particle-os/apt-ostree
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
apt-ostree/.notes/rpm-ostree/service-files/rpm-ostreed.service.md

2.8 KiB
Raw Blame History

rpm-ostreed.service

Overview

The main daemon service for rpm-ostree system management. This is the core service that provides D-Bus interface for all rpm-ostree operations.

Service File

[Unit]
Description=rpm-ostree System Management Daemon
Documentation=man:rpm-ostree(1)
ConditionPathExists=/ostree
RequiresMountsFor=/boot

[Service]
User=rpm-ostree
DynamicUser=yes
Type=dbus
BusName=org.projectatomic.rpmostree1
MountFlags=slave
ProtectHome=true
NotifyAccess=main
TimeoutStartSec=5m
ExecStart=+rpm-ostree start-daemon
ExecReload=rpm-ostree reload
Environment="DOWNLOAD_FILELISTS=false"

Key Components

Unit Section

  • Description: Human-readable description of the service
  • Documentation: Reference to manual page
  • ConditionPathExists=/ostree: Only start if OSTree is available
  • RequiresMountsFor=/boot: Ensure boot filesystem is mounted

Service Section

  • User=rpm-ostree: Run as dedicated user
  • DynamicUser=yes: Create user dynamically if it doesn't exist
  • Type=dbus: D-Bus service type
  • BusName=org.projectatomic.rpmostree1: D-Bus service name
  • MountFlags=slave: Slave mount namespace
  • ProtectHome=true: Protect /home directory
  • NotifyAccess=main: Allow main process to send notifications
  • TimeoutStartSec=5m: 5-minute startup timeout
  • ExecStart=+rpm-ostree start-daemon: Start command with elevated privileges
  • ExecReload=rpm-ostree reload: Reload command
  • Environment="DOWNLOAD_FILELISTS=false": Disable filelist downloads

What It Does

Core Functions

  1. D-Bus Service: Provides D-Bus interface for client communication
  2. Transaction Management: Handles atomic operations with rollback support
  3. Package Operations: Manages package installation, removal, and upgrades
  4. System State: Maintains system state and deployment information
  5. Security: Runs with appropriate privileges and security restrictions

D-Bus Interface

The service exposes the org.projectatomic.rpmostree1 D-Bus interface with methods for:

  • Package installation and removal
  • System upgrades and rollbacks
  • Status queries and deployment management
  • Transaction monitoring and cancellation

Security Features

  • Dynamic User: Creates dedicated user for isolation
  • ProtectHome: Prevents access to user home directories
  • Mount Flags: Uses slave mount namespace for isolation
  • Elevated Privileges: Uses + prefix for ExecStart to run with elevated privileges

Dependencies

  • OSTree filesystem (/ostree)
  • Boot filesystem (/boot)
  • D-Bus system bus
  • systemd

apt-ostree Equivalent

For apt-ostree, this would be apt-ostreed.service with:

  • D-Bus name: org.aptostree.dev
  • User: apt-ostree (or root for system operations)
  • Commands: apt-ostree start-daemon and apt-ostree reload
  • APT-specific environment variables
  • Debian/Ubuntu security practices