# rpm-ostreed.service

## Overview
The main daemon service for rpm-ostree system management. This is the core service that provides D-Bus interface for all rpm-ostree operations.

## Service File
```ini
[Unit]
Description=rpm-ostree System Management Daemon
Documentation=man:rpm-ostree(1)
ConditionPathExists=/ostree
RequiresMountsFor=/boot

[Service]
User=rpm-ostree
DynamicUser=yes
Type=dbus
BusName=org.projectatomic.rpmostree1
MountFlags=slave
ProtectHome=true
NotifyAccess=main
TimeoutStartSec=5m
ExecStart=+rpm-ostree start-daemon
ExecReload=rpm-ostree reload
Environment="DOWNLOAD_FILELISTS=false"
```

## Key Components

### Unit Section
- **Description**: Human-readable description of the service
- **Documentation**: Reference to manual page
- **ConditionPathExists=/ostree**: Only start if OSTree is available
- **RequiresMountsFor=/boot**: Ensure boot filesystem is mounted

### Service Section
- **User=rpm-ostree**: Run as dedicated user
- **DynamicUser=yes**: Create user dynamically if it doesn't exist
- **Type=dbus**: D-Bus service type
- **BusName=org.projectatomic.rpmostree1**: D-Bus service name
- **MountFlags=slave**: Slave mount namespace
- **ProtectHome=true**: Protect /home directory
- **NotifyAccess=main**: Allow main process to send notifications
- **TimeoutStartSec=5m**: 5-minute startup timeout
- **ExecStart=+rpm-ostree start-daemon**: Start command with elevated privileges
- **ExecReload=rpm-ostree reload**: Reload command
- **Environment="DOWNLOAD_FILELISTS=false"**: Disable filelist downloads

## What It Does

### Core Functions
1. **D-Bus Service**: Provides D-Bus interface for client communication
2. **Transaction Management**: Handles atomic operations with rollback support
3. **Package Operations**: Manages package installation, removal, and upgrades
4. **System State**: Maintains system state and deployment information
5. **Security**: Runs with appropriate privileges and security restrictions

### D-Bus Interface
The service exposes the `org.projectatomic.rpmostree1` D-Bus interface with methods for:
- Package installation and removal
- System upgrades and rollbacks
- Status queries and deployment management
- Transaction monitoring and cancellation

### Security Features
- **Dynamic User**: Creates dedicated user for isolation
- **ProtectHome**: Prevents access to user home directories
- **Mount Flags**: Uses slave mount namespace for isolation
- **Elevated Privileges**: Uses `+` prefix for ExecStart to run with elevated privileges

## Dependencies
- OSTree filesystem (`/ostree`)
- Boot filesystem (`/boot`)
- D-Bus system bus
- systemd

## apt-ostree Equivalent
For apt-ostree, this would be `apt-ostreed.service` with:
- D-Bus name: `org.aptostree.dev`
- User: `apt-ostree` (or `root` for system operations)
- Commands: `apt-ostree start-daemon` and `apt-ostree reload`
- APT-specific environment variables
- Debian/Ubuntu security practices