Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2bdbf37ef9
core-agent-linux/vm-systemd/75-qubes-vm.preset
Marek Marczykowski-Górecki 65e9e4c72c
network: use own iptables service instead of repurposing existing one 
There were multiple problems with reusing existing one:
 - need to sync with upstream changes (configuration path etc)
 - conflicts resolution on updates
 - lack of iptables --wait, which causes firewall fail to load sometimes

QubesOS/qubes-issues#1067
2015-08-09 20:09:51 +02:00

76 lines
2.4 KiB
Plaintext
Raw Blame History

# Units that should not run by default in Qubes VMs.
#
# This file is part of the qubes-core-vm-systemd package. To ensure that the
# default configuration is applied to all units in the list regardless of
# package installation order, including units added to the list by
# qubes-core-vm-systemd upgrades, all units in the list are preset by a
# scriptlet every time qubes-core-vm-systemd is installed or upgraded. That
# means that to permanently enable a unit with an [Install] section, you must
# create your own higher-priority preset file. (It might be possible to be
# smarter and keep a list of units previously preset, but this is not
# implemented.)
#
# For units below with no [Install] section, the scriptlet masks them instead.
# Qubes currently does not provide a way to permanently prevent such units from
# being masked.
#
# https://groups.google.com/d/topic/qubes-users/dpM_GHfmEOk/discussion
disable alsa-store.service
disable alsa-restore.service
disable auditd.service
disable avahi.service
disable avahi-daemon.service
disable avahi-daemon.socket
disable hwclock-save.service
disable mdmonitor.service
disable plymouth-start.service
disable plymouth-read-write.service
disable plymouth-quit.service
disable plymouth-quit-wait.service
disable smartd.service
disable upower.service
disable colord.service
# Fedora only services
disable backuppc.service
disable cpuspeed.service
disable dnf-makecache.timer
disable fedora-autorelabel.service
disable fedora-autorelabel-mark.service
disable fedora-storage-init.service
disable fedora-storage-init-late.service
disable hwclock-load.service
disable ipmi.service
disable iptables.service
disable ip6tables.service
disable irqbalance.service
disable mcelog.service
disable mdmonitor-takeover.service
disable multipathd.service
disable openct.service
disable rngd.service
disable rpcbind.service
disable sendmail.service
disable sm-client.service
disable sshd.service
disable tcsd.service
enable qubes-sysinit.service
enable qubes-db.service
enable qubes-gui-agent.service
enable qubes-update-check.timer
enable qubes-update-check.timer
enable qubes-misc-post.service
enable qubes-updates-proxy.service
enable qubes-dvm.service
enable qubes-network.service
enable qubes-qrexec-agent.service
enable qubes-mount-home.service
enable qubes-firewall.service
enable qubes-netwatcher.service
enable qubes-meminfo-writer.service
enable qubes-iptables.service
enable haveged.service
enable chronyd.service
Reference in New Issue View Git Blame Copy Permalink