# SPDX-License-Identifier: LGPL-2.1-or-later # # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. [Unit] Description=Rule-based Manager for Device Events and Files Documentation=man:systemd-udevd.service(8) man:udev(7) DefaultDependencies=no After=systemd-sysusers.service systemd-hwdb-update.service Before=sysinit.target Wants=systemd-udev-load-credentials.service ConditionPathIsReadWrite=/sys # To avoid systemd-udevd being SIGKILLed during a soft reboot, # and causing queued uevents to be lost. # Note, typically soft-reboot.target will be never reached, # and systemd-soft-reboot.service will trigger soft-reboot. # Hence, this must be stopped before systemd-soft-reboot.service. Before=soft-reboot.target systemd-soft-reboot.service Conflicts=soft-reboot.target # To avoid this service being triggered by a relevant socket unit during # switching root, which easily happens due to kernel events. # Note, unlike soft-reboot (and any other shutting down processes), # initrd-switching-root.service is started after initrd-switch-root.target. # Hence, we need to also add the service to Conflicts=. Before=initrd-switch-root.target initrd-switch-root.service Conflicts=initrd-switch-root.target initrd-switch-root.service [Service] CapabilityBoundingSet=~CAP_SYS_TIME CAP_WAKE_ALARM Delegate= DelegateSubgroup=udev Type=notify-reload # Note that udev will reset the value internally for its workers OOMScoreAdjust=-1000 Sockets=systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udevd-varlink.socket Restart=always RestartSec=0 ExecStart=/usr/lib/systemd/systemd-udevd FileDescriptorStoreMax=512 FileDescriptorStorePreserve=yes KillMode=mixed TasksMax=infinity PrivateMounts=yes ProtectHostname=yes MemoryDenyWriteExecute=yes RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 RestrictRealtime=yes RestrictSUIDSGID=yes SystemCallFilter=@system-service @module @raw-io bpf SystemCallFilter=~@clock SystemCallErrorNumber=EPERM SystemCallArchitectures=native LockPersonality=yes IPAddressDeny=any