systemd-oomd: service files

anitazha · anitazha · commit 87e2bafff9f6 · 2020-10-07T17:12:24.000-07:00
diff --git a/src/oom/meson.build b/src/oom/meson.build
@@ -26,6 +26,9 @@ if conf.get('ENABLE_OOMD') == 1
         install_data('org.freedesktop.oom1.conf',
                      install_dir : dbuspolicydir)
 
+        install_data('org.freedesktop.oom1.service',
+                     install_dir : dbussystemservicedir)
+
         install_data('oomd.conf',
                      install_dir : pkgsysconfdir)
 endif
diff --git a/src/oom/org.freedesktop.oom1.service b/src/oom/org.freedesktop.oom1.service
@@ -0,0 +1,14 @@
+#  SPDX-License-Identifier: LGPL-2.1+
+#
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[D-BUS Service]
+Name=org.freedesktop.oom1
+Exec=/bin/false
+User=root
+SystemdService=dbus-org.freedesktop.oom1.service
diff --git a/sysusers.d/systemd.conf.m4 b/sysusers.d/systemd.conf.m4
@@ -9,6 +9,9 @@ g systemd-journal   - -
 m4_ifdef(`ENABLE_NETWORKD',
 u systemd-network   - "systemd Network Management"
 )m4_dnl
+m4_ifdef(`ENABLE_OOMD',
+u systemd-oom       - "systemd Userspace OOM Killer"
+)m4_dnl
 m4_ifdef(`ENABLE_RESOLVE',
 u systemd-resolve   - "systemd Resolver"
 )m4_dnl
diff --git a/units/meson.build b/units/meson.build
@@ -201,6 +201,7 @@ in_units = [
         ['systemd-networkd.service',             'ENABLE_NETWORKD'],
         ['systemd-networkd-wait-online.service', 'ENABLE_NETWORKD'],
         ['systemd-nspawn@.service',              ''],
+        ['systemd-oomd.service',                 'ENABLE_OOMD'],
         ['systemd-portabled.service',            'ENABLE_PORTABLED',
          'dbus-org.freedesktop.portable1.service'],
         ['systemd-userdbd.service',              'ENABLE_USERDB'],
diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in
@@ -0,0 +1,55 @@
+#  SPDX-License-Identifier: LGPL-2.1+
+#
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Userspace Out-Of-Memory (OOM) Killer
+Documentation=man:systemd-oomd.service(8)
+ConditionCapability=CAP_KILL
+DefaultDependencies=no
+Before=multi-user.target shutdown.target
+Conflicts=shutdown.target
+
+[Service]
+AmbientCapabilities=CAP_KILL CAP_DAC_OVERRIDE
+BusName=org.freedesktop.oom1
+CapabilityBoundingSet=CAP_KILL CAP_DAC_OVERRIDE
+ExecStart=@rootlibexecdir@/systemd-oomd
+IPAddressDeny=any
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+# Reserve some minimum amount of memory so that systemd-oomd can continue to
+# run in resource starved scenarios.
+MemoryMin=64M
+MemoryLow=64M
+NoNewPrivileges=yes
+OOMScoreAdjust=-900
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectClock=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
+Restart=on-failure
+RestrictAddressFamilies=AF_UNIX
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+Type=notify
+User=systemd-oom
+@SERVICE_WATCHDOG@
+
+[Install]
+WantedBy=multi-user.target
+Alias=dbus-org.freedesktop.oom1.service
