83 lines
No EOL
2.8 KiB
Markdown
83 lines
No EOL
2.8 KiB
Markdown
# rpm-ostreed.service
|
|
|
|
## Overview
|
|
The main daemon service for rpm-ostree system management. This is the core service that provides D-Bus interface for all rpm-ostree operations.
|
|
|
|
## Service File
|
|
```ini
|
|
[Unit]
|
|
Description=rpm-ostree System Management Daemon
|
|
Documentation=man:rpm-ostree(1)
|
|
ConditionPathExists=/ostree
|
|
RequiresMountsFor=/boot
|
|
|
|
[Service]
|
|
User=rpm-ostree
|
|
DynamicUser=yes
|
|
Type=dbus
|
|
BusName=org.projectatomic.rpmostree1
|
|
MountFlags=slave
|
|
ProtectHome=true
|
|
NotifyAccess=main
|
|
TimeoutStartSec=5m
|
|
ExecStart=+rpm-ostree start-daemon
|
|
ExecReload=rpm-ostree reload
|
|
Environment="DOWNLOAD_FILELISTS=false"
|
|
```
|
|
|
|
## Key Components
|
|
|
|
### Unit Section
|
|
- **Description**: Human-readable description of the service
|
|
- **Documentation**: Reference to manual page
|
|
- **ConditionPathExists=/ostree**: Only start if OSTree is available
|
|
- **RequiresMountsFor=/boot**: Ensure boot filesystem is mounted
|
|
|
|
### Service Section
|
|
- **User=rpm-ostree**: Run as dedicated user
|
|
- **DynamicUser=yes**: Create user dynamically if it doesn't exist
|
|
- **Type=dbus**: D-Bus service type
|
|
- **BusName=org.projectatomic.rpmostree1**: D-Bus service name
|
|
- **MountFlags=slave**: Slave mount namespace
|
|
- **ProtectHome=true**: Protect /home directory
|
|
- **NotifyAccess=main**: Allow main process to send notifications
|
|
- **TimeoutStartSec=5m**: 5-minute startup timeout
|
|
- **ExecStart=+rpm-ostree start-daemon**: Start command with elevated privileges
|
|
- **ExecReload=rpm-ostree reload**: Reload command
|
|
- **Environment="DOWNLOAD_FILELISTS=false"**: Disable filelist downloads
|
|
|
|
## What It Does
|
|
|
|
### Core Functions
|
|
1. **D-Bus Service**: Provides D-Bus interface for client communication
|
|
2. **Transaction Management**: Handles atomic operations with rollback support
|
|
3. **Package Operations**: Manages package installation, removal, and upgrades
|
|
4. **System State**: Maintains system state and deployment information
|
|
5. **Security**: Runs with appropriate privileges and security restrictions
|
|
|
|
### D-Bus Interface
|
|
The service exposes the `org.projectatomic.rpmostree1` D-Bus interface with methods for:
|
|
- Package installation and removal
|
|
- System upgrades and rollbacks
|
|
- Status queries and deployment management
|
|
- Transaction monitoring and cancellation
|
|
|
|
### Security Features
|
|
- **Dynamic User**: Creates dedicated user for isolation
|
|
- **ProtectHome**: Prevents access to user home directories
|
|
- **Mount Flags**: Uses slave mount namespace for isolation
|
|
- **Elevated Privileges**: Uses `+` prefix for ExecStart to run with elevated privileges
|
|
|
|
## Dependencies
|
|
- OSTree filesystem (`/ostree`)
|
|
- Boot filesystem (`/boot`)
|
|
- D-Bus system bus
|
|
- systemd
|
|
|
|
## apt-ostree Equivalent
|
|
For apt-ostree, this would be `apt-ostreed.service` with:
|
|
- D-Bus name: `org.aptostree.dev`
|
|
- User: `apt-ostree` (or `root` for system operations)
|
|
- Commands: `apt-ostree start-daemon` and `apt-ostree reload`
|
|
- APT-specific environment variables
|
|
- Debian/Ubuntu security practices |