Skip to content

systemd: restore user-runtime-dir service hardening#1520

Merged
brianmcgillion merged 1 commit intotiiuae:mainfrom
gngram:pull/user-runtime-dir
Nov 3, 2025
Merged

systemd: restore user-runtime-dir service hardening#1520
brianmcgillion merged 1 commit intotiiuae:mainfrom
gngram:pull/user-runtime-dir

Conversation

@gngram
Copy link
Copy Markdown
Contributor

@gngram gngram commented Nov 3, 2025

The user-runtime-dir@.service was failing due to blocked quotactl system call, which is now required by newer systemd versions.

Allow @PRIVILEGED system call filter group to permit quotactl operations

Description of Changes

  • The user-runtime-dir@.service was failing due to blocked quotactl system call, which is now required by newer systemd versions.
  • Allow @PRIVILEGED system call filter group to permit quotactl operations

Type of Change

  • New Feature
  • Bug Fix
  • Improvement / Refactor

Related Issues / Tickets

Checklist

  • Clear summary in PR description
  • Detailed and meaningful commit message(s)
  • Commits are logically organized and squashed if appropriate
  • Contribution guidelines followed
  • Ghaf documentation updated with the commit - https://tiiuae.github.io/ghaf/
  • Author has run make-checks and it passes
  • All automatic GitHub Action checks pass - see actions
  • Author has added reviewers and removed PR draft status

Testing Instructions

Applicable Targets

  • Orin AGX aarch64
  • Orin NX aarch64
  • Lenovo X1 x86_64
  • Dell Latitude x86_64
  • System 76 x86_64

Installation Method

  • Requires full re-installation
  • Can be updated with nixos-rebuild ... switch
  • Other:

Test Steps To Verify:

  1. After successful login check the status user-runtime-dir@.service, there should not be any error.

@gngram
systemd: restore user-runtime-dir service hardening
6e58231 
The user-runtime-dir@.service was failing due to blocked quotactl
system call, which is now required by newer systemd versions.

Allow @PRIVILEGED system call filter group to permit quotactl operations

Signed-off-by: Ganga Ram <Ganga.Ram@tii.ae>
@gngram gngram requested a review from brianmcgillion November 3, 2025 12:53
@gngram gngram requested review from mbssrc and vunnyso November 3, 2025 13:16
@brianmcgillion brianmcgillion merged commit 46edd6e into tiiuae:main Nov 3, 2025
28 checks passed
@gngram gngram deleted the pull/user-runtime-dir branch November 13, 2025 10:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brianmcgillion brianmcgillion brianmcgillion approved these changes

@mbssrc mbssrc Awaiting requested review from mbssrc

@vunnyso vunnyso Awaiting requested review from vunnyso

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gngram @brianmcgillion