32 lines
1.2 KiB
Desktop File
32 lines
1.2 KiB
Desktop File
[Unit]
|
|
Description=APT-OSTree System Management Daemon
|
|
Documentation=man:apt-ostree(1)
|
|
ConditionPathExists=/ostree
|
|
RequiresMountsFor=/boot
|
|
|
|
[Service]
|
|
# See similar code in apt-ostree-countme.service
|
|
User=apt-ostree
|
|
DynamicUser=yes
|
|
# As of right now, our primary API is DBus. But see also https://github.com/coreos/rpm-ostree/issues/3850
|
|
Type=dbus
|
|
BusName=org.debian.aptostree1
|
|
# To use the read-only sysroot bits
|
|
MountFlags=slave
|
|
# We have no business accessing /var/roothome or /var/home. In general
|
|
# the ostree design clearly avoids touching those, but since systemd offers
|
|
# us easy tools to toggle on protection, let's use them. In the future
|
|
# it'd be nice to do something like using DynamicUser=yes for the main service,
|
|
# and have a system apt-ostreed-transaction.service that runs privileged
|
|
# but as a subprocess.
|
|
ProtectHome=true
|
|
NotifyAccess=main
|
|
# Significantly bump this timeout from the default because
|
|
# we do a lot of stuff on daemon startup.
|
|
TimeoutStartSec=5m
|
|
# We start this main process with full privileges; it may spawn unprivileged processes
|
|
# with the apt-ostree user.
|
|
ExecStart=+apt-ostree start-daemon
|
|
ExecReload=apt-ostree reload
|
|
# disable/enable downloading filelists
|
|
Environment="DOWNLOAD_FILELISTS=false"
|