From 18dbc60ff0040dcf7b95d46308dc5524cf844ab3 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 21 Jan 2024 12:29:56 +0000 Subject: [PATCH] feat(full): add some systemd dropin files. --- systemd/full/system/archlinux-keyring-wkd-sync.service | 2 ++ systemd/full/system/bluetooth.service | 2 ++ systemd/full/system/dbus-org.freedesktop.hostname1.service | 2 ++ systemd/full/system/dbus-org.freedesktop.import1.service | 2 ++ systemd/full/system/dbus-org.freedesktop.locale1.service | 2 ++ systemd/full/system/dbus-org.freedesktop.login1.service | 2 ++ systemd/full/system/dbus-org.freedesktop.machine1.service | 2 ++ systemd/full/system/dbus-org.freedesktop.timedate1.service | 2 ++ systemd/full/system/e2scrub@.service | 2 ++ systemd/full/system/fprintd.service | 2 ++ systemd/full/system/geoclue.service | 6 ++++++ systemd/full/system/low-memory-monitor.service | 3 +++ systemd/full/system/nm-priv-helper.service | 2 ++ systemd/full/system/paccache.service | 2 ++ systemd/full/system/passim.service | 2 ++ systemd/full/system/polkit.service | 2 ++ systemd/full/system/reflector.service | 2 ++ systemd/full/system/systemd-journald@.service | 3 +++ systemd/full/system/systemd-machined.service | 2 ++ systemd/full/system/systemd-networkd.service | 2 ++ systemd/full/system/systemd-oomd.service | 3 +++ systemd/full/system/systemd-resolved.service | 2 ++ systemd/full/user/pipewire-media-session.service | 5 +++++ 23 files changed, 56 insertions(+) create mode 100644 systemd/full/system/archlinux-keyring-wkd-sync.service create mode 100644 systemd/full/system/bluetooth.service create mode 100644 systemd/full/system/dbus-org.freedesktop.hostname1.service create mode 100644 systemd/full/system/dbus-org.freedesktop.import1.service create mode 100644 systemd/full/system/dbus-org.freedesktop.locale1.service create mode 100644 systemd/full/system/dbus-org.freedesktop.login1.service create mode 100644 systemd/full/system/dbus-org.freedesktop.machine1.service create mode 100644 systemd/full/system/dbus-org.freedesktop.timedate1.service create mode 100644 systemd/full/system/e2scrub@.service create mode 100644 systemd/full/system/fprintd.service create mode 100644 systemd/full/system/geoclue.service create mode 100644 systemd/full/system/low-memory-monitor.service create mode 100644 systemd/full/system/nm-priv-helper.service create mode 100644 systemd/full/system/paccache.service create mode 100644 systemd/full/system/passim.service create mode 100644 systemd/full/system/polkit.service create mode 100644 systemd/full/system/reflector.service create mode 100644 systemd/full/system/systemd-journald@.service create mode 100644 systemd/full/system/systemd-machined.service create mode 100644 systemd/full/system/systemd-networkd.service create mode 100644 systemd/full/system/systemd-oomd.service create mode 100644 systemd/full/system/systemd-resolved.service create mode 100644 systemd/full/user/pipewire-media-session.service diff --git a/systemd/full/system/archlinux-keyring-wkd-sync.service b/systemd/full/system/archlinux-keyring-wkd-sync.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/archlinux-keyring-wkd-sync.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/bluetooth.service b/systemd/full/system/bluetooth.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/bluetooth.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/dbus-org.freedesktop.hostname1.service b/systemd/full/system/dbus-org.freedesktop.hostname1.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/dbus-org.freedesktop.hostname1.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/dbus-org.freedesktop.import1.service b/systemd/full/system/dbus-org.freedesktop.import1.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/dbus-org.freedesktop.import1.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/dbus-org.freedesktop.locale1.service b/systemd/full/system/dbus-org.freedesktop.locale1.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/dbus-org.freedesktop.locale1.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/dbus-org.freedesktop.login1.service b/systemd/full/system/dbus-org.freedesktop.login1.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/dbus-org.freedesktop.login1.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/dbus-org.freedesktop.machine1.service b/systemd/full/system/dbus-org.freedesktop.machine1.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/dbus-org.freedesktop.machine1.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/dbus-org.freedesktop.timedate1.service b/systemd/full/system/dbus-org.freedesktop.timedate1.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/dbus-org.freedesktop.timedate1.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/e2scrub@.service b/systemd/full/system/e2scrub@.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/e2scrub@.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/fprintd.service b/systemd/full/system/fprintd.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/fprintd.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/geoclue.service b/systemd/full/system/geoclue.service new file mode 100644 index 00000000..4ba89765 --- /dev/null +++ b/systemd/full/system/geoclue.service @@ -0,0 +1,6 @@ +[Service] +NoNewPrivileges=no +MemoryDenyWriteExecute=no +ProtectKernelTunables=no +ProtectKernelModules=no +RestrictRealtime=no diff --git a/systemd/full/system/low-memory-monitor.service b/systemd/full/system/low-memory-monitor.service new file mode 100644 index 00000000..dabf76f3 --- /dev/null +++ b/systemd/full/system/low-memory-monitor.service @@ -0,0 +1,3 @@ +[Service] +NoNewPrivileges=no + diff --git a/systemd/full/system/nm-priv-helper.service b/systemd/full/system/nm-priv-helper.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/nm-priv-helper.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/paccache.service b/systemd/full/system/paccache.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/paccache.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/passim.service b/systemd/full/system/passim.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/passim.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/polkit.service b/systemd/full/system/polkit.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/polkit.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/reflector.service b/systemd/full/system/reflector.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/reflector.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/systemd-journald@.service b/systemd/full/system/systemd-journald@.service new file mode 100644 index 00000000..0316a67c --- /dev/null +++ b/systemd/full/system/systemd-journald@.service @@ -0,0 +1,3 @@ +[Service] +NoNewPrivileges=no +ProtectClock=no \ No newline at end of file diff --git a/systemd/full/system/systemd-machined.service b/systemd/full/system/systemd-machined.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/systemd-machined.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/systemd-networkd.service b/systemd/full/system/systemd-networkd.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/systemd-networkd.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/system/systemd-oomd.service b/systemd/full/system/systemd-oomd.service new file mode 100644 index 00000000..15a93661 --- /dev/null +++ b/systemd/full/system/systemd-oomd.service @@ -0,0 +1,3 @@ +[Service] +NoNewPrivileges=no +ProtectClock=no diff --git a/systemd/full/system/systemd-resolved.service b/systemd/full/system/systemd-resolved.service new file mode 100644 index 00000000..03d35289 --- /dev/null +++ b/systemd/full/system/systemd-resolved.service @@ -0,0 +1,2 @@ +[Service] +NoNewPrivileges=no \ No newline at end of file diff --git a/systemd/full/user/pipewire-media-session.service b/systemd/full/user/pipewire-media-session.service new file mode 100644 index 00000000..c392e82f --- /dev/null +++ b/systemd/full/user/pipewire-media-session.service @@ -0,0 +1,5 @@ +[Service] +NoNewPrivileges=no +MemoryDenyWriteExecute=no +LockPersonality=no +RestrictNamespaces=no