Verified Commit 7601447d authored by dr460nf1r3's avatar dr460nf1r3 🐉
Browse files

Use drop-in to fix firewall backend

parent cfb4d69e
# Maintainer: Librewish <librewish@gmail.com>
pkgname=virt-manager-meta
pkgver=3
pkgver=4
pkgrel=1
arch=('any')
url="https://wiki.archlinux.org/index.php/Libvirt"
license=('GPL')
pkgdesc="Meta package for libvirt/QEMU/KVM support using virt-manager."
pkgdesc="Meta package for libvirt/QEMU/KVM support using virt-manager"
depends=("bridge-utils"
"dnsmasq"
"ebtables"
......@@ -19,12 +19,11 @@ depends=("bridge-utils"
"virt-viewer"
"virt-manager")
install=$pkgname.install
source=(libvirtd.service)
md265sum=()
source=(firewall.conf)
sha256sums=('82aa0099d874a5581dd6c05c268c6ab34dc64525cbf7df341a587099abde26a9')
package() {
install -d $pkgdir/etc/system
install -Dm0644 libvirtd.service $pkgdir/etc/systemd/libvirtd.service
install -d $pkgdir/usr/lib/systemd/system/libvirt.service.d/
install -Dm0644 firewall.conf $pkgdir/usr/lib/systemd/system/libvirt.service.d/firewall.conf
}
sha256sums=('dcd57ce60516ba1f6012969cfc528f43fc0da8104dad812b7aaee53a869e6f39')
[Unit]
WorkingDirectory=/usr/sbin
[Unit]
Description=Virtualization daemon
Requires=virtlogd.socket
Requires=virtlockd.socket
# Use Wants instead of Requires so that users
# can disable these three .socket units to revert
# to a traditional non-activation deployment setup
Wants=libvirtd.socket
Wants=libvirtd-ro.socket
Wants=libvirtd-admin.socket
Wants=systemd-machined.service
Before=libvirt-guests.service
After=network.target
After=firewalld.service
After=iptables.service
After=ip6tables.service
After=dbus.service
After=iscsid.service
After=apparmor.service
After=local-fs.target
After=remote-fs.target
After=systemd-logind.service
After=systemd-machined.service
After=xencommons.service
Conflicts=xendomains.service
Documentation=man:libvirtd(8)
Documentation=https://libvirt.org
[Service]
Type=simple
EnvironmentFile=-/etc/conf.d/libvirtd
ExecStart=/usr/bin/libvirtd $LIBVIRTD_ARGS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
# At least 1 FD per guest, often 2 (eg qemu monitor + qemu agent).
# eg if we want to support 4096 guests, we'll typically need 8192 FDs
# If changing this, also consider virtlogd.service & virtlockd.service
# limits which are also related to number of guests
LimitNOFILE=8192
# The cgroups pids controller can limit the number of tasks started by
# the daemon, which can limit the number of domains for some hypervisors.
# A conservative default of 8 tasks per guest results in a TasksMax of
# 32k to support 4096 guests.
TasksMax=32768
# With cgroups v2 there is no devices controller anymore, we have to use
# eBPF to control access to devices. In order to do that we create a eBPF
# hash MAP which locks memory. The default map size for 64 devices together
# with program takes 12k per guest. After rounding up we will get 64M to
# support 4096 guests.
LimitMEMLOCK=64M
WorkingDirectory=/usr/sbin
[Install]
WantedBy=multi-user.target
Also=virtlockd.socket
Also=virtlogd.socket
Also=libvirtd.socket
Also=libvirtd-ro.socket
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment