summaryrefslogtreecommitdiffstats
path: root/units/user@.service.m4.in (follow)
Commit message (Collapse)AuthorAgeFilesLines
* units: extend stop timeout for user@.service to 120s (#4426)Lennart Poettering2016-10-201-0/+1
| | | | | | | | | | | | | | | | | By default all user and all system services get stop timeouts for 90s. This is problematic as the user manager of course is run as system service. Thus, if the default time-out is hit for any user service, then it will also be hit for user@.service as a whole, thus making the whole concept useless for user services. This patch extends the stop timeout to 120s for user@.service hence, so that that the user service manager has ample time to process user services timing out. (The other option would have been to shorten the default user service timeout, but I think a user service should get the same timeout by default as a system service) Fixes: #4206
* Set user@.service TasksMax=infinityJan Alexander Steffens (heftig)2015-11-221-0/+1
| | | | | | | | The user manager is still limited by its parent slice user-UID.slice, which defaults to 4096 tasks. However, it no longer has an additional limit of 512 tasks. Fixes #1955.
* build-sys: remove commented-out m4 from user@.serviceMantas Mikulėnas2014-12-141-4/+0
| | | | | | | | | | | Otherwise this actually remains in the generated unit in /usr/lib. If you want to keep it commented out, a m4-compatible way would be: m4_ifdef(`HAVE_SMACK', dnl Capabilities=cap_mac_admin=i dnl SecureBits=keep-caps )
* build-sys: turn off SMACK capabilities stuff for now, since it is ↵Lennart Poettering2014-12-101-4/+4
| | | | incompatible with nspawn
* bus-proxy: cloning smack labelPrzemyslaw Kedzierski2014-12-091-0/+23
| | | | | | | | | | | | | | | | | | | | | | When dbus client connects to systemd-bus-proxyd through Unix domain socket proxy takes client's smack label and sets for itself. It is done before and independent of dropping privileges. The reason of such soluton is fact that tests of access rights performed by lsm may take place inside kernel, not only in userspace of recipient of message. The bus-proxyd needs CAP_MAC_ADMIN to manipulate its label. In case of systemd running in system mode, CAP_MAC_ADMIN should be added to CapabilityBoundingSet in service file of bus-proxyd. In case of systemd running in user mode ('systemd --user') it can be achieved by addition Capabilities=cap_mac_admin=i and SecureBits=keep-caps to user@.service file and setting cap_mac_admin+ei on bus-proxyd binary.
* pam_systemd: export DBUS_SESSION_BUS_ADDRESSKay Sievers2014-01-081-22/+0
|
* build-sys: fix generation of user@.serviceZbigniew Jędrzejewski-Szmek2013-12-271-0/+22