mirror of
https://github.com/morgan9e/systemd
synced 2026-04-14 00:14:32 +09:00
a7fa29b1b5
Let's synthesize DNS RRs for leases handed out by our DHCP server. This way local VMs can have resolvable hostnames locally. This does not implement reverse look ups for now. We can add this later in similar fashion.
71 lines
2.6 KiB
SYSTEMD
71 lines
2.6 KiB
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Network Management
|
|
Documentation=man:systemd-networkd.service(8)
|
|
Documentation=man:org.freedesktop.network1(5)
|
|
ConditionCapability=CAP_NET_ADMIN
|
|
DefaultDependencies=no
|
|
# systemd-udevd.service can be dropped once tuntap is moved to netlink
|
|
After=systemd-udevd.service network-pre.target systemd-sysusers.service systemd-sysctl.service
|
|
Before=network.target multi-user.target shutdown.target initrd-switch-root.target
|
|
Conflicts=shutdown.target initrd-switch-root.target
|
|
Wants=network.target systemd-networkd-persistent-storage.service
|
|
|
|
[Service]
|
|
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_BPF CAP_SYS_ADMIN
|
|
BusName=org.freedesktop.network1
|
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_BPF CAP_SYS_ADMIN
|
|
DeviceAllow=char-* rw
|
|
ExecStart={{LIBEXECDIR}}/systemd-networkd
|
|
FileDescriptorStoreMax=512
|
|
ImportCredential=network.wireguard.*
|
|
LockPersonality=yes
|
|
MemoryDenyWriteExecute=yes
|
|
NoNewPrivileges=yes
|
|
ProtectProc=invisible
|
|
ProtectClock=yes
|
|
ProtectControlGroups=yes
|
|
ProtectHome=yes
|
|
ProtectKernelLogs=yes
|
|
ProtectKernelModules=yes
|
|
ProtectSystem=strict
|
|
Restart=on-failure
|
|
RestartKillSignal=SIGUSR2
|
|
RestartSec=0
|
|
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET
|
|
RestrictNamespaces=yes
|
|
RestrictRealtime=yes
|
|
RestrictSUIDSGID=yes
|
|
RuntimeDirectory=systemd/netif
|
|
RuntimeDirectoryPreserve=yes
|
|
Sockets=systemd-networkd.socket systemd-networkd-varlink.socket systemd-networkd-resolve-hook.socket
|
|
SystemCallArchitectures=native
|
|
SystemCallErrorNumber=EPERM
|
|
SystemCallFilter=@system-service bpf
|
|
Type=notify-reload
|
|
User=systemd-network
|
|
{{SERVICE_WATCHDOG}}
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
Also=systemd-networkd.socket systemd-networkd-varlink.socket systemd-networkd-resolve-hook.socket
|
|
Alias=dbus-org.freedesktop.network1.service
|
|
|
|
# The output from this generator is used by udevd and networkd. Enable it by
|
|
# default when enabling systemd-networkd.service.
|
|
Also=systemd-network-generator.service
|
|
|
|
# We want to enable systemd-networkd-wait-online.service whenever this service
|
|
# is enabled. systemd-networkd-wait-online.service has
|
|
# WantedBy=network-online.target, so enabling it only has an effect if
|
|
# network-online.target itself is enabled or pulled in by some other unit.
|
|
Also=systemd-networkd-wait-online.service
|