1# SPDX-License-Identifier: LGPL-2.1-or-later 2# 3# This file is part of systemd. 4# 5# systemd is free software; you can redistribute it and/or modify it 6# under the terms of the GNU Lesser General Public License as published by 7# the Free Software Foundation; either version 2.1 of the License, or 8# (at your option) any later version. 9 10[Unit] 11Description=Rule-based Manager for Device Events and Files 12Documentation=man:systemd-udevd.service(8) man:udev(7) 13DefaultDependencies=no 14After=systemd-sysusers.service systemd-hwdb-update.service 15Before=sysinit.target 16ConditionPathIsReadWrite=/sys 17 18[Service] 19Delegate=pids 20DeviceAllow=block-* rwm 21DeviceAllow=char-* rwm 22Type=notify 23# Note that udev will reset the value internally for its workers 24OOMScoreAdjust=-1000 25Sockets=systemd-udevd-control.socket systemd-udevd-kernel.socket 26Restart=always 27RestartSec=0 28ExecStart={{ROOTLIBEXECDIR}}/systemd-udevd 29ExecReload=udevadm control --reload --timeout 0 30KillMode=mixed 31TasksMax=infinity 32PrivateMounts=yes 33ProtectClock=yes 34ProtectHostname=yes 35MemoryDenyWriteExecute=yes 36RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 37RestrictRealtime=yes 38RestrictSUIDSGID=yes 39SystemCallFilter=@system-service @module @raw-io bpf 40SystemCallErrorNumber=EPERM 41SystemCallArchitectures=native 42LockPersonality=yes 43IPAddressDeny=any 44{{SERVICE_WATCHDOG}} 45