ChangelogDownloads
HomeGuidesChangelog
ChangelogDownloadsSupportMulti-service IoT Edge GatewaysEUROTECH
Guides
SupportMulti-service IoT Edge GatewaysEUROTECH

Systemd Unit Management

Suggest Edits

ESF 7.5.0 default configuration restricts the set of systemd units that ESF process is allowed to start and stop to the following list:

  • named.service (only allowed on ESF distributions with network management support)
  • bluetooth.service
  • docker.service
  • avahi-daemon.service
  • fail2ban-server.service
  • fail2ban.service
  • chrony.service
  • chronyd.service
  • dnsmasq.service
  • sshd related units
  • Ansible activity related units

Attempting to start and stop other service units from ESF will fail, even if the operation is performed using the privileged executor service.

If an ESF application requires to start and stop other systemd units, it is suggested to add a dedicated polkit rule that allows the esfd user (privileged executor service) or esf user (unprivileged executor service) to perform the desired operation.

🚧

Warning

Restricting the set of services that ESF is allowed to manage is only supported on devices where Polkit version is greater than 0.105, in the other cases (e.g. Ubuntu 22.04, which provides Polkit 0.105) ESF is able to start and stop any systemd unit.

Updated 5 months ago