Line
Link Here
|
0 |
-- b/src/journal/journald-server.c |
0 |
++ a/src/journal/journald-server.c |
Lines 1466-1472
Link Here
|
1466 |
} |
1462 |
} |
1467 |
|
1463 |
|
1468 |
int server_init(Server *s) { |
1464 |
int server_init(Server *s) { |
1469 |
_cleanup_fdset_free_ FDSet *fds = NULL; |
|
|
1470 |
int n, r, fd; |
1465 |
int n, r, fd; |
1471 |
|
1466 |
|
1472 |
assert(s); |
1467 |
assert(s); |
Lines 1563-1595
Link Here
|
1563 |
s->audit_fd = fd; |
1558 |
s->audit_fd = fd; |
1564 |
|
1559 |
|
1565 |
} else { |
1560 |
} else { |
|
|
1561 |
log_warning("Unknown socket passed as file descriptor %d, ignoring.", fd); |
1566 |
|
1562 |
|
1567 |
if (!fds) { |
1563 |
/* Let's close the fd, better be safe than |
1568 |
fds = fdset_new(); |
1564 |
sorry. The fd might reference some resource |
1569 |
if (!fds) |
1565 |
that we really want to release if we don't |
1570 |
return log_oom(); |
1566 |
make use of it. */ |
1571 |
} |
|
|
1572 |
|
1567 |
|
1573 |
r = fdset_put(fds, fd); |
1568 |
safe_close(fd); |
1574 |
if (r < 0) |
|
|
1575 |
return log_oom(); |
1576 |
} |
1569 |
} |
1577 |
} |
1570 |
} |
1578 |
|
1571 |
|
1579 |
r = server_open_stdout_socket(s, fds); |
1572 |
r = server_open_syslog_socket(s); |
1580 |
if (r < 0) |
1573 |
if (r < 0) |
1581 |
return r; |
1574 |
return r; |
1582 |
|
1575 |
|
1583 |
if (fdset_size(fds) > 0) { |
1576 |
r = server_open_native_socket(s); |
1584 |
log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds)); |
|
|
1585 |
fds = fdset_free(fds); |
1586 |
} |
1587 |
|
1588 |
r = server_open_syslog_socket(s); |
1589 |
if (r < 0) |
1577 |
if (r < 0) |
1590 |
return r; |
1578 |
return r; |
1591 |
|
1579 |
|
1592 |
r = server_open_native_socket(s); |
1580 |
r = server_open_stdout_socket(s); |
1593 |
if (r < 0) |
1581 |
if (r < 0) |
1594 |
return r; |
1582 |
return r; |
1595 |
|
1583 |
|
1596 |
-- b/src/journal/journald-stream.c |
1584 |
++ a/src/journal/journald-stream.c |
Lines 28-38
Link Here
|
28 |
#endif |
28 |
#endif |
29 |
|
29 |
|
30 |
#include "sd-event.h" |
30 |
#include "sd-event.h" |
31 |
#include "sd-daemon.h" |
|
|
32 |
#include "socket-util.h" |
31 |
#include "socket-util.h" |
33 |
#include "selinux-util.h" |
32 |
#include "selinux-util.h" |
34 |
#include "mkdir.h" |
|
|
35 |
#include "fileio.h" |
36 |
#include "journald-server.h" |
33 |
#include "journald-server.h" |
37 |
#include "journald-stream.h" |
34 |
#include "journald-stream.h" |
38 |
#include "journald-syslog.h" |
35 |
#include "journald-syslog.h" |
Lines 72-224
Link Here
|
72 |
bool forward_to_kmsg:1; |
69 |
bool forward_to_kmsg:1; |
73 |
bool forward_to_console:1; |
70 |
bool forward_to_console:1; |
74 |
|
71 |
|
75 |
bool fdstore:1; |
|
|
76 |
|
77 |
char buffer[LINE_MAX+1]; |
72 |
char buffer[LINE_MAX+1]; |
78 |
size_t length; |
73 |
size_t length; |
79 |
|
74 |
|
80 |
sd_event_source *event_source; |
75 |
sd_event_source *event_source; |
81 |
|
76 |
|
82 |
char *state_file; |
|
|
83 |
|
84 |
LIST_FIELDS(StdoutStream, stdout_stream); |
77 |
LIST_FIELDS(StdoutStream, stdout_stream); |
85 |
}; |
78 |
}; |
86 |
|
79 |
|
87 |
void stdout_stream_free(StdoutStream *s) { |
|
|
88 |
if (!s) |
89 |
return; |
90 |
|
91 |
if (s->server) { |
92 |
assert(s->server->n_stdout_streams > 0); |
93 |
s->server->n_stdout_streams --; |
94 |
LIST_REMOVE(stdout_stream, s->server->stdout_streams, s); |
95 |
} |
96 |
|
97 |
if (s->event_source) { |
98 |
sd_event_source_set_enabled(s->event_source, SD_EVENT_OFF); |
99 |
s->event_source = sd_event_source_unref(s->event_source); |
100 |
} |
101 |
|
102 |
safe_close(s->fd); |
103 |
|
104 |
#ifdef HAVE_SELINUX |
105 |
if (s->security_context) |
106 |
freecon(s->security_context); |
107 |
#endif |
108 |
|
109 |
free(s->identifier); |
110 |
free(s->unit_id); |
111 |
free(s->state_file); |
112 |
|
113 |
free(s); |
114 |
} |
115 |
|
116 |
DEFINE_TRIVIAL_CLEANUP_FUNC(StdoutStream*, stdout_stream_free); |
117 |
|
118 |
static void stdout_stream_destroy(StdoutStream *s) { |
119 |
if (!s) |
120 |
return; |
121 |
|
122 |
if (s->state_file) |
123 |
unlink(s->state_file); |
124 |
|
125 |
stdout_stream_free(s); |
126 |
} |
127 |
|
128 |
static int stdout_stream_save(StdoutStream *s) { |
129 |
_cleanup_free_ char *temp_path = NULL; |
130 |
_cleanup_fclose_ FILE *f = NULL; |
131 |
int r; |
132 |
|
133 |
assert(s); |
134 |
|
135 |
if (s->state != STDOUT_STREAM_RUNNING) |
136 |
return 0; |
137 |
|
138 |
if (!s->state_file) { |
139 |
struct stat st; |
140 |
|
141 |
r = fstat(s->fd, &st); |
142 |
if (r < 0) |
143 |
return log_warning_errno(errno, "Failed to stat connected stream: %m"); |
144 |
|
145 |
/* We use device and inode numbers as identifier for the stream */ |
146 |
if (asprintf(&s->state_file, "/run/systemd/journal/streams/%lu:%lu", (unsigned long) st.st_dev, (unsigned long) st.st_ino) < 0) |
147 |
return log_oom(); |
148 |
} |
149 |
|
150 |
mkdir_p("/run/systemd/journal/streams", 0755); |
151 |
|
152 |
r = fopen_temporary(s->state_file, &f, &temp_path); |
153 |
if (r < 0) |
154 |
goto finish; |
155 |
|
156 |
fprintf(f, |
157 |
"# This is private data. Do not parse\n" |
158 |
"PRIORITY=%i\n" |
159 |
"LEVEL_PREFIX=%i\n" |
160 |
"FORWARD_TO_SYSLOG=%i\n" |
161 |
"FORWARD_TO_KMSG=%i\n" |
162 |
"FORWARD_TO_CONSOLE=%i\n", |
163 |
s->priority, |
164 |
s->level_prefix, |
165 |
s->forward_to_syslog, |
166 |
s->forward_to_kmsg, |
167 |
s->forward_to_console); |
168 |
|
169 |
if (!isempty(s->identifier)) { |
170 |
_cleanup_free_ char *escaped; |
171 |
|
172 |
escaped = cescape(s->identifier); |
173 |
if (!escaped) { |
174 |
r = -ENOMEM; |
175 |
goto finish; |
176 |
} |
177 |
|
178 |
fprintf(f, "IDENTIFIER=%s\n", escaped); |
179 |
} |
180 |
|
181 |
if (!isempty(s->unit_id)) { |
182 |
_cleanup_free_ char *escaped; |
183 |
|
184 |
escaped = cescape(s->unit_id); |
185 |
if (!escaped) { |
186 |
r = -ENOMEM; |
187 |
goto finish; |
188 |
} |
189 |
|
190 |
fprintf(f, "UNIT=%s\n", escaped); |
191 |
} |
192 |
|
193 |
r = fflush_and_check(f); |
194 |
if (r < 0) |
195 |
goto finish; |
196 |
|
197 |
if (rename(temp_path, s->state_file) < 0) { |
198 |
r = -errno; |
199 |
goto finish; |
200 |
} |
201 |
|
202 |
free(temp_path); |
203 |
temp_path = NULL; |
204 |
|
205 |
/* Store the connection fd in PID 1, so that we get it passed |
206 |
* in again on next start */ |
207 |
if (!s->fdstore) { |
208 |
sd_pid_notify_with_fds(0, false, "FDSTORE=1", &s->fd, 1); |
209 |
s->fdstore = true; |
210 |
} |
211 |
|
212 |
finish: |
213 |
if (temp_path) |
214 |
unlink(temp_path); |
215 |
|
216 |
if (r < 0) |
217 |
log_error_errno(r, "Failed to save stream data %s: %m", s->state_file); |
218 |
|
219 |
return r; |
220 |
} |
221 |
|
222 |
static int stdout_stream_log(StdoutStream *s, const char *p) { |
80 |
static int stdout_stream_log(StdoutStream *s, const char *p) { |
223 |
struct iovec iovec[N_IOVEC_META_FIELDS + 5]; |
81 |
struct iovec iovec[N_IOVEC_META_FIELDS + 5]; |
224 |
int priority; |
82 |
int priority; |
Lines 371-379
Link Here
|
371 |
|
229 |
|
372 |
s->forward_to_console = !!r; |
230 |
s->forward_to_console = !!r; |
373 |
s->state = STDOUT_STREAM_RUNNING; |
231 |
s->state = STDOUT_STREAM_RUNNING; |
374 |
|
|
|
375 |
/* Try to save the stream, so that journald can be restarted and we can recover */ |
376 |
(void) stdout_stream_save(s); |
377 |
return 0; |
232 |
return 0; |
378 |
|
233 |
|
379 |
case STDOUT_STREAM_RUNNING: |
234 |
case STDOUT_STREAM_RUNNING: |
Lines 468-530
Link Here
|
468 |
return 1; |
323 |
return 1; |
469 |
|
324 |
|
470 |
terminate: |
325 |
terminate: |
471 |
stdout_stream_destroy(s); |
326 |
stdout_stream_free(s); |
472 |
return 0; |
327 |
return 0; |
473 |
} |
328 |
} |
474 |
|
329 |
|
475 |
static int stdout_stream_install(Server *s, int fd, StdoutStream **ret) { |
330 |
void stdout_stream_free(StdoutStream *s) { |
476 |
_cleanup_(stdout_stream_freep) StdoutStream *stream = NULL; |
|
|
477 |
int r; |
478 |
|
479 |
assert(s); |
331 |
assert(s); |
480 |
assert(fd >= 0); |
|
|
481 |
|
332 |
|
482 |
stream = new0(StdoutStream, 1); |
333 |
if (s->server) { |
483 |
if (!stream) |
334 |
assert(s->server->n_stdout_streams > 0); |
484 |
return log_oom(); |
335 |
s->server->n_stdout_streams --; |
|
|
336 |
LIST_REMOVE(stdout_stream, s->server->stdout_streams, s); |
337 |
} |
485 |
|
338 |
|
486 |
stream->fd = -1; |
339 |
if (s->event_source) { |
487 |
stream->priority = LOG_INFO; |
340 |
sd_event_source_set_enabled(s->event_source, SD_EVENT_OFF); |
|
|
341 |
s->event_source = sd_event_source_unref(s->event_source); |
342 |
} |
488 |
|
343 |
|
489 |
r = getpeercred(fd, &stream->ucred); |
344 |
safe_close(s->fd); |
490 |
if (r < 0) |
|
|
491 |
return log_error_errno(r, "Failed to determine peer credentials: %m"); |
492 |
|
345 |
|
493 |
#ifdef HAVE_SELINUX |
346 |
#ifdef HAVE_SELINUX |
494 |
if (mac_selinux_use()) { |
347 |
if (s->security_context) |
495 |
if (getpeercon(fd, &stream->security_context) < 0 && errno != ENOPROTOOPT) |
348 |
freecon(s->security_context); |
496 |
log_error_errno(errno, "Failed to determine peer security context: %m"); |
|
|
497 |
} |
498 |
#endif |
349 |
#endif |
499 |
|
350 |
|
500 |
(void) shutdown(fd, SHUT_WR); |
351 |
free(s->identifier); |
501 |
|
352 |
free(s->unit_id); |
502 |
r = sd_event_add_io(s->event, &stream->event_source, fd, EPOLLIN, stdout_stream_process, stream); |
353 |
free(s); |
503 |
if (r < 0) |
|
|
504 |
return log_error_errno(r, "Failed to add stream to event loop: %m"); |
505 |
|
506 |
r = sd_event_source_set_priority(stream->event_source, SD_EVENT_PRIORITY_NORMAL+5); |
507 |
if (r < 0) |
508 |
return log_error_errno(r, "Failed to adjust stdout event source priority: %m"); |
509 |
|
510 |
stream->fd = fd; |
511 |
|
512 |
stream->server = s; |
513 |
LIST_PREPEND(stdout_stream, s->stdout_streams, stream); |
514 |
s->n_stdout_streams ++; |
515 |
|
516 |
if (ret) |
517 |
*ret = stream; |
518 |
|
519 |
stream = NULL; |
520 |
|
521 |
return 0; |
522 |
} |
354 |
} |
523 |
|
355 |
|
524 |
static int stdout_stream_new(sd_event_source *es, int listen_fd, uint32_t revents, void *userdata) { |
356 |
static int stdout_stream_new(sd_event_source *es, int listen_fd, uint32_t revents, void *userdata) { |
525 |
_cleanup_close_ int fd = -1; |
|
|
526 |
Server *s = userdata; |
357 |
Server *s = userdata; |
527 |
int r; |
358 |
StdoutStream *stream; |
|
|
359 |
int fd, r; |
528 |
|
360 |
|
529 |
assert(s); |
361 |
assert(s); |
530 |
|
362 |
|
Lines 544-706
Link Here
|
544 |
|
376 |
|
545 |
if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) { |
377 |
if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) { |
546 |
log_warning("Too many stdout streams, refusing connection."); |
378 |
log_warning("Too many stdout streams, refusing connection."); |
|
|
379 |
safe_close(fd); |
547 |
return 0; |
380 |
return 0; |
548 |
} |
381 |
} |
549 |
|
382 |
|
550 |
r = stdout_stream_install(s, fd, NULL); |
383 |
stream = new0(StdoutStream, 1); |
551 |
if (r < 0) |
384 |
if (!stream) { |
552 |
return r; |
385 |
safe_close(fd); |
553 |
|
386 |
return log_oom(); |
554 |
fd = -1; |
|
|
555 |
return 0; |
556 |
} |
557 |
|
558 |
static int stdout_stream_load(StdoutStream *stream, const char *fname) { |
559 |
_cleanup_free_ char |
560 |
*priority = NULL, |
561 |
*level_prefix = NULL, |
562 |
*forward_to_syslog = NULL, |
563 |
*forward_to_kmsg = NULL, |
564 |
*forward_to_console = NULL; |
565 |
int r; |
566 |
|
567 |
assert(stream); |
568 |
assert(fname); |
569 |
|
570 |
if (!stream->state_file) { |
571 |
stream->state_file = strappend("/run/systemd/journal/streams/", fname); |
572 |
if (!stream->state_file) |
573 |
return log_oom(); |
574 |
} |
387 |
} |
575 |
|
388 |
|
576 |
r = parse_env_file(stream->state_file, NEWLINE, |
389 |
stream->fd = fd; |
577 |
"PRIORITY", &priority, |
|
|
578 |
"LEVEL_PREFIX", &level_prefix, |
579 |
"FORWARD_TO_SYSLOG", &forward_to_syslog, |
580 |
"FORWARD_TO_KMSG", &forward_to_kmsg, |
581 |
"FORWARD_TO_CONSOLE", &forward_to_console, |
582 |
"IDENTIFIER", &stream->identifier, |
583 |
"UNIT", &stream->unit_id, |
584 |
NULL); |
585 |
if (r < 0) |
586 |
return log_error_errno(r, "Failed to read: %s", stream->state_file); |
587 |
|
390 |
|
588 |
if (priority) { |
391 |
r = getpeercred(fd, &stream->ucred); |
589 |
int p; |
392 |
if (r < 0) { |
590 |
|
393 |
log_error_errno(errno, "Failed to determine peer credentials: %m"); |
591 |
p = log_level_from_string(priority); |
394 |
goto fail; |
592 |
if (p >= 0) |
|
|
593 |
stream->priority = p; |
594 |
} |
395 |
} |
595 |
|
396 |
|
596 |
if (level_prefix) { |
397 |
#ifdef HAVE_SELINUX |
597 |
r = parse_boolean(level_prefix); |
398 |
if (mac_selinux_use()) { |
598 |
if (r >= 0) |
399 |
if (getpeercon(fd, &stream->security_context) < 0 && errno != ENOPROTOOPT) |
599 |
stream->level_prefix = r; |
400 |
log_error_errno(errno, "Failed to determine peer security context: %m"); |
600 |
} |
401 |
} |
|
|
402 |
#endif |
601 |
|
403 |
|
602 |
if (forward_to_syslog) { |
404 |
if (shutdown(fd, SHUT_WR) < 0) { |
603 |
r = parse_boolean(forward_to_syslog); |
405 |
log_error_errno(errno, "Failed to shutdown writing side of socket: %m"); |
604 |
if (r >= 0) |
406 |
goto fail; |
605 |
stream->forward_to_syslog = r; |
|
|
606 |
} |
407 |
} |
607 |
|
408 |
|
608 |
if (forward_to_kmsg) { |
409 |
r = sd_event_add_io(s->event, &stream->event_source, fd, EPOLLIN, stdout_stream_process, stream); |
609 |
r = parse_boolean(forward_to_kmsg); |
410 |
if (r < 0) { |
610 |
if (r >= 0) |
411 |
log_error_errno(r, "Failed to add stream to event loop: %m"); |
611 |
stream->forward_to_kmsg = r; |
412 |
goto fail; |
612 |
} |
413 |
} |
613 |
|
414 |
|
614 |
if (forward_to_console) { |
415 |
r = sd_event_source_set_priority(stream->event_source, SD_EVENT_PRIORITY_NORMAL+5); |
615 |
r = parse_boolean(forward_to_console); |
416 |
if (r < 0) { |
616 |
if (r >= 0) |
417 |
log_error_errno(r, "Failed to adjust stdout event source priority: %m"); |
617 |
stream->forward_to_console = r; |
418 |
goto fail; |
618 |
} |
419 |
} |
619 |
|
420 |
|
620 |
return 0; |
421 |
stream->server = s; |
621 |
} |
422 |
LIST_PREPEND(stdout_stream, s->stdout_streams, stream); |
622 |
|
423 |
s->n_stdout_streams ++; |
623 |
static int stdout_stream_restore(Server *s, const char *fname, int fd) { |
|
|
624 |
StdoutStream *stream; |
625 |
int r; |
626 |
|
627 |
assert(s); |
628 |
assert(fname); |
629 |
assert(fd >= 0); |
630 |
|
631 |
if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) { |
632 |
log_warning("Too many stdout streams, refusing restoring of stream."); |
633 |
return -ENOBUFS; |
634 |
} |
635 |
|
636 |
r = stdout_stream_install(s, fd, &stream); |
637 |
if (r < 0) |
638 |
return r; |
639 |
|
640 |
stream->state = STDOUT_STREAM_RUNNING; |
641 |
stream->fdstore = true; |
642 |
|
643 |
/* Ignore all parsing errors */ |
644 |
(void) stdout_stream_load(stream, fname); |
645 |
|
424 |
|
646 |
return 0; |
425 |
return 0; |
647 |
} |
|
|
648 |
|
649 |
static int server_restore_streams(Server *s, FDSet *fds) { |
650 |
_cleanup_closedir_ DIR *d = NULL; |
651 |
struct dirent *de; |
652 |
int r; |
653 |
|
654 |
d = opendir("/run/systemd/journal/streams"); |
655 |
if (!d) { |
656 |
if (errno == ENOENT) |
657 |
return 0; |
658 |
|
659 |
return log_warning_errno(errno, "Failed to enumerate /run/systemd/journal/streams: %m"); |
660 |
} |
661 |
|
662 |
FOREACH_DIRENT(de, d, goto fail) { |
663 |
unsigned long st_dev, st_ino; |
664 |
bool found = false; |
665 |
Iterator i; |
666 |
int fd; |
667 |
|
668 |
if (sscanf(de->d_name, "%lu:%lu", &st_dev, &st_ino) != 2) |
669 |
continue; |
670 |
|
671 |
FDSET_FOREACH(fd, fds, i) { |
672 |
struct stat st; |
673 |
|
674 |
if (fstat(fd, &st) < 0) |
675 |
return log_error_errno(errno, "Failed to stat %s: %m", de->d_name); |
676 |
|
677 |
if (S_ISSOCK(st.st_mode) && st.st_dev == st_dev && st.st_ino == st_ino) { |
678 |
found = true; |
679 |
break; |
680 |
} |
681 |
} |
682 |
|
683 |
if (!found) { |
684 |
/* No file descriptor? Then let's delete the state file */ |
685 |
log_debug("Cannot restore stream file %s", de->d_name); |
686 |
unlinkat(dirfd(d), de->d_name, 0); |
687 |
continue; |
688 |
} |
689 |
|
690 |
fdset_remove(fds, fd); |
691 |
|
692 |
r = stdout_stream_restore(s, de->d_name, fd); |
693 |
if (r < 0) |
694 |
safe_close(fd); |
695 |
} |
696 |
|
426 |
|
|
|
427 |
fail: |
428 |
stdout_stream_free(stream); |
697 |
return 0; |
429 |
return 0; |
698 |
|
|
|
699 |
fail: |
700 |
return log_error_errno(errno, "Failed to read streams directory: %m"); |
701 |
} |
430 |
} |
702 |
|
431 |
|
703 |
int server_open_stdout_socket(Server *s, FDSet *fds) { |
432 |
int server_open_stdout_socket(Server *s) { |
704 |
int r; |
433 |
int r; |
705 |
|
434 |
|
706 |
assert(s); |
435 |
assert(s); |
Lines 736-743
Link Here
|
736 |
if (r < 0) |
465 |
if (r < 0) |
737 |
return log_error_errno(r, "Failed to adjust priority of stdout server event source: %m"); |
466 |
return log_error_errno(r, "Failed to adjust priority of stdout server event source: %m"); |
738 |
|
467 |
|
739 |
/* Try to restore streams, but don't bother if this fails */ |
|
|
740 |
(void) server_restore_streams(s, fds); |
741 |
|
742 |
return 0; |
468 |
return 0; |
743 |
} |
469 |
} |
744 |
-- b/src/journal/journald-stream.h |
470 |
++ a/src/journal/journald-stream.h |
Lines 21-29
Link Here
|
21 |
along with systemd; If not, see <http://www.gnu.org/licenses/>. |
21 |
along with systemd; If not, see <http://www.gnu.org/licenses/>. |
22 |
***/ |
22 |
***/ |
23 |
|
23 |
|
24 |
#include "fdset.h" |
|
|
25 |
#include "journald-server.h" |
24 |
#include "journald-server.h" |
26 |
|
25 |
|
27 |
int server_open_stdout_socket(Server *s, FDSet *fds); |
26 |
int server_open_stdout_socket(Server *s); |
28 |
|
27 |
|
29 |
void stdout_stream_free(StdoutStream *s); |
28 |
void stdout_stream_free(StdoutStream *s); |
30 |
-- b/units/systemd-journald.service.in |
29 |
++ a/units/systemd-journald.service.in |
Lines 23-29
Link Here
|
23 |
StandardOutput=null |
23 |
StandardOutput=null |
24 |
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE |
24 |
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE |
25 |
WatchdogSec=1min |
25 |
WatchdogSec=1min |
26 |
FileDescriptorStoreMax=1024 |
|
|
27 |
|
26 |
|
28 |
# Increase the default a bit in order to allow many simultaneous |
27 |
# Increase the default a bit in order to allow many simultaneous |
29 |
# services being run since we keep one fd open per service. |
28 |
# services being run since we keep one fd open per service. |