_cleanup_(hibernate_location_freep) HibernateLocation *hibernate_location = NULL;
|
|
||||||
int r;
|
int r;
|
||||||
|
_cleanup_fclose_ FILE *f = NULL;
|
||||||
|
|
||||||
/* This file is opened first, so that if we hit an error,
|
/* This file is opened first, so that if we hit an error,
|
||||||
* we can abort before modifying any state. */
|
* we can abort before modifying any state. */
|
||||||
|
@ -151,14 +207,9 @@ static int execute(char **modes, char **states) {
|
||||||
|
|
||||||
/* Configure the hibernation mode */
|
/* Configure the hibernation mode */
|
||||||
if (!strv_isempty(modes)) {
|
if (!strv_isempty(modes)) {
|
||||||
r = find_hibernate_location(&hibernate_location);
|
r = configure_hibernation();
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
else if (r == 0) {
|
|
||||||
r = write_hibernate_location_info(hibernate_location);
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to prepare for hibernation: %m");
|
return log_error_errno(r, "Failed to prepare for hibernation: %m");
|
||||||
}
|
|
||||||
|
|
||||||
r = write_mode(modes);
|
r = write_mode(modes);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
|
|
@ -36,4 +36,4 @@ RestrictSUIDSGID=yes
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
SystemCallErrorNumber=EPERM
|
SystemCallErrorNumber=EPERM
|
||||||
SystemCallFilter=@system-service sethostname
|
SystemCallFilter=@system-service sethostname
|
||||||
@SERVICE_WATCHDOG@
|
WatchdogSec=3min
|
||||||
|
|
|
@ -15,6 +15,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/importd
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=@rootlibexecdir@/systemd-importd
|
ExecStart=@rootlibexecdir@/systemd-importd
|
||||||
BusName=org.freedesktop.import1
|
BusName=org.freedesktop.import1
|
||||||
|
WatchdogSec=3min
|
||||||
KillMode=mixed
|
KillMode=mixed
|
||||||
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE
|
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
|
@ -27,4 +28,3 @@ SystemCallFilter=@system-service @mount
|
||||||
SystemCallErrorNumber=EPERM
|
SystemCallErrorNumber=EPERM
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
LockPersonality=yes
|
LockPersonality=yes
|
||||||
@SERVICE_WATCHDOG@
|
|
||||||
|
|
|
@ -33,7 +33,7 @@ RestrictRealtime=yes
|
||||||
RestrictSUIDSGID=yes
|
RestrictSUIDSGID=yes
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
User=systemd-journal-remote
|
User=systemd-journal-remote
|
||||||
@SERVICE_WATCHDOG@
|
WatchdogSec=3min
|
||||||
|
|
||||||
# If there are many split up journal files we need a lot of fds to access them
|
# If there are many split up journal files we need a lot of fds to access them
|
||||||
# all in parallel.
|
# all in parallel.
|
||||||
|
|
|
@ -31,7 +31,7 @@ StateDirectory=systemd/journal-upload
|
||||||
SupplementaryGroups=systemd-journal
|
SupplementaryGroups=systemd-journal
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
User=systemd-journal-upload
|
User=systemd-journal-upload
|
||||||
@SERVICE_WATCHDOG@
|
WatchdogSec=3min
|
||||||
|
|
||||||
# If there are many split up journal files we need a lot of fds to access them
|
# If there are many split up journal files we need a lot of fds to access them
|
||||||
# all in parallel.
|
# all in parallel.
|
||||||
|
|
|
@ -37,7 +37,7 @@ SystemCallArchitectures=native
|
||||||
SystemCallErrorNumber=EPERM
|
SystemCallErrorNumber=EPERM
|
||||||
SystemCallFilter=@system-service
|
SystemCallFilter=@system-service
|
||||||
Type=notify
|
Type=notify
|
||||||
@SERVICE_WATCHDOG@
|
WatchdogSec=3min
|
||||||
|
|
||||||
# If there are many split up journal files we need a lot of fds to access them
|
# If there are many split up journal files we need a lot of fds to access them
|
||||||
# all in parallel.
|
# all in parallel.
|
||||||
|
|
|
@ -37,4 +37,4 @@ RestrictSUIDSGID=yes
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
SystemCallErrorNumber=EPERM
|
SystemCallErrorNumber=EPERM
|
||||||
SystemCallFilter=@system-service
|
SystemCallFilter=@system-service
|
||||||
@SERVICE_WATCHDOG@
|
WatchdogSec=3min
|
||||||
|
|
|
@ -55,7 +55,7 @@ StateDirectory=systemd/linger
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
SystemCallErrorNumber=EPERM
|
SystemCallErrorNumber=EPERM
|
||||||
SystemCallFilter=@system-service
|
SystemCallFilter=@system-service
|
||||||
@SERVICE_WATCHDOG@
|
WatchdogSec=3min
|
||||||
|
|
||||||
# Increase the default a bit in order to allow many simultaneous logins since
|
# Increase the default a bit in order to allow many simultaneous logins since
|
||||||
# we keep one fd open per session.
|
# we keep one fd open per session.
|
||||||
|
|
|
@ -29,7 +29,7 @@ RestrictRealtime=yes
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
SystemCallErrorNumber=EPERM
|
SystemCallErrorNumber=EPERM
|
||||||
SystemCallFilter=@system-service @mount
|
SystemCallFilter=@system-service @mount
|
||||||
@SERVICE_WATCHDOG@
|
WatchdogSec=3min
|
||||||
|
|
||||||
# Note that machined cannot be placed in a mount namespace, since it
|
# Note that machined cannot be placed in a mount namespace, since it
|
||||||
# needs access to the host's mount namespace in order to implement the
|
# needs access to the host's mount namespace in order to implement the
|
||||||
|
|
|
@ -44,7 +44,7 @@ SystemCallFilter=@system-service
|
||||||
Type=notify
|
Type=notify
|
||||||
RestartKillSignal=SIGUSR2
|
RestartKillSignal=SIGUSR2
|
||||||
User=systemd-network
|
User=systemd-network
|
||||||
@SERVICE_WATCHDOG@
|
WatchdogSec=3min
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -23,10 +23,10 @@ KillMode=mixed
|
||||||
Type=notify
|
Type=notify
|
||||||
RestartForceExitStatus=133
|
RestartForceExitStatus=133
|
||||||
SuccessExitStatus=133
|
SuccessExitStatus=133
|
||||||
|
WatchdogSec=3min
|
||||||
Slice=machine.slice
|
Slice=machine.slice
|
||||||
Delegate=yes
|
Delegate=yes
|
||||||
TasksMax=16384
|
TasksMax=16384
|
||||||
@SERVICE_WATCHDOG@
|
|
||||||
|
|
||||||
# Enforce a strict device policy, similar to the one nspawn configures when it
|
# Enforce a strict device policy, similar to the one nspawn configures when it
|
||||||
# allocates its own scope unit. Make sure to keep these policies in sync if you
|
# allocates its own scope unit. Make sure to keep these policies in sync if you
|
||||||
|
|
|
@ -15,6 +15,7 @@ RequiresMountsFor=/var/lib/portables
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=@rootlibexecdir@/systemd-portabled
|
ExecStart=@rootlibexecdir@/systemd-portabled
|
||||||
BusName=org.freedesktop.portable1
|
BusName=org.freedesktop.portable1
|
||||||
|
WatchdogSec=3min
|
||||||
CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD
|
CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD
|
||||||
MemoryDenyWriteExecute=yes
|
MemoryDenyWriteExecute=yes
|
||||||
ProtectHostname=yes
|
ProtectHostname=yes
|
||||||
|
@ -25,4 +26,3 @@ SystemCallErrorNumber=EPERM
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
LockPersonality=yes
|
LockPersonality=yes
|
||||||
IPAddressDeny=any
|
IPAddressDeny=any
|
||||||
@SERVICE_WATCHDOG@
|
|
||||||
|
|
|
@ -46,7 +46,7 @@ SystemCallErrorNumber=EPERM
|
||||||
SystemCallFilter=@system-service
|
SystemCallFilter=@system-service
|
||||||
Type=notify
|
Type=notify
|
||||||
User=systemd-resolve
|
User=systemd-resolve
|
||||||
@SERVICE_WATCHDOG@
|
WatchdogSec=3min
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -36,4 +36,4 @@ RestrictSUIDSGID=yes
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
SystemCallErrorNumber=EPERM
|
SystemCallErrorNumber=EPERM
|
||||||
SystemCallFilter=@system-service @clock
|
SystemCallFilter=@system-service @clock
|
||||||
@SERVICE_WATCHDOG@
|
WatchdogSec=3min
|
||||||
|
|
|
@ -46,7 +46,7 @@ SystemCallErrorNumber=EPERM
|
||||||
SystemCallFilter=@system-service @clock
|
SystemCallFilter=@system-service @clock
|
||||||
Type=notify
|
Type=notify
|
||||||
User=systemd-timesync
|
User=systemd-timesync
|
||||||
@SERVICE_WATCHDOG@
|
WatchdogSec=3min
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=sysinit.target
|
WantedBy=sysinit.target
|
||||||
|
|
|
@ -25,6 +25,7 @@ RestartSec=0
|
||||||
ExecStart=@rootlibexecdir@/systemd-udevd
|
ExecStart=@rootlibexecdir@/systemd-udevd
|
||||||
ExecReload=@rootbindir@/udevadm control --reload --timeout 0
|
ExecReload=@rootbindir@/udevadm control --reload --timeout 0
|
||||||
KillMode=mixed
|
KillMode=mixed
|
||||||
|
WatchdogSec=3min
|
||||||
TasksMax=infinity
|
TasksMax=infinity
|
||||||
PrivateMounts=yes
|
PrivateMounts=yes
|
||||||
ProtectHostname=yes
|
ProtectHostname=yes
|
||||||
|
@ -37,4 +38,3 @@ SystemCallErrorNumber=EPERM
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
LockPersonality=yes
|
LockPersonality=yes
|
||||||
IPAddressDeny=any
|
IPAddressDeny=any
|
||||||
@SERVICE_WATCHDOG@
|
|
||||||
|
|
Loading…
Reference in New Issue