]> git.ipfire.org Git - thirdparty/systemd.git/blobdiff - units/systemd-logind.service.in
projects / thirdparty / systemd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Revert "sysusers: properly mark generated accounts as locked"
[thirdparty/systemd.git] / units / systemd-logind.service.in
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index 3eef95c6614f03fdbe25b16344251ef5d3ac4837..c6f5b81c1d7641ad4640657e04803088a134a4cf 100644 (file)
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -22,6 +22,14 @@ After=dbus.socket
 [Service]
 BusName=org.freedesktop.login1
 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG CAP_LINUX_IMMUTABLE
+DeviceAllow=block-* r
+DeviceAllow=char-/dev/console rw
+DeviceAllow=char-drm rw
+DeviceAllow=char-input rw
+DeviceAllow=char-tty rw
+DeviceAllow=char-vcs rw
+# Make sure the DeviceAllow= lines above can work correctly when referenceing char-drm
+ExecStartPre=-/sbin/modprobe -abq drm
 ExecStart=@rootlibexecdir@/systemd-logind
 FileDescriptorStoreMax=512
 IPAddressDeny=any
@@ -43,6 +51,7 @@ RestrictRealtime=yes
 RestrictSUIDSGID=yes
 RuntimeDirectory=systemd/sessions systemd/seats systemd/users systemd/inhibit systemd/shutdown
 RuntimeDirectoryPreserve=yes
+StateDirectory=systemd/linger
 SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service
Unnamed repository; edit this file 'description' to name the repository.