From ea3a43f9874b3e941b28a64941f7e9e878b29ad4 Mon Sep 17 00:00:00 2001 From: Guillaume Chinal Date: Sat, 21 Dec 2024 14:24:15 +0100 Subject: [PATCH] add systemd dropins for minimal sys-net and sys-usb Some unnecessary services are running on sys-net and sys-usb which consumes RAM for nothing. SystemD dropins are added to automatically disable identified unecessary services by enabling minimal-netvm or minimal-usbvm service on the sys-vms with qvm-service. --- Makefile | 10 +++++++++- debian/qubes-core-agent.install | 7 +++++++ rpm_spec/core-agent.spec.in | 7 +++++++ vm-systemd/abrtd.service.d/30_qubes.conf | 3 +++ vm-systemd/bluetooth.service.d/30_qubes.conf | 2 ++ vm-systemd/polkit.service.d/30_qubes.conf | 2 ++ .../user/at-spi-dbus-bus.service.d/30_qubes.conf | 3 +++ vm-systemd/user/gvfs-daemon.service.d/30_qubes.conf | 3 +++ vm-systemd/user/pipewire.service.d/40_minimal.conf | 3 +++ vm-systemd/user/wireplumber.service.d/30_qubes.conf | 3 +++ 10 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 vm-systemd/abrtd.service.d/30_qubes.conf create mode 100644 vm-systemd/bluetooth.service.d/30_qubes.conf create mode 100644 vm-systemd/polkit.service.d/30_qubes.conf create mode 100644 vm-systemd/user/at-spi-dbus-bus.service.d/30_qubes.conf create mode 100644 vm-systemd/user/gvfs-daemon.service.d/30_qubes.conf create mode 100644 vm-systemd/user/pipewire.service.d/40_minimal.conf create mode 100644 vm-systemd/user/wireplumber.service.d/30_qubes.conf diff --git a/Makefile b/Makefile index 9848a8e8..a3daed6f 100644 --- a/Makefile +++ b/Makefile @@ -54,6 +54,9 @@ SYSTEM_DROPINS += sysinit.target ifeq ($(ENABLE_SELINUX),1) SYSTEM_DROPINS += selinux-autorelabel.target selinux-autorelabel.service endif +SYSTEM_DROPINS += polkit.service +SYSTEM_DROPINS += abrtd.service +SYSTEM_DROPINS += bluetooth.service SYSTEM_DROPINS_NETWORKING := NetworkManager.service NetworkManager-wait-online.service SYSTEM_DROPINS_NETWORKING += tinyproxy.service @@ -68,7 +71,12 @@ USER_DROPINS := \ evolution-addressbook-factory.service \ evolution-calendar-factory.service \ evolution-source-registry.service \ - evolution-user-prompter.service + evolution-user-prompter.service \ + pipewire.service \ + gvfs-daemon.service \ + at-spi-dbus-bus.service \ + wireplumber.service + # Ubuntu Dropins ifeq ($(release),Ubuntu) diff --git a/debian/qubes-core-agent.install b/debian/qubes-core-agent.install index 3015aa9f..b526e993 100644 --- a/debian/qubes-core-agent.install +++ b/debian/qubes-core-agent.install @@ -70,9 +70,11 @@ lib/systemd/system/boot.automount.d/30_qubes.conf lib/systemd/system/ModemManager.service.d/30_qubes.conf lib/systemd/system/NetworkManager-wait-online.service.d/30_qubes.conf lib/systemd/system/NetworkManager.service.d/30_qubes.conf +lib/systemd/system/abrtd.service.d/30_qubes.conf lib/systemd/system/anacron-resume.service.d/30_qubes.conf lib/systemd/system/anacron.service.d/30_qubes.conf lib/systemd/system/avahi-daemon.service.d/30_qubes.conf +lib/systemd/system/bluetooth.service.d/30_qubes.conf lib/systemd/system/chronyd.service.d/30_qubes.conf lib/systemd/system/cron.service.d/30_qubes.conf lib/systemd/system/cups.path.d/30_qubes.conf @@ -85,6 +87,7 @@ lib/systemd/system/netfilter-persistent.service.d/30_qubes.conf lib/systemd/system/org.cups.cupsd.path.d/30_qubes.conf lib/systemd/system/org.cups.cupsd.service.d/30_qubes.conf lib/systemd/system/org.cups.cupsd.socket.d/30_qubes.conf +lib/systemd/system/polkit.service.d/30_qubes.conf lib/systemd/system/dev-xvdc1-swap.service lib/systemd/system/qubes-early-vm-config.service lib/systemd/system/qubes-misc-post.service @@ -118,6 +121,10 @@ usr/lib/systemd/user/evolution-addressbook-factory.service.d/30_qubes.conf usr/lib/systemd/user/evolution-calendar-factory.service.d/30_qubes.conf usr/lib/systemd/user/evolution-source-registry.service.d/30_qubes.conf usr/lib/systemd/user/evolution-user-prompter.service.d/30_qubes.conf +usr/lib/systemd/user/at-spi-dbus-bus.service.d/30_qubes.conf +usr/lib/systemd/user/gvfs-daemon.service.d/30_qubes.conf +usr/lib/systemd/user/pipewire.service.d/30_qubes.conf +usr/lib/systemd/user/wireplumber.service.d/30_qubes.conf lib/udev/rules.d/50-qubes-mem-hotplug.rules usr/bin/qfile-unpacker usr/bin/qubes-desktop-run diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in index 143dc02f..3dc143c4 100644 --- a/rpm_spec/core-agent.spec.in +++ b/rpm_spec/core-agent.spec.in @@ -1272,6 +1272,8 @@ The Qubes core startup configuration for SystemD init. %_unitdir/qubes-updates-proxy-forwarder.socket %{_unitdir}-preset/%qubes_preset_file %_modulesloaddir/qubes-core.conf +%_unitdir/abrtd.service.d/30_qubes.conf +%_unitdir/bluetooth.service.d/30_qubes.conf %dir %_unitdir/boot.automount.d %_unitdir/boot.automount.d/30_qubes.conf %dir %_unitdir/*.service.d @@ -1292,6 +1294,7 @@ The Qubes core startup configuration for SystemD init. %_unitdir/ModemManager.service.d/30_qubes.conf %_unitdir/NetworkManager.service.d/30_qubes.conf %_unitdir/NetworkManager-wait-online.service.d/30_qubes.conf +%_unitdir/polkit.service.d/30_qubes.conf %_unitdir/serial-getty@.service.d/30_qubes.conf %_unitdir/systemd-random-seed.service.d/30_qubes.conf %_unitdir/systemd-timesyncd.service.d/30_qubes.conf @@ -1314,6 +1317,10 @@ The Qubes core startup configuration for SystemD init. %_userunitdir/evolution-calendar-factory.service.d/30_qubes.conf %_userunitdir/evolution-source-registry.service.d/30_qubes.conf %_userunitdir/evolution-user-prompter.service.d/30_qubes.conf +%_userunitdir/at-spi-dbus-bus.service.d/30_qubes.conf +%_userunitdir/gvfs-daemon.service.d/30_qubes.conf +%_userunitdir/pipewire.service.d/30_qubes.conf +%_userunitdir/wireplumber.service.d/30_qubes.conf %post systemd diff --git a/vm-systemd/abrtd.service.d/30_qubes.conf b/vm-systemd/abrtd.service.d/30_qubes.conf new file mode 100644 index 00000000..f464d3c9 --- /dev/null +++ b/vm-systemd/abrtd.service.d/30_qubes.conf @@ -0,0 +1,3 @@ +[Unit] +ConditionPathExists=!/var/run/qubes-service/minimal-netvm +ConditionPathExists=!/var/run/qubes-service/minimal-usbvm diff --git a/vm-systemd/bluetooth.service.d/30_qubes.conf b/vm-systemd/bluetooth.service.d/30_qubes.conf new file mode 100644 index 00000000..60aae67a --- /dev/null +++ b/vm-systemd/bluetooth.service.d/30_qubes.conf @@ -0,0 +1,2 @@ +[Unit] +ConditionPathExists=!/var/run/qubes-service/minimal-usbvm diff --git a/vm-systemd/polkit.service.d/30_qubes.conf b/vm-systemd/polkit.service.d/30_qubes.conf new file mode 100644 index 00000000..60aae67a --- /dev/null +++ b/vm-systemd/polkit.service.d/30_qubes.conf @@ -0,0 +1,2 @@ +[Unit] +ConditionPathExists=!/var/run/qubes-service/minimal-usbvm diff --git a/vm-systemd/user/at-spi-dbus-bus.service.d/30_qubes.conf b/vm-systemd/user/at-spi-dbus-bus.service.d/30_qubes.conf new file mode 100644 index 00000000..f464d3c9 --- /dev/null +++ b/vm-systemd/user/at-spi-dbus-bus.service.d/30_qubes.conf @@ -0,0 +1,3 @@ +[Unit] +ConditionPathExists=!/var/run/qubes-service/minimal-netvm +ConditionPathExists=!/var/run/qubes-service/minimal-usbvm diff --git a/vm-systemd/user/gvfs-daemon.service.d/30_qubes.conf b/vm-systemd/user/gvfs-daemon.service.d/30_qubes.conf new file mode 100644 index 00000000..f464d3c9 --- /dev/null +++ b/vm-systemd/user/gvfs-daemon.service.d/30_qubes.conf @@ -0,0 +1,3 @@ +[Unit] +ConditionPathExists=!/var/run/qubes-service/minimal-netvm +ConditionPathExists=!/var/run/qubes-service/minimal-usbvm diff --git a/vm-systemd/user/pipewire.service.d/40_minimal.conf b/vm-systemd/user/pipewire.service.d/40_minimal.conf new file mode 100644 index 00000000..f464d3c9 --- /dev/null +++ b/vm-systemd/user/pipewire.service.d/40_minimal.conf @@ -0,0 +1,3 @@ +[Unit] +ConditionPathExists=!/var/run/qubes-service/minimal-netvm +ConditionPathExists=!/var/run/qubes-service/minimal-usbvm diff --git a/vm-systemd/user/wireplumber.service.d/30_qubes.conf b/vm-systemd/user/wireplumber.service.d/30_qubes.conf new file mode 100644 index 00000000..f464d3c9 --- /dev/null +++ b/vm-systemd/user/wireplumber.service.d/30_qubes.conf @@ -0,0 +1,3 @@ +[Unit] +ConditionPathExists=!/var/run/qubes-service/minimal-netvm +ConditionPathExists=!/var/run/qubes-service/minimal-usbvm