Compare commits

..

16 Commits

Author SHA1 Message Date
Lennart Poettering b3077c47a8
Merge pull request #16344 from keszybz/update-utmp-erofs
Make update-utmp not fail if it only fails to write wtmp records
2020-07-06 17:52:17 +02:00
Maciej S. Szmigiero c5bc4f77d9 hwdb: add another Logitech M705 mouse variant
There seems to be a newer version of Logitech M705 mouse in the wild.
Let's add it to the hwdb.

Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
2020-07-06 17:17:52 +02:00
Zbigniew Jędrzejewski-Szmek 5544cd3199
Merge pull request #16373 from JackFangXN/master
userdbctl homectl use table_log_add_error()
2020-07-06 17:14:07 +02:00
Frantisek Sumsal 9a61e8fca2 unit-name: fix a potential memory leak
Also, add a test which verifies the issue is indeed gone.

Fixes: CID#1429014
Followup to: ab19db01ae
2020-07-06 17:13:37 +02:00
Zbigniew Jędrzejewski-Szmek b37e4d9c87
Merge pull request #16370 from keszybz/tree-wide-spelling
Assorted spelling, markup, and grammar fixes
2020-07-06 15:57:47 +02:00
Vito Caputo e26538dd04 network: tc: fix n_prio bounds check
Looks like a simple copy and paste error

Fixes https://github.com/systemd/systemd/issues/16367
2020-07-06 15:52:17 +02:00
fangxiuning f987a261b4 userdbctl homectl use table_log_add_error()
Signed-off-by: fangxiuning <fangxiuning123@126.com>
2020-07-06 21:32:22 +08:00
Zbigniew Jędrzejewski-Szmek f04a98e13f Fix two typos found by codespell 2020-07-06 15:09:23 +02:00
Zbigniew Jędrzejewski-Szmek bdac560801 tree-wide: drop quotes from around [section]
For users, the square brackets already serve as markup and clearly delineate
the section name from surrounding text. Putting additional markup around that
only adds clutter. Also, we were very inconsistent in using the quotes. Let's
just drop them altogether.
2020-07-06 11:29:05 +02:00
Zbigniew Jędrzejewski-Szmek e9dd698407 tree-wide: fixes for assorted grammar and spelling issues
Fixes #16363. Also includes some changes where I generalized the pattern.
2020-07-06 11:29:05 +02:00
Zbigniew Jędrzejewski-Szmek ca1d199b48 update-utmp: do not fail on EROFS
Right now systemd-update-utmp.service would fail on read-only /var because
it was not able to write the wtmp record. But it still writes the utmp
record just fine, so runtime information is OK. I don't think we need to
make too much fuss about not being able to save wtmp info.
2020-07-05 12:44:35 +02:00
Zbigniew Jędrzejewski-Szmek c2a9909377 Define _cleanup_ helper for setutxent()+endutxent() 2020-07-05 12:16:01 +02:00
Zbigniew Jędrzejewski-Szmek 272ac70a21 various daemons: emit Stopping... notification before destructing the manager object
This is mostly cosmetic, but let's reorder the destructors so that
we do the final sd_notify() call before we run the destructor for
the manager object.
2020-07-02 17:12:23 +02:00
Zbigniew Jędrzejewski-Szmek cc090ca7fe initctl: use _cleanup_ and run() 2020-07-02 17:12:23 +02:00
Zbigniew Jędrzejewski-Szmek e9d9d50cef initctl,update-utmp: define iterator variable in loop 2020-07-02 17:12:23 +02:00
Zbigniew Jędrzejewski-Szmek bc9d1dbfc8 update-utmp,initctl: drop ppid check
Such checks make debugging harder but serve no useful purpose otherwise.
We got rid of all the checks for root, let's kill those too.
2020-07-02 17:12:23 +02:00
107 changed files with 828 additions and 927 deletions

View File

@ -628,7 +628,7 @@ hash to test this derived secret key against for authentication. It is
generally recommended that for each entry in `fido2HmacSalt` there's also a generally recommended that for each entry in `fido2HmacSalt` there's also a
matching one in `fido2HmacCredential`, and vice versa, with the same credential matching one in `fido2HmacCredential`, and vice versa, with the same credential
ID, appearing in the same order, but this should not be required by ID, appearing in the same order, but this should not be required by
applications processing user recrods. applications processing user records.
## Fields in the `perMachine` section ## Fields in the `perMachine` section

View File

@ -381,6 +381,10 @@ mouse:usb:v046dp101b:name:Logitech M705:
mouse:usb:v046dpc52b:name:Logitech Unifying Device. Wireless PID:101b: mouse:usb:v046dpc52b:name:Logitech Unifying Device. Wireless PID:101b:
MOUSE_DPI=1000@125 MOUSE_DPI=1000@125
# Logitech M705 (newer version?)
mouse:usb:v046dp406d:name:Logitech M705:
MOUSE_DPI=1000@167
# Logitech M305 Wireless Optical Mouse # Logitech M305 Wireless Optical Mouse
mouse:usb:v046dpc52f:name:Logitech USB Receiver: mouse:usb:v046dpc52f:name:Logitech USB Receiver:
MOUSE_DPI=1000@170 MOUSE_DPI=1000@170

View File

@ -49,7 +49,7 @@
<title>Options</title> <title>Options</title>
<para>All options are configured in the <para>All options are configured in the
<literal>[Coredump]</literal> section:</para> [Coredump] section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>

View File

@ -52,8 +52,8 @@
matching specified characteristics. If no command is matching specified characteristics. If no command is
specified, this is the implied default.</para> specified, this is the implied default.</para>
<para>The output is designed to be human readable and contains list contains <para>The output is designed to be human readable and contains a table with the following
a table with the following columns:</para> columns:</para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term>TIME</term> <term>TIME</term>

View File

@ -255,6 +255,7 @@
<listitem><para>Perform encryption using the same cpu that IO was submitted on. The default is to use <listitem><para>Perform encryption using the same cpu that IO was submitted on. The default is to use
an unbound workqueue so that encryption work is automatically balanced between available CPUs.</para> an unbound workqueue so that encryption work is automatically balanced between available CPUs.</para>
<para>This requires kernel 4.0 or newer.</para> <para>This requires kernel 4.0 or newer.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -263,9 +264,10 @@
<term><option>submit-from-crypt-cpus</option></term> <term><option>submit-from-crypt-cpus</option></term>
<listitem><para>Disable offloading writes to a separate thread after encryption. There are some <listitem><para>Disable offloading writes to a separate thread after encryption. There are some
situations where offloading write bios from the encryption threads to a single thread degrades situations where offloading write requests from the encryption threads to a dedicated thread degrades
performance significantly. The default is to offload write bios to the same thread because it benefits performance significantly. The default is to offload write requests to a dedicated thread because it
CFQ to have writes submitted using the same context.</para> benefits the CFQ scheduler to have writes submitted using the same context.</para>
<para>This requires kernel 4.0 or newer.</para> <para>This requires kernel 4.0 or newer.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -512,7 +514,8 @@ external /dev/sda3 keyfile:LABEL=keydev keyfile-timeout=10s</programlist
<para>The PKCS#11 logic allows hooking up any compatible security token that is capable of storing RSA <para>The PKCS#11 logic allows hooking up any compatible security token that is capable of storing RSA
decryption keys. Here's an example how to set up a Yubikey security token for this purpose, using decryption keys. Here's an example how to set up a Yubikey security token for this purpose, using
<command>ykman</command> from the yubikey-manager project:</para> <citerefentry project='debian'><refentrytitle>ykmap</refentrytitle><manvolnum>1</manvolnum></citerefentry>
from the yubikey-manager project:</para>
<programlisting><xi:include href="yubikey-crypttab.sh" parse="text" /></programlisting> <programlisting><xi:include href="yubikey-crypttab.sh" parse="text" /></programlisting>

View File

@ -357,7 +357,7 @@
special target unit <filename>sockets.target</filename>. It is special target unit <filename>sockets.target</filename>. It is
recommended to place a recommended to place a
<varname>WantedBy=sockets.target</varname> directive in the <varname>WantedBy=sockets.target</varname> directive in the
<literal>[Install]</literal> section to automatically add such a [Install] section to automatically add such a
dependency on installation of a socket unit. Unless dependency on installation of a socket unit. Unless
<varname>DefaultDependencies=no</varname> is set, the necessary <varname>DefaultDependencies=no</varname> is set, the necessary
ordering dependencies are implicitly created for all socket ordering dependencies are implicitly created for all socket
@ -520,7 +520,7 @@
operating system-independent.</para></listitem> operating system-independent.</para></listitem>
<listitem><para>Make sure to include an <listitem><para>Make sure to include an
<literal>[Install]</literal> section including installation [Install] section including installation
information for the unit file. See information for the unit file. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. To activate your service on boot, make sure to for details. To activate your service on boot, make sure to

View File

@ -648,7 +648,7 @@
<filename>/usr/share/</filename> hierarchy to the locations <filename>/usr/share/</filename> hierarchy to the locations
defined by the various relevant specifications.</para> defined by the various relevant specifications.</para>
<para>During runtime, and for local configuration and state, <para>During runtime, and for local configuration and runtime state,
additional directories are defined:</para> additional directories are defined:</para>
<table> <table>

View File

@ -119,9 +119,9 @@
<term><option>--identity=</option><replaceable>FILE</replaceable></term> <term><option>--identity=</option><replaceable>FILE</replaceable></term>
<listitem><para>Read the user's JSON record from the specified file. If passed as <listitem><para>Read the user's JSON record from the specified file. If passed as
<literal>-</literal> reads the user record from standard input. The supplied JSON object must follow <literal>-</literal> read the user record from standard input. The supplied JSON object must follow
the structure documented on <ulink url="https://systemd.io/USER_RECORDS">JSON User the structure documented on <ulink url="https://systemd.io/USER_RECORD">JSON User Records</ulink>.
Records</ulink>. This option may be used in conjunction with the <command>create</command> and This option may be used in conjunction with the <command>create</command> and
<command>update</command> commands (see below), where it allows configuring the user record in JSON <command>update</command> commands (see below), where it allows configuring the user record in JSON
as-is, instead of setting the individual user record properties (see below).</para></listitem> as-is, instead of setting the individual user record properties (see below).</para></listitem>
</varlistentry> </varlistentry>
@ -247,10 +247,9 @@
different system and the configured UID is taken by another user there, then different system and the configured UID is taken by another user there, then
<command>systemd-homed</command> may assign the user a different UID on that system. The specified <command>systemd-homed</command> may assign the user a different UID on that system. The specified
UID must be outside of the system user range. It is recommended to use the 60001…60513 UID range for UID must be outside of the system user range. It is recommended to use the 60001…60513 UID range for
this purpose. If not specified the UID is automatically picked. When logging in and the home this purpose. If not specified, the UID is automatically picked. If the home directory is found to be
directory is found to be owned by a UID not matching the user's assigned one the home directory and owned by a different UID when logging in, the home directory and everything underneath it will have
all files and directories inside it will have their ownership changed automatically before login its ownership changed automatically before login completes.</para>
completes.</para>
<para>Note that users managed by <command>systemd-homed</command> always have a matching group <para>Note that users managed by <command>systemd-homed</command> always have a matching group
associated with the same name as well as a GID matching the UID of the user. Thus, configuring the associated with the same name as well as a GID matching the UID of the user. Thus, configuring the
@ -266,19 +265,19 @@
privileges. Note that <command>systemd-homed</command> does not manage any groups besides a group privileges. Note that <command>systemd-homed</command> does not manage any groups besides a group
matching the user in name and numeric UID/GID. Thus any groups listed here must be registered matching the user in name and numeric UID/GID. Thus any groups listed here must be registered
independently, for example with <citerefentry independently, for example with <citerefentry
project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. If project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
non-existent groups that are listed there are ignored. This option may be used more than once, in Any non-existent groups are ignored. This option may be used more than once, in which case all
which case all specified group lists are combined. If the user is currently a member of a group specified group lists are combined. If the user is currently a member of a group which is not listed,
which is not listed, the user will be removed from the group.</para></listitem> the user will be removed from the group.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><option>--skel=</option><replaceable>PATH</replaceable></term> <term><option>--skel=</option><replaceable>PATH</replaceable></term>
<listitem><para>Takes a file system path to a directory. Specifies the skeleton directory to <listitem><para>Takes a file system path to a directory. Specifies the skeleton directory to
initialize the home directory with. All files and directories in the specified are copied into any initialize the home directory with. All files and directories in the specified path are copied into
newly create home directory. If not specified defaults to any newly create home directory. If not specified defaults to <filename>/etc/skel/</filename>.
<filename>/etc/skel/</filename>.</para></listitem> </para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -313,7 +312,7 @@
<listitem><para>Takes a specifier indicating the preferred language of the user. The <listitem><para>Takes a specifier indicating the preferred language of the user. The
<varname>$LANG</varname> environment variable is initialized from this value on login, and thus a <varname>$LANG</varname> environment variable is initialized from this value on login, and thus a
value suitable for this environment variable is accepted here, for example value suitable for this environment variable is accepted here, for example
<option>--language=de_DE.UTF8</option></para></listitem> <option>--language=de_DE.UTF8</option>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -331,8 +330,8 @@
security token with exactly one pair of X.509 certificate and private key. A random secret key is security token with exactly one pair of X.509 certificate and private key. A random secret key is
then generated, encrypted with the public key of the X.509 certificate, and stored as part of the then generated, encrypted with the public key of the X.509 certificate, and stored as part of the
user record. At login time it is decrypted with the PKCS#11 module and then used to unlock the user record. At login time it is decrypted with the PKCS#11 module and then used to unlock the
account and associated resources. See below for an example how to set up authentication with security account and associated resources. See below for an example how to set up authentication with a
token.</para> security token.</para>
<para>Instead of a valid PKCS#11 URI, the special strings <literal>list</literal> and <para>Instead of a valid PKCS#11 URI, the special strings <literal>list</literal> and
<literal>auto</literal> may be specified. If <literal>list</literal> is passed, a brief table of <literal>auto</literal> may be specified. If <literal>list</literal> is passed, a brief table of
@ -439,19 +438,19 @@
<listitem><para>Each of these options takes a time span specification as argument (in the syntax <listitem><para>Each of these options takes a time span specification as argument (in the syntax
documented in documented in
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and
configure various aspects of the user's password expiration policy. Specifically, configures various aspects of the user's password expiration policy. Specifically,
<option>--password-change-min=</option> configures how much time has to pass after changing the <option>--password-change-min=</option> configures how much time has to pass after changing the
password of the user until the password may be changed again. If the user tries to change their password of the user until the password may be changed again. If the user tries to change their
password before this time passes the attempt is refused. <option>--password-change-max=</option> password before this time passes the attempt is refused. <option>--password-change-max=</option>
configures how much time has to pass after the password is changed until the password expires and configures how soon after it has been changed the password expires and needs to be changed again.
needs to be changed again. After this time passes any attempts to log in may only proceed after the After this time passes logging in may only proceed after the password is changed.
password is changed. <option>--password-change-warn=</option> specifies how much earlier than then <option>--password-change-warn=</option> specifies how much earlier than then the time configured
the time configured with <option>--password-change-max=</option> the user is warned at login to with <option>--password-change-max=</option> the user is warned at login to change their password as
change their password as it will expire soon. Finally <option>--password-change-inactive=</option> it will expire soon. Finally <option>--password-change-inactive=</option> configures the time which
configures the time which has to pass after the password as expired until the user is not permitted has to pass after the password as expired until the user is not permitted to log in or change the
to log in or change the password anymore. Note that these options only apply to password password anymore. Note that these options only apply to password authentication, and do not apply to
authentication, and do not apply to other forms of authentication, for example PKCS#11-based security other forms of authentication, for example PKCS#11-based security token
token authentication.</para></listitem> authentication.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -695,8 +694,8 @@
<para>Activation of a home directory involves various operations that depend on the selected storage <para>Activation of a home directory involves various operations that depend on the selected storage
mechanism. If the LUKS2 mechanism is used, this generally involves: inquiring the user for a mechanism. If the LUKS2 mechanism is used, this generally involves: inquiring the user for a
password, setting up a loopback device, validating and activating the LUKS2 volume, checking the file password, setting up a loopback device, validating and activating the LUKS2 volume, checking the file
system, mounting the file system, and potentiatlly changing the ownership of all included files to system, mounting the file system, and potentially changing the ownership of all included files to the
the correct UID/GID.</para></listitem> correct UID/GID.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

View File

@ -42,7 +42,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>The following options are available in the <literal>[Home]</literal> section:</para> <para>The following options are available in the [Home] section:</para>
<variablelist class='home-directives'> <variablelist class='home-directives'>

View File

@ -49,7 +49,7 @@
<title>Options</title> <title>Options</title>
<para>All options are configured in the <para>All options are configured in the
<literal>[Remote]</literal> section:</para> [Remote] section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>
<varlistentry> <varlistentry>

View File

@ -43,7 +43,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>All options are configured in the <literal>[Upload]</literal> section:</para> <para>All options are configured in the [Upload] section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>
<varlistentry> <varlistentry>

View File

@ -555,7 +555,7 @@
is also added for <literal>_SYSTEMD_SLICE=<replaceable>UNIT</replaceable></literal>, is also added for <literal>_SYSTEMD_SLICE=<replaceable>UNIT</replaceable></literal>,
such that if the provided <replaceable>UNIT</replaceable> is a such that if the provided <replaceable>UNIT</replaceable> is a
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
unit, all logs of the children of the slice will be logged. unit, all logs of children of the slice will be shown.
</para> </para>
<para>This parameter can be specified multiple times.</para> <para>This parameter can be specified multiple times.</para>
@ -574,7 +574,7 @@
is also added for <literal>_SYSTEMD_USER_SLICE=<replaceable>UNIT</replaceable></literal>, is also added for <literal>_SYSTEMD_USER_SLICE=<replaceable>UNIT</replaceable></literal>,
such that if the provided <replaceable>UNIT</replaceable> is a such that if the provided <replaceable>UNIT</replaceable> is a
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
unit, all logs of the children of the unit will be logged.</para> unit, all logs of children of the unit will be shown.</para>
<para>This parameter can be specified multiple times.</para> <para>This parameter can be specified multiple times.</para>
</listitem> </listitem>
@ -761,8 +761,8 @@
underneath the specified directory instead of the root underneath the specified directory instead of the root
directory (e.g. <option>--update-catalog</option> will create directory (e.g. <option>--update-catalog</option> will create
<filename><replaceable>ROOT</replaceable>/var/lib/systemd/catalog/database</filename>, <filename><replaceable>ROOT</replaceable>/var/lib/systemd/catalog/database</filename>,
and journal files under <filename><replaceable>ROOT</replaceable>/run/journal</filename> and journal files under <filename><replaceable>ROOT</replaceable>/run/journal/</filename>
or <filename><replaceable>ROOT</replaceable>/var/log/journal</filename> will be displayed). or <filename><replaceable>ROOT</replaceable>/var/log/journal/</filename> will be displayed).
</para></listitem> </para></listitem>
</varlistentry> </varlistentry>
@ -929,10 +929,10 @@
<filename>/run/log/journal/</filename> into <filename>/var/log/journal/</filename>, if persistent <filename>/run/log/journal/</filename> into <filename>/var/log/journal/</filename>, if persistent
storage is enabled. This call does not return until the operation is complete. Note that this call is storage is enabled. This call does not return until the operation is complete. Note that this call is
idempotent: the data is only flushed from <filename>/run/log/journal/</filename> into idempotent: the data is only flushed from <filename>/run/log/journal/</filename> into
<filename>/var/log/journal</filename> once during system runtime (but see <filename>/var/log/journal/</filename> once during system runtime (but see
<option>--relinquish-var</option> below), and this command exits cleanly without executing any <option>--relinquish-var</option> below), and this command exits cleanly without executing any
operation if this has already happened. This command effectively guarantees that all data is flushed operation if this has already happened. This command effectively guarantees that all data is flushed
to <filename>/var/log/journal</filename> at the time it returns.</para></listitem> to <filename>/var/log/journal/</filename> at the time it returns.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

View File

@ -53,7 +53,7 @@
<title>Options</title> <title>Options</title>
<para>All options are configured in the <para>All options are configured in the
<literal>[Journal]</literal> section:</para> [Journal] section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>

View File

@ -36,7 +36,7 @@
<title>Description</title> <title>Description</title>
<para><command>kernel-install</command> is used to install and remove kernel and initramfs images to and <para><command>kernel-install</command> is used to install and remove kernel and initramfs images to and
from the boot loader partition, referred to as <varname>$BOOT</varname> here. It will usually be one of from the boot loader partition, referred to as <varname>$BOOT</varname> here. It will usually be one of
<filename>/boot</filename>, <filename>/efi</filename>, or <filename>/boot/efi</filename>, see below. <filename>/boot/</filename>, <filename>/efi/</filename>, or <filename>/boot/efi/</filename>, see below.
</para> </para>
<para><command>kernel-install</command> will execute the files <para><command>kernel-install</command> will execute the files
@ -137,7 +137,7 @@
<para>The partition where the kernels and <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot <para>The partition where the kernels and <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot
Loader Specification</ulink> snippets are located is called <varname>$BOOT</varname>. Loader Specification</ulink> snippets are located is called <varname>$BOOT</varname>.
<command>kernel-install</command> determines the location of this partition by checking <command>kernel-install</command> determines the location of this partition by checking
<filename>/efi/</filename>, <filename>/boot/</filename>, and <filename>/boot/efi</filename> <filename>/efi/</filename>, <filename>/boot/</filename>, and <filename>/boot/efi/</filename>
in turn. The first location where <filename>$BOOT/loader/entries/</filename> or in turn. The first location where <filename>$BOOT/loader/entries/</filename> or
<filename>$BOOT/$MACHINE_ID/</filename> exists is used.</para> <filename>$BOOT/$MACHINE_ID/</filename> exists is used.</para>
</refsect1> </refsect1>

View File

@ -46,7 +46,7 @@
<title>Options</title> <title>Options</title>
<para>All options are configured in the <para>All options are configured in the
<literal>[Login]</literal> section:</para> [Login] section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>
@ -277,7 +277,7 @@
<varlistentry> <varlistentry>
<term><varname>HoldoffTimeoutSec=</varname></term> <term><varname>HoldoffTimeoutSec=</varname></term>
<listitem><para>Specifies the timeout after system startup or <listitem><para>Specifies a period of time after system startup or
system resume in which systemd will hold off on reacting to system resume in which systemd will hold off on reacting to
lid events. This is required for the system to properly lid events. This is required for the system to properly
detect any hotplugged devices so systemd can ignore lid events detect any hotplugged devices so systemd can ignore lid events

View File

@ -39,7 +39,7 @@
<para>The machine ID may be set, for example when network booting, with the <para>The machine ID may be set, for example when network booting, with the
<varname>systemd.machine_id=</varname> kernel command line parameter or by passing the <varname>systemd.machine_id=</varname> kernel command line parameter or by passing the
option <option>--machine-id=</option> to systemd. An ID is specified in this manner option <option>--machine-id=</option> to systemd. An ID specified in this manner
has higher priority and will be used instead of the ID stored in has higher priority and will be used instead of the ID stored in
<filename>/etc/machine-id</filename>.</para> <filename>/etc/machine-id</filename>.</para>

View File

@ -320,7 +320,7 @@
<listitem><para>Copies files or directories from a container <listitem><para>Copies files or directories from a container
into the host system. Takes a container name, followed by the into the host system. Takes a container name, followed by the
source path in the container the destination path on the host. source path in the container and the destination path on the host.
If the destination path is omitted, the same as the source path If the destination path is omitted, the same as the source path
is used.</para> is used.</para>

View File

@ -45,7 +45,7 @@
<refsect1> <refsect1>
<title>[Network] Section Options</title> <title>[Network] Section Options</title>
<para>The following options are available in the <literal>[Network]</literal> section:</para> <para>The following options are available in the [Network] section:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>

View File

@ -18,8 +18,7 @@
<refnamediv> <refnamediv>
<refname>nss-myhostname</refname> <refname>nss-myhostname</refname>
<refname>libnss_myhostname.so.2</refname> <refname>libnss_myhostname.so.2</refname>
<refpurpose>Provide hostname resolution for the locally <refpurpose>Hostname resolution for the locally configured system hostname</refpurpose>
configured system hostname.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -18,8 +18,7 @@
<refnamediv> <refnamediv>
<refname>nss-mymachines</refname> <refname>nss-mymachines</refname>
<refname>libnss_mymachines.so.2</refname> <refname>libnss_mymachines.so.2</refname>
<refpurpose>Provide hostname resolution for local <refpurpose>Hostname resolution for local container instances</refpurpose>
container instances.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -18,7 +18,7 @@
<refnamediv> <refnamediv>
<refname>nss-resolve</refname> <refname>nss-resolve</refname>
<refname>libnss_resolve.so.2</refname> <refname>libnss_resolve.so.2</refname>
<refpurpose>Provide hostname resolution via <filename>systemd-resolved.service</filename></refpurpose> <refpurpose>Hostname resolution via <filename>systemd-resolved.service</filename></refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -18,7 +18,7 @@
<refnamediv> <refnamediv>
<refname>nss-systemd</refname> <refname>nss-systemd</refname>
<refname>libnss_systemd.so.2</refname> <refname>libnss_systemd.so.2</refname>
<refpurpose>Provide UNIX user and group name resolution for user/group lookup via Varlink</refpurpose> <refpurpose>UNIX user and group name resolution for user/group lookup via Varlink</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -153,7 +153,7 @@
hence be used to uniquely label files or other resources of this session. Combine this ID with the boot hence be used to uniquely label files or other resources of this session. Combine this ID with the boot
identifier, as returned by identifier, as returned by
<citerefentry><refentrytitle>sd_id128_get_boot</refentrytitle><manvolnum>3</manvolnum></citerefentry>, for a <citerefentry><refentrytitle>sd_id128_get_boot</refentrytitle><manvolnum>3</manvolnum></citerefentry>, for a
globally unique identifier for the current session.</para></listitem> globally unique identifier.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

View File

@ -118,7 +118,7 @@
<para>By default all unit files whose names start with a prefix generated from the image's file name are copied <para>By default all unit files whose names start with a prefix generated from the image's file name are copied
out. Specifically, the prefix is determined from the image file name with any suffix such as out. Specifically, the prefix is determined from the image file name with any suffix such as
<filename>.raw</filename> removed, truncated at the first occurrence of and underscore character <filename>.raw</filename> removed, truncated at the first occurrence of an underscore character
(<literal>_</literal>), if there is one. The underscore logic is supposed to be used to versioning so that the (<literal>_</literal>), if there is one. The underscore logic is supposed to be used to versioning so that the
an image file <filename>foobar_47.11.raw</filename> will result in a unit file matching prefix of an image file <filename>foobar_47.11.raw</filename> will result in a unit file matching prefix of
<filename>foobar</filename>. This prefix is then compared with all unit files names contained in the image in <filename>foobar</filename>. This prefix is then compared with all unit files names contained in the image in
@ -403,7 +403,7 @@
</tgroup> </tgroup>
</table> </table>
<para>For details on this profiles, and their effects please have a look at their precise definitions, <para>For details on these profiles and their effects see their precise definitions,
e.g. <filename>/usr/lib/systemd/portable/profile/default/service.conf</filename> and similar.</para> e.g. <filename>/usr/lib/systemd/portable/profile/default/service.conf</filename> and similar.</para>
</refsect1> </refsect1>

View File

@ -44,7 +44,7 @@
<title>Options</title> <title>Options</title>
<para>All options are configured in the <para>All options are configured in the
<literal>[PStore]</literal> section:</para> [PStore] section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>
@ -82,7 +82,7 @@
<refsect1> <refsect1>
<title>See Also</title> <title>See Also</title>
<para> <para>
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para> </para>
</refsect1> </refsect1>

View File

@ -41,7 +41,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>The following options are available in the <literal>[Resolve]</literal> section:</para> <para>The following options are available in the [Resolve] section:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>

View File

@ -19,7 +19,7 @@
<refnamediv> <refnamediv>
<refname>sd_bus_enqueue_for_read</refname> <refname>sd_bus_enqueue_for_read</refname>
<refpurpose>Re-enqueue a bus message on a bus connection, for reading.</refpurpose> <refpurpose>Re-enqueue a bus message on a bus connection, for reading</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -20,7 +20,7 @@
<refname>sd_bus_is_open</refname> <refname>sd_bus_is_open</refname>
<refname>sd_bus_is_ready</refname> <refname>sd_bus_is_ready</refname>
<refpurpose>Check whether the a bus connection is open or ready.</refpurpose> <refpurpose>Check whether the bus connection is open or ready</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -22,7 +22,7 @@
<refname>sd_bus_message_new_method_errno</refname> <refname>sd_bus_message_new_method_errno</refname>
<refname>sd_bus_message_new_method_errnof</refname> <refname>sd_bus_message_new_method_errnof</refname>
<refpurpose>Create a an error reply for a method call</refpurpose> <refpurpose>Create an error reply for a method call</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -20,7 +20,7 @@
<refname>sd_bus_set_connected_signal</refname> <refname>sd_bus_set_connected_signal</refname>
<refname>sd_bus_get_connected_signal</refname> <refname>sd_bus_get_connected_signal</refname>
<refpurpose>Control emmission of local connection establishment signal on bus connections</refpurpose> <refpurpose>Control emission of local connection establishment signal on bus connections</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -23,7 +23,7 @@
<refname>sd_bus_track_get_destroy_callback</refname> <refname>sd_bus_track_get_destroy_callback</refname>
<refname>sd_bus_destroy_t</refname> <refname>sd_bus_destroy_t</refname>
<refpurpose>Define the callback function for resource cleanup.</refpurpose> <refpurpose>Define the callback function for resource cleanup</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -19,7 +19,7 @@
<refname>sd_bus_slot_set_floating</refname> <refname>sd_bus_slot_set_floating</refname>
<refname>sd_bus_slot_get_floating</refname> <refname>sd_bus_slot_get_floating</refname>
<refpurpose>Control whether a bus slot object is "floating".</refpurpose> <refpurpose>Control whether a bus slot object is "floating"</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -21,7 +21,7 @@
<refname>sd_event_source_get_destroy_callback</refname> <refname>sd_event_source_get_destroy_callback</refname>
<refname>sd_event_destroy_t</refname> <refname>sd_event_destroy_t</refname>
<refpurpose>Define the callback function for resource cleanup.</refpurpose> <refpurpose>Define the callback function for resource cleanup</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -21,7 +21,7 @@
<refnamediv> <refnamediv>
<refname>sd_journal_has_runtime_files</refname> <refname>sd_journal_has_runtime_files</refname>
<refname>sd_journal_has_persistent_files</refname> <refname>sd_journal_has_persistent_files</refname>
<refpurpose>Query availability of runtime or persistent journal files.</refpurpose> <refpurpose>Query availability of runtime or persistent journal files</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -19,7 +19,7 @@
<refname>sd_machine_get_class</refname> <refname>sd_machine_get_class</refname>
<refname>sd_machine_get_ifindices</refname> <refname>sd_machine_get_ifindices</refname>
<refpurpose>Determine the class and network interface indices of a <refpurpose>Determine the class and network interface indices of a
locally running virtual machine or container.</refpurpose> locally running virtual machine or container</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -35,7 +35,7 @@
<refname>sd_peer_get_cgroup</refname> <refname>sd_peer_get_cgroup</refname>
<refpurpose>Determine the owner uid of the user unit or session, <refpurpose>Determine the owner uid of the user unit or session,
or the session, user unit, system unit, container/VM or slice that or the session, user unit, system unit, container/VM or slice that
a specific PID or socket peer belongs to.</refpurpose> a specific PID or socket peer belongs to</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -70,11 +70,11 @@ key.pattern.overridden.with.glob = custom
followed by <literal>=</literal>, see SYNOPSIS.</para> followed by <literal>=</literal>, see SYNOPSIS.</para>
<para>Any access permission errors and attempts to write variables not present on the local system are <para>Any access permission errors and attempts to write variables not present on the local system are
logged, but do not cause the service to fail. Debug log level is used, which means that the message will logged at debug level and do not cause the service to fail. Moreover, if a variable assignment is
not show up at all by default. Moreover, if a variable assignment is prefixed with a single prefixed with a single <literal>-</literal> character, failure to set the variable for other reasons will
<literal>-</literal> character, any failure to set the variable will be logged at debug level, but will be logged at debug level and will not cause the service to fail. In other cases, errors when setting
not cause the service to fail. All other errors when setting variables are logged with higher priority variables are logged with higher priority and cause the service to return failure at the end (after
and cause the service to return failure at the end (other variables are still processed).</para> processing other variables).</para>
<para>The settings configured with <filename>sysctl.d</filename> files will be applied early on boot. The <para>The settings configured with <filename>sysctl.d</filename> files will be applied early on boot. The
network interface-specific options will also be applied individually for each network interface as it network interface-specific options will also be applied individually for each network interface as it

View File

@ -412,7 +412,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<para>The "Loaded:" line in the output will show <literal>loaded</literal> if the unit has been loaded into <para>The "Loaded:" line in the output will show <literal>loaded</literal> if the unit has been loaded into
memory. Other possible values for "Loaded:" include: <literal>error</literal> if there was a problem memory. Other possible values for "Loaded:" include: <literal>error</literal> if there was a problem
loading it, <literal>not-found</literal> if not unit file was found for this unit, loading it, <literal>not-found</literal> if no unit file was found for this unit,
<literal>bad-setting</literal> if an essential unit file setting could not be parsed and <literal>bad-setting</literal> if an essential unit file setting could not be parsed and
<literal>masked</literal> if the unit file has been masked. Along with showing the path to the unit file, <literal>masked</literal> if the unit file has been masked. Along with showing the path to the unit file,
this line will also show the enablement state. Enabled commands start at boot. See the full table of this line will also show the enablement state. Enabled commands start at boot. See the full table of
@ -582,7 +582,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<listitem> <listitem>
<para>Enable one or more units or unit instances. This will create a set of symlinks, as encoded in the <para>Enable one or more units or unit instances. This will create a set of symlinks, as encoded in the
<literal>[Install]</literal> sections of the indicated unit files. After the symlinks have been created, [Install] sections of the indicated unit files. After the symlinks have been created,
the system manager configuration is reloaded (in a way equivalent to <command>daemon-reload</command>), in the system manager configuration is reloaded (in a way equivalent to <command>daemon-reload</command>), in
order to ensure the changes are taken into account immediately. Note that this does order to ensure the changes are taken into account immediately. Note that this does
<emphasis>not</emphasis> have the effect of also starting any of the units being enabled. If this is <emphasis>not</emphasis> have the effect of also starting any of the units being enabled. If this is
@ -605,7 +605,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<option>--quiet</option>. <option>--quiet</option>.
</para> </para>
<para>Note that this operation creates only the symlinks suggested in the <literal>[Install]</literal> <para>Note that this operation creates only the symlinks suggested in the [Install]
section of the unit files. While this command is the recommended way to manipulate the unit configuration section of the unit files. While this command is the recommended way to manipulate the unit configuration
directory, the administrator is free to make additional changes manually by placing or removing symlinks directory, the administrator is free to make additional changes manually by placing or removing symlinks
below this directory. This is particularly useful to create configurations that deviate from the suggested below this directory. This is particularly useful to create configurations that deviate from the suggested
@ -645,7 +645,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<para>This command expects valid unit names only, it does not accept paths to unit files.</para> <para>This command expects valid unit names only, it does not accept paths to unit files.</para>
<para>In addition to the units specified as arguments, all units are disabled that are listed in the <para>In addition to the units specified as arguments, all units are disabled that are listed in the
<varname>Also=</varname> setting contained in the <literal>[Install]</literal> section of any of the unit <varname>Also=</varname> setting contained in the [Install] section of any of the unit
files being operated on.</para> files being operated on.</para>
<para>This command implicitly reloads the system manager configuration after completing the operation. Note <para>This command implicitly reloads the system manager configuration after completing the operation. Note
@ -668,7 +668,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<listitem> <listitem>
<para>Reenable one or more units, as specified on the command line. This is a combination of <para>Reenable one or more units, as specified on the command line. This is a combination of
<command>disable</command> and <command>enable</command> and is useful to reset the symlinks a unit file is <command>disable</command> and <command>enable</command> and is useful to reset the symlinks a unit file is
enabled with to the defaults configured in its <literal>[Install]</literal> section. This command expects enabled with to the defaults configured in its [Install] section. This command expects
a unit name only, it does not accept paths to unit files.</para> a unit name only, it does not accept paths to unit files.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -768,17 +768,17 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
</row> </row>
<row> <row>
<entry><literal>static</literal></entry> <entry><literal>static</literal></entry>
<entry>The unit file is not enabled, and has no provisions for enabling in the <literal>[Install]</literal> unit file section.</entry> <entry>The unit file is not enabled, and has no provisions for enabling in the [Install] unit file section.</entry>
<entry>0</entry> <entry>0</entry>
</row> </row>
<row> <row>
<entry><literal>indirect</literal></entry> <entry><literal>indirect</literal></entry>
<entry>The unit file itself is not enabled, but it has a non-empty <varname>Also=</varname> setting in the <literal>[Install]</literal> unit file section, listing other unit files that might be enabled, or it has an alias under a different name through a symlink that is not specified in <varname>Also=</varname>. For template unit file, an instance different than the one specified in <varname>DefaultInstance=</varname> is enabled.</entry> <entry>The unit file itself is not enabled, but it has a non-empty <varname>Also=</varname> setting in the [Install] unit file section, listing other unit files that might be enabled, or it has an alias under a different name through a symlink that is not specified in <varname>Also=</varname>. For template unit files, an instance different than the one specified in <varname>DefaultInstance=</varname> is enabled.</entry>
<entry>0</entry> <entry>0</entry>
</row> </row>
<row> <row>
<entry><literal>disabled</literal></entry> <entry><literal>disabled</literal></entry>
<entry>The unit file is not enabled, but contains an <literal>[Install]</literal> section with installation instructions.</entry> <entry>The unit file is not enabled, but contains an [Install] section with installation instructions.</entry>
<entry>&gt; 0</entry> <entry>&gt; 0</entry>
</row> </row>
<row> <row>

View File

@ -509,9 +509,9 @@ NAutoVTs=8
<para>This command will load unit files and print warnings if any errors are detected. Files specified <para>This command will load unit files and print warnings if any errors are detected. Files specified
on the command line will be loaded, but also any other units referenced by them. The full unit search on the command line will be loaded, but also any other units referenced by them. The full unit search
path is formed by combining the directories for all command line arguments, and the usual unit load path is formed by combining the directories for all command line arguments, and the usual unit load
paths (variable <varname>$SYSTEMD_UNIT_PATH</varname> is supported, and may be used to replace or paths. The variable <varname>$SYSTEMD_UNIT_PATH</varname> is supported, and may be used to replace or
augment the compiled in set of unit load paths; see augment the compiled in set of unit load paths; see
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>). All <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. All
units files present in the directories containing the command line arguments will be used in preference units files present in the directories containing the command line arguments will be used in preference
to the other paths.</para> to the other paths.</para>
@ -700,9 +700,9 @@ Service b@0.service not loaded, b.socket cannot be started.
<varlistentry> <varlistentry>
<term><option>--man=no</option></term> <term><option>--man=no</option></term>
<listitem><para>Do not invoke man to verify the existence of <listitem><para>Do not invoke
man pages listed in <varname>Documentation=</varname>. <citerefentry project='man-pages'><refentrytitle>man</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para></listitem> to verify the existence of man pages listed in <varname>Documentation=</varname>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

View File

@ -17,7 +17,7 @@
<refnamediv> <refnamediv>
<refname>systemd-bless-boot-generator</refname> <refname>systemd-bless-boot-generator</refname>
<refpurpose>Pull <filename>systemd-bless-boot.service</filename> into the initial boot transaction when boot counting is in effect.</refpurpose> <refpurpose>Pull <filename>systemd-bless-boot.service</filename> into the initial boot transaction when boot counting is in effect</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -91,7 +91,7 @@
<listitem><para>The boot manager optionally reads a random seed from the ESP partition, combines it <listitem><para>The boot manager optionally reads a random seed from the ESP partition, combines it
with a 'system token' stored in a persistent EFI variable and derives a random seed to use by the OS as with a 'system token' stored in a persistent EFI variable and derives a random seed to use by the OS as
entropy pool initializaton, providing a full entropy pool during early boot.</para></listitem> entropy pool initialization, providing a full entropy pool during early boot.</para></listitem>
</itemizedlist> </itemizedlist>
<para><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> <para><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
@ -313,7 +313,7 @@
is maintained persistently, while <varname>LoaderConfigTimeoutOneShot</varname> is a one-time override which is is maintained persistently, while <varname>LoaderConfigTimeoutOneShot</varname> is a one-time override which is
read once (in which case it takes precedence over <varname>LoaderConfigTimeout</varname>) and then read once (in which case it takes precedence over <varname>LoaderConfigTimeout</varname>) and then
removed. <varname>LoaderConfigTimeout</varname> may be manipulated with the removed. <varname>LoaderConfigTimeout</varname> may be manipulated with the
<keycap>t</keycap>/<keycap>T</keycap> keys, see above.)</para></listitem> <keycap>t</keycap>/<keycap>T</keycap> keys, see above.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -422,9 +422,9 @@
<varlistentry> <varlistentry>
<term><varname>LoaderSystemToken</varname></term> <term><varname>LoaderSystemToken</varname></term>
<listitem><para>A binary random data field, that is used for generating the random see to pass to the <listitem><para>A binary random data field, that is used for generating the random seed to pass to
OS (see above). Note that this random data is generally only generated once, during OS installation, the OS (see above). Note that this random data is generally only generated once, during OS
and is then never updated again.</para></listitem> installation, and is then never updated again.</para></listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

View File

@ -19,7 +19,7 @@
<refname>systemd-gpt-auto-generator</refname> <refname>systemd-gpt-auto-generator</refname>
<refpurpose>Generator for automatically discovering and mounting root, <filename>/home/</filename>, <refpurpose>Generator for automatically discovering and mounting root, <filename>/home/</filename>,
<filename>/srv/</filename>, <filename>/var/</filename> and <filename>/var/tmp/</filename> partitions, as <filename>/srv/</filename>, <filename>/var/</filename> and <filename>/var/tmp/</filename> partitions, as
well as discovering and enabling swap partitions, based on GPT partition type GUIDs.</refpurpose> well as discovering and enabling swap partitions, based on GPT partition type GUIDs</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -217,9 +217,9 @@
</para> </para>
<para>where <para>where
<option>cursor</option> is a cursor string, <replaceable>cursor</replaceable> is a cursor string,
<option>num_skip</option> is an integer, <replaceable>num_skip</replaceable> is an integer,
<option>num_entries</option> is an unsigned integer. <replaceable>num_entries</replaceable> is an unsigned integer.
</para> </para>
<para>Range defaults to all available events.</para> <para>Range defaults to all available events.</para>

View File

@ -267,7 +267,7 @@ openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
those files can be specified using those files can be specified using
<varname>TrustedCertificateFile=</varname>, <varname>TrustedCertificateFile=</varname>,
<varname>ServerCertificateFile=</varname>, <varname>ServerCertificateFile=</varname>,
<varname>ServerKeyFile=</varname>, in and <varname>ServerKeyFile=</varname> in
<filename>/etc/systemd/journal-remote.conf</filename> and <filename>/etc/systemd/journal-remote.conf</filename> and
<filename>/etc/systemd/journal-upload.conf</filename>, <filename>/etc/systemd/journal-upload.conf</filename>,
respectively. The default locations can be queried by using respectively. The default locations can be queried by using

View File

@ -103,7 +103,7 @@
<citerefentry><refentrytitle>systemd-user-sessions.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-user-sessions.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry> <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd-login</refentrytitle><manvolnum>3</manvolnum></citerefentry> <citerefentry><refentrytitle>sd-login</refentrytitle><manvolnum>3</manvolnum></citerefentry>
</para> </para>
</refsect1> </refsect1>

View File

@ -50,10 +50,11 @@
<replaceable>WHERE</replaceable>.</para> <replaceable>WHERE</replaceable>.</para>
<para>In many ways, <command>systemd-mount</command> is similar to the lower-level <para>In many ways, <command>systemd-mount</command> is similar to the lower-level
<citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> command, however instead <citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry>
of executing the mount operation directly and immediately, <command>systemd-mount</command> schedules it through command, however instead of executing the mount operation directly and immediately,
the service manager job queue, so that it may pull in further dependencies (such as parent mounts, or a file system <command>systemd-mount</command> schedules it through the service manager job queue, so that it may pull
checker to execute a priori), and may make use of the auto-mounting logic.</para> in further dependencies (such as parent mounts, or a file system checker to execute a priori), and may
make use of the auto-mounting logic.</para>
<para>The command takes either one or two arguments. If only one argument is specified it should refer to <para>The command takes either one or two arguments. If only one argument is specified it should refer to
a block device or regular file containing a file system (e.g. <literal>/dev/sdb1</literal> or a block device or regular file containing a file system (e.g. <literal>/dev/sdb1</literal> or
@ -61,15 +62,15 @@
label and other metadata, and is mounted to a directory below <filename>/run/media/system/</filename> label and other metadata, and is mounted to a directory below <filename>/run/media/system/</filename>
whose name is generated from the file system label. In this mode the block device or image file must whose name is generated from the file system label. In this mode the block device or image file must
exist at the time of invocation of the command, so that it may be probed. If the device is found to be a exist at the time of invocation of the command, so that it may be probed. If the device is found to be a
removable block device (e.g. a USB stick) an automount point instead of a regular mount point is created removable block device (e.g. a USB stick), an automount point is created instead of a regular mount point
(i.e. the <option>--automount=</option> option is implied, see below).</para> (i.e. the <option>--automount=</option> option is implied, see below).</para>
<para>If two arguments are specified the first indicates the mount source (the <replaceable>WHAT</replaceable>) and <para>If two arguments are specified, the first indicates the mount source (the
the second indicates the path to mount it on (the <replaceable>WHERE</replaceable>). In this mode no probing of the <replaceable>WHAT</replaceable>) and the second indicates the path to mount it on (the
source is attempted, and a backing device node doesn't have to exist yet. However, if this mode is combined with <replaceable>WHERE</replaceable>). In this mode no probing of the source is attempted, and a backing
<option>--discover</option>, device node probing for additional metadata is enabled, and much like in the device node doesn't have to exist. However, if this mode is combined with <option>--discover</option>,
single-argument case discussed above the specified device has to exist at the time of invocation of the device node probing for additional metadata is enabled, and much like in the single-argument case
command.</para> discussed above the specified device has to exist at the time of invocation of the command.</para>
<para>Use the <option>--list</option> command to show a terse table of all local, known block devices with file <para>Use the <option>--list</option> command to show a terse table of all local, known block devices with file
systems that may be mounted with this command.</para> systems that may be mounted with this command.</para>

View File

@ -531,11 +531,9 @@
<term><option>-u</option></term> <term><option>-u</option></term>
<term><option>--user=</option></term> <term><option>--user=</option></term>
<listitem><para>After transitioning into the container, change <listitem><para>After transitioning into the container, change to the specified user defined in the
to the specified user-defined in the container's user container's user database. Like all other systemd-nspawn features, this is not a security feature and
database. Like all other systemd-nspawn features, this is not provides protection against accidental destructive operations only.</para></listitem>
a security feature and provides protection against accidental
destructive operations only.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1167,10 +1165,9 @@
<para>Finally, if set to <literal>auto</literal> the file is left as it is if private networking is <para>Finally, if set to <literal>auto</literal> the file is left as it is if private networking is
turned on (see <option>--private-network</option>). Otherwise, if turned on (see <option>--private-network</option>). Otherwise, if
<filename>systemd-resolved.service</filename> is connectible its stub <filename>systemd-resolved.service</filename> is running its stub <filename>resolv.conf</filename>
<filename>resolv.conf</filename> file is used, and if not the host's file is used, and if not the host's <filename>/etc/resolv.conf</filename> file. In the latter cases
<filename>/etc/resolv.conf</filename> file is used. In the latter cases the file is copied if the the file is copied if the image is writable, and bind mounted otherwise.</para>
image is writable, and bind mounted otherwise.</para>
<para>It's recommended to use <literal>copy-…</literal> or <literal>replace-…</literal> if the <para>It's recommended to use <literal>copy-…</literal> or <literal>replace-…</literal> if the
container shall be able to make changes to the DNS configuration on its own, deviating from the container shall be able to make changes to the DNS configuration on its own, deviating from the
@ -1186,19 +1183,20 @@
<varlistentry> <varlistentry>
<term><option>--timezone=</option></term> <term><option>--timezone=</option></term>
<listitem><para>Configures how <filename>/etc/localtime</filename> inside of the container (i.e. local timezone <listitem><para>Configures how <filename>/etc/localtime</filename> inside of the container
synchronization from host to container) shall be handled. Takes one of <literal>off</literal>, (i.e. local timezone synchronization from host to container) shall be handled. Takes one of
<literal>copy</literal>, <literal>bind</literal>, <literal>symlink</literal>, <literal>delete</literal> or <literal>off</literal>, <literal>copy</literal>, <literal>bind</literal>, <literal>symlink</literal>,
<literal>auto</literal>. If set to <literal>off</literal> the <filename>/etc/localtime</filename> file in the <literal>delete</literal> or <literal>auto</literal>. If set to <literal>off</literal> the
container is left as it is included in the image, and neither modified nor bind mounted over. If set to <filename>/etc/localtime</filename> file in the container is left as it is included in the image, and
<literal>copy</literal> the <filename>/etc/localtime</filename> file of the host is copied into the neither modified nor bind mounted over. If set to <literal>copy</literal> the
container. Similar, if <literal>bind</literal> is used, it is bind mounted from the host into the container. If <filename>/etc/localtime</filename> file of the host is copied into the container. Similarly, if
set to <literal>symlink</literal> a symlink from <filename>/etc/localtime</filename> in the container is <literal>bind</literal> is used, the file is bind mounted from the host into the container. If set to
created pointing to the matching the timezone file of the container that matches the timezone setting on the <literal>symlink</literal>, a symlink is created pointing from <filename>/etc/localtime</filename> in
host. If set to <literal>delete</literal> the file in the container is deleted, should it exist. If set to the container to the timezone file in the container that matches the timezone setting on the host. If
<literal>auto</literal> and the <filename>/etc/localtime</filename> file of the host is a symlink, then set to <literal>delete</literal>, the file in the container is deleted, should it exist. If set to
<literal>symlink</literal> mode is used, and <literal>copy</literal> otherwise, except if the image is <literal>auto</literal> and the <filename>/etc/localtime</filename> file of the host is a symlink,
read-only in which case <literal>bind</literal> is used instead. Defaults to then <literal>symlink</literal> mode is used, and <literal>copy</literal> otherwise, except if the
image is read-only in which case <literal>bind</literal> is used instead. Defaults to
<literal>auto</literal>.</para></listitem> <literal>auto</literal>.</para></listitem>
</varlistentry> </varlistentry>
@ -1441,7 +1439,7 @@
<para>This installs a minimal Fedora distribution into the <para>This installs a minimal Fedora distribution into the
directory <filename index="false">/var/lib/machines/f&fedora_latest_version;</filename> directory <filename index="false">/var/lib/machines/f&fedora_latest_version;</filename>
and then boots an OS in a namespace container in it. Because the installation and then boots that OS in a namespace container. Because the installation
is located underneath the standard <filename>/var/lib/machines/</filename> is located underneath the standard <filename>/var/lib/machines/</filename>
directory, it is also possible to start the machine using directory, it is also possible to start the machine using
<command>systemd-nspawn -M f&fedora_latest_version;</command>.</para> <command>systemd-nspawn -M f&fedora_latest_version;</command>.</para>
@ -1455,7 +1453,7 @@
<para>This installs a minimal Debian unstable distribution into <para>This installs a minimal Debian unstable distribution into
the directory <filename>~/debian-tree/</filename> and then the directory <filename>~/debian-tree/</filename> and then
spawns a shell in a namespace container in it.</para> spawns a shell from this image in a namespace container.</para>
<para><command>debootstrap</command> supports <para><command>debootstrap</command> supports
<ulink url="https://www.debian.org">Debian</ulink>, <ulink url="https://www.debian.org">Debian</ulink>,

View File

@ -44,7 +44,7 @@
<citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, with <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, with
its <command>bootctl random-seed</command> functionality.</para> its <command>bootctl random-seed</command> functionality.</para>
<para>When loading the random seed from disk its file is immediately updated with a new seed retrieved <para>When loading the random seed from disk, the file is immediately updated with a new seed retrieved
from the kernel, in order to ensure no two boots operate with the same random seed. This new seed is from the kernel, in order to ensure no two boots operate with the same random seed. This new seed is
retrieved synchronously from the kernel, which means the service will not complete start-up until the retrieved synchronously from the kernel, which means the service will not complete start-up until the
random pool is fully initialized. On entropy-starved systems this may take a while. This functionality is random pool is fully initialized. On entropy-starved systems this may take a while. This functionality is

View File

@ -57,9 +57,10 @@
available but not yet used. Specifically the following use cases are among those covered:</para> available but not yet used. Specifically the following use cases are among those covered:</para>
<itemizedlist> <itemizedlist>
<listitem><para>The root partition may be grown to cover the whole available disk space</para></listitem> <listitem><para>The root partition may be grown to cover the whole available disk space.</para></listitem>
<listitem><para>A <filename>/home/</filename>, swap or <filename>/srv/</filename> partition can be added in</para></listitem> <listitem><para>A <filename>/home/</filename>, swap or <filename>/srv/</filename> partition can be
<listitem><para>A second (or third, …) root partition may be added in, to cover A/B style setups added.</para></listitem>
<listitem><para>A second (or third, …) root partition may be added, to cover A/B style setups
where a second version of the root file system is alternatingly used for implementing update where a second version of the root file system is alternatingly used for implementing update
schemes. The deployed image would carry only a single partition ("A") but on first boot a second schemes. The deployed image would carry only a single partition ("A") but on first boot a second
partition ("B") for this purpose is automatically created.</para></listitem> partition ("B") for this purpose is automatically created.</para></listitem>
@ -69,7 +70,7 @@
<orderedlist> <orderedlist>
<listitem><para>The <filename>repart.d/*.conf</filename> configuration files are loaded and parsed, <listitem><para>The <filename>repart.d/*.conf</filename> configuration files are loaded and parsed,
and ordered by filename (without the directory suffix). </para></listitem> and ordered by filename (without the directory prefix).</para></listitem>
<listitem><para>The partition table already existing on the block device is loaded and <listitem><para>The partition table already existing on the block device is loaded and
parsed.</para></listitem> parsed.</para></listitem>
@ -119,13 +120,13 @@
</orderedlist> </orderedlist>
<para>As exception to the normally strictly incremental operation, when called in a special "factory <para>As exception to the normally strictly incremental operation, when called in a special "factory
reset" mode <command>systemd-repart</command> may also be used to erase select existing partitions to reset" mode, <command>systemd-repart</command> may also be used to erase existing partitions to
reset an installation back to vendor defaults. This mode of operation is used when either the reset an installation back to vendor defaults. This mode of operation is used when either the
<option>--factory-reset=yes</option> switch is passed on the tool's command line, or the <option>--factory-reset=yes</option> switch is passed on the tool's command line, or the
<option>systemd.factory_reset=yes</option> option specified on the kernel command line, or the <option>systemd.factory_reset=yes</option> option specified on the kernel command line, or the
<varname>FactoryReset</varname> EFI variable (vendor UUID <varname>FactoryReset</varname> EFI variable (vendor UUID
<constant>8cf2644b-4b0b-428f-9387-6d876050dc67</constant>) is set to "yes". It alters the algorithm above <constant>8cf2644b-4b0b-428f-9387-6d876050dc67</constant>) is set to "yes". It alters the algorithm above
slightly: between the 3rd and the 4th step above the any partition marked explicitly via the slightly: between the 3rd and the 4th step above any partition marked explicitly via the
<varname>FactoryReset=</varname> boolean is deleted, and the algorithm restarted, thus immediately <varname>FactoryReset=</varname> boolean is deleted, and the algorithm restarted, thus immediately
re-creating these partitions anew empty.</para> re-creating these partitions anew empty.</para>
@ -267,9 +268,9 @@
<varlistentry> <varlistentry>
<term><option>--definitions=</option></term> <term><option>--definitions=</option></term>
<listitem><para>Takes a file system path. If specified the <filename>*.conf</filename> are directly <listitem><para>Takes a file system path. If specified the <filename>*.conf</filename> files are read
read from the specified directory instead of searching in from the specified directory instead of searching in <filename>/usr/lib/repart.d/*.conf</filename>,
<filename>/usr/lib/repart.d/*.conf</filename>, <filename>/etc/repart.d/*.conf</filename>, <filename>/etc/repart.d/*.conf</filename>,
<filename>/run/repart.d/*.conf</filename>.</para></listitem> <filename>/run/repart.d/*.conf</filename>.</para></listitem>
</varlistentry> </varlistentry>

View File

@ -105,7 +105,7 @@
<title>Options</title> <title>Options</title>
<para>The following options can be configured in the <para>The following options can be configured in the
<literal>[Sleep]</literal> section of [Sleep] section of
<filename>/etc/systemd/sleep.conf</filename> or a <filename>/etc/systemd/sleep.conf</filename> or a
<filename>sleep.conf.d</filename> file:</para> <filename>sleep.conf.d</filename> file:</para>

View File

@ -16,7 +16,7 @@
</refmeta> </refmeta>
<refnamediv> <refnamediv>
<refname>systemd-socket-proxyd</refname> <refname>systemd-socket-proxyd</refname>
<refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose> <refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>
<cmdsynopsis> <cmdsynopsis>

View File

@ -71,19 +71,16 @@
url="https://www.freedesktop.org/wiki/Software/systemd/inhibit">Inhibitor url="https://www.freedesktop.org/wiki/Software/systemd/inhibit">Inhibitor
interface</ulink>.</para> interface</ulink>.</para>
<para>Note that <para>Note that <filename>systemd-suspend.service</filename>,
<filename>systemd-suspend.service</filename>, <filename>systemd-hibernate.service</filename>, <filename>systemd-hybrid-sleep.service</filename>, and
<filename>systemd-hibernate.service</filename>, and <filename>systemd-suspend-then-hibernate.service</filename> should never be executed directly. Instead,
<filename>systemd-hybrid-sleep.service</filename> trigger system sleep with a command such as <command>systemctl suspend</command> or <command>systemctl
<filename>systemd-suspend-then-hibernate.service</filename> hibernate</command>.</para>
should never be executed directly. Instead, trigger system sleep
states with a command such as <literal>systemctl suspend</literal>
or similar.</para>
<para>Internally, this service will echo a string like <para>Internally, this service will echo a string like
<literal>mem</literal> into <filename>/sys/power/state</filename>, <literal>mem</literal> into <filename>/sys/power/state</filename>,
to trigger the actual system suspend. What exactly is written to trigger the actual system suspend. What exactly is written
where can be configured in the <literal>[Sleep]</literal> section where can be configured in the [Sleep] section
of <filename>/etc/systemd/sleep.conf</filename> or a of <filename>/etc/systemd/sleep.conf</filename> or a
<filename>sleep.conf.d</filename> file. See <filename>sleep.conf.d</filename> file. See
<citerefentry><refentrytitle>systemd-sleep.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>. <citerefentry><refentrytitle>systemd-sleep.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.

View File

@ -58,7 +58,7 @@
<title>Options</title> <title>Options</title>
<para>All options are configured in the <para>All options are configured in the
<literal>[Manager]</literal> section:</para> [Manager] section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>
@ -149,7 +149,7 @@
for details. During the first phase of the shutdown operation the system and service manager remains running for details. During the first phase of the shutdown operation the system and service manager remains running
and hence <varname>RuntimeWatchdogSec=</varname> is still honoured. In order to define a timeout on this first and hence <varname>RuntimeWatchdogSec=</varname> is still honoured. In order to define a timeout on this first
phase of system shutdown, configure <varname>JobTimeoutSec=</varname> and <varname>JobTimeoutAction=</varname> phase of system shutdown, configure <varname>JobTimeoutSec=</varname> and <varname>JobTimeoutAction=</varname>
in the <literal>[Unit]</literal> section of the <filename>shutdown.target</filename> unit. By default in the [Unit] section of the <filename>shutdown.target</filename> unit. By default
<varname>RuntimeWatchdogSec=</varname> defaults to 0 (off), and <varname>RebootWatchdogSec=</varname> to <varname>RuntimeWatchdogSec=</varname> defaults to 0 (off), and <varname>RebootWatchdogSec=</varname> to
10min. <varname>KExecWatchdogSec=</varname> may be used to additionally enable the watchdog when kexec 10min. <varname>KExecWatchdogSec=</varname> may be used to additionally enable the watchdog when kexec
is being executed rather than when rebooting. Note that if the kernel does not reset the watchdog on kexec (depending is being executed rather than when rebooting. Note that if the kernel does not reset the watchdog on kexec (depending
@ -387,9 +387,9 @@
units. See units. See
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> for <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
details. These settings may be overridden in individual units using the corresponding details. These settings may be overridden in individual units using the corresponding
<varname>LimitXXX=</varname> directives, see <varname>LimitXXX=</varname> directives and they accept the same parameter syntax,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, for see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
details, and they accept the same parameter syntax. Note that these resource limits are only defaults for details. Note that these resource limits are only defaults
for units, they are not applied to the service manager process (i.e. PID 1) itself.</para></listitem> for units, they are not applied to the service manager process (i.e. PID 1) itself.</para></listitem>
</varlistentry> </varlistentry>

View File

@ -18,7 +18,7 @@
<refnamediv> <refnamediv>
<refname>systemd-time-wait-sync.service</refname> <refname>systemd-time-wait-sync.service</refname>
<refname>systemd-time-wait-sync</refname> <refname>systemd-time-wait-sync</refname>
<refpurpose>Wait Until Kernel Time Synchronized</refpurpose> <refpurpose>Wait until kernel time is synchronized</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -35,9 +35,9 @@
this unit type. See this unit type. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic <literal>[Unit]</literal> and configuration items are configured in the generic [Unit] and
<literal>[Install]</literal> sections. The automount specific configuration options [Install] sections. The automount specific configuration options
are configured in the <literal>[Automount]</literal> section.</para> are configured in the [Automount] section.</para>
<para>Automount units must be named after the automount directories they control. Example: the automount point <para>Automount units must be named after the automount directories they control. Example: the automount point
<filename index="false">/home/lennart</filename> must be configured in a unit file <filename index="false">/home/lennart</filename> must be configured in a unit file

View File

@ -36,8 +36,8 @@
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic configuration items are configured in the generic
<literal>[Unit]</literal> and <literal>[Install]</literal> [Unit] and [Install]
sections. A separate <literal>[Device]</literal> section does not sections. A separate [Device] section does not
exist, since no device-specific options may be configured.</para> exist, since no device-specific options may be configured.</para>
<para>systemd will dynamically create device units for all kernel <para>systemd will dynamically create device units for all kernel
@ -60,7 +60,7 @@
<para>Device units will be reloaded by systemd whenever the <para>Device units will be reloaded by systemd whenever the
corresponding device generates a <literal>changed</literal> event. corresponding device generates a <literal>changed</literal> event.
Other units can use <varname>ReloadPropagatedFrom=</varname> to react Other units can use <varname>ReloadPropagatedFrom=</varname> to react
to that event</para> to that event.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>

View File

@ -64,7 +64,7 @@
<refsect1> <refsect1>
<title>[Service] Section Options</title> <title>[Service] Section Options</title>
<para>The network service file contains a <literal>[Service]</literal> <para>The network service file contains a [Service]
section, which specifies a discoverable network service announced in a section, which specifies a discoverable network service announced in a
local network with Multicast DNS broadcasts.</para> local network with Multicast DNS broadcasts.</para>

View File

@ -511,10 +511,11 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
<varlistentry> <varlistentry>
<term><varname>AppArmorProfile=</varname></term> <term><varname>AppArmorProfile=</varname></term>
<listitem><para>Takes a profile name as argument. The process executed by the unit will switch to this profile <listitem><para>Takes a profile name as argument. The process executed by the unit will switch to
when started. Profiles must already be loaded in the kernel, or the unit will fail. This result in a non this profile when started. Profiles must already be loaded in the kernel, or the unit will fail. If
operation if AppArmor is not enabled. If prefixed by <literal>-</literal>, all errors will be ignored. This prefixed by <literal>-</literal>, all errors will be ignored. This setting has no effect if AppArmor
does not affect commands prefixed with <literal>+</literal>.</para></listitem> is not enabled. This setting not affect commands prefixed with <literal>+</literal>.</para>
</listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -880,7 +881,7 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
in <varname>NUMAMask=</varname>. For more details on each policy please see, in <varname>NUMAMask=</varname>. For more details on each policy please see,
<citerefentry><refentrytitle>set_mempolicy</refentrytitle><manvolnum>2</manvolnum></citerefentry>. For overall <citerefentry><refentrytitle>set_mempolicy</refentrytitle><manvolnum>2</manvolnum></citerefentry>. For overall
overview of NUMA support in Linux see, overview of NUMA support in Linux see,
<citerefentry project='man-pages'><refentrytitle>numa</refentrytitle><manvolnum>7</manvolnum></citerefentry> <citerefentry project='man-pages'><refentrytitle>numa</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para></listitem> </para></listitem>
</varlistentry> </varlistentry>
@ -1067,14 +1068,16 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
<varname>RootDirectory=</varname> or <varname>RootImage=</varname> these paths always reside on the host and <varname>RootDirectory=</varname> or <varname>RootImage=</varname> these paths always reside on the host and
are mounted from there into the unit's file system namespace.</para> are mounted from there into the unit's file system namespace.</para>
<para>If <varname>DynamicUser=</varname> is used in conjunction with <varname>StateDirectory=</varname>, <para>If <varname>DynamicUser=</varname> is used in conjunction with
<varname>CacheDirectory=</varname> and <varname>LogsDirectory=</varname> is slightly altered: the directories <varname>StateDirectory=</varname>, the logic for <varname>CacheDirectory=</varname> and
are created below <filename>/var/lib/private</filename>, <filename>/var/cache/private</filename> and <varname>LogsDirectory=</varname> is slightly altered: the directories are created below
<filename>/var/lib/private</filename>, <filename>/var/cache/private</filename> and
<filename>/var/log/private</filename>, respectively, which are host directories made inaccessible to <filename>/var/log/private</filename>, respectively, which are host directories made inaccessible to
unprivileged users, which ensures that access to these directories cannot be gained through dynamic user ID unprivileged users, which ensures that access to these directories cannot be gained through dynamic
recycling. Symbolic links are created to hide this difference in behaviour. Both from perspective of the host user ID recycling. Symbolic links are created to hide this difference in behaviour. Both from
and from inside the unit, the relevant directories hence always appear directly below perspective of the host and from inside the unit, the relevant directories hence always appear
<filename>/var/lib</filename>, <filename>/var/cache</filename> and <filename>/var/log</filename>.</para> directly below <filename>/var/lib</filename>, <filename>/var/cache</filename> and
<filename>/var/log</filename>.</para>
<para>Use <varname>RuntimeDirectory=</varname> to manage one or more runtime directories for the unit and bind <para>Use <varname>RuntimeDirectory=</varname> to manage one or more runtime directories for the unit and bind
their lifetime to the daemon runtime. This is particularly useful for unprivileged daemons that cannot create their lifetime to the daemon runtime. This is particularly useful for unprivileged daemons that cannot create
@ -1238,8 +1241,8 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
<term><varname>PrivateTmp=</varname></term> <term><varname>PrivateTmp=</varname></term>
<listitem><para>Takes a boolean argument. If true, sets up a new file system namespace for the executed <listitem><para>Takes a boolean argument. If true, sets up a new file system namespace for the executed
processes and mounts private <filename>/tmp</filename> and <filename>/var/tmp</filename> directories inside it processes and mounts private <filename>/tmp/</filename> and <filename>/var/tmp/</filename> directories inside it
that is not shared by processes outside of the namespace. This is useful to secure access to temporary files of that are not shared by processes outside of the namespace. This is useful to secure access to temporary files of
the process, but makes sharing between processes via <filename>/tmp</filename> or <filename>/var/tmp</filename> the process, but makes sharing between processes via <filename>/tmp</filename> or <filename>/var/tmp</filename>
impossible. If this is enabled, all temporary files created by a service in these directories will be removed impossible. If this is enabled, all temporary files created by a service in these directories will be removed
after the service is stopped. Defaults to false. It is possible to run two or more units within the same after the service is stopped. Defaults to false. It is possible to run two or more units within the same
@ -1399,7 +1402,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
this option removes <constant>CAP_SYS_TIME</constant> and <constant>CAP_WAKE_ALARM</constant> from the this option removes <constant>CAP_SYS_TIME</constant> and <constant>CAP_WAKE_ALARM</constant> from the
capability bounding set for this unit, installs a system call filter to block calls that can set the capability bounding set for this unit, installs a system call filter to block calls that can set the
clock, and <varname>DeviceAllow=char-rtc r</varname> is implied. This ensures <filename>/dev/rtc0</filename>, clock, and <varname>DeviceAllow=char-rtc r</varname> is implied. This ensures <filename>/dev/rtc0</filename>,
<filename>/dev/rtc1</filename>, etc are made read only to the service. See <filename>/dev/rtc1</filename>, etc. are made read-only to the service. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the details about <varname>DeviceAllow=</varname>.</para> for the details about <varname>DeviceAllow=</varname>.</para>
@ -1495,7 +1498,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>) <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
are unaffected. Also, sockets created with <function>socketpair()</function> (which creates connected are unaffected. Also, sockets created with <function>socketpair()</function> (which creates connected
AF_UNIX sockets only) are unaffected. Note that this option has no effect on 32-bit x86, s390, s390x, AF_UNIX sockets only) are unaffected. Note that this option has no effect on 32-bit x86, s390, s390x,
mips, mips-le, ppc, ppc-le, pcc64, ppc64-le and is ignored (but works correctly on other ABIs, mips, mips-le, ppc, ppc-le, ppc64, ppc64-le and is ignored (but works correctly on other ABIs,
including x86-64). Note that on systems supporting multiple ABIs (such as x86/x86-64) it is including x86-64). Note that on systems supporting multiple ABIs (such as x86/x86-64) it is
recommended to turn off alternative ABIs for services, so that they cannot be used to circumvent the recommended to turn off alternative ABIs for services, so that they cannot be used to circumvent the
restrictions of this option. Specifically, it is recommended to combine this option with restrictions of this option. Specifically, it is recommended to combine this option with
@ -1803,7 +1806,7 @@ RestrictNamespaces=~cgroup net</programlisting>
</row> </row>
<row> <row>
<entry>@file-system</entry> <entry>@file-system</entry>
<entry>File system operations: opening, creating files and directories for read and write, renaming and removing them, reading file properties, or creating hard and symbolic links.</entry> <entry>File system operations: opening, creating files and directories for read and write, renaming and removing them, reading file properties, or creating hard and symbolic links</entry>
</row> </row>
<row> <row>
<entry>@io-event</entry> <entry>@io-event</entry>
@ -1819,7 +1822,7 @@ RestrictNamespaces=~cgroup net</programlisting>
</row> </row>
<row> <row>
<entry>@memlock</entry> <entry>@memlock</entry>
<entry>Locking of memory into RAM (<citerefentry project='man-pages'><refentrytitle>mlock</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>mlockall</refentrytitle><manvolnum>2</manvolnum></citerefentry> and related calls)</entry> <entry>Locking of memory in RAM (<citerefentry project='man-pages'><refentrytitle>mlock</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>mlockall</refentrytitle><manvolnum>2</manvolnum></citerefentry> and related calls)</entry>
</row> </row>
<row> <row>
<entry>@module</entry> <entry>@module</entry>
@ -1843,7 +1846,7 @@ RestrictNamespaces=~cgroup net</programlisting>
</row> </row>
<row> <row>
<entry>@process</entry> <entry>@process</entry>
<entry>Process control, execution, namespaceing operations (<citerefentry project='man-pages'><refentrytitle>clone</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>kill</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>, …</entry> <entry>Process control, execution, namespaceing operations (<citerefentry project='man-pages'><refentrytitle>clone</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>kill</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>, …)</entry>
</row> </row>
<row> <row>
<entry>@raw-io</entry> <entry>@raw-io</entry>
@ -1871,7 +1874,7 @@ RestrictNamespaces=~cgroup net</programlisting>
</row> </row>
<row> <row>
<entry>@sync</entry> <entry>@sync</entry>
<entry>Synchronizing files and memory to disk: (<citerefentry project='man-pages'><refentrytitle>fsync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>msync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, and related calls)</entry> <entry>Synchronizing files and memory to disk (<citerefentry project='man-pages'><refentrytitle>fsync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>msync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, and related calls)</entry>
</row> </row>
<row> <row>
<entry>@system-service</entry> <entry>@system-service</entry>
@ -1949,7 +1952,7 @@ SystemCallErrorNumber=EPERM</programlisting>
manager is compiled for). If running in user mode, or in system mode, but without the manager is compiled for). If running in user mode, or in system mode, but without the
<constant>CAP_SYS_ADMIN</constant> capability (e.g. setting <varname>User=nobody</varname>), <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting <varname>User=nobody</varname>),
<varname>NoNewPrivileges=yes</varname> is implied. By default, this option is set to the empty list, i.e. no <varname>NoNewPrivileges=yes</varname> is implied. By default, this option is set to the empty list, i.e. no
system call architecture filtering is applied.</para> filtering is applied.</para>
<para>If this setting is used, processes of this unit will only be permitted to call native system calls, and <para>If this setting is used, processes of this unit will only be permitted to call native system calls, and
system calls of the specified architectures. For the purposes of this option, the x32 architecture is treated system calls of the specified architectures. For the purposes of this option, the x32 architecture is treated
@ -2213,8 +2216,9 @@ SystemCallErrorNumber=EPERM</programlisting>
<constant>AF_UNIX</constant> socket in the file system, as in that case only a <constant>AF_UNIX</constant> socket in the file system, as in that case only a
single stream connection is created for both input and output.</para> single stream connection is created for both input and output.</para>
<para><option>append:<replaceable>path</replaceable></option> is similar to <option>file:<replaceable>path <para><option>append:<replaceable>path</replaceable></option> is similar to
</replaceable></option> above, but it opens the file in append mode.</para> <option>file:<replaceable>path</replaceable></option> above, but it opens the file in append mode.
</para>
<para><option>socket</option> connects standard output to a socket acquired via socket activation. The <para><option>socket</option> connects standard output to a socket acquired via socket activation. The
semantics are similar to the same option of <varname>StandardInput=</varname>, see above.</para> semantics are similar to the same option of <varname>StandardInput=</varname>, see above.</para>
@ -2551,7 +2555,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
<varname>UnsetEnvironment=</varname> are removed again from the compiled environment variable list, immediately <varname>UnsetEnvironment=</varname> are removed again from the compiled environment variable list, immediately
before it is passed to the executed process.</para> before it is passed to the executed process.</para>
<para>The following select environment variables are set or propagated by the service manager for each invoked <para>The following environment variables are set or propagated by the service manager for each invoked
process:</para> process:</para>
<variablelist class='environment-variables'> <variablelist class='environment-variables'>
@ -2622,7 +2626,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
<term><varname>$LOGS_DIRECTORY</varname></term> <term><varname>$LOGS_DIRECTORY</varname></term>
<term><varname>$CONFIGURATION_DIRECTORY</varname></term> <term><varname>$CONFIGURATION_DIRECTORY</varname></term>
<listitem><para>Contains and absolute paths to the directories defined with <listitem><para>Absolute paths to the directories defined with
<varname>RuntimeDirectory=</varname>, <varname>StateDirectory=</varname>, <varname>RuntimeDirectory=</varname>, <varname>StateDirectory=</varname>,
<varname>CacheDirectory=</varname>, <varname>LogsDirectory=</varname>, and <varname>CacheDirectory=</varname>, <varname>LogsDirectory=</varname>, and
<varname>ConfigurationDirectory=</varname> when those settings are used.</para> <varname>ConfigurationDirectory=</varname> when those settings are used.</para>
@ -3228,7 +3232,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
<row> <row>
<entry>242</entry> <entry>242</entry>
<entry><constant>EXIT_NUMA_POLICY</constant></entry> <entry><constant>EXIT_NUMA_POLICY</constant></entry>
<entry>Failed to set up unit's NUMA memory policy. See <varname>NUMAPolicy=</varname> and <varname>NUMAMask=</varname>above.</entry> <entry>Failed to set up unit's NUMA memory policy. See <varname>NUMAPolicy=</varname> and <varname>NUMAMask=</varname> above.</entry>
</row> </row>
</tbody> </tbody>

View File

@ -524,7 +524,8 @@
structured log entries via calls such as structured log entries via calls such as
<citerefentry><refentrytitle>sd_journal_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>. <citerefentry><refentrytitle>sd_journal_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
They may also not be used as matches for They may also not be used as matches for
<citerefentry><refentrytitle>sd_journal_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry></para> <citerefentry><refentrytitle>sd_journal_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
<variablelist class='journal-directives'> <variablelist class='journal-directives'>
<varlistentry> <varlistentry>

View File

@ -151,7 +151,7 @@
terminate upon receiving the initial <constant>SIGTERM</constant> terminate upon receiving the initial <constant>SIGTERM</constant>
signal. This can be achieved by configuring <varname>LimitCORE=</varname> signal. This can be achieved by configuring <varname>LimitCORE=</varname>
and setting <varname>FinalKillSignal=</varname> to either and setting <varname>FinalKillSignal=</varname> to either
<constant>SIGQUIT</constant> or <constant>SIGABRT</constant> <constant>SIGQUIT</constant> or <constant>SIGABRT</constant>.
Defaults to <constant>SIGKILL</constant>. Defaults to <constant>SIGKILL</constant>.
</para></listitem> </para></listitem>
</varlistentry> </varlistentry>

View File

@ -64,8 +64,8 @@
<title>[Match] Section Options</title> <title>[Match] Section Options</title>
<para>A link file is said to match a device if all matches specified by the <para>A link file is said to match a device if all matches specified by the
<literal>[Match]</literal> section are satisfied. When a link file does not contain valid settings [Match] section are satisfied. When a link file does not contain valid settings
in <literal>[Match]</literal> section, then the file will match all devices and in [Match] section, then the file will match all devices and
<command>systemd-udevd</command> warns about that. Hint: to avoid the warning and to make it clear <command>systemd-udevd</command> warns about that. Hint: to avoid the warning and to make it clear
that all interfaces shall be matched, add the following: that all interfaces shall be matched, add the following:
<programlisting>OriginalName=*</programlisting> <programlisting>OriginalName=*</programlisting>

View File

@ -34,9 +34,9 @@
this unit type. See this unit type. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic <literal>[Unit]</literal> and configuration items are configured in the generic [Unit] and
<literal>[Install]</literal> sections. The mount specific configuration options are [Install] sections. The mount specific configuration options are
configured in the <literal>[Mount]</literal> section.</para> configured in the [Mount] section.</para>
<para>Additional options are listed in <para>Additional options are listed in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,

View File

@ -357,7 +357,7 @@
</variablelist> </variablelist>
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this <para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this
particular version of systemd.</para> particular version of systemd).</para>
</refsect1> </refsect1>
<refsect1> <refsect1>

View File

@ -114,10 +114,10 @@
<entry>An IPv4 over IPv4 tunnel.</entry></row> <entry>An IPv4 over IPv4 tunnel.</entry></row>
<row><entry><varname>ipvlan</varname></entry> <row><entry><varname>ipvlan</varname></entry>
<entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row> <entry>An IPVLAN device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
<row><entry><varname>ipvtap</varname></entry> <row><entry><varname>ipvtap</varname></entry>
<entry>An ipvtap device is a stacked device which receives packets from its underlying device based on IP address filtering and can be accessed using the tap user space interface.</entry></row> <entry>An IPVTAP device is a stacked device which receives packets from its underlying device based on IP address filtering and can be accessed using the tap user space interface.</entry></row>
<row><entry><varname>macvlan</varname></entry> <row><entry><varname>macvlan</varname></entry>
<entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row> <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
@ -193,7 +193,7 @@
<title>[Match] Section Options</title> <title>[Match] Section Options</title>
<para>A virtual network device is only created if the <para>A virtual network device is only created if the
<literal>[Match]</literal> section matches the current [Match] section matches the current
environment, or if the section is empty. The following keys are environment, or if the section is empty. The following keys are
accepted:</para> accepted:</para>
@ -259,7 +259,7 @@
<refsect1> <refsect1>
<title>[NetDev] Section Options</title> <title>[NetDev] Section Options</title>
<para>The <literal>[NetDev]</literal> section accepts the <para>The [NetDev] section accepts the
following keys:</para> following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -273,13 +273,13 @@
<term><varname>Name=</varname></term> <term><varname>Name=</varname></term>
<listitem> <listitem>
<para>The interface name used when creating the netdev. <para>The interface name used when creating the netdev.
This option is compulsory.</para> This setting is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>Kind=</varname></term> <term><varname>Kind=</varname></term>
<listitem> <listitem>
<para>The netdev kind. This option is compulsory. See the <para>The netdev kind. This setting is compulsory. See the
<literal>Supported netdev kinds</literal> section for the <literal>Supported netdev kinds</literal> section for the
valid keys.</para> valid keys.</para>
</listitem> </listitem>
@ -287,10 +287,10 @@
<varlistentry> <varlistentry>
<term><varname>MTUBytes=</varname></term> <term><varname>MTUBytes=</varname></term>
<listitem> <listitem>
<para>The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G, <para>The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G
are supported and are understood to the base of 1024. For <literal>tun</literal> or are supported and are understood to the base of 1024. For <literal>tun</literal> or
<literal>tap</literal> devices, <varname>MTUBytes=</varname> setting is not currently supported in <literal>tap</literal> devices, <varname>MTUBytes=</varname> setting is not currently supported in
<literal>[NetDev]</literal> section. Please specify it in <literal>[Link]</literal> section of [NetDev] section. Please specify it in [Link] section of
corresponding corresponding
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
files.</para> files.</para>
@ -300,8 +300,8 @@
<term><varname>MACAddress=</varname></term> <term><varname>MACAddress=</varname></term>
<listitem> <listitem>
<para>The MAC address to use for the device. For <literal>tun</literal> or <literal>tap</literal> <para>The MAC address to use for the device. For <literal>tun</literal> or <literal>tap</literal>
devices, setting <varname>MACAddress=</varname> in the <literal>[NetDev]</literal> section is not devices, setting <varname>MACAddress=</varname> in the [NetDev] section is not
supported. Please specify it in <literal>[Link]</literal> section of the corresponding supported. Please specify it in [Link] section of the corresponding
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
file. If this option is not set, <literal>vlan</literal> devices inherit the MAC address of the file. If this option is not set, <literal>vlan</literal> devices inherit the MAC address of the
physical interface. For other kind of netdevs, if this option is not set, then MAC address is physical interface. For other kind of netdevs, if this option is not set, then MAC address is
@ -316,7 +316,7 @@
<refsect1> <refsect1>
<title>[Bridge] Section Options</title> <title>[Bridge] Section Options</title>
<para>The <literal>[Bridge]</literal> section only applies for <para>The [Bridge] section only applies for
netdevs of kind <literal>bridge</literal>, and accepts the netdevs of kind <literal>bridge</literal>, and accepts the
following keys:</para> following keys:</para>
@ -436,7 +436,7 @@
<refsect1> <refsect1>
<title>[VLAN] Section Options</title> <title>[VLAN] Section Options</title>
<para>The <literal>[VLAN]</literal> section only applies for <para>The [VLAN] section only applies for
netdevs of kind <literal>vlan</literal>, and accepts the netdevs of kind <literal>vlan</literal>, and accepts the
following key:</para> following key:</para>
@ -445,7 +445,7 @@
<term><varname>Id=</varname></term> <term><varname>Id=</varname></term>
<listitem> <listitem>
<para>The VLAN ID to use. An integer in the range 04094. <para>The VLAN ID to use. An integer in the range 04094.
This option is compulsory.</para> This setting is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -478,8 +478,8 @@
<varlistentry> <varlistentry>
<term><varname>ReorderHeader=</varname></term> <term><varname>ReorderHeader=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. The VLAN reorder header is set VLAN interfaces behave like physical interfaces. <para>Takes a boolean. When enabled, the VLAN reorder header is used and VLAN interfaces behave
When unset, the kernel's default will be used.</para> like physical interfaces. When unset, the kernel's default will be used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -488,7 +488,7 @@
<refsect1> <refsect1>
<title>[MACVLAN] Section Options</title> <title>[MACVLAN] Section Options</title>
<para>The <literal>[MACVLAN]</literal> section only applies for <para>The [MACVLAN] section only applies for
netdevs of kind <literal>macvlan</literal>, and accepts the netdevs of kind <literal>macvlan</literal>, and accepts the
following key:</para> following key:</para>
@ -510,15 +510,15 @@
<refsect1> <refsect1>
<title>[MACVTAP] Section Options</title> <title>[MACVTAP] Section Options</title>
<para>The <literal>[MACVTAP]</literal> section applies for <para>The [MACVTAP] section applies for
netdevs of kind <literal>macvtap</literal> and accepts the netdevs of kind <literal>macvtap</literal> and accepts the
same key as <literal>[MACVLAN]</literal>.</para> same key as [MACVLAN].</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>[IPVLAN] Section Options</title> <title>[IPVLAN] Section Options</title>
<para>The <literal>[IPVLAN]</literal> section only applies for <para>The [IPVLAN] section only applies for
netdevs of kind <literal>ipvlan</literal>, and accepts the netdevs of kind <literal>ipvlan</literal>, and accepts the
following key:</para> following key:</para>
@ -545,15 +545,15 @@
<refsect1> <refsect1>
<title>[IPVTAP] Section Options</title> <title>[IPVTAP] Section Options</title>
<para>The <literal>[IPVTAP]</literal> section only applies for <para>The [IPVTAP] section only applies for
netdevs of kind <literal>ipvtap</literal> and accepts the netdevs of kind <literal>ipvtap</literal> and accepts the
same key as <literal>[IPVLAN]</literal>.</para> same key as [IPVLAN].</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>[VXLAN] Section Options</title> <title>[VXLAN] Section Options</title>
<para>The <literal>[VXLAN]</literal> section only applies for <para>The [VXLAN] section only applies for
netdevs of kind <literal>vxlan</literal>, and accepts the netdevs of kind <literal>vxlan</literal>, and accepts the
following keys:</para> following keys:</para>
@ -579,7 +579,8 @@
<varlistentry> <varlistentry>
<term><varname>Group=</varname></term> <term><varname>Group=</varname></term>
<listitem> <listitem>
<para>Configures VXLAN multicast group IP address. All members of a VXLAN must use the same multicast group address.</para> <para>Configures VXLAN multicast group IP address. All members of a VXLAN must use the same
multicast group address.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -637,8 +638,7 @@
<varlistentry> <varlistentry>
<term><varname>L3MissNotification=</varname></term> <term><varname>L3MissNotification=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. When true, enables netlink IP address miss <para>Takes a boolean. When true, enables netlink IP address miss notifications.</para>
notifications.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -739,7 +739,7 @@
<refsect1> <refsect1>
<title>[GENEVE] Section Options</title> <title>[GENEVE] Section Options</title>
<para>The <literal>[GENEVE]</literal> section only applies for <para>The [GENEVE] section only applies for
netdevs of kind <literal>geneve</literal>, and accepts the netdevs of kind <literal>geneve</literal>, and accepts the
following keys:</para> following keys:</para>
@ -765,15 +765,16 @@
<varlistentry> <varlistentry>
<term><varname>TTL=</varname></term> <term><varname>TTL=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in <literal>[VXLAN]</literal> section except when unset or <para>Accepts the same values as in the [VXLAN] section, except that when unset
set to 0, the kernel's default will be used meaning that packets TTL will be set from or set to 0, the kernel's default will be used, meaning that packet TTL will be set from
<filename>/proc/sys/net/ipv4/ip_default_ttl</filename>.</para> <filename>/proc/sys/net/ipv4/ip_default_ttl</filename>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>UDPChecksum=</varname></term> <term><varname>UDPChecksum=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para> <para>Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets
over IPv4.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -804,7 +805,7 @@
<varlistentry> <varlistentry>
<term><varname>IPDoNotFragment=</varname></term> <term><varname>IPDoNotFragment=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in <literal>[VXLAN]</literal> section.</para> <para>Accepts the same key in [VXLAN] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -813,7 +814,7 @@
<refsect1> <refsect1>
<title>[L2TP] Section Options</title> <title>[L2TP] Section Options</title>
<para>The <literal>[L2TP]</literal> section only applies for <para>The [L2TP] section only applies for
netdevs of kind <literal>l2tp</literal>, and accepts the netdevs of kind <literal>l2tp</literal>, and accepts the
following keys:</para> following keys:</para>
@ -821,21 +822,23 @@
<varlistentry> <varlistentry>
<term><varname>TunnelId=</varname></term> <term><varname>TunnelId=</varname></term>
<listitem> <listitem>
<para>Specifies the tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer. <para>Specifies the tunnel identifier. Takes an number in the range 14294967295. The value used
Ranges a number between 1 and 4294967295). This option is compulsory.</para> must match the <literal>PeerTunnelId=</literal> value being used at the peer. This setting is
compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PeerTunnelId=</varname></term> <term><varname>PeerTunnelId=</varname></term>
<listitem> <listitem>
<para>Specifies the peer tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer. <para>Specifies the peer tunnel id. Takes a number in the range 1—4294967295. The value used must
Ranges a number between 1 and 4294967295). This option is compulsory.</para> match the <literal>PeerTunnelId=</literal> value being used at the peer. This setting is
compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>Remote=</varname></term> <term><varname>Remote=</varname></term>
<listitem> <listitem>
<para>Specifies the IP address of the remote peer. This option is compulsory.</para> <para>Specifies the IP address of the remote peer. This setting is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -852,27 +855,29 @@
<varlistentry> <varlistentry>
<term><varname>EncapsulationType=</varname></term> <term><varname>EncapsulationType=</varname></term>
<listitem> <listitem>
<para>Specifies the encapsulation type of the tunnel. Takes one of <literal>udp</literal> or <literal>ip</literal>.</para> <para>Specifies the encapsulation type of the tunnel. Takes one of <literal>udp</literal> or
<literal>ip</literal>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>UDPSourcePort=</varname></term> <term><varname>UDPSourcePort=</varname></term>
<listitem> <listitem>
<para>Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected it's mandotory. Ignored when ip <para>Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected
encapsulation is selected.</para> it's mandatory. Ignored when IP encapsulation is selected.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>UDPDestinationPort=</varname></term> <term><varname>UDPDestinationPort=</varname></term>
<listitem> <listitem>
<para>Specifies destination port. When UDP encapsulation is selected it's mandotory. Ignored when ip <para>Specifies destination port. When UDP encapsulation is selected it's mandatory. Ignored when IP
encapsulation is selected.</para> encapsulation is selected.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>UDPChecksum=</varname></term> <term><varname>UDPChecksum=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para> <para>Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets
over IPv4.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -893,28 +898,30 @@
<refsect1> <refsect1>
<title>[L2TPSession] Section Options</title> <title>[L2TPSession] Section Options</title>
<para>The <literal>[L2TPSession]</literal> section only applies for <para>The [L2TPSession] section only applies for
netdevs of kind <literal>l2tp</literal>, and accepts the netdevs of kind <literal>l2tp</literal>, and accepts the
following keys:</para> following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>Name=</varname></term> <term><varname>Name=</varname></term>
<listitem> <listitem>
<para>Specifies the name of the session. This option is compulsory.</para> <para>Specifies the name of the session. This setting is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>SessionId=</varname></term> <term><varname>SessionId=</varname></term>
<listitem> <listitem>
<para>Specifies the session id. The value used must match the <literal>SessionId=</literal> value being used at the peer. <para>Specifies the session identifier. Takes an number in the range 14294967295. The value used
Ranges a number between 1 and 4294967295). This option is compulsory.</para> must match the <literal>SessionId=</literal> value being used at the peer. This setting is
compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PeerSessionId=</varname></term> <term><varname>PeerSessionId=</varname></term>
<listitem> <listitem>
<para>Specifies the peer session id. The value used must match the <literal>PeerSessionId=</literal> value being used at the peer. <para>Specifies the peer session identifier. Takes an number in the range 14294967295.
Ranges a number between 1 and 4294967295). This option is compulsory.</para> The value used must match the <literal>PeerSessionId=</literal> value being used at the peer.
This setting is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -929,7 +936,7 @@
<refsect1> <refsect1>
<title>[MACsec] Section Options</title> <title>[MACsec] Section Options</title>
<para>The <literal>[MACsec]</literal> section only applies for network devices of kind <para>The [MACsec] section only applies for network devices of kind
<literal>macsec</literal>, and accepts the following keys:</para> <literal>macsec</literal>, and accepts the following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -952,7 +959,7 @@
<refsect1> <refsect1>
<title>[MACsecReceiveChannel] Section Options</title> <title>[MACsecReceiveChannel] Section Options</title>
<para>The <literal>[MACsecReceiveChannel]</literal> section only applies for network devices of <para>The [MACsecReceiveChannel] section only applies for network devices of
kind <literal>macsec</literal>, and accepts the following keys:</para> kind <literal>macsec</literal>, and accepts the following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -968,7 +975,7 @@
<term><varname>MACAddress=</varname></term> <term><varname>MACAddress=</varname></term>
<listitem> <listitem>
<para>Specifies the MAC address to be used for the MACsec receive channel. The MAC address <para>Specifies the MAC address to be used for the MACsec receive channel. The MAC address
used to make secure channel identifier (SCI). This option is compulsory, and is not set by used to make secure channel identifier (SCI). This setting is compulsory, and is not set by
default.</para> default.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -978,7 +985,7 @@
<refsect1> <refsect1>
<title>[MACsecTransmitAssociation] Section Options</title> <title>[MACsecTransmitAssociation] Section Options</title>
<para>The <literal>[MACsecTransmitAssociation]</literal> section only applies for network devices <para>The [MACsecTransmitAssociation] section only applies for network devices
of kind <literal>macsec</literal>, and accepts the following keys:</para> of kind <literal>macsec</literal>, and accepts the following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1002,7 +1009,7 @@
<term><varname>Key=</varname></term> <term><varname>Key=</varname></term>
<listitem> <listitem>
<para>Specifies the encryption key used in the transmission channel. The same key must be <para>Specifies the encryption key used in the transmission channel. The same key must be
configured on the peers matching receive channel. This option is compulsory, and is not set configured on the peers matching receive channel. This setting is compulsory, and is not set
by default. Takes a 128-bit key encoded in a hexadecimal string, for example by default. Takes a 128-bit key encoded in a hexadecimal string, for example
<literal>dffafc8d7b9a43d5b9a3dfbbf6a30c16</literal>.</para> <literal>dffafc8d7b9a43d5b9a3dfbbf6a30c16</literal>.</para>
</listitem> </listitem>
@ -1028,7 +1035,7 @@
<term><varname>UseForEncoding=</varname></term> <term><varname>UseForEncoding=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. If enabled, then the security association is used for encoding. Only <para>Takes a boolean. If enabled, then the security association is used for encoding. Only
one <literal>[MACsecTransmitAssociation]</literal> section can enable this option. When enabled, one [MACsecTransmitAssociation] section can enable this option. When enabled,
<varname>Activate=yes</varname> is implied. Defaults to unset.</para> <varname>Activate=yes</varname> is implied. Defaults to unset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1038,7 +1045,7 @@
<refsect1> <refsect1>
<title>[MACsecReceiveAssociation] Section Options</title> <title>[MACsecReceiveAssociation] Section Options</title>
<para>The <literal>[MACsecReceiveAssociation]</literal> section only applies for <para>The [MACsecReceiveAssociation] section only applies for
network devices of kind <literal>macsec</literal>, and accepts the network devices of kind <literal>macsec</literal>, and accepts the
following keys:</para> following keys:</para>
@ -1046,43 +1053,43 @@
<varlistentry> <varlistentry>
<term><varname>Port=</varname></term> <term><varname>Port=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in <literal>[MACsecReceiveChannel]</literal> section.</para> <para>Accepts the same key in [MACsecReceiveChannel] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>MACAddress=</varname></term> <term><varname>MACAddress=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in <literal>[MACsecReceiveChannel]</literal> section.</para> <para>Accepts the same key in [MACsecReceiveChannel] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PacketNumber=</varname></term> <term><varname>PacketNumber=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para> <para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>KeyId=</varname></term> <term><varname>KeyId=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para> <para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>Key=</varname></term> <term><varname>Key=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para> <para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>KeyFile=</varname></term> <term><varname>KeyFile=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para> <para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>Activate=</varname></term> <term><varname>Activate=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para> <para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -1091,7 +1098,7 @@
<refsect1> <refsect1>
<title>[Tunnel] Section Options</title> <title>[Tunnel] Section Options</title>
<para>The <literal>[Tunnel]</literal> section only applies for <para>The [Tunnel] section only applies for
netdevs of kind netdevs of kind
<literal>ipip</literal>, <literal>ipip</literal>,
<literal>sit</literal>, <literal>sit</literal>,
@ -1136,7 +1143,7 @@
<para>A fixed Time To Live N on tunneled packets. N is a <para>A fixed Time To Live N on tunneled packets. N is a
number in the range 1255. 0 is a special value meaning that number in the range 1255. 0 is a special value meaning that
packets inherit the TTL value. The default value for IPv4 packets inherit the TTL value. The default value for IPv4
tunnels is: inherit. The default value for IPv6 tunnels is tunnels is 0 (inherit). The default value for IPv6 tunnels is
64.</para> 64.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1192,7 +1199,7 @@
both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>). both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>).
The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad. The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad.
It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
and control path) in ip xfrm (framework used to implement IPsec protocol). and control path) in IP XFRM (framework used to implement IPsec protocol).
See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html"> See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6, ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6,
GRE, GRETAP, and ERSPAN tunnels.</para> GRE, GRETAP, and ERSPAN tunnels.</para>
@ -1274,7 +1281,7 @@
<varlistentry> <varlistentry>
<term><varname>Encapsulation=</varname></term> <term><varname>Encapsulation=</varname></term>
<listitem> <listitem>
<para>Accepts the same key as in the <literal>[FooOverUDP]</literal> section.</para> <para>Accepts the same key as in the [FooOverUDP] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1314,7 +1321,7 @@
<refsect1> <refsect1>
<title>[FooOverUDP] Section Options</title> <title>[FooOverUDP] Section Options</title>
<para>The <literal>[FooOverUDP]</literal> section only applies for <para>The [FooOverUDP] section only applies for
netdevs of kind <literal>fou</literal> and accepts the netdevs of kind <literal>fou</literal> and accepts the
following keys:</para> following keys:</para>
@ -1322,29 +1329,32 @@
<varlistentry> <varlistentry>
<term><varname>Encapsulation=</varname></term> <term><varname>Encapsulation=</varname></term>
<listitem> <listitem>
<para>Specifies the encapsulation mechanism used to store networking packets of various protocols inside the UDP packets. Supports the following values: <para>Specifies the encapsulation mechanism used to store networking packets of various protocols
inside the UDP packets. Supports the following values:
<literal>FooOverUDP</literal> provides the simplest no frills model of UDP encapsulation, it simply encapsulates <literal>FooOverUDP</literal> provides the simplest no frills model of UDP encapsulation, it simply
packets directly in the UDP payload. encapsulates packets directly in the UDP payload. <literal>GenericUDPEncapsulation</literal> is a
<literal>GenericUDPEncapsulation</literal> is a generic and extensible encapsulation, it allows encapsulation of packets for any IP generic and extensible encapsulation, it allows encapsulation of packets for any IP protocol and
protocol and optional data as part of the encapsulation. optional data as part of the encapsulation. For more detailed information see <ulink
For more detailed information see <ulink url="https://lwn.net/Articles/615044">Generic UDP Encapsulation</ulink>. url="https://lwn.net/Articles/615044">Generic UDP Encapsulation</ulink>. Defaults to
Defaults to <literal>FooOverUDP</literal>. <literal>FooOverUDP</literal>.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>Port=</varname></term> <term><varname>Port=</varname></term>
<listitem> <listitem>
<para>Specifies the port number, where the IP encapsulation packets will arrive. Please take note that the packets <para>Specifies the port number, where the IP encapsulation packets will arrive. Please take note
will arrive with the encapsulation will be removed. Then they will be manually fed back into the network stack, and sent ahead that the packets will arrive with the encapsulation will be removed. Then they will be manually fed
for delivery to the real destination. This option is mandatory.</para> back into the network stack, and sent ahead for delivery to the real destination. This option is
mandatory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PeerPort=</varname></term> <term><varname>PeerPort=</varname></term>
<listitem> <listitem>
<para>Specifies the peer port number. Defaults to unset. Note that when peer port is set <literal>Peer=</literal> address is mandotory.</para> <para>Specifies the peer port number. Defaults to unset. Note that when peer port is set
<literal>Peer=</literal> address is mandatory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1360,7 +1370,8 @@
<varlistentry> <varlistentry>
<term><varname>Peer=</varname></term> <term><varname>Peer=</varname></term>
<listitem> <listitem>
<para>Configures peer IP address. Note that when peer address is set <literal>PeerPort=</literal> is mandotory.</para> <para>Configures peer IP address. Note that when peer address is set <literal>PeerPort=</literal>
is mandatory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1375,7 +1386,7 @@
<refsect1> <refsect1>
<title>[Peer] Section Options</title> <title>[Peer] Section Options</title>
<para>The <literal>[Peer]</literal> section only applies for <para>The [Peer] section only applies for
netdevs of kind <literal>veth</literal> and accepts the netdevs of kind <literal>veth</literal> and accepts the
following keys:</para> following keys:</para>
@ -1384,7 +1395,7 @@
<term><varname>Name=</varname></term> <term><varname>Name=</varname></term>
<listitem> <listitem>
<para>The interface name used when creating the netdev. <para>The interface name used when creating the netdev.
This option is compulsory.</para> This setting is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1401,7 +1412,7 @@
<refsect1> <refsect1>
<title>[VXCAN] Section Options</title> <title>[VXCAN] Section Options</title>
<para>The <literal>[VXCAN]</literal> section only applies for <para>The [VXCAN] section only applies for
netdevs of kind <literal>vxcan</literal> and accepts the netdevs of kind <literal>vxcan</literal> and accepts the
following key:</para> following key:</para>
@ -1410,7 +1421,7 @@
<term><varname>Peer=</varname></term> <term><varname>Peer=</varname></term>
<listitem> <listitem>
<para>The peer interface name used when creating the netdev. <para>The peer interface name used when creating the netdev.
This option is compulsory.</para> This setting is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -1419,7 +1430,7 @@
<refsect1> <refsect1>
<title>[Tun] Section Options</title> <title>[Tun] Section Options</title>
<para>The <literal>[Tun]</literal> section only applies for <para>The [Tun] section only applies for
netdevs of kind <literal>tun</literal>, and accepts the following netdevs of kind <literal>tun</literal>, and accepts the following
keys:</para> keys:</para>
@ -1469,15 +1480,15 @@
<refsect1> <refsect1>
<title>[Tap] Section Options</title> <title>[Tap] Section Options</title>
<para>The <literal>[Tap]</literal> section only applies for <para>The [Tap] section only applies for
netdevs of kind <literal>tap</literal>, and accepts the same keys netdevs of kind <literal>tap</literal>, and accepts the same keys
as the <literal>[Tun]</literal> section.</para> as the [Tun] section.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>[WireGuard] Section Options</title> <title>[WireGuard] Section Options</title>
<para>The <literal>[WireGuard]</literal> section accepts the following <para>The [WireGuard] section accepts the following
keys:</para> keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1524,7 +1535,7 @@
<refsect1> <refsect1>
<title>[WireGuardPeer] Section Options</title> <title>[WireGuardPeer] Section Options</title>
<para>The <literal>[WireGuardPeer]</literal> section accepts the following <para>The [WireGuardPeer] section accepts the following
keys:</para> keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1600,7 +1611,7 @@
<refsect1> <refsect1>
<title>[Bond] Section Options</title> <title>[Bond] Section Options</title>
<para>The <literal>[Bond]</literal> section accepts the following <para>The [Bond] section accepts the following
key:</para> key:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1702,14 +1713,15 @@
<varlistentry> <varlistentry>
<term><varname>AdActorSystemPriority=</varname></term> <term><varname>AdActorSystemPriority=</varname></term>
<listitem> <listitem>
<para>Specifies the 802.3ad actor system priority. Ranges [1-65535].</para> <para>Specifies the 802.3ad actor system priority. Takes a number in the range 1—65535.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>AdUserPortKey=</varname></term> <term><varname>AdUserPortKey=</varname></term>
<listitem> <listitem>
<para>Specifies the 802.3ad user defined portion of the port key. Ranges [0-1023].</para> <para>Specifies the 802.3ad user defined portion of the port key. Takes a number in the range
01023.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1879,7 +1891,7 @@
<refsect1> <refsect1>
<title>[Xfrm] Section Options</title> <title>[Xfrm] Section Options</title>
<para>The <literal>[Xfrm]</literal> section accepts the following <para>The [Xfrm] section accepts the following
keys:</para> keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1902,13 +1914,12 @@
</variablelist> </variablelist>
<para>For more detail information see <para>For more detail information see
<ulink url="https://lwn.net/Articles/757391"> <ulink url="https://lwn.net/Articles/757391">Virtual XFRM Interfaces</ulink>.</para>
Virtual xfrm interfaces</ulink></para>
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>[VRF] Section Options</title> <title>[VRF] Section Options</title>
<para>The <literal>[VRF]</literal> section only applies for <para>The [VRF] section only applies for
netdevs of kind <literal>vrf</literal> and accepts the netdevs of kind <literal>vrf</literal> and accepts the
following key:</para> following key:</para>
@ -1916,7 +1927,7 @@
<varlistentry> <varlistentry>
<term><varname>Table=</varname></term> <term><varname>Table=</varname></term>
<listitem> <listitem>
<para>The numeric routing table identifier. This option is compulsory.</para> <para>The numeric routing table identifier. This setting is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

View File

@ -72,21 +72,16 @@
<refsect1> <refsect1>
<title>[Match] Section Options</title> <title>[Match] Section Options</title>
<para>The network file contains a <literal>[Match]</literal> <para>The network file contains a [Match] section, which determines if a given network file may be
section, which determines if a given network file may be applied applied to a given device; and a [Network] section specifying how the device should be configured. The
to a given device; and a <literal>[Network]</literal> section first (in lexical order) of the network files that matches a given device is applied, all later files
specifying how the device should be configured. The first (in are ignored, even if they match as well.</para>
lexical order) of the network files that matches a given device
is applied, all later files are ignored, even if they match as
well.</para>
<para>A network file is said to match a network interface if all matches specified by the <para>A network file is said to match a network interface if all matches specified by the [Match]
<literal>[Match]</literal> section are satisfied. When a network file does not contain valid section are satisfied. When a network file does not contain valid settings in [Match] section, then the
settings in <literal>[Match]</literal> section, then the file will match all interfaces and file will match all interfaces and <command>systemd-networkd</command> warns about that. Hint: to avoid
<command>systemd-networkd</command> warns about that. Hint: to avoid the warning and to make it the warning and to make it clear that all interfaces shall be matched, add the following:
clear that all interfaces shall be matched, add the following: <programlisting>Name=*</programlisting> The following keys are accepted:</para>
<programlisting>Name=*</programlisting>
The following keys are accepted:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="systemd.link.xml" xpointer="mac-address" /> <xi:include href="systemd.link.xml" xpointer="mac-address" />
@ -132,9 +127,8 @@
<listitem> <listitem>
<para>A whitespace-separated list of hardware address of the currently connected wireless <para>A whitespace-separated list of hardware address of the currently connected wireless
LAN. Use full colon-, hyphen- or dot-delimited hexadecimal. See the example in LAN. Use full colon-, hyphen- or dot-delimited hexadecimal. See the example in
<varname>MACAddress=</varname>. This option may appear more than one, in which case the <varname>MACAddress=</varname>. This option may appear more than once, in which case the
lists are merged. If the empty string is assigned to this option, the list of BSSID defined lists are merged. If the empty string is assigned to this option, the list is reset.</para>
prior to this is reset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -150,7 +144,7 @@
<refsect1> <refsect1>
<title>[Link] Section Options</title> <title>[Link] Section Options</title>
<para> The <literal>[Link]</literal> section accepts the following keys:</para> <para> The [Link] section accepts the following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -211,7 +205,7 @@
<para>Link groups are similar to port ranges found in managed switches. <para>Link groups are similar to port ranges found in managed switches.
When network interfaces are added to a numbered group, operations on When network interfaces are added to a numbered group, operations on
all the interfaces from that group can be performed at once. An unsigned all the interfaces from that group can be performed at once. An unsigned
integer ranges 0 to 4294967294. Default to unset.</para> integer in the range 0—4294967294. Defaults to unset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -239,12 +233,11 @@
<refsect1> <refsect1>
<title>[SR-IOV] Section Options</title> <title>[SR-IOV] Section Options</title>
<para>The <literal>[SR-IOV]</literal> section accepts the <para>The [SR-IOV] section accepts the following keys. Specify several [SR-IOV] sections to configure
following keys. Specify several <literal>[SR-IOV]</literal> several SR-IOVs. SR-IOV provides the ability to partition a single physical PCI resource into virtual
sections to configure several SR-IOVs. SR-IOV provides the ability to partition a single physical PCI resource PCI functions which can then be injected into a VM. In the case of network VFs, SR-IOV improves
into virtual PCI functions which can then be injected into a VM. In the case of network VFs, SR-IOV improves north-south network performance (that is, traffic with endpoints outside the host machine) by allowing
north-south network performance (that is, traffic with endpoints outside the host machine) by allowing traffic to traffic to bypass the host machines network stack.</para>
bypass the host machines network stack.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -327,7 +320,7 @@
<refsect1> <refsect1>
<title>[Network] Section Options</title> <title>[Network] Section Options</title>
<para>The <literal>[Network]</literal> section accepts the following keys:</para> <para>The [Network] section accepts the following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -356,16 +349,15 @@
specified through DHCP is not used for name resolution. specified through DHCP is not used for name resolution.
See option <option>UseDomains=</option> below.</para> See option <option>UseDomains=</option> below.</para>
<para>See the <literal>[DHCPv4]</literal> or <literal>[DHCPv6]</literal> section below for <para>See the [DHCPv4] or [DHCPv6] sections below for further configuration options for the DHCP
further configuration options for the DHCP client support.</para> client support.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>DHCPServer=</varname></term> <term><varname>DHCPServer=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. If set to <literal>yes</literal>, DHCPv4 server will be started. Defaults <para>Takes a boolean. If set to <literal>yes</literal>, DHCPv4 server will be started. Defaults
to <literal>no</literal>. Further settings for the DHCP to <literal>no</literal>. Further settings for the DHCP server may be set in the [DHCPServer]
server may be set in the <literal>[DHCPServer]</literal>
section described below.</para> section described below.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -495,10 +487,8 @@
<varlistentry> <varlistentry>
<term><varname>DNSSEC=</varname></term> <term><varname>DNSSEC=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. or <para>Takes a boolean or <literal>allow-downgrade</literal>. When true, enables
<literal>allow-downgrade</literal>. When true, enables <ulink url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink>
<ulink
url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink>
DNS validation support on the link. When set to DNS validation support on the link. When set to
<literal>allow-downgrade</literal>, compatibility with <literal>allow-downgrade</literal>, compatibility with
non-DNSSEC capable networks is increased, by automatically non-DNSSEC capable networks is increased, by automatically
@ -730,8 +720,8 @@
forwarding is enabled, and to enable it otherwise. Cannot be enabled on bond devices and when link forwarding is enabled, and to enable it otherwise. Cannot be enabled on bond devices and when link
local addressing is disabled.</para> local addressing is disabled.</para>
<para>Further settings for the IPv6 RA support may be configured in the <para>Further settings for the IPv6 RA support may be configured in the [IPv6AcceptRA] section, see
<literal>[IPv6AcceptRA]</literal> section, see below.</para> below.</para>
<para>Also see <ulink <para>Also see <ulink
url="https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt">ip-sysctl.txt</ulink> in the kernel url="https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt">ip-sysctl.txt</ulink> in the kernel
@ -770,7 +760,7 @@
<term><varname>IPv4ProxyARP=</varname></term> <term><varname>IPv4ProxyARP=</varname></term>
<listitem><para>Takes a boolean. Configures proxy ARP for IPv4. Proxy ARP is the technique in which one host, <listitem><para>Takes a boolean. Configures proxy ARP for IPv4. Proxy ARP is the technique in which one host,
usually a router, answers ARP requests intended for another machine. By "faking" its identity, usually a router, answers ARP requests intended for another machine. By "faking" its identity,
the router accepts responsibility for routing packets to the "real" destination. (see <ulink the router accepts responsibility for routing packets to the "real" destination. See <ulink
url="https://tools.ietf.org/html/rfc1027">RFC 1027</ulink>. url="https://tools.ietf.org/html/rfc1027">RFC 1027</ulink>.
When unset, the kernel's default will be used. When unset, the kernel's default will be used.
</para></listitem> </para></listitem>
@ -801,18 +791,15 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>IPv6PrefixDelegation=</varname></term> <term><varname>IPv6PrefixDelegation=</varname></term>
<listitem><para>Whether to enable or disable Router Advertisement sending on a link. <listitem><para>Whether to enable or disable Router Advertisement sending on a link. Allowed
Allowed values are <literal>static</literal> which distributes prefixes as defined in values are <literal>static</literal> which distributes prefixes as defined in the
the <literal>[IPv6PrefixDelegation]</literal> and any <literal>[IPv6Prefix]</literal> [IPv6PrefixDelegation] and any [IPv6Prefix] sections, <literal>dhcpv6</literal> which requests
sections, <literal>dhcpv6</literal> which requests prefixes using a DHCPv6 client prefixes using a DHCPv6 client configured for another link and any values configured in the
configured for another link and any values configured in the [IPv6PrefixDelegation] section while ignoring all static prefix configuration sections,
<literal>[IPv6PrefixDelegation]</literal> section while ignoring all static prefix <literal>yes</literal> which uses both static configuration and DHCPv6, and
configuration sections, <literal>yes</literal> which uses both static configuration <literal>false</literal> which turns off IPv6 prefix delegation altogether. Defaults to
and DHCPv6, and <literal>false</literal> which turns off IPv6 prefix delegation <literal>false</literal>. See the [IPv6PrefixDelegation] and the [IPv6Prefix] sections for more
altogether. Defaults to <literal>false</literal>. See the configuration options.</para></listitem>
<literal>[IPv6PrefixDelegation]</literal> and the <literal>[IPv6Prefix]</literal>
sections for more configuration options.
</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>IPv6PDSubnetId=</varname></term> <term><varname>IPv6PDSubnetId=</varname></term>
@ -978,16 +965,15 @@
<refsect1> <refsect1>
<title>[Address] Section Options</title> <title>[Address] Section Options</title>
<para>An <literal>[Address]</literal> section accepts the <para>An [Address] section accepts the following keys. Specify several [Address]
following keys. Specify several <literal>[Address]</literal>
sections to configure several addresses.</para> sections to configure several addresses.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>Address=</varname></term> <term><varname>Address=</varname></term>
<listitem> <listitem>
<para>As in the <literal>[Network]</literal> section. This key is mandatory. Each <para>As in the [Network] section. This key is mandatory. Each [Address] section can contain one
<literal>[Address]</literal> section can contain one <varname>Address=</varname> setting.</para> <varname>Address=</varname> setting.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1031,7 +1017,7 @@
<term><varname>Scope=</varname></term> <term><varname>Scope=</varname></term>
<listitem> <listitem>
<para>The scope of the address, which can be <literal>global</literal>, <para>The scope of the address, which can be <literal>global</literal>,
<literal>link</literal> or <literal>host</literal> or an unsigned integer ranges 0 to 255. <literal>link</literal> or <literal>host</literal> or an unsigned integer in the range 0—255.
Defaults to <literal>global</literal>.</para> Defaults to <literal>global</literal>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1093,12 +1079,10 @@
<refsect1> <refsect1>
<title>[Neighbor] Section Options</title> <title>[Neighbor] Section Options</title>
<para>A <literal>[Neighbor]</literal> section accepts the <para>A [Neighbor] section accepts the following keys. The neighbor section adds a permanent, static
following keys. The neighbor section adds a permanent, static entry to the neighbor table (IPv6) or ARP table (IPv4) for the given hardware address on the links
entry to the neighbor table (IPv6) or ARP table (IPv4) for matched for the network. Specify several [Neighbor] sections to configure several static neighbors.
the given hardware address on the links matched for the network. </para>
Specify several <literal>[Neighbor]</literal> sections to configure
several static neighbors.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -1119,18 +1103,17 @@
<refsect1> <refsect1>
<title>[IPv6AddressLabel] Section Options</title> <title>[IPv6AddressLabel] Section Options</title>
<para>An <literal>[IPv6AddressLabel]</literal> section accepts the <para>An [IPv6AddressLabel] section accepts the following keys. Specify several [IPv6AddressLabel]
following keys. Specify several <literal>[IPv6AddressLabel]</literal> sections to configure several address labels. IPv6 address labels are used for address selection. See
sections to configure several address labels. IPv6 address labels are <ulink url="https://tools.ietf.org/html/rfc3484">RFC 3484</ulink>. Precedence is managed by userspace,
used for address selection. See <ulink url="https://tools.ietf.org/html/rfc3484">RFC 3484</ulink>. and only the label itself is stored in the kernel</para>
Precedence is managed by userspace, and only the label itself is stored in the kernel</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>Label=</varname></term> <term><varname>Label=</varname></term>
<listitem> <listitem>
<para> The label for the prefix (an unsigned integer) ranges 0 to 4294967294. <para>The label for the prefix, an unsigned integer in the range 04294967294.
0xffffffff is reserved. This key is mandatory.</para> 0xffffffff is reserved. This setting is mandatory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1146,15 +1129,14 @@
<refsect1> <refsect1>
<title>[RoutingPolicyRule] Section Options</title> <title>[RoutingPolicyRule] Section Options</title>
<para>An <literal>[RoutingPolicyRule]</literal> section accepts the <para>An [RoutingPolicyRule] section accepts the following keys. Specify several [RoutingPolicyRule]
following keys. Specify several <literal>[RoutingPolicyRule]</literal>
sections to configure several rules.</para> sections to configure several rules.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>TypeOfService=</varname></term> <term><varname>TypeOfService=</varname></term>
<listitem> <listitem>
<para>Specifies the type of service to match a number between 0 to 255.</para> <para>Takes a number between 0 and 255 that specifies the type of service to match.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1261,16 +1243,15 @@
<refsect1> <refsect1>
<title>[NextHop] Section Options</title> <title>[NextHop] Section Options</title>
<para>The <literal>[NextHop]</literal> section accepts the <para>The [NextHop] section is used to manipulate entries in the kernel's "nexthop" tables. The
following keys. Specify several <literal>[NextHop]</literal> [NextHop] section accepts the following keys. Specify several [NextHop] sections to configure several
sections to configure several nexthop. Nexthop is used to manipulate entries in the kernel's nexthop hops.</para>
tables.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>Gateway=</varname></term> <term><varname>Gateway=</varname></term>
<listitem> <listitem>
<para>As in the <literal>[Network]</literal> section. This is mandatory.</para> <para>As in the [Network] section. This is mandatory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1284,9 +1265,8 @@
<refsect1> <refsect1>
<title>[Route] Section Options</title> <title>[Route] Section Options</title>
<para>The <literal>[Route]</literal> section accepts the <para>The [Route] section accepts the following keys. Specify several [Route] sections to configure
following keys. Specify several <literal>[Route]</literal> several routes.</para>
sections to configure several routes.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -1333,10 +1313,10 @@
<term><varname>IPv6Preference=</varname></term> <term><varname>IPv6Preference=</varname></term>
<listitem> <listitem>
<para>Specifies the route preference as defined in <ulink <para>Specifies the route preference as defined in <ulink
url="https://tools.ietf.org/html/rfc4191">RFC4191</ulink> for Router Discovery messages. url="https://tools.ietf.org/html/rfc4191">RFC 4191</ulink> for Router Discovery messages. Which
Which can be one of <literal>low</literal> the route has a lowest priority, can be one of <literal>low</literal> the route has a lowest priority, <literal>medium</literal>
<literal>medium</literal> the route has a default priority or the route has a default priority or <literal>high</literal> the route has a highest priority.
<literal>high</literal> the route has a highest priority.</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1471,8 +1451,7 @@
<refsect1> <refsect1>
<title>[DHCPv4] Section Options</title> <title>[DHCPv4] Section Options</title>
<para>The <literal>[DHCPv4]</literal> section configures the <para>The [DHCPv4] section configures the DHCPv4 client, if it is enabled with the
DHCPv4 client, if it is enabled with the
<varname>DHCP=</varname> setting described above:</para> <varname>DHCP=</varname> setting described above:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1717,8 +1696,8 @@
<para>The table identifier for DHCP routes (a number between 1 and 4294967295, or 0 to unset). <para>The table identifier for DHCP routes (a number between 1 and 4294967295, or 0 to unset).
The table can be retrieved using <command>ip route show table <replaceable>num</replaceable></command>. The table can be retrieved using <command>ip route show table <replaceable>num</replaceable></command>.
</para> </para>
<para>When used in combination with <varname>VRF=</varname> the <para>When used in combination with <varname>VRF=</varname>, the
VRF's routing table is used unless this parameter is specified. VRF's routing table is used when this parameter is not specified.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1757,11 +1736,12 @@
<varlistentry> <varlistentry>
<term><varname>SendDecline=</varname></term> <term><varname>SendDecline=</varname></term>
<listitem> <listitem>
<para>A boolean. When <literal>true</literal>, DHCPv4 clients receives IP address from DHCP server. <para>A boolean. When <literal>true</literal>, the DHCPv4 client receives the IP address from the
After new IP is received, DHCPv4 performs IPv4 Duplicate Address Detection. If duplicate use of IP is detected DHCP server. After a new IP is received, the DHCPv4 client performs IPv4 Duplicate Address
the DHCPv4 client rejects the IP by sending a DHCPDECLINE packet DHCP clients try to obtain an IP address again. Detection. If duplicate use is detected, the DHCPv4 client rejects the IP by sending a
See <ulink url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>. DHCPDECLINE packet and tries to obtain an IP address again. See <ulink
Defaults to <literal>unset</literal>.</para> url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>. Defaults to
<literal>unset</literal>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1814,7 +1794,7 @@
<refsect1> <refsect1>
<title>[DHCPv6] Section Options</title> <title>[DHCPv6] Section Options</title>
<para>The <literal>[DHCPv6]</literal> section configures the DHCPv6 client, if it is enabled with the <para>The [DHCPv6] section configures the DHCPv6 client, if it is enabled with the
<varname>DHCP=</varname> setting described above, or invoked by the IPv6 Router Advertisement:</para> <varname>DHCP=</varname> setting described above, or invoked by the IPv6 Router Advertisement:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1822,7 +1802,7 @@
<term><varname>UseDNS=</varname></term> <term><varname>UseDNS=</varname></term>
<term><varname>UseNTP=</varname></term> <term><varname>UseNTP=</varname></term>
<listitem> <listitem>
<para>As in the <literal>[DHCPv4]</literal> section.</para> <para>As in the [DHCPv4] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1839,7 +1819,7 @@
<para>Takes a boolean. The DHCPv6 client can obtain configuration parameters from a DHCPv6 server through <para>Takes a boolean. The DHCPv6 client can obtain configuration parameters from a DHCPv6 server through
a rapid two-message exchange (solicit and reply). When the rapid commit option is enabled by both a rapid two-message exchange (solicit and reply). When the rapid commit option is enabled by both
the DHCPv6 client and the DHCPv6 server, the two-message exchange is used, rather than the default the DHCPv6 client and the DHCPv6 server, the two-message exchange is used, rather than the default
four-method exchange (solicit, advertise, request, and reply). The two-message exchange provides four-message exchange (solicit, advertise, request, and reply). The two-message exchange provides
faster client configuration and is beneficial in environments in which networks are under a heavy load. faster client configuration and is beneficial in environments in which networks are under a heavy load.
See <ulink url="https://tools.ietf.org/html/rfc3315#section-17.2.1">RFC 3315</ulink> for details. See <ulink url="https://tools.ietf.org/html/rfc3315#section-17.2.1">RFC 3315</ulink> for details.
Defaults to true.</para> Defaults to true.</para>
@ -1867,14 +1847,15 @@
<varlistentry> <varlistentry>
<term><varname>SendVendorOption=</varname></term> <term><varname>SendVendorOption=</varname></term>
<listitem> <listitem>
<para>Send an arbitrary vendor option in the DHCPv6 request. Takes an enterprise identifier, DHCP option number, <para>Send an arbitrary vendor option in the DHCPv6 request. Takes an enterprise identifier, DHCP
data type, and data separated with a colon option number, data type, and data separated with a colon (<literal><replaceable>enterprise
(<literal><replaceable>enterprise identifier</replaceable>:<replaceable>option</replaceable>:<replaceable>type</replaceable>: identifier</replaceable>:<replaceable>option</replaceable>:<replaceable>type</replaceable>:
<replaceable>value</replaceable></literal>). Enterprise identifier is an unsigned integer ranges 1..4294967294. <replaceable>value</replaceable></literal>). Enterprise identifier is an unsigned integer in the
The option number must be an integer in the range 1..254. Data type takes one of <literal>uint8</literal>, range 14294967294. The option number must be an integer in the range 1254. Data type takes one
<literal>uint16</literal>, <literal>uint32</literal>, <literal>ipv4address</literal>, <literal>ipv6address</literal>, or of <literal>uint8</literal>, <literal>uint16</literal>, <literal>uint32</literal>,
<literal>string</literal>. Special characters in the data string may be escaped using <literal>ipv4address</literal>, <literal>ipv6address</literal>, or
<ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style <literal>string</literal>. Special characters in the data string may be escaped using <ulink
url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
escapes</ulink>. This setting can be specified multiple times. If an empty string is specified, escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
then all options specified earlier are cleared. Defaults to unset.</para> then all options specified earlier are cleared. Defaults to unset.</para>
</listitem> </listitem>
@ -1918,24 +1899,26 @@
<varlistentry> <varlistentry>
<term><varname>PrefixDelegationHint=</varname></term> <term><varname>PrefixDelegationHint=</varname></term>
<listitem> <listitem>
<para>Takes an IPv6 address with prefix length as <varname>Address=</varname> in <para>Takes an IPv6 address with prefix length in the same format as the
the "[Network]" section. Specifies the DHCPv6 client for the requesting router to include <varname>Address=</varname> in the [Network] section. The DHCPv6 client will include a prefix
a prefix-hint in the DHCPv6 solicitation. Prefix ranges 1..128. Defaults to unset.</para> hint in the DHCPv6 solicitation sent to the server. The prefix length must be in the range
1128. Defaults to unset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>WithoutRA=</varname></term> <term><varname>WithoutRA=</varname></term>
<listitem> <listitem>
<para>Allows DHCPv6 client to start without router advertisements's managed or other address configuration flag. <para>Allows DHCPv6 client to start without router advertisements's managed or other address
Takes one of <literal>solicit</literal> or <literal>information-request</literal>. Defaults to unset.</para> configuration flag. Takes one of <literal>solicit</literal> or
<literal>information-request</literal>. Defaults to unset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>SendOption=</varname></term> <term><varname>SendOption=</varname></term>
<listitem> <listitem>
<para>As in the <literal>[DHCPv4]</literal> section, however because DHCPv6 uses 16-bit fields to store <para>As in the [DHCPv4] section, however because DHCPv6 uses 16-bit fields to store
option numbers, the option number is an integer in the range 1..65536.</para> option numbers, the option number is an integer in the range 1..65536.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1969,9 +1952,8 @@
<refsect1> <refsect1>
<title>[IPv6AcceptRA] Section Options</title> <title>[IPv6AcceptRA] Section Options</title>
<para>The <literal>[IPv6AcceptRA]</literal> section configures the IPv6 Router Advertisement <para>The [IPv6AcceptRA] section configures the IPv6 Router Advertisement (RA) client, if it is enabled
(RA) client, if it is enabled with the <varname>IPv6AcceptRA=</varname> setting described with the <varname>IPv6AcceptRA=</varname> setting described above:</para>
above:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -2051,8 +2033,7 @@
<refsect1> <refsect1>
<title>[DHCPServer] Section Options</title> <title>[DHCPServer] Section Options</title>
<para>The <literal>[DHCPServer]</literal> section contains <para>The [DHCPServer] section contains settings for the DHCP server, if enabled via the
settings for the DHCP server, if enabled via the
<varname>DHCPServer=</varname> option described above:</para> <varname>DHCPServer=</varname> option described above:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -2186,11 +2167,9 @@
<refsect1> <refsect1>
<title>[IPv6PrefixDelegation] Section Options</title> <title>[IPv6PrefixDelegation] Section Options</title>
<para>The <literal>[IPv6PrefixDelegation]</literal> section contains <para>The [IPv6PrefixDelegation] section contains settings for sending IPv6 Router Advertisements and
settings for sending IPv6 Router Advertisements and whether to act as whether to act as a router, if enabled via the <varname>IPv6PrefixDelegation=</varname> option described
a router, if enabled via the <varname>IPv6PrefixDelegation=</varname> above. IPv6 network prefixes are defined with one or more [IPv6Prefix] sections.</para>
option described above. IPv6 network prefixes are defined with one or
more <literal>[IPv6Prefix]</literal> sections.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -2234,32 +2213,26 @@
<term><varname>EmitDNS=</varname></term> <term><varname>EmitDNS=</varname></term>
<term><varname>DNS=</varname></term> <term><varname>DNS=</varname></term>
<listitem><para><varname>DNS=</varname> specifies a list of recursive DNS server IPv6 addresses <listitem><para><varname>DNS=</varname> specifies a list of recursive DNS server IPv6 addresses that
that are distributed via Router Advertisement messages when <varname>EmitDNS=</varname> is are distributed via Router Advertisement messages when <varname>EmitDNS=</varname> is
true. <varname>DNS=</varname> also takes special value <literal>_link_local</literal>; in that true. <varname>DNS=</varname> also takes special value <literal>_link_local</literal>; in that case
case the IPv6 link local address is distributed. If <varname>DNS=</varname> is empty, DNS the IPv6 link local address is distributed. If <varname>DNS=</varname> is empty, DNS servers are read
servers are read from the <literal>[Network]</literal> section. If the from the [Network] section. If the [Network] section does not contain any DNS servers either, DNS
<literal>[Network]</literal> section does not contain any DNS servers either, DNS servers from servers from the uplink with the highest priority default route are used. When
the uplink with the highest priority default route are used. When <varname>EmitDNS=</varname> <varname>EmitDNS=</varname> is false, no DNS server information is sent in Router Advertisement
is false, no DNS server information is sent in Router Advertisement messages. messages. <varname>EmitDNS=</varname> defaults to true.</para></listitem>
<varname>EmitDNS=</varname> defaults to true.
</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>EmitDomains=</varname></term> <term><varname>EmitDomains=</varname></term>
<term><varname>Domains=</varname></term> <term><varname>Domains=</varname></term>
<listitem><para>A list of DNS search domains distributed via Router <listitem><para>A list of DNS search domains distributed via Router Advertisement messages when
Advertisement messages when <varname>EmitDomains=</varname> is true. If <varname>EmitDomains=</varname> is true. If <varname>Domains=</varname> is empty, DNS search domains
<varname>Domains=</varname> is empty, DNS search domains are read from the are read from the [Network] section. If the [Network] section does not contain any DNS search domains
<literal>[Network]</literal> section. If the <literal>[Network]</literal> either, DNS search domains from the uplink with the highest priority default route are used. When
section does not contain any DNS search domains either, DNS search <varname>EmitDomains=</varname> is false, no DNS search domain information is sent in Router
domains from the uplink with the highest priority default route are Advertisement messages. <varname>EmitDomains=</varname> defaults to true.</para></listitem>
used. When <varname>EmitDomains=</varname> is false, no DNS search domain
information is sent in Router Advertisement messages.
<varname>EmitDomains=</varname> defaults to true.
</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -2275,10 +2248,9 @@
<refsect1> <refsect1>
<title>[IPv6Prefix] Section Options</title> <title>[IPv6Prefix] Section Options</title>
<para>One or more <literal>[IPv6Prefix]</literal> sections contain the IPv6 <para>One or more [IPv6Prefix] sections contain the IPv6 prefixes that are announced via Router
prefixes that are announced via Router Advertisements. See Advertisements. See <ulink url="https://tools.ietf.org/html/rfc4861">RFC 4861</ulink> for further
<ulink url="https://tools.ietf.org/html/rfc4861">RFC 4861</ulink> details.</para>
for further details.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -2296,13 +2268,11 @@
<varlistentry> <varlistentry>
<term><varname>Prefix=</varname></term> <term><varname>Prefix=</varname></term>
<listitem><para>The IPv6 prefix that is to be distributed to hosts. <listitem><para>The IPv6 prefix that is to be distributed to hosts. Similarly to configuring static
Similarly to configuring static IPv6 addresses, the setting is IPv6 addresses, the setting is configured as an IPv6 prefix and its prefix length, separated by a
configured as an IPv6 prefix and its prefix length, separated by a <literal>/</literal> character. Use multiple [IPv6Prefix] sections to configure multiple IPv6
<literal>/</literal> character. Use multiple prefixes since prefix lifetimes, address autoconfiguration and onlink status may differ from one
<literal>[IPv6Prefix]</literal> sections to configure multiple IPv6 prefix to another.</para></listitem>
prefixes since prefix lifetimes, address autoconfiguration and onlink
status may differ from one prefix to another.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -2325,7 +2295,7 @@
<refsect1> <refsect1>
<title>[IPv6RoutePrefix] Section Options</title> <title>[IPv6RoutePrefix] Section Options</title>
<para>One or more <literal>[IPv6RoutePrefix]</literal> sections contain the IPv6 <para>One or more [IPv6RoutePrefix] sections contain the IPv6
prefix routes that are announced via Router Advertisements. See prefix routes that are announced via Router Advertisements. See
<ulink url="https://tools.ietf.org/html/rfc4191">RFC 4191</ulink> <ulink url="https://tools.ietf.org/html/rfc4191">RFC 4191</ulink>
for further details.</para> for further details.</para>
@ -2335,12 +2305,10 @@
<varlistentry> <varlistentry>
<term><varname>Route=</varname></term> <term><varname>Route=</varname></term>
<listitem><para>The IPv6 route that is to be distributed to hosts. <listitem><para>The IPv6 route that is to be distributed to hosts. Similarly to configuring static
Similarly to configuring static IPv6 routes, the setting is IPv6 routes, the setting is configured as an IPv6 prefix routes and its prefix route length,
configured as an IPv6 prefix routes and its prefix route length, separated by a <literal>/</literal> character. Use multiple [IPv6PrefixRoutes] sections to configure
separated by a<literal>/</literal> character. Use multiple multiple IPv6 prefix routes.</para></listitem>
<literal>[IPv6PrefixRoutes]</literal> sections to configure multiple IPv6
prefix routes.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -2356,8 +2324,7 @@
<refsect1> <refsect1>
<title>[Bridge] Section Options</title> <title>[Bridge] Section Options</title>
<para>The <literal>[Bridge]</literal> section accepts the <para>The [Bridge] section accepts the following keys:</para>
following keys.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>UnicastFlood=</varname></term> <term><varname>UnicastFlood=</varname></term>
@ -2405,10 +2372,9 @@
<varlistentry> <varlistentry>
<term><varname>HairPin=</varname></term> <term><varname>HairPin=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. Configures whether traffic may be sent back <para>Takes a boolean. Configures whether traffic may be sent back out of the port on which it
out of the port on which it was received. When this flag is false, and the bridge was received. When this flag is false, then the bridge will not forward traffic back out of the
will not forward traffic back out of the receiving port. receiving port. When unset, the kernel's default will be used.</para>
When unset, the kernel's default will be used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -2484,17 +2450,14 @@
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>[BridgeFDB] Section Options</title> <title>[BridgeFDB] Section Options</title>
<para>The <literal>[BridgeFDB]</literal> section manages the <para>The [BridgeFDB] section manages the forwarding database table of a port and accepts the following
forwarding database table of a port and accepts the following keys. Specify several [BridgeFDB] sections to configure several static MAC table entries.</para>
keys. Specify several <literal>[BridgeFDB]</literal> sections to
configure several static MAC table entries.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>MACAddress=</varname></term> <term><varname>MACAddress=</varname></term>
<listitem> <listitem>
<para>As in the <literal>[Network]</literal> section. This <para>As in the [Network] section. This key is mandatory.</para>
key is mandatory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -2537,8 +2500,8 @@
<refsect1> <refsect1>
<title>[LLDP] Section Options</title> <title>[LLDP] Section Options</title>
<para>The <literal>[LLDP]</literal> section manages the Link Layer Discovery Protocol (LLDP) and accepts the <para>The [LLDP] section manages the Link Layer Discovery Protocol (LLDP) and accepts the following
following keys.</para> keys.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>MUDURL=</varname></term> <term><varname>MUDURL=</varname></term>
@ -2559,8 +2522,8 @@
<refsect1> <refsect1>
<title>[CAN] Section Options</title> <title>[CAN] Section Options</title>
<para>The <literal>[CAN]</literal> section manages the Controller Area Network (CAN bus) and accepts the <para>The [CAN] section manages the Controller Area Network (CAN bus) and accepts the
following keys.</para> following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>BitRate=</varname></term> <term><varname>BitRate=</varname></term>
@ -2638,7 +2601,7 @@
<refsect1> <refsect1>
<title>[QDisc] Section Options</title> <title>[QDisc] Section Options</title>
<para>The <literal>[QDisc]</literal> section manages the traffic control queueing discipline (qdisc).</para> <para>The [QDisc] section manages the traffic control queueing discipline (qdisc).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -2655,10 +2618,10 @@
<refsect1> <refsect1>
<title>[NetworkEmulator] Section Options</title> <title>[NetworkEmulator] Section Options</title>
<para>The <literal>[NetworkEmulator]</literal> section manages the queueing discipline (qdisc) of <para>The [NetworkEmulator] section manages the queueing discipline (qdisc) of the network emulator. It
the network emulator. It can be used to configure the kernel packet scheduler and simulate packet can be used to configure the kernel packet scheduler and simulate packet delay and loss for UDP or TCP
delay and loss for UDP or TCP applications, or limit the bandwidth usage of a particular service to applications, or limit the bandwidth usage of a particular service to simulate internet connections.
simulate internet connections.</para> </para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2684,7 +2647,7 @@
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>Specifies the maximum number of packets the qdisc may hold queued at a time. <para>Specifies the maximum number of packets the qdisc may hold queued at a time.
An unsigned integer ranges 0 to 4294967294. Defaults to 1000.</para> An unsigned integer in the range 04294967294. Defaults to 1000.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2708,8 +2671,8 @@
<refsect1> <refsect1>
<title>[TokenBucketFilter] Section Options</title> <title>[TokenBucketFilter] Section Options</title>
<para>The <literal>[TokenBucketFilter]</literal> section manages the queueing discipline (qdisc) of <para>The [TokenBucketFilter] section manages the queueing discipline (qdisc) of token bucket filter
token bucket filter (tbf).</para> (tbf).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2782,8 +2745,8 @@
<refsect1> <refsect1>
<title>[PIE] Section Options</title> <title>[PIE] Section Options</title>
<para>The <literal>[PIE]</literal> section manages the queueing discipline <para>The [PIE] section manages the queueing discipline (qdisc) of Proportional Integral
(qdisc) of Proportional Integral controller-Enhanced (PIE).</para> controller-Enhanced (PIE).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2793,7 +2756,7 @@
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
dropped. An unsigned integer ranges 1 to 4294967294. Defaults to unset and kernel's default is used.</para> dropped. An unsigned integer in the range 14294967294. Defaults to unset and kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -2801,8 +2764,8 @@
<refsect1> <refsect1>
<title>[StochasticFairBlue] Section Options</title> <title>[StochasticFairBlue] Section Options</title>
<para>The <literal>[StochasticFairBlue]</literal> section manages the queueing discipline <para>The [StochasticFairBlue] section manages the queueing discipline (qdisc) of stochastic fair blue
(qdisc) of stochastic fair blue (sfb).</para> (sfb).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2811,8 +2774,9 @@
<varlistentry> <varlistentry>
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para> incoming packets are dropped. An unsigned integer in the range 04294967294. Defaults to unset and
kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -2820,8 +2784,8 @@
<refsect1> <refsect1>
<title>[StochasticFairnessQueueing] Section Options</title> <title>[StochasticFairnessQueueing] Section Options</title>
<para>The <literal>[StochasticFairnessQueueing]</literal> section manages the queueing discipline <para>The [StochasticFairnessQueueing] section manages the queueing discipline (qdisc) of stochastic
(qdisc) of stochastic fairness queueing (sfq).</para> fairness queueing (sfq).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2838,8 +2802,8 @@
<refsect1> <refsect1>
<title>[BFIFO] Section Options</title> <title>[BFIFO] Section Options</title>
<para>The <literal>[BFIFO]</literal> section manages the queueing discipline (qdisc) of <para>The [BFIFO] section manages the queueing discipline (qdisc) of Byte limited Packet First In First
Byte limited Packet First In First Out (bfifo).</para> Out (bfifo).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2848,10 +2812,11 @@
<varlistentry> <varlistentry>
<term><varname>LimitBytes=</varname></term> <term><varname>LimitBytes=</varname></term>
<listitem> <listitem>
<para>Specifies the hard limit on the FIFO size in bytes. The size limit (a buffer size) to prevent it <para>Specifies the hard limit on the FIFO size in bytes. The size limit (a buffer size) to prevent
from overflowing in case it is unable to dequeue packets as quickly as it receives them. When this limit it from overflowing in case it is unable to dequeue packets as quickly as it receives them. When
is reached, incoming packets are dropped. When suffixed with K, M, or G, the specified size is parsed as this limit is reached, incoming packets are dropped. When suffixed with K, M, or G, the specified
Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para> size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults
to unset and kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -2859,8 +2824,8 @@
<refsect1> <refsect1>
<title>[PFIFO] Section Options</title> <title>[PFIFO] Section Options</title>
<para>The <literal>[PFIFO]</literal> section manages the queueing discipline (qdisc) of <para>The [PFIFO] section manages the queueing discipline (qdisc) of Packet First In First Out
Packet First In First Out (pfifo).</para> (pfifo).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2869,9 +2834,10 @@
<varlistentry> <varlistentry>
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>Specifies the hard limit on the FIFO size in number of packets. The size limit (a buffer size) to prevent it <para>Specifies the hard limit on the FIFO size in number of packets. The size limit (a buffer
from overflowing in case it is unable to dequeue packets as quickly as it receives them. When this limit is reached, size) to prevent it from overflowing in case it is unable to dequeue packets as quickly as it
incoming packets are dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para> receives them. When this limit is reached, incoming packets are dropped. An unsigned integer in the
range 04294967294. Defaults to unset and kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -2879,8 +2845,8 @@
<refsect1> <refsect1>
<title>[PFIFOHeadDrop] Section Options</title> <title>[PFIFOHeadDrop] Section Options</title>
<para>The <literal>[PFIFOHeadDrop]</literal> section manages the queueing discipline (qdisc) of <para>The [PFIFOHeadDrop] section manages the queueing discipline (qdisc) of Packet First In First Out
Packet First In First Out Head Drop (pfifo_head_drop).</para> Head Drop (pfifo_head_drop).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2889,15 +2855,15 @@
<varlistentry> <varlistentry>
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>As in <literal>[PFIFO]</literal> section.</para></listitem> <para>As in [PFIFO] section.</para></listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>[PFIFOFast] Section Options</title> <title>[PFIFOFast] Section Options</title>
<para>The <literal>[PFIFOFast]</literal> section manages the queueing discipline (qdisc) of <para>The [PFIFOFast] section manages the queueing discipline (qdisc) of Packet First In First Out Fast
Packet First In First Out Fast (pfifo_fast).</para> (pfifo_fast).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2907,8 +2873,8 @@
<refsect1> <refsect1>
<title>[CAKE] Section Options</title> <title>[CAKE] Section Options</title>
<para>The <literal>[CAKE]</literal> section manages the queueing discipline (qdisc) of <para>The [CAKE] section manages the queueing discipline (qdisc) of Common Applications Kept Enhanced
Common Applications Kept Enhanced (CAKE).</para> (CAKE).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2917,8 +2883,8 @@
<varlistentry> <varlistentry>
<term><varname>OverheadBytes=</varname></term> <term><varname>OverheadBytes=</varname></term>
<listitem> <listitem>
<para>Specifies that bytes to be addeded to the size of each packet. Bytes may be negative. <para>Specifies that bytes to be addeded to the size of each packet. Bytes may be negative. Takes
Takes an integer ranges -64 to 256. Defaults to unset and kernel's default is used.</para> an integer in the range from -64 to 256. Defaults to unset and kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2935,7 +2901,7 @@
<refsect1> <refsect1>
<title>[ControlledDelay] Section Options</title> <title>[ControlledDelay] Section Options</title>
<para>The <literal>[ControlledDelay]</literal> section manages the queueing discipline (qdisc) of <para>The [ControlledDelay] section manages the queueing discipline (qdisc) of
controlled delay (CoDel).</para> controlled delay (CoDel).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -2945,8 +2911,9 @@
<varlistentry> <varlistentry>
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para> incoming packets are dropped. An unsigned integer in the range 04294967294. Defaults to unset and
kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2986,8 +2953,8 @@
<refsect1> <refsect1>
<title>[DeficitRoundRobinScheduler] Section Options</title> <title>[DeficitRoundRobinScheduler] Section Options</title>
<para>The <literal>[DeficitRoundRobinScheduler]</literal> section manages the queueing discipline (qdisc) of <para>The [DeficitRoundRobinScheduler] section manages the queueing discipline (qdisc) of Deficit Round
Deficit Round Robin Scheduler (DRR).</para> Robin Scheduler (DRR).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2997,8 +2964,8 @@
<refsect1> <refsect1>
<title>[DeficitRoundRobinSchedulerClass] Section Options</title> <title>[DeficitRoundRobinSchedulerClass] Section Options</title>
<para>The <literal>[DeficitRoundRobinSchedulerClass]</literal> section manages the traffic control class of <para>The [DeficitRoundRobinSchedulerClass] section manages the traffic control class of Deficit Round
Deficit Round Robin Scheduler (DRR).</para> Robin Scheduler (DRR).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="tclass-parent" /> <xi:include href="tc.xml" xpointer="tclass-parent" />
@ -3019,8 +2986,8 @@
<refsect1> <refsect1>
<title>[EnhancedTransmissionSelection] Section Options</title> <title>[EnhancedTransmissionSelection] Section Options</title>
<para>The <literal>[EnhancedTransmissionSelection]</literal> section manages the queueing discipline (qdisc) of <para>The [EnhancedTransmissionSelection] section manages the queueing discipline (qdisc) of Enhanced
Enhanced Transmission Selection (ETS).</para> Transmission Selection (ETS).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3029,18 +2996,17 @@
<varlistentry> <varlistentry>
<term><varname>Bands=</varname></term> <term><varname>Bands=</varname></term>
<listitem> <listitem>
<para>Specifies the number of bands. An unsigned integer ranges 1 to 16. This value has to be <para>Specifies the number of bands. An unsigned integer in the range 116. This value has to be at
at least large enough to cover the strict bands specified through the least large enough to cover the strict bands specified through the <varname>StrictBands=</varname>
<varname>StrictBands=</varname> and bandwidth-sharing bands specified in and bandwidth-sharing bands specified in <varname>QuantumBytes=</varname>.</para>
<varname>QuantumBytes=</varname>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>StrictBands=</varname></term> <term><varname>StrictBands=</varname></term>
<listitem> <listitem>
<para>Specifies the number of bands that should be created in strict mode. An unsigned integer <para>Specifies the number of bands that should be created in strict mode. An unsigned integer in
ranges 1 to 16.</para> the range 116.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -3071,8 +3037,8 @@
<refsect1> <refsect1>
<title>[GenericRandomEarlyDetection] Section Options</title> <title>[GenericRandomEarlyDetection] Section Options</title>
<para>The <literal>[GenericRandomEarlyDetection]</literal> section manages the queueing discipline <para>The [GenericRandomEarlyDetection] section manages the queueing discipline (qdisc) of Generic Random
(qdisc) of Generic Random Early Detection (GRED).</para> Early Detection (GRED).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3105,8 +3071,8 @@
<refsect1> <refsect1>
<title>[FairQueueingControlledDelay] Section Options</title> <title>[FairQueueingControlledDelay] Section Options</title>
<para>The <literal>[FairQueueingControlledDelay]</literal> section manages the queueing discipline <para>The [FairQueueingControlledDelay] section manages the queueing discipline (qdisc) of fair queuing
(qdisc) of fair queuing controlled delay (FQ-CoDel).</para> controlled delay (FQ-CoDel).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3156,7 +3122,7 @@
<varlistentry> <varlistentry>
<term><varname>QuantumBytes=</varname></term> <term><varname>QuantumBytes=</varname></term>
<listitem> <listitem>
<para>Specifies the number of bytes used as 'deficit' in the fair queuing algorithmtimespan. <para>Specifies the number of bytes used as the "deficit" in the fair queuing algorithm timespan.
When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para> respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para>
</listitem> </listitem>
@ -3182,8 +3148,8 @@
<refsect1> <refsect1>
<title>[FairQueueing] Section Options</title> <title>[FairQueueing] Section Options</title>
<para>The <literal>[FairQueueing]</literal> section manages the queueing discipline <para>The [FairQueueing] section manages the queueing discipline (qdisc) of fair queue traffic policing
(qdisc) of fair queue traffic policing (FQ).</para> (FQ).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3271,8 +3237,8 @@
<refsect1> <refsect1>
<title>[TrivialLinkEqualizer] Section Options</title> <title>[TrivialLinkEqualizer] Section Options</title>
<para>The <literal>[TrivialLinkEqualizer]</literal> section manages the queueing discipline (qdisc) of <para>The [TrivialLinkEqualizer] section manages the queueing discipline (qdisc) of trivial link
trivial link equalizer (teql).</para> equalizer (teql).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3292,8 +3258,8 @@
<refsect1> <refsect1>
<title>[HierarchyTokenBucket] Section Options</title> <title>[HierarchyTokenBucket] Section Options</title>
<para>The <literal>[HierarchyTokenBucket]</literal> section manages the queueing discipline (qdisc) of <para>The [HierarchyTokenBucket] section manages the queueing discipline (qdisc) of hierarchy token
hierarchy token bucket (htb).</para> bucket (htb).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3319,8 +3285,8 @@
<refsect1> <refsect1>
<title>[HierarchyTokenBucketClass] Section Options</title> <title>[HierarchyTokenBucketClass] Section Options</title>
<para>The <literal>[HierarchyTokenBucketClass]</literal> section manages the traffic control class of <para>The [HierarchyTokenBucketClass] section manages the traffic control class of hierarchy token bucket
hierarchy token bucket (htb).</para> (htb).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="tclass-parent" /> <xi:include href="tc.xml" xpointer="tclass-parent" />
@ -3401,8 +3367,8 @@
<refsect1> <refsect1>
<title>[HeavyHitterFilter] Section Options</title> <title>[HeavyHitterFilter] Section Options</title>
<para>The <literal>[HeavyHitterFilter]</literal> section manages the queueing discipline <para>The [HeavyHitterFilter] section manages the queueing discipline (qdisc) of Heavy Hitter Filter
(qdisc) of Heavy Hitter Filter (hhf).</para> (hhf).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3411,8 +3377,9 @@
<varlistentry> <varlistentry>
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para> incoming packets are dropped. An unsigned integer in the range 04294967294. Defaults to unset and
kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -3420,8 +3387,8 @@
<refsect1> <refsect1>
<title>[QuickFairQueueing] Section Options</title> <title>[QuickFairQueueing] Section Options</title>
<para>The <literal>[QuickFairQueueing]</literal> section manages the queueing discipline <para>The [QuickFairQueueing] section manages the queueing discipline (qdisc) of Quick Fair Queueing
(qdisc) of Quick Fair Queueing (QFQ).</para> (QFQ).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3431,8 +3398,8 @@
<refsect1> <refsect1>
<title>[QuickFairQueueingClass] Section Options</title> <title>[QuickFairQueueingClass] Section Options</title>
<para>The <literal>[QuickFairQueueingClass]</literal> section manages the traffic control class of <para>The [QuickFairQueueingClass] section manages the traffic control class of Quick Fair Queueing
Quick Fair Queueing (qfq).</para> (qfq).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="tclass-parent" /> <xi:include href="tc.xml" xpointer="tclass-parent" />
@ -3459,9 +3426,9 @@
<refsect1> <refsect1>
<title>[BridgeVLAN] Section Options</title> <title>[BridgeVLAN] Section Options</title>
<para>The <literal>[BridgeVLAN]</literal> section manages the VLAN ID configuration of a bridge port and accepts <para>The [BridgeVLAN] section manages the VLAN ID configuration of a bridge port and accepts the
the following keys. Specify several <literal>[BridgeVLAN]</literal> sections to configure several VLAN entries. following keys. Specify several [BridgeVLAN] sections to configure several VLAN entries. The
The <varname>VLANFiltering=</varname> option has to be enabled, see <literal>[Bridge]</literal> section in <varname>VLANFiltering=</varname> option has to be enabled, see the [Bridge] section in
<citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>

View File

@ -80,7 +80,7 @@
<refsect1> <refsect1>
<title>[Exec] Section Options</title> <title>[Exec] Section Options</title>
<para>Settings files may include an <literal>[Exec]</literal> <para>Settings files may include an [Exec]
section, which carries various execution parameters:</para> section, which carries various execution parameters:</para>
<variablelist class='nspawn-directives'> <variablelist class='nspawn-directives'>
@ -344,7 +344,7 @@
<refsect1> <refsect1>
<title>[Files] Section Options</title> <title>[Files] Section Options</title>
<para>Settings files may include a <literal>[Files]</literal> <para>Settings files may include a [Files]
section, which carries various parameters configuring the file section, which carries various parameters configuring the file
system of the container:</para> system of the container:</para>
@ -405,7 +405,7 @@
<varlistentry> <varlistentry>
<term><varname>Inaccessible=</varname></term> <term><varname>Inaccessible=</varname></term>
<listitem><para>Masks the specified file or directly in the container, by over-mounting it with an empty file <listitem><para>Masks the specified file or directory in the container, by over-mounting it with an empty file
node of the same type with the most restrictive access mode. Takes a file system path as argument. This option node of the same type with the most restrictive access mode. Takes a file system path as argument. This option
may be used multiple times to mask multiple files or directories. This option is equivalent to the command line may be used multiple times to mask multiple files or directories. This option is equivalent to the command line
switch <option>--inaccessible=</option>, see switch <option>--inaccessible=</option>, see
@ -439,7 +439,7 @@
<refsect1> <refsect1>
<title>[Network] Section Options</title> <title>[Network] Section Options</title>
<para>Settings files may include a <literal>[Network]</literal> <para>Settings files may include a [Network]
section, which carries various parameters configuring the network section, which carries various parameters configuring the network
connectivity of the container:</para> connectivity of the container:</para>

View File

@ -33,7 +33,7 @@
<orderedlist> <orderedlist>
<listitem> <listitem>
<para>The package manager prepares system updates by downloading all (RPM or DEB or <para>The package manager prepares system updates by downloading all (.rpm or .deb or
whatever) packages to update off-line in a special directory whatever) packages to update off-line in a special directory
<filename index="false">/var/lib/system-update</filename> (or <filename index="false">/var/lib/system-update</filename> (or
another directory of the package/upgrade manager's choice).</para> another directory of the package/upgrade manager's choice).</para>
@ -85,8 +85,8 @@
</listitem> </listitem>
<listitem> <listitem>
<para>The upgrade scripts should exit only after the update is finished. It is expected <para>The update scripts should exit only after the update is finished. It is expected
that the service which performs the upgrade will cause the machine to reboot after it that the service which performs the update will cause the machine to reboot after it
is done. If the <filename>system-update.target</filename> is successfully reached, i.e. is done. If the <filename>system-update.target</filename> is successfully reached, i.e.
all update services have run, and the <filename>/system-update</filename> symlink still all update services have run, and the <filename>/system-update</filename> symlink still
exists, it will be removed and the machine rebooted as a safety measure.</para> exists, it will be removed and the machine rebooted as a safety measure.</para>

View File

@ -34,9 +34,9 @@
this unit type. See this unit type. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic <literal>[Unit]</literal> and configuration items are configured in the generic [Unit] and
<literal>[Install]</literal> sections. The path specific configuration options are [Install] sections. The path specific configuration options are
configured in the <literal>[Path]</literal> section.</para> configured in the [Path] section.</para>
<para>For each path file, a matching unit file must exist, <para>For each path file, a matching unit file must exist,
describing the unit to activate when the path changes. By default, describing the unit to activate when the path changes. By default,

View File

@ -89,7 +89,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>Scope files may include a <literal>[Scope]</literal> <para>Scope files may include a [Scope]
section, which carries information about the scope and the section, which carries information about the scope and the
units it contains. A number of options that may be used in units it contains. A number of options that may be used in
this section are shared with other unit types. These options are this section are shared with other unit types. These options are
@ -97,7 +97,7 @@
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
and and
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>. <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
The options specific to the <literal>[Scope]</literal> section The options specific to the [Scope] section
of scope units are the following:</para> of scope units are the following:</para>
<variablelist class='unit-directives'> <variablelist class='unit-directives'>

View File

@ -35,9 +35,9 @@
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic configuration items are configured in the generic
<literal>[Unit]</literal> and <literal>[Install]</literal> [Unit] and [Install]
sections. The service specific configuration options are sections. The service specific configuration options are
configured in the <literal>[Service]</literal> section.</para> configured in the [Service] section.</para>
<para>Additional options are listed in <para>Additional options are listed in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
@ -138,7 +138,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>Service files must include a <literal>[Service]</literal> <para>Service files must include a [Service]
section, which carries information about the service and the section, which carries information about the service and the
process it supervises. A number of options that may be used in process it supervises. A number of options that may be used in
this section are shared with other unit types. These options are this section are shared with other unit types. These options are
@ -147,7 +147,7 @@
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
and and
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>. <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
The options specific to the <literal>[Service]</literal> section The options specific to the [Service] section
of service units are the following:</para> of service units are the following:</para>
<variablelist class='unit-directives'> <variablelist class='unit-directives'>
@ -896,7 +896,7 @@
this option will have no effect.</para> this option will have no effect.</para>
<example> <example>
<title>A service with with the <varname>SuccessExitStatus=</varname> setting</title> <title>A service with the <varname>SuccessExitStatus=</varname> setting</title>
<programlisting>SuccessExitStatus=TEMPFAIL 250 SIGUSR1</programlisting> <programlisting>SuccessExitStatus=TEMPFAIL 250 SIGUSR1</programlisting>
@ -1495,7 +1495,7 @@ ExecStart=/usr/sbin/simple-dbus-service
WantedBy=multi-user.target</programlisting> WantedBy=multi-user.target</programlisting>
<para>For <emphasis>bus-activatable</emphasis> services, do not <para>For <emphasis>bus-activatable</emphasis> services, do not
include a <literal>[Install]</literal> section in the systemd include a [Install] section in the systemd
service file, but use the <varname>SystemdService=</varname> service file, but use the <varname>SystemdService=</varname>
option in the corresponding DBus service file, for example option in the corresponding DBus service file, for example
(<filename>/usr/share/dbus-1/system-services/org.example.simple-dbus-service.service</filename>):</para> (<filename>/usr/share/dbus-1/system-services/org.example.simple-dbus-service.service</filename>):</para>

View File

@ -55,9 +55,9 @@
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration for the common options of all unit configuration
files. The common configuration items are configured files. The common configuration items are configured
in the generic <literal>[Unit]</literal> and <literal>[Install]</literal> sections. The in the generic [Unit] and [Install] sections. The
slice specific configuration options are configured in slice specific configuration options are configured in
the <literal>[Slice]</literal> section. Currently, only generic resource control settings the [Slice] section. Currently, only generic resource control settings
as described in as described in
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> are allowed. <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> are allowed.
</para> </para>

View File

@ -35,9 +35,9 @@
this unit type. See this unit type. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic <literal>[Unit]</literal> and configuration items are configured in the generic [Unit] and
<literal>[Install]</literal> sections. The socket specific configuration options are [Install] sections. The socket specific configuration options are
configured in the <literal>[Socket]</literal> section.</para> configured in the [Socket] section.</para>
<para>Additional options are listed in <para>Additional options are listed in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
@ -117,10 +117,9 @@
<listitem><para>Socket units automatically gain a <varname>Before=</varname> <listitem><para>Socket units automatically gain a <varname>Before=</varname>
dependency on the service units they activate.</para></listitem> dependency on the service units they activate.</para></listitem>
<listitem><para>Socket units referring to file system paths (such as AF_UNIX <listitem><para>Socket units referring to file system paths (such as <constant>AF_UNIX</constant>
sockets or FIFOs) implicitly gain <varname>Requires=</varname> and sockets or FIFOs) implicitly gain <varname>Requires=</varname> and <varname>After=</varname>
<varname>After=</varname> dependencies on all mount units dependencies on all mount units necessary to access those paths.</para></listitem>
necessary to access those paths.</para></listitem>
<listitem><para>Socket units using the <varname>BindToDevice=</varname> <listitem><para>Socket units using the <varname>BindToDevice=</varname>
setting automatically gain a <varname>BindsTo=</varname> and setting automatically gain a <varname>BindsTo=</varname> and
@ -300,7 +299,7 @@
url="https://www.kernel.org/doc/Documentation/usb/functionfs.txt">USB url="https://www.kernel.org/doc/Documentation/usb/functionfs.txt">USB
FunctionFS</ulink> endpoints location to listen on, for FunctionFS</ulink> endpoints location to listen on, for
implementation of USB gadget functions. This expects an implementation of USB gadget functions. This expects an
absolute file system path of functionfs mount point as the argument. absolute file system path of FunctionFS mount point as the argument.
Behavior otherwise is very similar to the <varname>ListenFIFO=</varname> Behavior otherwise is very similar to the <varname>ListenFIFO=</varname>
directive above. Use this to open the FunctionFS endpoint directive above. Use this to open the FunctionFS endpoint
<filename>ep0</filename>. When using this option, the <filename>ep0</filename>. When using this option, the
@ -313,9 +312,9 @@
<varlistentry> <varlistentry>
<term><varname>SocketProtocol=</varname></term> <term><varname>SocketProtocol=</varname></term>
<listitem><para>Takes one of <option>udplite</option> <listitem><para>Takes one of <option>udplite</option>
or <option>sctp</option>. Specifies a socket protocol or <option>sctp</option>. The socket will use the UDP-Lite
(<constant>IPPROTO_UDPLITE</constant>) UDP-Lite (<constant>IPPROTO_UDPLITE</constant>) or SCTP
(<constant>IPPROTO_SCTP</constant>) SCTP socket respectively. </para> (<constant>IPPROTO_SCTP</constant>) protocol, respectively.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -349,16 +348,14 @@
<varlistentry> <varlistentry>
<term><varname>BindToDevice=</varname></term> <term><varname>BindToDevice=</varname></term>
<listitem><para>Specifies a network interface name to bind <listitem><para>Specifies a network interface name to bind this socket to. If set, traffic will only
this socket to. If set, traffic will only be accepted from the be accepted from the specified network interfaces. This controls the
specified network interfaces. This controls the <constant>SO_BINDTODEVICE</constant> socket option (see <citerefentry
SO_BINDTODEVICE socket option (see <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> details). If this option is used, an implicit dependency from this socket unit on the network
for details). If this option is used, an implicit dependency interface device unit is created
from this socket unit on the network interface device unit (see <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
(<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry> Note that setting this parameter might result in additional dependencies to be added to the unit (see
is created. Note that setting this parameter might result in
additional dependencies to be added to the unit (see
above).</para></listitem> above).</para></listitem>
</varlistentry> </varlistentry>
@ -366,12 +363,10 @@
<term><varname>SocketUser=</varname></term> <term><varname>SocketUser=</varname></term>
<term><varname>SocketGroup=</varname></term> <term><varname>SocketGroup=</varname></term>
<listitem><para>Takes a UNIX user/group name. When specified, <listitem><para>Takes a UNIX user/group name. When specified, all <constant>AF_UNIX</constant>
all AF_UNIX sockets and FIFO nodes in the file system are sockets and FIFO nodes in the file system are owned by the specified user and group. If unset (the
owned by the specified user and group. If unset (the default), default), the nodes are owned by the root user/group (if run in system context) or the invoking
the nodes are owned by the root user/group (if run in system user/group (if run in user context). If only a user is specified but no group, then the group is
context) or the invoking user/group (if run in user context).
If only a user is specified but no group, then the group is
derived from the user's default group.</para></listitem> derived from the user's default group.</para></listitem>
</varlistentry> </varlistentry>
@ -420,10 +415,10 @@
to work unmodified with systemd socket to work unmodified with systemd socket
activation.</para> activation.</para>
<para>For IPv4 and IPv6 connections, the <varname>REMOTE_ADDR</varname> <para>For IPv4 and IPv6 connections, the <varname>REMOTE_ADDR</varname> environment variable will
environment variable will contain the remote IP address, and <varname>REMOTE_PORT</varname> contain the remote IP address, and <varname>REMOTE_PORT</varname> will contain the remote port. This
will contain the remote port. This is the same as the format used by CGI. is the same as the format used by CGI. For <constant>SOCK_RAW</constant>, the port is the IP
For SOCK_RAW, the port is the IP protocol.</para></listitem> protocol.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -456,17 +451,13 @@
<varlistentry> <varlistentry>
<term><varname>KeepAlive=</varname></term> <term><varname>KeepAlive=</varname></term>
<listitem><para>Takes a boolean argument. If true, the TCP/IP <listitem><para>Takes a boolean argument. If true, the TCP/IP stack will send a keep alive message
stack will send a keep alive message after 2h (depending on after 2h (depending on the configuration of
the configuration of <filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>) for all TCP streams accepted on this
<filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>) socket. This controls the <constant>SO_KEEPALIVE</constant> socket option (see <citerefentry
for all TCP streams accepted on this socket. This controls the project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> and
SO_KEEPALIVE socket option (see the <ulink url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP Keepalive
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> HOWTO</ulink> for details.) Defaults to <option>false</option>.</para></listitem>
and the <ulink
url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
Keepalive HOWTO</ulink> for details.) Defaults to
<option>false</option>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -483,15 +474,12 @@
<varlistentry> <varlistentry>
<term><varname>KeepAliveIntervalSec=</varname></term> <term><varname>KeepAliveIntervalSec=</varname></term>
<listitem><para>Takes time (in seconds) as argument between <listitem><para>Takes time (in seconds) as argument between individual keepalive probes, if the
individual keepalive probes, if the socket option SO_KEEPALIVE socket option <constant>SO_KEEPALIVE</constant> has been set on this socket. This controls the
has been set on this socket. This controls <constant>TCP_KEEPINTVL</constant> socket option (see <citerefentry
the TCP_KEEPINTVL socket option (see project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> and
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> the <ulink url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP Keepalive
and the <ulink HOWTO</ulink> for details.) Defaults value is 75 seconds.</para></listitem>
url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
Keepalive HOWTO</ulink> for details.) Defaults value is 75
seconds.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -513,17 +501,16 @@
algorithm works by combining a number of small outgoing algorithm works by combining a number of small outgoing
messages, and sending them all at once. This controls the messages, and sending them all at once. This controls the
TCP_NODELAY socket option (see TCP_NODELAY socket option (see
<citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry> <citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
Defaults to <option>false</option>.</para></listitem> Defaults to <option>false</option>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>Priority=</varname></term> <term><varname>Priority=</varname></term>
<listitem><para>Takes an integer argument controlling the <listitem><para>Takes an integer argument controlling the priority for all traffic sent from this
priority for all traffic sent from this socket. This controls socket. This controls the <constant>SO_PRIORITY</constant> socket option (see <citerefentry
the SO_PRIORITY socket option (see project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> details.).</para></listitem>
for details.).</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -559,12 +546,12 @@
<varlistentry> <varlistentry>
<term><varname>ReceiveBuffer=</varname></term> <term><varname>ReceiveBuffer=</varname></term>
<term><varname>SendBuffer=</varname></term> <term><varname>SendBuffer=</varname></term>
<listitem><para>Takes an integer argument controlling the <listitem><para>Takes an integer argument controlling the receive or send buffer sizes of this
receive or send buffer sizes of this socket, respectively. socket, respectively. This controls the <constant>SO_RCVBUF</constant> and
This controls the SO_RCVBUF and SO_SNDBUF socket options (see <constant>SO_SNDBUF</constant> socket options (see <citerefentry
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
for details.). The usual suffixes K, M, G are supported and details.). The usual suffixes K, M, G are supported and are understood to the base of
are understood to the base of 1024.</para></listitem> 1024.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -593,23 +580,20 @@
<varlistentry> <varlistentry>
<term><varname>Mark=</varname></term> <term><varname>Mark=</varname></term>
<listitem><para>Takes an integer value. Controls the firewall <listitem><para>Takes an integer value. Controls the firewall mark of packets generated by this
mark of packets generated by this socket. This can be used in socket. This can be used in the firewall logic to filter packets from this socket. This sets the
the firewall logic to filter packets from this socket. This <constant>SO_MARK</constant> socket option. See <citerefentry
sets the SO_MARK socket option. See project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
<citerefentry project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry> details.</para></listitem>
for details.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>ReusePort=</varname></term> <term><varname>ReusePort=</varname></term>
<listitem><para>Takes a boolean value. If true, allows <listitem><para>Takes a boolean value. If true, allows multiple
multiple <citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s to this TCP
<citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s or UDP port. This controls the <constant>SO_REUSEPORT</constant> socket option. See <citerefentry
to this TCP or UDP port. This controls the SO_REUSEPORT socket project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
option. See details.</para></listitem>
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -685,28 +669,23 @@
<varlistentry> <varlistentry>
<term><varname>Broadcast=</varname></term> <term><varname>Broadcast=</varname></term>
<listitem><para>Takes a boolean value. This controls the <listitem><para>Takes a boolean value. This controls the <constant>SO_BROADCAST</constant> socket
SO_BROADCAST socket option, which allows broadcast datagrams option, which allows broadcast datagrams to be sent from this socket. Defaults to
to be sent from this socket. Defaults to
<option>false</option>.</para></listitem> <option>false</option>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PassCredentials=</varname></term> <term><varname>PassCredentials=</varname></term>
<listitem><para>Takes a boolean value. This controls the <listitem><para>Takes a boolean value. This controls the <constant>SO_PASSCRED</constant> socket
SO_PASSCRED socket option, which allows option, which allows <constant>AF_UNIX</constant> sockets to receive the credentials of the sending
<constant>AF_UNIX</constant> sockets to receive the process in an ancillary message. Defaults to <option>false</option>.</para></listitem>
credentials of the sending process in an ancillary message.
Defaults to <option>false</option>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PassSecurity=</varname></term> <term><varname>PassSecurity=</varname></term>
<listitem><para>Takes a boolean value. This controls the <listitem><para>Takes a boolean value. This controls the <constant>SO_PASSSEC</constant> socket
SO_PASSSEC socket option, which allows option, which allows <constant>AF_UNIX</constant> sockets to receive the security context of the
<constant>AF_UNIX</constant> sockets to receive the security sending process in an ancillary message. Defaults to <option>false</option>.</para></listitem>
context of the sending process in an ancillary message.
Defaults to <option>false</option>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -720,11 +699,10 @@
<varlistentry> <varlistentry>
<term><varname>TCPCongestion=</varname></term> <term><varname>TCPCongestion=</varname></term>
<listitem><para>Takes a string value. Controls the TCP <listitem><para>Takes a string value. Controls the TCP congestion algorithm used by this
congestion algorithm used by this socket. Should be one of socket. Should be one of <literal>westwood</literal>, <literal>veno</literal>,
"westwood", "veno", "cubic", "lp" or any other available <literal>cubic</literal>, <literal>lp</literal> or any other available algorithm supported by the IP
algorithm supported by the IP stack. This setting applies only stack. This setting applies only to stream sockets.</para></listitem>
to stream sockets.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -788,15 +766,12 @@
<varlistentry> <varlistentry>
<term><varname>RemoveOnStop=</varname></term> <term><varname>RemoveOnStop=</varname></term>
<listitem><para>Takes a boolean argument. If enabled, any file <listitem><para>Takes a boolean argument. If enabled, any file nodes created by this socket unit are
nodes created by this socket unit are removed when it is removed when it is stopped. This applies to <constant>AF_UNIX</constant> sockets in the file system,
stopped. This applies to AF_UNIX sockets in the file system, POSIX message queues, FIFOs, as well as any symlinks to them configured with
POSIX message queues, FIFOs, as well as any symlinks to them <varname>Symlinks=</varname>. Normally, it should not be necessary to use this option, and is not
configured with <varname>Symlinks=</varname>. Normally, it recommended as services might continue to run after the socket unit has been terminated and it should
should not be necessary to use this option, and is not still be possible to communicate with them via their file system node. Defaults to
recommended as services might continue to run after the socket
unit has been terminated and it should still be possible to
communicate with them via their file system node. Defaults to
off.</para></listitem> off.</para></listitem>
</varlistentry> </varlistentry>

View File

@ -297,7 +297,7 @@
this unit (or <filename>multi-user.target</filename>) during this unit (or <filename>multi-user.target</filename>) during
installation. This is best configured via installation. This is best configured via
<varname>WantedBy=graphical.target</varname> in the unit's <varname>WantedBy=graphical.target</varname> in the unit's
<literal>[Install]</literal> section.</para> [Install] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -447,7 +447,7 @@
add <varname>Wants=</varname> dependencies for their unit to add <varname>Wants=</varname> dependencies for their unit to
this unit during installation. This is best configured via this unit during installation. This is best configured via
<varname>WantedBy=multi-user.target</varname> in the unit's <varname>WantedBy=multi-user.target</varname> in the unit's
<literal>[Install]</literal> section.</para> [Install] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -505,7 +505,7 @@
applications get pulled in via <varname>Wants=</varname> applications get pulled in via <varname>Wants=</varname>
dependencies from this unit. This is best configured via a dependencies from this unit. This is best configured via a
<varname>WantedBy=paths.target</varname> in the path unit's <varname>WantedBy=paths.target</varname> in the path unit's
<literal>[Install]</literal> section.</para> [Install] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -641,7 +641,7 @@
<para>Adding slice units to <filename>slices.target</filename> is generally not <para>Adding slice units to <filename>slices.target</filename> is generally not
necessary. Instead, when some unit that uses <varname>Slice=</varname> is started, the necessary. Instead, when some unit that uses <varname>Slice=</varname> is started, the
specified slice will be started automatically. Adding specified slice will be started automatically. Adding
<varname>WantedBy=slices.target</varname> lines to the <literal>[Install]</literal> <varname>WantedBy=slices.target</varname> lines to the [Install]
section should only be done for units that need to be always active. In that case care section should only be done for units that need to be always active. In that case care
needs to be taken to avoid creating a loop through the automatic dependencies on needs to be taken to avoid creating a loop through the automatic dependencies on
"parent" slices.</para> "parent" slices.</para>
@ -659,7 +659,7 @@
<varname>Wants=</varname> dependencies to this unit for <varname>Wants=</varname> dependencies to this unit for
their socket unit during installation. This is best their socket unit during installation. This is best
configured via a <varname>WantedBy=sockets.target</varname> configured via a <varname>WantedBy=sockets.target</varname>
in the socket unit's <literal>[Install]</literal> in the socket unit's [Install]
section.</para> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -742,7 +742,7 @@
applications get pulled in via <varname>Wants=</varname> applications get pulled in via <varname>Wants=</varname>
dependencies from this unit. This is best configured via dependencies from this unit. This is best configured via
<varname>WantedBy=timers.target</varname> in the timer <varname>WantedBy=timers.target</varname> in the timer
unit's <literal>[Install]</literal> section.</para> unit's [Install] section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1043,7 +1043,7 @@
<para>By default, all user processes and services started on <para>By default, all user processes and services started on
behalf of the user, including the per-user systemd instance behalf of the user, including the per-user systemd instance
are found in this slice. This is pulled in by are found in this slice. This is pulled in by
<filename>systemd-logind.service</filename></para> <filename>systemd-logind.service</filename>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1053,7 +1053,7 @@
<para>By default, all virtual machines and containers <para>By default, all virtual machines and containers
registered with <command>systemd-machined</command> are registered with <command>systemd-machined</command> are
found in this slice. This is pulled in by found in this slice. This is pulled in by
<filename>systemd-machined.service</filename></para> <filename>systemd-machined.service</filename>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -1104,7 +1104,7 @@
<para>This target is active whenever any graphical session is running. It is used to <para>This target is active whenever any graphical session is running. It is used to
stop user services which only apply to a graphical (X, Wayland, etc.) session when the stop user services which only apply to a graphical (X, Wayland, etc.) session when the
session is terminated. Such services should have session is terminated. Such services should have
<literal>PartOf=graphical-session.target</literal> in their <literal>[Unit]</literal> <literal>PartOf=graphical-session.target</literal> in their [Unit]
section. A target for a particular session (e. g. section. A target for a particular session (e. g.
<filename>gnome-session.target</filename>) starts and stops <filename>gnome-session.target</filename>) starts and stops
<literal>graphical-session.target</literal> with <literal>graphical-session.target</literal> with

View File

@ -37,9 +37,9 @@
this unit type. See this unit type. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic <literal>[Unit]</literal> and configuration items are configured in the generic [Unit] and
<literal>[Install]</literal> sections. The swap specific configuration options are [Install] sections. The swap specific configuration options are
configured in the <literal>[Swap]</literal> section.</para> configured in the [Swap] section.</para>
<para>Additional options are listed in <para>Additional options are listed in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
@ -166,7 +166,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>Swap files must include a [Swap] section, which carries <para>Swap unit files must include a [Swap] section, which carries
information about the swap device it supervises. A number of information about the swap device it supervises. A number of
options that may be used in this section are shared with other options that may be used in this section are shared with other
unit types. These options are documented in unit types. These options are documented in

View File

@ -98,10 +98,10 @@ KeyTwo=value 2 \
value 2 continued value 2 continued
[Section C] [Section C]
KeyThree=value 2\ KeyThree=value 3\
# this line is ignored # this line is ignored
; this line is ignored too ; this line is ignored too
value 2 continued value 3 continued
</programlisting></example> </programlisting></example>
<para>Boolean arguments used in configuration files can be written in <para>Boolean arguments used in configuration files can be written in

View File

@ -34,8 +34,8 @@
<para>This unit type has no specific options. See <para>This unit type has no specific options. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic <literal>[Unit]</literal> and configuration items are configured in the generic [Unit] and
<literal>[Install]</literal> sections. A separate <literal>[Target]</literal> section does not exist, [Install] sections. A separate [Target] section does not exist,
since no target-specific options may be configured.</para> since no target-specific options may be configured.</para>
<para>Target units do not offer any additional functionality on <para>Target units do not offer any additional functionality on

View File

@ -98,18 +98,20 @@
<refsect1> <refsect1>
<title>Parsing Timestamps</title> <title>Parsing Timestamps</title>
<para>When parsing, systemd will accept a similar syntax, but expects no timezone specification, unless it is given <para>When parsing, systemd will accept a similar syntax, but expects no timezone specification, unless
as the literal string <literal>UTC</literal> (for the UTC timezone), or is specified to be the locally configured it is given as the literal string <literal>UTC</literal> (for the UTC timezone), or is specified to be
timezone, or the timezone name in the IANA timezone database format. The complete list of timezones the locally configured timezone, or the timezone name in the IANA timezone database format. The complete
supported on your system can be obtained using the <literal>timedatectl list-timezones</literal> list of timezones supported on your system can be obtained using the <literal>timedatectl
(see <citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>). list-timezones</literal> (see
Using IANA format is recommended over local timezone names, as less prone to errors (eg: with local timezone it's possible to <citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>). Using
specify daylight saving time in winter, while it's incorrect). The weekday specification is optional, but when IANA format is recommended over local timezone names, as less prone to errors (e.g. with local timezone
the weekday is specified, it must either be in the abbreviated (<literal>Wed</literal>) or non-abbreviated it's possible to specify daylight saving time in winter, even though that is not correct). The weekday
(<literal>Wednesday</literal>) English language form (case does not matter), and is not subject to the locale specification is optional, but when the weekday is specified, it must either be in the abbreviated
choice of the user. Either the date, or the time part may be omitted, in which case the current date or 00:00:00, (<literal>Wed</literal>) or non-abbreviated (<literal>Wednesday</literal>) English language form (case
respectively, is assumed. The seconds component of the time may also be omitted, in which case ":00" is does not matter), and is not subject to the locale choice of the user. Either the date, or the time part
assumed. Year numbers may be specified in full or may be abbreviated (omitting the century).</para> may be omitted, in which case the current date or 00:00:00, respectively, is assumed. The seconds
component of the time may also be omitted, in which case ":00" is assumed. Year numbers may be specified
in full or may be abbreviated (omitting the century).</para>
<para>A timestamp is considered invalid if a weekday is specified and the date does not match the specified day of <para>A timestamp is considered invalid if a weekday is specified and the date does not match the specified day of
the week.</para> the week.</para>
@ -282,7 +284,7 @@ Wed..Sat,Tue 12-10-15 1:2:3 → Tue..Sat 2012-10-15 01:02:03
<para>Use the <command>calendar</command> command of <para>Use the <command>calendar</command> command of
<citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry> to validate <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry> to validate
and normalize calendar time specifications for testing purposes. The tool also calculates when a specified and normalize calendar time specifications for testing purposes. The tool also calculates when a specified
calendar event would elapse next.</para> calendar event would occur next.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>

View File

@ -35,9 +35,9 @@
this unit type. See this unit type. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic <literal>[Unit]</literal> and configuration items are configured in the generic [Unit] and
<literal>[Install]</literal> sections. The timer specific configuration options are [Install] sections. The timer specific configuration options are
configured in the <literal>[Timer]</literal> section.</para> configured in the [Timer] section.</para>
<para>For each timer file, a matching unit file must exist, <para>For each timer file, a matching unit file must exist,
describing the unit to activate when the timer elapses. By describing the unit to activate when the timer elapses. By

View File

@ -737,7 +737,7 @@
that the listed unit is fully started up before the configured unit is started.</para> that the listed unit is fully started up before the configured unit is started.</para>
<para>When two units with an ordering dependency between them are shut down, the inverse of the <para>When two units with an ordering dependency between them are shut down, the inverse of the
start-up order is applied. i.e. if a unit is configured with <varname>After=</varname> on another start-up order is applied. I.e. if a unit is configured with <varname>After=</varname> on another
unit, the former is stopped before the latter if both are shut down. Given two units with any unit, the former is stopped before the latter if both are shut down. Given two units with any
ordering dependency between them, if one unit is shut down and the other is started up, the shutdown ordering dependency between them, if one unit is shut down and the other is started up, the shutdown
is ordered before the start-up. It doesn't matter if the ordering dependency is is ordered before the start-up. It doesn't matter if the ordering dependency is
@ -833,7 +833,7 @@
<option>--job-mode=</option> option for details on the <option>--job-mode=</option> option for details on the
possible values. If this is set to <literal>isolate</literal>, possible values. If this is set to <literal>isolate</literal>,
only a single unit may be listed in only a single unit may be listed in
<varname>OnFailure=</varname>..</para></listitem> <varname>OnFailure=</varname>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1028,8 +1028,8 @@
<listitem><para>Configure an additional action to take if the rate limit configured with <listitem><para>Configure an additional action to take if the rate limit configured with
<varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same
values as the setting <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings and executes values as the <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings. If
the same actions. If <option>none</option> is set, hitting the rate limit will trigger no action besides that <option>none</option> is set, hitting the rate limit will trigger no action except that
the start will not be permitted. Defaults to <option>none</option>.</para></listitem> the start will not be permitted. Defaults to <option>none</option>.</para></listitem>
</varlistentry> </varlistentry>
@ -1639,7 +1639,7 @@
<refsect1> <refsect1>
<title>[Install] Section Options</title> <title>[Install] Section Options</title>
<para>Unit files may include an <literal>[Install]</literal> section, which carries installation information for <para>Unit files may include an [Install] section, which carries installation information for
the unit. This section is not interpreted by the unit. This section is not interpreted by
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is
used by the <command>enable</command> and <command>disable</command> commands of the used by the <command>enable</command> and <command>disable</command> commands of the

View File

@ -760,13 +760,11 @@
<varlistentry> <varlistentry>
<term><varname>systemd.crash_chvt</varname></term> <term><varname>systemd.crash_chvt</varname></term>
<listitem><para>Takes a positive integer, or a boolean argument. Can be also <listitem><para>Takes a positive integer, or a boolean argument. Can be also specified without an
specified without an argument, with the same effect as a positive boolean. If argument, with the same effect as a positive boolean. If a positive integer (in the range 163) is
a positive integer (in the range 163) is specified, the system manager (PID specified, the system manager (PID 1) will activate the specified virtual terminal when it crashes.
1) will activate the specified virtual terminal (VT) when it Defaults to disabled, meaning that no such switch is attempted. If set to enabled, the virtual
crashes. Defaults to disabled, meaning that no such switch is attempted. If terminal the kernel messages are written to is used instead.</para></listitem>
set to enabled, the VT the kernel messages are written to is selected.
</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1089,14 +1087,15 @@
this context, because they are properly namespaced. When an option is specified both on the kernel this context, because they are properly namespaced. When an option is specified both on the kernel
command line, and as a normal command line argument, the latter has higher precedence.</para> command line, and as a normal command line argument, the latter has higher precedence.</para>
<para>When <command>systemd</command> is used a user manager, the kernel command line is ignored and <para>When <command>systemd</command> is used as a user manager, the kernel command line is ignored and
the options described are understood. Nevertheless, <command>systemd</command> is usually started in the options described are understood. Nevertheless, <command>systemd</command> is usually started in
this mode through the this mode through the
<citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
service, which is shared between all users, and it may be more convenient to use configuration files to service, which is shared between all users, and it may be more convenient to use configuration files to
modify settings, see modify settings, see
<citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
or a drop-in that specifies one of the environment variables listed above in "Environment, see or a drop-in that specifies one of the environment variables listed above in the Environment section,
see
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
<variablelist> <variablelist>
@ -1146,8 +1145,8 @@
<varlistentry> <varlistentry>
<term><option>--show-status</option></term> <term><option>--show-status</option></term>
<listitem><para>Show terse unit status information is shown on the console during boot-up and <listitem><para>Show terse unit status information on the console during boot-up and shutdown. See
shutdown. See <varname>systemd.show_status</varname> above.</para></listitem> <varname>systemd.show_status</varname> above.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

View File

@ -10,27 +10,28 @@
<varlistentry id='qdisc-parent'> <varlistentry id='qdisc-parent'>
<term><varname>Parent=</varname></term> <term><varname>Parent=</varname></term>
<listitem> <listitem>
<para>Specifies the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>, <para>Configures the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>,
<literal>clsact</literal>, <literal>ingress</literal> or a class id. The class id takes the <literal>clsact</literal>, <literal>ingress</literal> or a class identifier. The class identifier is
major and minor number in hexadecimal ranges 1 to ffff separated with a colon specified as the major and minor numbers in hexadecimal in the range 0x1Oxffff separated with a
(<literal>major:minor</literal>). Defaults to <literal>root</literal>.</para> colon (<literal>major:minor</literal>). Defaults to <literal>root</literal>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry id='qdisc-handle'> <varlistentry id='qdisc-handle'>
<term><varname>Handle=</varname></term> <term><varname>Handle=</varname></term>
<listitem> <listitem>
<para>Specifies the major number of unique identifier of the qdisc, known as the handle. <para>Configures the major number of unique identifier of the qdisc, known as the handle.
Takes a number in hexadecimal ranges 1 to ffff. Defaults to unset.</para> Takes a hexadecimal number in the range 0x10xffff. Defaults to unset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry id='tclass-parent'> <varlistentry id='tclass-parent'>
<term><varname>Parent=</varname></term> <term><varname>Parent=</varname></term>
<listitem> <listitem>
<para>Specifies the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>, <para>Configures the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>, or a
or a qdisc id. The qdisc id takes the major and minor number in hexadecimal ranges 1 to ffff qdisc identifier. The qdisc identifier is specified as the major and minor numbers in hexadecimal in
separated with a colon (<literal>major:minor</literal>). Defaults to <literal>root</literal>. the range 0x1Oxffff separated with a colon (<literal>major:minor</literal>). Defaults to
<literal>root</literal>.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -38,8 +39,9 @@
<varlistentry id='tclass-classid'> <varlistentry id='tclass-classid'>
<term><varname>ClassId=</varname></term> <term><varname>ClassId=</varname></term>
<listitem> <listitem>
<para>Specifies the major and minur number of unique identifier of the class, known as the <para>Configues the unique identifier of the class. It is specified as the major and minor numbers in
class ID. Each number is in hexadecimal ranges 1 to ffff. Defaults to unset.</para> hexadecimal in the range 0x1Oxffff separated with a colon (<literal>major:minor</literal>).
Defaults to unset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

View File

@ -41,7 +41,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>The following settings are configured in the <literal>[Time]</literal> section:</para> <para>The following settings are configured in the [Time] section:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>

View File

@ -163,11 +163,10 @@
<title>Well-Known Services</title> <title>Well-Known Services</title>
<para>The <command>userdbctl services</command> command will list all currently running services that <para>The <command>userdbctl services</command> command will list all currently running services that
provide user or group definitions to the system. The following are well-known services are shown among provide user or group definitions to the system. The following well-known services are shown among
this list.</para> this list:</para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><constant>io.systemd.DynamicUser</constant></term> <term><constant>io.systemd.DynamicUser</constant></term>

View File

@ -537,8 +537,7 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) {
} }
int unit_name_from_path_instance(const char *prefix, const char *path, const char *suffix, char **ret) { int unit_name_from_path_instance(const char *prefix, const char *path, const char *suffix, char **ret) {
_cleanup_free_ char *p = NULL; _cleanup_free_ char *p = NULL, *s = NULL;
char *s;
int r; int r;
assert(prefix); assert(prefix);
@ -564,7 +563,7 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha
if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE)) if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE))
return -EINVAL; return -EINVAL;
*ret = s; *ret = TAKE_PTR(s);
return 0; return 0;
} }

View File

@ -777,7 +777,7 @@ bool valid_user_group_name(const char *u, ValidUserFlags flags) {
return false; return false;
if (in_charset(u, "0123456789")) /* Don't allow fully numeric strings, they might be confused if (in_charset(u, "0123456789")) /* Don't allow fully numeric strings, they might be confused
* with with UIDs (note that this test is more broad than * with UIDs (note that this test is more broad than
* the parse_uid() test above, as it will cover more than * the parse_uid() test above, as it will cover more than
* the 32bit range, and it will detect 65535 (which is in * the 32bit range, and it will detect 65535 (which is in
* invalid UID, even though in the unsigned 32 bit range) */ * invalid UID, even though in the unsigned 32 bit range) */

View File

@ -142,12 +142,12 @@ static int list_homes(int argc, char *argv[], void *userdata) {
TABLE_UID, uid, TABLE_UID, uid,
TABLE_GID, gid); TABLE_GID, gid);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to add row to table: %m"); return table_log_add_error(r);
r = table_add_cell(table, &cell, TABLE_STRING, state); r = table_add_cell(table, &cell, TABLE_STRING, state);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to add field to table: %m"); return table_log_add_error(r);
color = user_record_state_color(state); color = user_record_state_color(state);
if (color) if (color)
@ -158,7 +158,7 @@ static int list_homes(int argc, char *argv[], void *userdata) {
TABLE_STRING, home, TABLE_STRING, home,
TABLE_STRING, strna(empty_to_null(shell))); TABLE_STRING, strna(empty_to_null(shell)));
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to add row to table: %m"); return table_log_add_error(r);
} }
r = sd_bus_message_exit_container(reply); r = sd_bus_message_exit_container(reply);

View File

@ -13,8 +13,8 @@
#include "signal-util.h" #include "signal-util.h"
static int run(int argc, char *argv[]) { static int run(int argc, char *argv[]) {
_cleanup_(notify_on_cleanup) const char *notify_stop = NULL;
_cleanup_(manager_freep) Manager *m = NULL; _cleanup_(manager_freep) Manager *m = NULL;
_cleanup_(notify_on_cleanup) const char *notify_stop = NULL;
int r; int r;
log_setup_service(); log_setup_service();

View File

@ -14,12 +14,14 @@
#include "alloc-util.h" #include "alloc-util.h"
#include "bus-error.h" #include "bus-error.h"
#include "bus-util.h" #include "bus-util.h"
#include "daemon-util.h"
#include "def.h" #include "def.h"
#include "fd-util.h" #include "fd-util.h"
#include "format-util.h" #include "format-util.h"
#include "initreq.h" #include "initreq.h"
#include "list.h" #include "list.h"
#include "log.h" #include "log.h"
#include "main-func.h"
#include "memory-util.h" #include "memory-util.h"
#include "process-util.h" #include "process-util.h"
#include "special.h" #include "special.h"
@ -68,11 +70,9 @@ static const char *translate_runlevel(int runlevel, bool *isolate) {
{ '6', SPECIAL_REBOOT_TARGET, false }, { '6', SPECIAL_REBOOT_TARGET, false },
}; };
unsigned i;
assert(isolate); assert(isolate);
for (i = 0; i < ELEMENTSOF(table); i++) for (size_t i = 0; i < ELEMENTSOF(table); i++)
if (table[i].runlevel == runlevel) { if (table[i].runlevel == runlevel) {
*isolate = table[i].isolate; *isolate = table[i].isolate;
if (runlevel == '6' && kexec_loaded()) if (runlevel == '6' && kexec_loaded())
@ -228,6 +228,7 @@ static void fifo_free(Fifo *f) {
free(f); free(f);
} }
DEFINE_TRIVIAL_CLEANUP_FUNC(Fifo*, fifo_free);
static void server_done(Server *s) { static void server_done(Server *s) {
assert(s); assert(s);
@ -241,79 +242,49 @@ static void server_done(Server *s) {
static int server_init(Server *s, unsigned n_sockets) { static int server_init(Server *s, unsigned n_sockets) {
int r; int r;
unsigned i;
/* This function will leave s partially initialized on failure. Caller needs to clean up. */
assert(s); assert(s);
assert(n_sockets > 0); assert(n_sockets > 0);
*s = (struct Server) { s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
.epoll_fd = epoll_create1(EPOLL_CLOEXEC), if (s->epoll_fd < 0)
}; return log_error_errno(errno, "Failed to create epoll object: %m");
if (s->epoll_fd < 0) { for (unsigned i = 0; i < n_sockets; i++) {
r = log_error_errno(errno, _cleanup_(fifo_freep) Fifo *f = NULL;
"Failed to create epoll object: %m"); int fd = SD_LISTEN_FDS_START + i;
goto fail;
}
for (i = 0; i < n_sockets; i++) {
Fifo *f;
int fd;
fd = SD_LISTEN_FDS_START+i;
r = sd_is_fifo(fd, NULL); r = sd_is_fifo(fd, NULL);
if (r < 0) { if (r < 0)
log_error_errno(r, "Failed to determine file descriptor type: %m"); return log_error_errno(r, "Failed to determine file descriptor type: %m");
goto fail; if (!r)
} return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Wrong file descriptor type.");
if (!r) {
log_error("Wrong file descriptor type.");
r = -EINVAL;
goto fail;
}
f = new0(Fifo, 1); f = new0(Fifo, 1);
if (!f) { if (!f)
r = -ENOMEM; return log_oom();
log_error_errno(errno, "Failed to create fifo object: %m");
goto fail;
}
f->fd = -1;
struct epoll_event ev = { struct epoll_event ev = {
.events = EPOLLIN, .events = EPOLLIN,
.data.ptr = f, .data.ptr = f,
}; };
if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, fd, &ev) < 0) { if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, fd, &ev) < 0)
r = -errno; return log_error_errno(errno, "Failed to add fifo fd to epoll object: %m");
fifo_free(f);
log_error_errno(errno, "Failed to add fifo fd to epoll object: %m");
goto fail;
}
f->fd = fd; f->fd = fd;
LIST_PREPEND(fifo, s->fifos, f);
f->server = s; f->server = s;
LIST_PREPEND(fifo, s->fifos, TAKE_PTR(f));
s->n_fifos++; s->n_fifos++;
} }
r = bus_connect_system_systemd(&s->bus); r = bus_connect_system_systemd(&s->bus);
if (r < 0) { if (r < 0)
log_error_errno(r, "Failed to get D-Bus connection: %m"); return log_error_errno(r, "Failed to get D-Bus connection: %m");
r = -EIO;
goto fail;
}
return 0; return 0;
fail:
server_done(s);
return r;
} }
static int process_event(Server *s, struct epoll_event *ev) { static int process_event(Server *s, struct epoll_event *ev) {
@ -337,43 +308,33 @@ static int process_event(Server *s, struct epoll_event *ev) {
return 0; return 0;
} }
int main(int argc, char *argv[]) { static int run(int argc, char *argv[]) {
Server server; _cleanup_(server_done) Server server = { .epoll_fd = -1 };
int r = EXIT_FAILURE, n; _cleanup_(notify_on_cleanup) const char *notify_stop = NULL;
int r, n;
if (getppid() != 1) { if (argc > 1)
log_error("This program should be invoked by init only."); return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
return EXIT_FAILURE; "This program does not take arguments.");
}
if (argc > 1) {
log_error("This program does not take arguments.");
return EXIT_FAILURE;
}
log_setup_service(); log_setup_service();
umask(0022); umask(0022);
n = sd_listen_fds(true); n = sd_listen_fds(true);
if (n < 0) { if (n < 0)
log_error_errno(r, "Failed to read listening file descriptors from environment: %m"); return log_error_errno(errno,
return EXIT_FAILURE; "Failed to read listening file descriptors from environment: %m");
}
if (n <= 0 || n > SERVER_FD_MAX) { if (n <= 0 || n > SERVER_FD_MAX)
log_error("No or too many file descriptors passed."); return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
return EXIT_FAILURE; "No or too many file descriptors passed.");
}
if (server_init(&server, (unsigned) n) < 0) r = server_init(&server, (unsigned) n);
return EXIT_FAILURE; if (r < 0)
return r;
log_debug("systemd-initctl running as pid "PID_FMT, getpid_cached()); notify_stop = notify_start(NOTIFY_READY, NOTIFY_STOPPING);
sd_notify(false,
"READY=1\n"
"STATUS=Processing requests...");
while (!server.quit) { while (!server.quit) {
struct epoll_event event; struct epoll_event event;
@ -383,27 +344,17 @@ int main(int argc, char *argv[]) {
if (k < 0) { if (k < 0) {
if (errno == EINTR) if (errno == EINTR)
continue; continue;
log_error_errno(errno, "epoll_wait() failed: %m"); return log_error_errno(errno, "epoll_wait() failed: %m");
goto fail;
} }
if (k == 0)
if (k <= 0)
break; break;
if (process_event(&server, &event) < 0) r = process_event(&server, &event);
goto fail; if (r < 0)
return r;
} }
r = EXIT_SUCCESS; return 0;
log_debug("systemd-initctl stopped as pid "PID_FMT, getpid_cached());
fail:
sd_notify(false,
"STOPPING=1\n"
"STATUS=Shutting down...");
server_done(&server);
return r;
} }
DEFINE_MAIN_FUNCTION(run);

View File

@ -1104,8 +1104,8 @@ static int load_certificates(char **key, char **cert, char **trust) {
} }
static int run(int argc, char **argv) { static int run(int argc, char **argv) {
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
_cleanup_(journal_remote_server_destroy) RemoteServer s = {}; _cleanup_(journal_remote_server_destroy) RemoteServer s = {};
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
_cleanup_free_ char *key = NULL, *cert = NULL, *trust = NULL; _cleanup_free_ char *key = NULL, *cert = NULL, *trust = NULL;
int r; int r;

View File

@ -815,8 +815,8 @@ static int open_journal(sd_journal **j) {
} }
static int run(int argc, char **argv) { static int run(int argc, char **argv) {
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
_cleanup_(destroy_uploader) Uploader u = {}; _cleanup_(destroy_uploader) Uploader u = {};
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
bool use_journal; bool use_journal;
int r; int r;

View File

@ -625,7 +625,7 @@ int journal_file_fstat(JournalFile *f) {
f->last_stat_usec = now(CLOCK_MONOTONIC); f->last_stat_usec = now(CLOCK_MONOTONIC);
/* Refuse dealing with with files that aren't regular */ /* Refuse dealing with files that aren't regular */
r = stat_verify_regular(&f->last_stat); r = stat_verify_regular(&f->last_stat);
if (r < 0) if (r < 0)
return r; return r;

View File

@ -43,7 +43,7 @@ struct match_callback {
unsigned last_iteration; unsigned last_iteration;
/* Don't dispatch this slot with with messages that arrived in any iteration before or at the this /* Don't dispatch this slot with messages that arrived in any iteration before or at the this
* one. We use this to ensure that matches don't apply "retroactively" and thus can confuse the * one. We use this to ensure that matches don't apply "retroactively" and thus can confuse the
* caller: matches will only match incoming messages from the moment on the match was installed. */ * caller: matches will only match incoming messages from the moment on the match was installed. */
uint64_t after; uint64_t after;

View File

@ -4,9 +4,6 @@
#include <sys/ioctl.h> #include <sys/ioctl.h>
#include <sys/types.h> #include <sys/types.h>
#include <linux/vt.h> #include <linux/vt.h>
#if ENABLE_UTMP
#include <utmpx.h>
#endif
#include "sd-device.h" #include "sd-device.h"
@ -29,6 +26,7 @@
#include "udev-util.h" #include "udev-util.h"
#include "user-util.h" #include "user-util.h"
#include "userdb.h" #include "userdb.h"
#include "utmp-wtmp.h"
void manager_reset_config(Manager *m) { void manager_reset_config(Manager *m) {
assert(m); assert(m);
@ -685,13 +683,14 @@ bool manager_all_buttons_ignored(Manager *m) {
int manager_read_utmp(Manager *m) { int manager_read_utmp(Manager *m) {
#if ENABLE_UTMP #if ENABLE_UTMP
int r; int r;
_cleanup_(utxent_cleanup) bool utmpx = false;
assert(m); assert(m);
if (utmpxname(_PATH_UTMPX) < 0) if (utmpxname(_PATH_UTMPX) < 0)
return log_error_errno(errno, "Failed to set utmp path to " _PATH_UTMPX ": %m"); return log_error_errno(errno, "Failed to set utmp path to " _PATH_UTMPX ": %m");
setutxent(); utmpx = utxent_start();
for (;;) { for (;;) {
_cleanup_free_ char *t = NULL; _cleanup_free_ char *t = NULL;
@ -704,8 +703,7 @@ int manager_read_utmp(Manager *m) {
if (!u) { if (!u) {
if (errno != 0) if (errno != 0)
log_warning_errno(errno, "Failed to read " _PATH_UTMPX ", ignoring: %m"); log_warning_errno(errno, "Failed to read " _PATH_UTMPX ", ignoring: %m");
r = 0; return 0;
break;
} }
if (u->ut_type != USER_PROCESS) if (u->ut_type != USER_PROCESS)
@ -715,18 +713,14 @@ int manager_read_utmp(Manager *m) {
continue; continue;
t = strndup(u->ut_line, sizeof(u->ut_line)); t = strndup(u->ut_line, sizeof(u->ut_line));
if (!t) { if (!t)
r = log_oom(); return log_oom();
break;
}
c = path_startswith(t, "/dev/"); c = path_startswith(t, "/dev/");
if (c) { if (c) {
r = free_and_strdup(&t, c); r = free_and_strdup(&t, c);
if (r < 0) { if (r < 0)
log_oom(); return log_oom();
break;
}
} }
if (isempty(t)) if (isempty(t))
@ -756,8 +750,6 @@ int manager_read_utmp(Manager *m) {
log_debug("Acquired TTY information '%s' from utmp for session '%s'.", s->tty, s->id); log_debug("Acquired TTY information '%s' from utmp for session '%s'.", s->tty, s->id);
} }
endutxent();
return r;
#else #else
return 0; return 0;
#endif #endif

View File

@ -17,8 +17,8 @@
#include "user-util.h" #include "user-util.h"
static int run(int argc, char *argv[]) { static int run(int argc, char *argv[]) {
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
_cleanup_(manager_freep) Manager *m = NULL; _cleanup_(manager_freep) Manager *m = NULL;
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
int r; int r;
log_setup_service(); log_setup_service();

View File

@ -283,7 +283,7 @@ int config_parse_ets_prio(
lvalue, word); lvalue, word);
continue; continue;
} }
if (ets->n_quanta > TC_PRIO_MAX) { if (ets->n_prio > TC_PRIO_MAX) {
log_syntax(unit, LOG_ERR, filename, line, 0, log_syntax(unit, LOG_ERR, filename, line, 0,
"Too many priomap in '%s=', ignoring assignment: %s", "Too many priomap in '%s=', ignoring assignment: %s",
lvalue, word); lvalue, word);

View File

@ -183,8 +183,8 @@ static int parse_argv(int argc, char *argv[]) {
} }
static int run(int argc, char *argv[]) { static int run(int argc, char *argv[]) {
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
_cleanup_(manager_freep) Manager *m = NULL; _cleanup_(manager_freep) Manager *m = NULL;
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
int r; int r;
log_setup_service(); log_setup_service();

View File

@ -1666,7 +1666,7 @@ static int context_dump_partitions(Context *context, const char *node) {
TABLE_UINT64, p->new_padding, TABLE_UINT64, p->new_padding,
TABLE_STRING, padding_change, TABLE_SET_COLOR, !p->partitions_next && sum_padding > 0 ? ansi_underline() : NULL); TABLE_STRING, padding_change, TABLE_SET_COLOR, !p->partitions_next && sum_padding > 0 ? ansi_underline() : NULL);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to add row to table: %m"); return table_log_add_error(r);
} }
if (sum_padding > 0 || sum_size > 0) { if (sum_padding > 0 || sum_size > 0) {
@ -1689,7 +1689,7 @@ static int context_dump_partitions(Context *context, const char *node) {
TABLE_EMPTY, TABLE_EMPTY,
TABLE_STRING, b); TABLE_STRING, b);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to add row to table: %m"); return table_log_add_error(r);
} }
r = table_print(t, stdout); r = table_print(t, stdout);

View File

@ -22,8 +22,8 @@
#include "user-util.h" #include "user-util.h"
static int run(int argc, char *argv[]) { static int run(int argc, char *argv[]) {
_cleanup_(notify_on_cleanup) const char *notify_stop = NULL;
_cleanup_(manager_freep) Manager *m = NULL; _cleanup_(manager_freep) Manager *m = NULL;
_cleanup_(notify_on_cleanup) const char *notify_stop = NULL;
int r; int r;
log_setup_service(); log_setup_service();

View File

@ -202,7 +202,7 @@ typedef struct Fido2HmacSalt {
void *salt; void *salt;
size_t salt_size; size_t salt_size;
/* What to test the hashed salt value against, usualy UNIX password hash here. */ /* What to test the hashed salt value against, usually UNIX password hash here. */
char *hashed_password; char *hashed_password;
} Fido2HmacSalt; } Fido2HmacSalt;

View File

@ -25,8 +25,8 @@
#include "utmp-wtmp.h" #include "utmp-wtmp.h"
int utmp_get_runlevel(int *runlevel, int *previous) { int utmp_get_runlevel(int *runlevel, int *previous) {
_cleanup_(utxent_cleanup) bool utmpx = false;
struct utmpx *found, lookup = { .ut_type = RUN_LVL }; struct utmpx *found, lookup = { .ut_type = RUN_LVL };
int r;
const char *e; const char *e;
assert(runlevel); assert(runlevel);
@ -35,8 +35,7 @@ int utmp_get_runlevel(int *runlevel, int *previous) {
* precedence. Presumably, sysvinit does this to work around a * precedence. Presumably, sysvinit does this to work around a
* race condition that would otherwise exist where we'd always * race condition that would otherwise exist where we'd always
* go to disk and hence might read runlevel data that might be * go to disk and hence might read runlevel data that might be
* very new and does not apply to the current script being * very new and not apply to the current script being executed. */
* executed. */
e = getenv("RUNLEVEL"); e = getenv("RUNLEVEL");
if (e && e[0] > 0) { if (e && e[0] > 0) {
@ -58,27 +57,17 @@ int utmp_get_runlevel(int *runlevel, int *previous) {
if (utmpxname(_PATH_UTMPX) < 0) if (utmpxname(_PATH_UTMPX) < 0)
return -errno; return -errno;
setutxent(); utmpx = utxent_start();
found = getutxid(&lookup); found = getutxid(&lookup);
if (!found) if (!found)
r = -errno; return -errno;
else {
int a, b;
a = found->ut_pid & 0xFF; *runlevel = found->ut_pid & 0xFF;
b = (found->ut_pid >> 8) & 0xFF;
*runlevel = a;
if (previous) if (previous)
*previous = b; *previous = (found->ut_pid >> 8) & 0xFF;
r = 0; return 0;
}
endutxent();
return r;
} }
static void init_timestamp(struct utmpx *store, usec_t t) { static void init_timestamp(struct utmpx *store, usec_t t) {
@ -106,7 +95,7 @@ static void init_entry(struct utmpx *store, usec_t t) {
} }
static int write_entry_utmp(const struct utmpx *store) { static int write_entry_utmp(const struct utmpx *store) {
int r; _cleanup_(utxent_cleanup) bool utmpx = false;
assert(store); assert(store);
@ -117,26 +106,35 @@ static int write_entry_utmp(const struct utmpx *store) {
if (utmpxname(_PATH_UTMPX) < 0) if (utmpxname(_PATH_UTMPX) < 0)
return -errno; return -errno;
setutxent(); utmpx = utxent_start();
if (!pututxline(store)) if (pututxline(store))
r = -errno; return 0;
else if (errno == ENOENT) {
r = 0; /* If utmp/wtmp have been disabled, that's a good thing, hence ignore the error. */
log_debug_errno(errno, "Not writing utmp: %m");
endutxent(); return 0;
}
return r; return -errno;
} }
static int write_entry_wtmp(const struct utmpx *store) { static int write_entry_wtmp(const struct utmpx *store) {
assert(store); assert(store);
/* wtmp is a simple append-only file where each entry is /* wtmp is a simple append-only file where each entry is
simply appended to the end; i.e. basically a log. */ * simply appended to the end; i.e. basically a log. */
errno = 0; errno = 0;
updwtmpx(_PATH_WTMPX, store); updwtmpx(_PATH_WTMPX, store);
if (errno == ENOENT) {
/* If utmp/wtmp have been disabled, that's a good thing, hence ignore the error. */
log_debug_errno(errno, "Not writing wtmp: %m");
return 0;
}
if (errno == EROFS) {
log_warning_errno(errno, "Failed to write wtmp record, ignoring: %m");
return 0;
}
return -errno; return -errno;
} }
@ -145,16 +143,7 @@ static int write_utmp_wtmp(const struct utmpx *store_utmp, const struct utmpx *s
r = write_entry_utmp(store_utmp); r = write_entry_utmp(store_utmp);
s = write_entry_wtmp(store_wtmp); s = write_entry_wtmp(store_wtmp);
return r < 0 ? r : s;
if (r >= 0)
r = s;
/* If utmp/wtmp have been disabled, that's a good thing, hence
* ignore the errors */
if (r == -ENOENT)
r = 0;
return r;
} }
static int write_entry_both(const struct utmpx *store) { static int write_entry_both(const struct utmpx *store) {

Some files were not shown because too many files have changed in this diff Show More