1 # SPDX-License-Identifier: LGPL-2.1+
3 # This file is part of systemd.
5 # systemd is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU Lesser General Public License as published by
7 # the Free Software Foundation; either version 2.1 of the License, or
8 # (at your option) any later version.
11 Description=User Login Management
12 Documentation=man:systemd-logind.service(8) man:logind.conf(5)
13 Documentation=https://www.freedesktop.org/wiki/Software/systemd/logind
14 Documentation=https://www.freedesktop.org/wiki/Software/systemd/multiseat
15 Wants=user.slice modprobe@drm.service
16 After=nss-user-lookup.target user.slice modprobe@drm.service
18 # Ask for the dbus socket.
23 BusName=org.freedesktop.login1
24 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG CAP_LINUX_IMMUTABLE
26 DeviceAllow=char-/dev/console rw
27 DeviceAllow=char-drm rw
28 DeviceAllow=char-input rw
29 DeviceAllow=char-tty rw
30 DeviceAllow=char-vcs rw
31 # Make sure the DeviceAllow= lines above can work correctly when referenceing char-drm
32 ExecStart=@rootlibexecdir@/systemd-logind
33 FileDescriptorStoreMax=512
36 MemoryDenyWriteExecute=yes
40 ProtectControlGroups=yes
43 ProtectKernelModules=yes
46 ReadWritePaths=/etc /run
49 RestrictAddressFamilies=AF_UNIX AF_NETLINK
50 RestrictNamespaces=yes
53 RuntimeDirectory=systemd/sessions systemd/seats systemd/users systemd/inhibit systemd/shutdown
54 RuntimeDirectoryPreserve=yes
55 StateDirectory=systemd/linger
56 SystemCallArchitectures=native
57 SystemCallErrorNumber=EPERM
58 SystemCallFilter=@system-service
61 # Increase the default a bit in order to allow many simultaneous logins since
62 # we keep one fd open per session.
63 LimitNOFILE=@HIGH_RLIMIT_NOFILE@