units/systemd-logind.service.in

   1 #  SPDX-License-Identifier: LGPL-2.1+
   2 #
   3 #  This file is part of systemd.
   4 #
   5 #  systemd is free software; you can redistribute it and/or modify it
   6 #  under the terms of the GNU Lesser General Public License as published by
   7 #  the Free Software Foundation; either version 2.1 of the License, or
   8 #  (at your option) any later version.
   9
  10 [Unit]
  11 Description=Login Service
  12 Documentation=man:systemd-logind.service(8) man:logind.conf(5)
  13 Documentation=https://www.freedesktop.org/wiki/Software/systemd/logind
  14 Documentation=https://www.freedesktop.org/wiki/Software/systemd/multiseat
  15 Wants=user.slice
  16 After=nss-user-lookup.target user.slice
  17
  18 # Ask for the dbus socket.
  19 Wants=dbus.socket
  20 After=dbus.socket
  21
  22 [Service]
  23 BusName=org.freedesktop.login1
  24 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG CAP_LINUX_IMMUTABLE
  25 ExecStart=@rootlibexecdir@/systemd-logind
  26 FileDescriptorStoreMax=512
  27 IPAddressDeny=any
  28 LockPersonality=yes
  29 MemoryDenyWriteExecute=yes
  30 NoNewPrivileges=yes
  31 PrivateTmp=yes
  32 ProtectControlGroups=yes
  33 ProtectHome=yes
  34 ProtectHostname=yes
  35 ProtectKernelModules=yes
  36 ProtectSystem=strict
  37 ReadWritePaths=/etc /run
  38 Restart=always
  39 RestartSec=0
  40 RestrictAddressFamilies=AF_UNIX AF_NETLINK
  41 RestrictNamespaces=yes
  42 RestrictRealtime=yes
  43 RestrictSUIDSGID=yes
  44 RuntimeDirectory=systemd/sessions systemd/seats systemd/users systemd/inhibit systemd/shutdown
  45 RuntimeDirectoryPreserve=yes
  46 StateDirectory=systemd/linger
  47 SystemCallArchitectures=native
  48 SystemCallErrorNumber=EPERM
  49 SystemCallFilter=@system-service
  50 WatchdogSec=3min
  51
  52 # Increase the default a bit in order to allow many simultaneous logins since
  53 # we keep one fd open per session.
  54 LimitNOFILE=@HIGH_RLIMIT_NOFILE@