1# SPDX-License-Identifier: LGPL-2.1-or-later 2# 3# This file is part of systemd. 4# 5# systemd is free software; you can redistribute it and/or modify it 6# under the terms of the GNU Lesser General Public License as published by 7# the Free Software Foundation; either version 2.1 of the License, or 8# (at your option) any later version. 9 10[Unit] 11Description=Home Area Manager 12Documentation=man:systemd-homed.service(8) 13Documentation=man:org.freedesktop.home1(5) 14After=home.mount dbus.service 15 16[Service] 17BusName=org.freedesktop.home1 18CapabilityBoundingSet=CAP_SYS_ADMIN CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE CAP_SETPCAP CAP_DAC_READ_SEARCH CAP_SETFCAP 19DeviceAllow=/dev/loop-control rw 20DeviceAllow=/dev/mapper/control rw 21DeviceAllow=block-* rw 22DeviceAllow=char-hidraw rw 23ExecStart={{ROOTLIBEXECDIR}}/systemd-homed 24KillMode=mixed 25LimitNOFILE={{HIGH_RLIMIT_NOFILE}} 26LockPersonality=yes 27MemoryDenyWriteExecute=yes 28NoNewPrivileges=yes 29RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_ALG AF_INET AF_INET6 30RestrictNamespaces=mnt user 31RestrictRealtime=yes 32StateDirectory=systemd/home 33SystemCallArchitectures=native 34SystemCallErrorNumber=EPERM 35SystemCallFilter=@system-service @mount 36{{SERVICE_WATCHDOG}} 37 38[Install] 39WantedBy=multi-user.target 40Alias=dbus-org.freedesktop.home1.service 41Also=systemd-homed-activate.service systemd-userdbd.service 42