systemd/units
Topi Miettinen 7d85383edb tree-wide: add size limits for tmpfs mounts
Limit size of various tmpfs mounts to 10% of RAM, except volatile root and /var
to 25%. Another exception is made for /dev (also /devs for PrivateDevices) and
/sys/fs/cgroup since no (or very few) regular files are expected to be used.

In addition, since directories, symbolic links, device specials and xattrs are
not counted towards the size= limit, number of inodes is also limited
correspondingly: 4MB size translates to 1k of inodes (assuming 4k each), 10% of
RAM (using 16GB of RAM as baseline) translates to 400k and 25% to 1M inodes.

Because nr_inodes option can't use ratios like size option, there's an
unfortunate side effect that with small memory systems the limit may be on the
too large side. Also, on an extremely small device with only 256MB of RAM, 10%
of RAM for /run may not be enough for re-exec of PID1 because 16MB of free
space is required.
2020-05-13 00:37:18 +02:00
..
user units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
user-.slice.d units: set StopWhenUnneeded= for the user slice units too 2018-10-13 12:59:29 +02:00
basic.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
blockdev@.target units: introduce blockdev@.target for properly ordering mounts/swaps against cryptsetup 2020-01-21 20:23:13 +01:00
bluetooth.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
boot-complete.target units: add generic boot-complete.target 2018-10-19 22:34:50 +02:00
console-getty.service.m4 unit,meson: drop .in suffix if no substitution is required (#8740) 2018-04-17 19:49:10 +02:00
container-getty@.service.m4 unit,meson: drop .in suffix if no substitution is required (#8740) 2018-04-17 19:49:10 +02:00
cryptsetup-pre.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
cryptsetup.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
debug-shell.service.in units: drop reference to sushell man page 2019-04-29 17:06:52 +02:00
dev-hugepages.mount Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
dev-mqueue.mount units: set nodev,nosuid,noexec flags for various secondary API VFS 2019-03-25 19:39:00 +01:00
emergency.service.in units: use correct path to refer to plymouth 2020-04-16 16:33:01 +02:00
emergency.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
exit.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
final.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
getty-pre.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
getty.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
getty@.service.m4 Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
graphical.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
halt.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
hibernate.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
hybrid-sleep.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
initrd-cleanup.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
initrd-fs.target units: drop OnFailure= from .target units 2020-02-05 18:34:30 +01:00
initrd-parse-etc.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
initrd-root-device.target units: drop OnFailure= from .target units 2020-02-05 18:34:30 +01:00
initrd-root-fs.target units: drop OnFailure= from .target units 2020-02-05 18:34:30 +01:00
initrd-switch-root.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
initrd-switch-root.target units: make sure initrd-cleanup.service terminates before switching to rootfs 2019-01-28 13:41:28 +01:00
initrd-udevadm-cleanup-db.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
initrd.target units: drop OnFailure= from .target units 2020-02-05 18:34:30 +01:00
kexec.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
kmod-static-nodes.service.in Rename tmpfiles.d/kmod.conf to static-nodes.conf 2019-08-19 11:05:58 +02:00
ldconfig.service Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
local-fs-pre.target Revert "cryptsetup: umount encrypted devices before detaching it during shutdown" 2019-12-19 10:42:14 +01:00
local-fs.target units: drop OnFailure= from .target units 2020-02-05 18:34:30 +01:00
machine.slice Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
machines.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
meson-add-wants.sh scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
meson.build Revert "units: make systemd-repart.service installable" 2020-04-02 17:04:59 +02:00
modprobe@.service units: skip modprobe@.service if the unit appears to be already loaded 2020-03-05 18:43:50 +00:00
multi-user.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
network-online.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
network-pre.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
network.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
nss-lookup.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
nss-user-lookup.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
paths.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
poweroff.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
printer.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
proc-sys-fs-binfmt_misc.automount Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
proc-sys-fs-binfmt_misc.mount units: make systemd-binfmt.service easier to work with no autofs 2019-09-25 23:44:01 +09:00
quotaon.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
rc-local.service.in man: add a systemd-rc-local-generator(8) man page 2017-12-26 12:13:51 +01:00
reboot.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
remote-cryptsetup.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
remote-fs-pre.target Revert "cryptsetup: umount encrypted devices before detaching it during shutdown" 2019-12-19 10:42:14 +01:00
remote-fs.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
rescue.service.in units: use correct path to refer to plymouth 2020-04-16 16:33:01 +02:00
rescue.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
rpcbind.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
serial-getty@.service.m4 Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
shutdown.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
sigpwr.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
sleep.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
slices.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
smartcard.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
sockets.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
sound.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
suspend-then-hibernate.target Fix description on suspend-then-hibernate units. 2018-03-28 15:26:18 -05:00
suspend.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
swap.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
sys-fs-fuse-connections.mount units: set nodev,nosuid,noexec flags for various secondary API VFS 2019-03-25 19:39:00 +01:00
sys-kernel-config.mount units: set nodev,nosuid,noexec flags for various secondary API VFS 2019-03-25 19:39:00 +01:00
sys-kernel-debug.mount units: set nodev,nosuid,noexec flags for various secondary API VFS 2019-03-25 19:39:00 +01:00
sys-kernel-tracing.mount units: Don't mount tracefs in LXC 2020-03-23 08:34:48 +01:00
sysinit.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
syslog.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
system-systemd\x2dcryptsetup.slice crypsetup: introduce x-initrd.attach option 2019-12-05 11:43:02 +01:00
system-update-cleanup.service service: tweak capitalization of unit description 2019-05-24 10:48:28 +02:00
system-update-pre.target units: make system-update-pre.target a passive unit (#9349) 2018-06-20 12:46:18 +02:00
system-update.target units: fix typo in After= 2018-06-20 18:14:43 +02:00
systemd-ask-password-console.path emergency: make sure console password agents don't interfere with the emergency shell 2018-09-26 18:13:32 +02:00
systemd-ask-password-console.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-ask-password-wall.path emergency: make sure console password agents don't interfere with the emergency shell 2018-09-26 18:13:32 +02:00
systemd-ask-password-wall.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-backlight@.service.in units: drop systemd-remount-fs.service dependency from more services 2020-04-08 16:29:41 +02:00
systemd-binfmt.service.in binfmt: also unregister binfmt entries from unit 2020-04-23 17:14:45 +02:00
systemd-bless-boot.service.in add new systemd-bless-boot.service that marks boots as successful 2018-10-19 22:34:50 +02:00
systemd-boot-check-no-failures.service.in units: add simple boot check unit 2018-10-19 22:34:50 +02:00
systemd-boot-system-token.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-coredump.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-coredump@.service.in units: drop systemd-remount-fs.service dependency from more services 2020-04-08 16:29:41 +02:00
systemd-exit.service units: fix Description= of systemd-exit.service 2018-11-16 12:25:35 +01:00
systemd-firstboot.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-fsck-root.service.in units: make fsck/grows/makefs/makeswap units conflict against shutdown.target 2018-11-26 22:18:16 +01:00
systemd-fsck@.service.in units: make fsck/grows/makefs/makeswap units conflict against shutdown.target 2018-11-26 22:18:16 +01:00
systemd-halt.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-hibernate-resume@.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-hibernate.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-homed.service.in Merge pull request #15109 from keszybz/units-make-installable 2020-04-02 10:21:29 +02:00
systemd-hostnamed.service.in units: set ProtectKernelLogs=yes on relevant units 2019-11-15 00:59:54 -08:00
systemd-hwdb-update.service.in units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-hybrid-sleep.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-importd.service.in meson: allow WatchdogSec= in services to be configured 2019-10-25 17:20:24 +02:00
systemd-initctl.service.in units: set NoNewPrivileges= for all long-running services 2018-11-12 19:02:55 +01:00
systemd-initctl.socket units: initctl: move the fifo to /run/initctl to match sysvinit 2018-03-30 16:52:14 -04:00
systemd-journal-catalog-update.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-journal-flush.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-journal-gatewayd.service.in units: set ProtectKernelLogs=yes on relevant units 2019-11-15 00:59:54 -08:00
systemd-journal-gatewayd.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-journal-remote.service.in units: add ProtectClock=yes 2020-04-07 15:37:14 +02:00
systemd-journal-remote.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-journal-upload.service.in units: set ProtectKernelLogs=yes on relevant units 2019-11-15 00:59:54 -08:00
systemd-journald-audit.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-journald-dev-log.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-journald-varlink@.socket journald: add ability to activate by varlink socket 2020-01-31 15:03:55 +01:00
systemd-journald.service.in units: add ProtectClock=yes 2020-04-07 15:37:14 +02:00
systemd-journald.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-journald@.service.in journald: add ability to activate by varlink socket 2020-01-31 15:03:55 +01:00
systemd-journald@.socket units: add unit files for instantiated journal daemons 2020-01-31 15:01:30 +01:00
systemd-kexec.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-localed.service.in units: set ProtectKernelLogs=yes on relevant units 2019-11-15 00:59:54 -08:00
systemd-logind.service.in units: change description of systemd-logind.service 2020-05-05 22:34:17 +02:00
systemd-machine-id-commit.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-machined.service.in units: disable ProtectKernelLogs for machined 2020-03-02 14:49:14 +09:00
systemd-modules-load.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-network-generator.service.in systemd-network-generator.service: network-pre.target is a passive target unit 2020-03-27 18:30:57 +01:00
systemd-networkd-wait-online.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-networkd.service.in units: add ProtectClock=yes 2020-04-07 15:37:14 +02:00
systemd-networkd.socket network: bump netlink receive buffer size to 128M 2020-01-02 10:29:41 +01:00
systemd-nspawn@.service.in RequireMountsFor in systemd-nspawn should wait for machine mount 2020-03-02 19:37:51 +09:00
systemd-portabled.service.in units: set ProtectKernelLogs=yes on relevant units 2019-11-15 00:59:54 -08:00
systemd-poweroff.service units: use SuccessAction=poweroff-force in systemd-poweroff.service 2018-10-17 19:31:50 +02:00
systemd-pstore.service.in units: make sure systemd-pstore stops at shutdown 2020-04-08 16:29:58 +02:00
systemd-quotacheck.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-random-seed.service.in unit: drop Before=sysinit.target from systemd-random-seed.service 2019-08-05 20:21:38 +02:00
systemd-reboot.service units: use SuccessAction=reboot-force in systemd-reboot.service 2018-10-17 19:31:50 +02:00
systemd-remount-fs.service.in Pull in systemd-remount-fs.service only when required 2019-01-03 15:30:28 +01:00
systemd-repart.service.in units: run systemd-repart only if there's configuration for it 2020-04-02 17:07:48 +02:00
systemd-resolved.service.in units: add ProtectClock=yes 2020-04-07 15:37:14 +02:00
systemd-rfkill.service.in units: drop systemd-remount-fs.service dependency from more services 2020-04-08 16:29:41 +02:00
systemd-rfkill.socket units: order systemd-rfkill.socket after /var/lib/systemd/rfkill (#10904) 2018-11-24 23:59:37 +09:00
systemd-suspend-then-hibernate.service.in Fix description on suspend-then-hibernate units. 2018-03-28 15:26:18 -05:00
systemd-suspend.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-sysctl.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-sysusers.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-time-wait-sync.service.in units: document why systemd-time-wait-sync.service conditions on CAP_SYS_TIME (#8555) 2018-03-22 23:41:54 +03:00
systemd-timedated.service.in units: set ProtectKernelLogs=yes on relevant units 2019-11-15 00:59:54 -08:00
systemd-timesyncd.service.in units: drop systemd-remount-fs.service dependency from more services 2020-04-08 16:29:41 +02:00
systemd-tmpfiles-clean.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-tmpfiles-clean.timer Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-tmpfiles-setup-dev.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-tmpfiles-setup.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-udev-settle.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-udev-trigger.service units: drop full paths for utilities in $PATH 2020-01-20 16:50:16 +01:00
systemd-udevd-control.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-udevd-kernel.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-udevd.service.in units: add ProtectClock=yes 2020-04-07 15:37:14 +02:00
systemd-update-done.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-update-utmp-runlevel.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-update-utmp.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-user-sessions.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-userdbd.service.in units: make systemd-userdbd.{socket,service} installable 2020-03-31 14:55:16 +02:00
systemd-userdbd.socket units: make systemd-userdbd.{socket,service} installable 2020-03-31 14:55:16 +02:00
systemd-vconsole-setup.service.in units: restore RemainAfterExit=yes in systemd-vconsole-setup.service 2020-03-05 08:13:49 +01:00
systemd-volatile-root.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
time-set.target units: add time-set.target 2019-04-08 14:34:05 +02:00
time-sync.target units: add time-set.target 2019-04-08 14:34:05 +02:00
timers.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
tmp.mount tree-wide: add size limits for tmpfs mounts 2020-05-13 00:37:18 +02:00
umount.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
usb-gadget.target units: add usb-gadget target 2019-02-15 18:16:27 +01:00
user-runtime-dir@.service.in units: use =yes rather than =true everywhere 2018-10-13 12:59:29 +02:00
user.slice Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
user@.service.in units: do not ignore return value from systemd --user 2020-03-05 04:49:37 +09:00
var-lib-machines.mount import: drop logic of setting up /var/lib/machines as btrfs loopback mount 2018-11-26 18:09:01 +01:00