Compare commits
16 Commits
a64911f9b7
...
b3077c47a8
Author | SHA1 | Date |
---|---|---|
Lennart Poettering | b3077c47a8 | |
Maciej S. Szmigiero | c5bc4f77d9 | |
Zbigniew Jędrzejewski-Szmek | 5544cd3199 | |
Frantisek Sumsal | 9a61e8fca2 | |
Zbigniew Jędrzejewski-Szmek | b37e4d9c87 | |
Vito Caputo | e26538dd04 | |
fangxiuning | f987a261b4 | |
Zbigniew Jędrzejewski-Szmek | f04a98e13f | |
Zbigniew Jędrzejewski-Szmek | bdac560801 | |
Zbigniew Jędrzejewski-Szmek | e9dd698407 | |
Zbigniew Jędrzejewski-Szmek | ca1d199b48 | |
Zbigniew Jędrzejewski-Szmek | c2a9909377 | |
Zbigniew Jędrzejewski-Szmek | 272ac70a21 | |
Zbigniew Jędrzejewski-Szmek | cc090ca7fe | |
Zbigniew Jędrzejewski-Szmek | e9d9d50cef | |
Zbigniew Jędrzejewski-Szmek | bc9d1dbfc8 |
|
@ -628,7 +628,7 @@ hash to test this derived secret key against for authentication. It is
|
|||
generally recommended that for each entry in `fido2HmacSalt` there's also a
|
||||
matching one in `fido2HmacCredential`, and vice versa, with the same credential
|
||||
ID, appearing in the same order, but this should not be required by
|
||||
applications processing user recrods.
|
||||
applications processing user records.
|
||||
|
||||
## Fields in the `perMachine` section
|
||||
|
||||
|
|
|
@ -381,6 +381,10 @@ mouse:usb:v046dp101b:name:Logitech M705:
|
|||
mouse:usb:v046dpc52b:name:Logitech Unifying Device. Wireless PID:101b:
|
||||
MOUSE_DPI=1000@125
|
||||
|
||||
# Logitech M705 (newer version?)
|
||||
mouse:usb:v046dp406d:name:Logitech M705:
|
||||
MOUSE_DPI=1000@167
|
||||
|
||||
# Logitech M305 Wireless Optical Mouse
|
||||
mouse:usb:v046dpc52f:name:Logitech USB Receiver:
|
||||
MOUSE_DPI=1000@170
|
||||
|
|
|
@ -49,7 +49,7 @@
|
|||
<title>Options</title>
|
||||
|
||||
<para>All options are configured in the
|
||||
<literal>[Coredump]</literal> section:</para>
|
||||
[Coredump] section:</para>
|
||||
|
||||
<variablelist class='config-directives'>
|
||||
|
||||
|
|
|
@ -52,8 +52,8 @@
|
|||
matching specified characteristics. If no command is
|
||||
specified, this is the implied default.</para>
|
||||
|
||||
<para>The output is designed to be human readable and contains list contains
|
||||
a table with the following columns:</para>
|
||||
<para>The output is designed to be human readable and contains a table with the following
|
||||
columns:</para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>TIME</term>
|
||||
|
|
|
@ -255,6 +255,7 @@
|
|||
|
||||
<listitem><para>Perform encryption using the same cpu that IO was submitted on. The default is to use
|
||||
an unbound workqueue so that encryption work is automatically balanced between available CPUs.</para>
|
||||
|
||||
<para>This requires kernel 4.0 or newer.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -263,9 +264,10 @@
|
|||
<term><option>submit-from-crypt-cpus</option></term>
|
||||
|
||||
<listitem><para>Disable offloading writes to a separate thread after encryption. There are some
|
||||
situations where offloading write bios from the encryption threads to a single thread degrades
|
||||
performance significantly. The default is to offload write bios to the same thread because it benefits
|
||||
CFQ to have writes submitted using the same context.</para>
|
||||
situations where offloading write requests from the encryption threads to a dedicated thread degrades
|
||||
performance significantly. The default is to offload write requests to a dedicated thread because it
|
||||
benefits the CFQ scheduler to have writes submitted using the same context.</para>
|
||||
|
||||
<para>This requires kernel 4.0 or newer.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -512,7 +514,8 @@ external /dev/sda3 keyfile:LABEL=keydev keyfile-timeout=10s</programlist
|
|||
|
||||
<para>The PKCS#11 logic allows hooking up any compatible security token that is capable of storing RSA
|
||||
decryption keys. Here's an example how to set up a Yubikey security token for this purpose, using
|
||||
<command>ykman</command> from the yubikey-manager project:</para>
|
||||
<citerefentry project='debian'><refentrytitle>ykmap</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
from the yubikey-manager project:</para>
|
||||
|
||||
<programlisting><xi:include href="yubikey-crypttab.sh" parse="text" /></programlisting>
|
||||
|
||||
|
|
|
@ -357,7 +357,7 @@
|
|||
special target unit <filename>sockets.target</filename>. It is
|
||||
recommended to place a
|
||||
<varname>WantedBy=sockets.target</varname> directive in the
|
||||
<literal>[Install]</literal> section to automatically add such a
|
||||
[Install] section to automatically add such a
|
||||
dependency on installation of a socket unit. Unless
|
||||
<varname>DefaultDependencies=no</varname> is set, the necessary
|
||||
ordering dependencies are implicitly created for all socket
|
||||
|
@ -520,7 +520,7 @@
|
|||
operating system-independent.</para></listitem>
|
||||
|
||||
<listitem><para>Make sure to include an
|
||||
<literal>[Install]</literal> section including installation
|
||||
[Install] section including installation
|
||||
information for the unit file. See
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for details. To activate your service on boot, make sure to
|
||||
|
|
|
@ -648,7 +648,7 @@
|
|||
<filename>/usr/share/</filename> hierarchy to the locations
|
||||
defined by the various relevant specifications.</para>
|
||||
|
||||
<para>During runtime, and for local configuration and state,
|
||||
<para>During runtime, and for local configuration and runtime state,
|
||||
additional directories are defined:</para>
|
||||
|
||||
<table>
|
||||
|
|
|
@ -119,9 +119,9 @@
|
|||
<term><option>--identity=</option><replaceable>FILE</replaceable></term>
|
||||
|
||||
<listitem><para>Read the user's JSON record from the specified file. If passed as
|
||||
<literal>-</literal> reads the user record from standard input. The supplied JSON object must follow
|
||||
the structure documented on <ulink url="https://systemd.io/USER_RECORDS">JSON User
|
||||
Records</ulink>. This option may be used in conjunction with the <command>create</command> and
|
||||
<literal>-</literal> read the user record from standard input. The supplied JSON object must follow
|
||||
the structure documented on <ulink url="https://systemd.io/USER_RECORD">JSON User Records</ulink>.
|
||||
This option may be used in conjunction with the <command>create</command> and
|
||||
<command>update</command> commands (see below), where it allows configuring the user record in JSON
|
||||
as-is, instead of setting the individual user record properties (see below).</para></listitem>
|
||||
</varlistentry>
|
||||
|
@ -247,10 +247,9 @@
|
|||
different system and the configured UID is taken by another user there, then
|
||||
<command>systemd-homed</command> may assign the user a different UID on that system. The specified
|
||||
UID must be outside of the system user range. It is recommended to use the 60001…60513 UID range for
|
||||
this purpose. If not specified the UID is automatically picked. When logging in and the home
|
||||
directory is found to be owned by a UID not matching the user's assigned one the home directory and
|
||||
all files and directories inside it will have their ownership changed automatically before login
|
||||
completes.</para>
|
||||
this purpose. If not specified, the UID is automatically picked. If the home directory is found to be
|
||||
owned by a different UID when logging in, the home directory and everything underneath it will have
|
||||
its ownership changed automatically before login completes.</para>
|
||||
|
||||
<para>Note that users managed by <command>systemd-homed</command> always have a matching group
|
||||
associated with the same name as well as a GID matching the UID of the user. Thus, configuring the
|
||||
|
@ -266,19 +265,19 @@
|
|||
privileges. Note that <command>systemd-homed</command> does not manage any groups besides a group
|
||||
matching the user in name and numeric UID/GID. Thus any groups listed here must be registered
|
||||
independently, for example with <citerefentry
|
||||
project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. If
|
||||
non-existent groups that are listed there are ignored. This option may be used more than once, in
|
||||
which case all specified group lists are combined. If the user is currently a member of a group
|
||||
which is not listed, the user will be removed from the group.</para></listitem>
|
||||
project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
||||
Any non-existent groups are ignored. This option may be used more than once, in which case all
|
||||
specified group lists are combined. If the user is currently a member of a group which is not listed,
|
||||
the user will be removed from the group.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--skel=</option><replaceable>PATH</replaceable></term>
|
||||
|
||||
<listitem><para>Takes a file system path to a directory. Specifies the skeleton directory to
|
||||
initialize the home directory with. All files and directories in the specified are copied into any
|
||||
newly create home directory. If not specified defaults to
|
||||
<filename>/etc/skel/</filename>.</para></listitem>
|
||||
initialize the home directory with. All files and directories in the specified path are copied into
|
||||
any newly create home directory. If not specified defaults to <filename>/etc/skel/</filename>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -313,7 +312,7 @@
|
|||
<listitem><para>Takes a specifier indicating the preferred language of the user. The
|
||||
<varname>$LANG</varname> environment variable is initialized from this value on login, and thus a
|
||||
value suitable for this environment variable is accepted here, for example
|
||||
<option>--language=de_DE.UTF8</option></para></listitem>
|
||||
<option>--language=de_DE.UTF8</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -331,8 +330,8 @@
|
|||
security token with exactly one pair of X.509 certificate and private key. A random secret key is
|
||||
then generated, encrypted with the public key of the X.509 certificate, and stored as part of the
|
||||
user record. At login time it is decrypted with the PKCS#11 module and then used to unlock the
|
||||
account and associated resources. See below for an example how to set up authentication with security
|
||||
token.</para>
|
||||
account and associated resources. See below for an example how to set up authentication with a
|
||||
security token.</para>
|
||||
|
||||
<para>Instead of a valid PKCS#11 URI, the special strings <literal>list</literal> and
|
||||
<literal>auto</literal> may be specified. If <literal>list</literal> is passed, a brief table of
|
||||
|
@ -439,19 +438,19 @@
|
|||
<listitem><para>Each of these options takes a time span specification as argument (in the syntax
|
||||
documented in
|
||||
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and
|
||||
configure various aspects of the user's password expiration policy. Specifically,
|
||||
configures various aspects of the user's password expiration policy. Specifically,
|
||||
<option>--password-change-min=</option> configures how much time has to pass after changing the
|
||||
password of the user until the password may be changed again. If the user tries to change their
|
||||
password before this time passes the attempt is refused. <option>--password-change-max=</option>
|
||||
configures how much time has to pass after the password is changed until the password expires and
|
||||
needs to be changed again. After this time passes any attempts to log in may only proceed after the
|
||||
password is changed. <option>--password-change-warn=</option> specifies how much earlier than then
|
||||
the time configured with <option>--password-change-max=</option> the user is warned at login to
|
||||
change their password as it will expire soon. Finally <option>--password-change-inactive=</option>
|
||||
configures the time which has to pass after the password as expired until the user is not permitted
|
||||
to log in or change the password anymore. Note that these options only apply to password
|
||||
authentication, and do not apply to other forms of authentication, for example PKCS#11-based security
|
||||
token authentication.</para></listitem>
|
||||
configures how soon after it has been changed the password expires and needs to be changed again.
|
||||
After this time passes logging in may only proceed after the password is changed.
|
||||
<option>--password-change-warn=</option> specifies how much earlier than then the time configured
|
||||
with <option>--password-change-max=</option> the user is warned at login to change their password as
|
||||
it will expire soon. Finally <option>--password-change-inactive=</option> configures the time which
|
||||
has to pass after the password as expired until the user is not permitted to log in or change the
|
||||
password anymore. Note that these options only apply to password authentication, and do not apply to
|
||||
other forms of authentication, for example PKCS#11-based security token
|
||||
authentication.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -695,8 +694,8 @@
|
|||
<para>Activation of a home directory involves various operations that depend on the selected storage
|
||||
mechanism. If the LUKS2 mechanism is used, this generally involves: inquiring the user for a
|
||||
password, setting up a loopback device, validating and activating the LUKS2 volume, checking the file
|
||||
system, mounting the file system, and potentiatlly changing the ownership of all included files to
|
||||
the correct UID/GID.</para></listitem>
|
||||
system, mounting the file system, and potentially changing the ownership of all included files to the
|
||||
correct UID/GID.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
<refsect1>
|
||||
<title>Options</title>
|
||||
|
||||
<para>The following options are available in the <literal>[Home]</literal> section:</para>
|
||||
<para>The following options are available in the [Home] section:</para>
|
||||
|
||||
<variablelist class='home-directives'>
|
||||
|
||||
|
|
|
@ -49,7 +49,7 @@
|
|||
<title>Options</title>
|
||||
|
||||
<para>All options are configured in the
|
||||
<literal>[Remote]</literal> section:</para>
|
||||
[Remote] section:</para>
|
||||
|
||||
<variablelist class='config-directives'>
|
||||
<varlistentry>
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
<refsect1>
|
||||
<title>Options</title>
|
||||
|
||||
<para>All options are configured in the <literal>[Upload]</literal> section:</para>
|
||||
<para>All options are configured in the [Upload] section:</para>
|
||||
|
||||
<variablelist class='config-directives'>
|
||||
<varlistentry>
|
||||
|
|
|
@ -555,7 +555,7 @@
|
|||
is also added for <literal>_SYSTEMD_SLICE=<replaceable>UNIT</replaceable></literal>,
|
||||
such that if the provided <replaceable>UNIT</replaceable> is a
|
||||
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
unit, all logs of the children of the slice will be logged.
|
||||
unit, all logs of children of the slice will be shown.
|
||||
</para>
|
||||
|
||||
<para>This parameter can be specified multiple times.</para>
|
||||
|
@ -574,7 +574,7 @@
|
|||
is also added for <literal>_SYSTEMD_USER_SLICE=<replaceable>UNIT</replaceable></literal>,
|
||||
such that if the provided <replaceable>UNIT</replaceable> is a
|
||||
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
unit, all logs of the children of the unit will be logged.</para>
|
||||
unit, all logs of children of the unit will be shown.</para>
|
||||
|
||||
<para>This parameter can be specified multiple times.</para>
|
||||
</listitem>
|
||||
|
@ -761,8 +761,8 @@
|
|||
underneath the specified directory instead of the root
|
||||
directory (e.g. <option>--update-catalog</option> will create
|
||||
<filename><replaceable>ROOT</replaceable>/var/lib/systemd/catalog/database</filename>,
|
||||
and journal files under <filename><replaceable>ROOT</replaceable>/run/journal</filename>
|
||||
or <filename><replaceable>ROOT</replaceable>/var/log/journal</filename> will be displayed).
|
||||
and journal files under <filename><replaceable>ROOT</replaceable>/run/journal/</filename>
|
||||
or <filename><replaceable>ROOT</replaceable>/var/log/journal/</filename> will be displayed).
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -929,10 +929,10 @@
|
|||
<filename>/run/log/journal/</filename> into <filename>/var/log/journal/</filename>, if persistent
|
||||
storage is enabled. This call does not return until the operation is complete. Note that this call is
|
||||
idempotent: the data is only flushed from <filename>/run/log/journal/</filename> into
|
||||
<filename>/var/log/journal</filename> once during system runtime (but see
|
||||
<filename>/var/log/journal/</filename> once during system runtime (but see
|
||||
<option>--relinquish-var</option> below), and this command exits cleanly without executing any
|
||||
operation if this has already happened. This command effectively guarantees that all data is flushed
|
||||
to <filename>/var/log/journal</filename> at the time it returns.</para></listitem>
|
||||
to <filename>/var/log/journal/</filename> at the time it returns.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
@ -53,7 +53,7 @@
|
|||
<title>Options</title>
|
||||
|
||||
<para>All options are configured in the
|
||||
<literal>[Journal]</literal> section:</para>
|
||||
[Journal] section:</para>
|
||||
|
||||
<variablelist class='config-directives'>
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
<title>Description</title>
|
||||
<para><command>kernel-install</command> is used to install and remove kernel and initramfs images to and
|
||||
from the boot loader partition, referred to as <varname>$BOOT</varname> here. It will usually be one of
|
||||
<filename>/boot</filename>, <filename>/efi</filename>, or <filename>/boot/efi</filename>, see below.
|
||||
<filename>/boot/</filename>, <filename>/efi/</filename>, or <filename>/boot/efi/</filename>, see below.
|
||||
</para>
|
||||
|
||||
<para><command>kernel-install</command> will execute the files
|
||||
|
@ -137,7 +137,7 @@
|
|||
<para>The partition where the kernels and <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot
|
||||
Loader Specification</ulink> snippets are located is called <varname>$BOOT</varname>.
|
||||
<command>kernel-install</command> determines the location of this partition by checking
|
||||
<filename>/efi/</filename>, <filename>/boot/</filename>, and <filename>/boot/efi</filename>
|
||||
<filename>/efi/</filename>, <filename>/boot/</filename>, and <filename>/boot/efi/</filename>
|
||||
in turn. The first location where <filename>$BOOT/loader/entries/</filename> or
|
||||
<filename>$BOOT/$MACHINE_ID/</filename> exists is used.</para>
|
||||
</refsect1>
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
<title>Options</title>
|
||||
|
||||
<para>All options are configured in the
|
||||
<literal>[Login]</literal> section:</para>
|
||||
[Login] section:</para>
|
||||
|
||||
<variablelist class='config-directives'>
|
||||
|
||||
|
@ -277,7 +277,7 @@
|
|||
<varlistentry>
|
||||
<term><varname>HoldoffTimeoutSec=</varname></term>
|
||||
|
||||
<listitem><para>Specifies the timeout after system startup or
|
||||
<listitem><para>Specifies a period of time after system startup or
|
||||
system resume in which systemd will hold off on reacting to
|
||||
lid events. This is required for the system to properly
|
||||
detect any hotplugged devices so systemd can ignore lid events
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
|
||||
<para>The machine ID may be set, for example when network booting, with the
|
||||
<varname>systemd.machine_id=</varname> kernel command line parameter or by passing the
|
||||
option <option>--machine-id=</option> to systemd. An ID is specified in this manner
|
||||
option <option>--machine-id=</option> to systemd. An ID specified in this manner
|
||||
has higher priority and will be used instead of the ID stored in
|
||||
<filename>/etc/machine-id</filename>.</para>
|
||||
|
||||
|
|
|
@ -320,7 +320,7 @@
|
|||
|
||||
<listitem><para>Copies files or directories from a container
|
||||
into the host system. Takes a container name, followed by the
|
||||
source path in the container the destination path on the host.
|
||||
source path in the container and the destination path on the host.
|
||||
If the destination path is omitted, the same as the source path
|
||||
is used.</para>
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@
|
|||
<refsect1>
|
||||
<title>[Network] Section Options</title>
|
||||
|
||||
<para>The following options are available in the <literal>[Network]</literal> section:</para>
|
||||
<para>The following options are available in the [Network] section:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
|
|
|
@ -18,8 +18,7 @@
|
|||
<refnamediv>
|
||||
<refname>nss-myhostname</refname>
|
||||
<refname>libnss_myhostname.so.2</refname>
|
||||
<refpurpose>Provide hostname resolution for the locally
|
||||
configured system hostname.</refpurpose>
|
||||
<refpurpose>Hostname resolution for the locally configured system hostname</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -18,8 +18,7 @@
|
|||
<refnamediv>
|
||||
<refname>nss-mymachines</refname>
|
||||
<refname>libnss_mymachines.so.2</refname>
|
||||
<refpurpose>Provide hostname resolution for local
|
||||
container instances.</refpurpose>
|
||||
<refpurpose>Hostname resolution for local container instances</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<refnamediv>
|
||||
<refname>nss-resolve</refname>
|
||||
<refname>libnss_resolve.so.2</refname>
|
||||
<refpurpose>Provide hostname resolution via <filename>systemd-resolved.service</filename></refpurpose>
|
||||
<refpurpose>Hostname resolution via <filename>systemd-resolved.service</filename></refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<refnamediv>
|
||||
<refname>nss-systemd</refname>
|
||||
<refname>libnss_systemd.so.2</refname>
|
||||
<refpurpose>Provide UNIX user and group name resolution for user/group lookup via Varlink</refpurpose>
|
||||
<refpurpose>UNIX user and group name resolution for user/group lookup via Varlink</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -153,7 +153,7 @@
|
|||
hence be used to uniquely label files or other resources of this session. Combine this ID with the boot
|
||||
identifier, as returned by
|
||||
<citerefentry><refentrytitle>sd_id128_get_boot</refentrytitle><manvolnum>3</manvolnum></citerefentry>, for a
|
||||
globally unique identifier for the current session.</para></listitem>
|
||||
globally unique identifier.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
@ -118,7 +118,7 @@
|
|||
|
||||
<para>By default all unit files whose names start with a prefix generated from the image's file name are copied
|
||||
out. Specifically, the prefix is determined from the image file name with any suffix such as
|
||||
<filename>.raw</filename> removed, truncated at the first occurrence of and underscore character
|
||||
<filename>.raw</filename> removed, truncated at the first occurrence of an underscore character
|
||||
(<literal>_</literal>), if there is one. The underscore logic is supposed to be used to versioning so that the
|
||||
an image file <filename>foobar_47.11.raw</filename> will result in a unit file matching prefix of
|
||||
<filename>foobar</filename>. This prefix is then compared with all unit files names contained in the image in
|
||||
|
@ -403,7 +403,7 @@
|
|||
</tgroup>
|
||||
</table>
|
||||
|
||||
<para>For details on this profiles, and their effects please have a look at their precise definitions,
|
||||
<para>For details on these profiles and their effects see their precise definitions,
|
||||
e.g. <filename>/usr/lib/systemd/portable/profile/default/service.conf</filename> and similar.</para>
|
||||
</refsect1>
|
||||
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
<title>Options</title>
|
||||
|
||||
<para>All options are configured in the
|
||||
<literal>[PStore]</literal> section:</para>
|
||||
[PStore] section:</para>
|
||||
|
||||
<variablelist class='config-directives'>
|
||||
|
||||
|
@ -82,7 +82,7 @@
|
|||
<refsect1>
|
||||
<title>See Also</title>
|
||||
<para>
|
||||
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
<refsect1>
|
||||
<title>Options</title>
|
||||
|
||||
<para>The following options are available in the <literal>[Resolve]</literal> section:</para>
|
||||
<para>The following options are available in the [Resolve] section:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
<refnamediv>
|
||||
<refname>sd_bus_enqueue_for_read</refname>
|
||||
|
||||
<refpurpose>Re-enqueue a bus message on a bus connection, for reading.</refpurpose>
|
||||
<refpurpose>Re-enqueue a bus message on a bus connection, for reading</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
<refname>sd_bus_is_open</refname>
|
||||
<refname>sd_bus_is_ready</refname>
|
||||
|
||||
<refpurpose>Check whether the a bus connection is open or ready.</refpurpose>
|
||||
<refpurpose>Check whether the bus connection is open or ready</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
<refname>sd_bus_message_new_method_errno</refname>
|
||||
<refname>sd_bus_message_new_method_errnof</refname>
|
||||
|
||||
<refpurpose>Create a an error reply for a method call</refpurpose>
|
||||
<refpurpose>Create an error reply for a method call</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
<refname>sd_bus_set_connected_signal</refname>
|
||||
<refname>sd_bus_get_connected_signal</refname>
|
||||
|
||||
<refpurpose>Control emmission of local connection establishment signal on bus connections</refpurpose>
|
||||
<refpurpose>Control emission of local connection establishment signal on bus connections</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
<refname>sd_bus_track_get_destroy_callback</refname>
|
||||
<refname>sd_bus_destroy_t</refname>
|
||||
|
||||
<refpurpose>Define the callback function for resource cleanup.</refpurpose>
|
||||
<refpurpose>Define the callback function for resource cleanup</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
<refname>sd_bus_slot_set_floating</refname>
|
||||
<refname>sd_bus_slot_get_floating</refname>
|
||||
|
||||
<refpurpose>Control whether a bus slot object is "floating".</refpurpose>
|
||||
<refpurpose>Control whether a bus slot object is "floating"</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
<refname>sd_event_source_get_destroy_callback</refname>
|
||||
<refname>sd_event_destroy_t</refname>
|
||||
|
||||
<refpurpose>Define the callback function for resource cleanup.</refpurpose>
|
||||
<refpurpose>Define the callback function for resource cleanup</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
<refnamediv>
|
||||
<refname>sd_journal_has_runtime_files</refname>
|
||||
<refname>sd_journal_has_persistent_files</refname>
|
||||
<refpurpose>Query availability of runtime or persistent journal files.</refpurpose>
|
||||
<refpurpose>Query availability of runtime or persistent journal files</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
<refname>sd_machine_get_class</refname>
|
||||
<refname>sd_machine_get_ifindices</refname>
|
||||
<refpurpose>Determine the class and network interface indices of a
|
||||
locally running virtual machine or container.</refpurpose>
|
||||
locally running virtual machine or container</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
<refname>sd_peer_get_cgroup</refname>
|
||||
<refpurpose>Determine the owner uid of the user unit or session,
|
||||
or the session, user unit, system unit, container/VM or slice that
|
||||
a specific PID or socket peer belongs to.</refpurpose>
|
||||
a specific PID or socket peer belongs to</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -70,11 +70,11 @@ key.pattern.overridden.with.glob = custom
|
|||
followed by <literal>=</literal>, see SYNOPSIS.</para>
|
||||
|
||||
<para>Any access permission errors and attempts to write variables not present on the local system are
|
||||
logged, but do not cause the service to fail. Debug log level is used, which means that the message will
|
||||
not show up at all by default. Moreover, if a variable assignment is prefixed with a single
|
||||
<literal>-</literal> character, any failure to set the variable will be logged at debug level, but will
|
||||
not cause the service to fail. All other errors when setting variables are logged with higher priority
|
||||
and cause the service to return failure at the end (other variables are still processed).</para>
|
||||
logged at debug level and do not cause the service to fail. Moreover, if a variable assignment is
|
||||
prefixed with a single <literal>-</literal> character, failure to set the variable for other reasons will
|
||||
be logged at debug level and will not cause the service to fail. In other cases, errors when setting
|
||||
variables are logged with higher priority and cause the service to return failure at the end (after
|
||||
processing other variables).</para>
|
||||
|
||||
<para>The settings configured with <filename>sysctl.d</filename> files will be applied early on boot. The
|
||||
network interface-specific options will also be applied individually for each network interface as it
|
||||
|
|
|
@ -412,7 +412,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
|
|||
|
||||
<para>The "Loaded:" line in the output will show <literal>loaded</literal> if the unit has been loaded into
|
||||
memory. Other possible values for "Loaded:" include: <literal>error</literal> if there was a problem
|
||||
loading it, <literal>not-found</literal> if not unit file was found for this unit,
|
||||
loading it, <literal>not-found</literal> if no unit file was found for this unit,
|
||||
<literal>bad-setting</literal> if an essential unit file setting could not be parsed and
|
||||
<literal>masked</literal> if the unit file has been masked. Along with showing the path to the unit file,
|
||||
this line will also show the enablement state. Enabled commands start at boot. See the full table of
|
||||
|
@ -582,7 +582,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
|
|||
|
||||
<listitem>
|
||||
<para>Enable one or more units or unit instances. This will create a set of symlinks, as encoded in the
|
||||
<literal>[Install]</literal> sections of the indicated unit files. After the symlinks have been created,
|
||||
[Install] sections of the indicated unit files. After the symlinks have been created,
|
||||
the system manager configuration is reloaded (in a way equivalent to <command>daemon-reload</command>), in
|
||||
order to ensure the changes are taken into account immediately. Note that this does
|
||||
<emphasis>not</emphasis> have the effect of also starting any of the units being enabled. If this is
|
||||
|
@ -605,7 +605,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
|
|||
<option>--quiet</option>.
|
||||
</para>
|
||||
|
||||
<para>Note that this operation creates only the symlinks suggested in the <literal>[Install]</literal>
|
||||
<para>Note that this operation creates only the symlinks suggested in the [Install]
|
||||
section of the unit files. While this command is the recommended way to manipulate the unit configuration
|
||||
directory, the administrator is free to make additional changes manually by placing or removing symlinks
|
||||
below this directory. This is particularly useful to create configurations that deviate from the suggested
|
||||
|
@ -645,7 +645,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
|
|||
<para>This command expects valid unit names only, it does not accept paths to unit files.</para>
|
||||
|
||||
<para>In addition to the units specified as arguments, all units are disabled that are listed in the
|
||||
<varname>Also=</varname> setting contained in the <literal>[Install]</literal> section of any of the unit
|
||||
<varname>Also=</varname> setting contained in the [Install] section of any of the unit
|
||||
files being operated on.</para>
|
||||
|
||||
<para>This command implicitly reloads the system manager configuration after completing the operation. Note
|
||||
|
@ -668,7 +668,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
|
|||
<listitem>
|
||||
<para>Reenable one or more units, as specified on the command line. This is a combination of
|
||||
<command>disable</command> and <command>enable</command> and is useful to reset the symlinks a unit file is
|
||||
enabled with to the defaults configured in its <literal>[Install]</literal> section. This command expects
|
||||
enabled with to the defaults configured in its [Install] section. This command expects
|
||||
a unit name only, it does not accept paths to unit files.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -768,17 +768,17 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
|
|||
</row>
|
||||
<row>
|
||||
<entry><literal>static</literal></entry>
|
||||
<entry>The unit file is not enabled, and has no provisions for enabling in the <literal>[Install]</literal> unit file section.</entry>
|
||||
<entry>The unit file is not enabled, and has no provisions for enabling in the [Install] unit file section.</entry>
|
||||
<entry>0</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><literal>indirect</literal></entry>
|
||||
<entry>The unit file itself is not enabled, but it has a non-empty <varname>Also=</varname> setting in the <literal>[Install]</literal> unit file section, listing other unit files that might be enabled, or it has an alias under a different name through a symlink that is not specified in <varname>Also=</varname>. For template unit file, an instance different than the one specified in <varname>DefaultInstance=</varname> is enabled.</entry>
|
||||
<entry>The unit file itself is not enabled, but it has a non-empty <varname>Also=</varname> setting in the [Install] unit file section, listing other unit files that might be enabled, or it has an alias under a different name through a symlink that is not specified in <varname>Also=</varname>. For template unit files, an instance different than the one specified in <varname>DefaultInstance=</varname> is enabled.</entry>
|
||||
<entry>0</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><literal>disabled</literal></entry>
|
||||
<entry>The unit file is not enabled, but contains an <literal>[Install]</literal> section with installation instructions.</entry>
|
||||
<entry>The unit file is not enabled, but contains an [Install] section with installation instructions.</entry>
|
||||
<entry>> 0</entry>
|
||||
</row>
|
||||
<row>
|
||||
|
|
|
@ -509,9 +509,9 @@ NAutoVTs=8
|
|||
<para>This command will load unit files and print warnings if any errors are detected. Files specified
|
||||
on the command line will be loaded, but also any other units referenced by them. The full unit search
|
||||
path is formed by combining the directories for all command line arguments, and the usual unit load
|
||||
paths (variable <varname>$SYSTEMD_UNIT_PATH</varname> is supported, and may be used to replace or
|
||||
paths. The variable <varname>$SYSTEMD_UNIT_PATH</varname> is supported, and may be used to replace or
|
||||
augment the compiled in set of unit load paths; see
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>). All
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. All
|
||||
units files present in the directories containing the command line arguments will be used in preference
|
||||
to the other paths.</para>
|
||||
|
||||
|
@ -700,9 +700,9 @@ Service b@0.service not loaded, b.socket cannot be started.
|
|||
<varlistentry>
|
||||
<term><option>--man=no</option></term>
|
||||
|
||||
<listitem><para>Do not invoke man to verify the existence of
|
||||
man pages listed in <varname>Documentation=</varname>.
|
||||
</para></listitem>
|
||||
<listitem><para>Do not invoke
|
||||
<citerefentry project='man-pages'><refentrytitle>man</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
to verify the existence of man pages listed in <varname>Documentation=</varname>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
<refnamediv>
|
||||
<refname>systemd-bless-boot-generator</refname>
|
||||
<refpurpose>Pull <filename>systemd-bless-boot.service</filename> into the initial boot transaction when boot counting is in effect.</refpurpose>
|
||||
<refpurpose>Pull <filename>systemd-bless-boot.service</filename> into the initial boot transaction when boot counting is in effect</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -91,7 +91,7 @@
|
|||
|
||||
<listitem><para>The boot manager optionally reads a random seed from the ESP partition, combines it
|
||||
with a 'system token' stored in a persistent EFI variable and derives a random seed to use by the OS as
|
||||
entropy pool initializaton, providing a full entropy pool during early boot.</para></listitem>
|
||||
entropy pool initialization, providing a full entropy pool during early boot.</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
|
@ -313,7 +313,7 @@
|
|||
is maintained persistently, while <varname>LoaderConfigTimeoutOneShot</varname> is a one-time override which is
|
||||
read once (in which case it takes precedence over <varname>LoaderConfigTimeout</varname>) and then
|
||||
removed. <varname>LoaderConfigTimeout</varname> may be manipulated with the
|
||||
<keycap>t</keycap>/<keycap>T</keycap> keys, see above.)</para></listitem>
|
||||
<keycap>t</keycap>/<keycap>T</keycap> keys, see above.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -422,9 +422,9 @@
|
|||
<varlistentry>
|
||||
<term><varname>LoaderSystemToken</varname></term>
|
||||
|
||||
<listitem><para>A binary random data field, that is used for generating the random see to pass to the
|
||||
OS (see above). Note that this random data is generally only generated once, during OS installation,
|
||||
and is then never updated again.</para></listitem>
|
||||
<listitem><para>A binary random data field, that is used for generating the random seed to pass to
|
||||
the OS (see above). Note that this random data is generally only generated once, during OS
|
||||
installation, and is then never updated again.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
<refname>systemd-gpt-auto-generator</refname>
|
||||
<refpurpose>Generator for automatically discovering and mounting root, <filename>/home/</filename>,
|
||||
<filename>/srv/</filename>, <filename>/var/</filename> and <filename>/var/tmp/</filename> partitions, as
|
||||
well as discovering and enabling swap partitions, based on GPT partition type GUIDs.</refpurpose>
|
||||
well as discovering and enabling swap partitions, based on GPT partition type GUIDs</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -217,9 +217,9 @@
|
|||
</para>
|
||||
|
||||
<para>where
|
||||
<option>cursor</option> is a cursor string,
|
||||
<option>num_skip</option> is an integer,
|
||||
<option>num_entries</option> is an unsigned integer.
|
||||
<replaceable>cursor</replaceable> is a cursor string,
|
||||
<replaceable>num_skip</replaceable> is an integer,
|
||||
<replaceable>num_entries</replaceable> is an unsigned integer.
|
||||
</para>
|
||||
|
||||
<para>Range defaults to all available events.</para>
|
||||
|
|
|
@ -267,7 +267,7 @@ openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
|
|||
those files can be specified using
|
||||
<varname>TrustedCertificateFile=</varname>,
|
||||
<varname>ServerCertificateFile=</varname>,
|
||||
<varname>ServerKeyFile=</varname>, in
|
||||
and <varname>ServerKeyFile=</varname> in
|
||||
<filename>/etc/systemd/journal-remote.conf</filename> and
|
||||
<filename>/etc/systemd/journal-upload.conf</filename>,
|
||||
respectively. The default locations can be queried by using
|
||||
|
|
|
@ -103,7 +103,7 @@
|
|||
<citerefentry><refentrytitle>systemd-user-sessions.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>sd-login</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
|
|
@ -50,10 +50,11 @@
|
|||
<replaceable>WHERE</replaceable>.</para>
|
||||
|
||||
<para>In many ways, <command>systemd-mount</command> is similar to the lower-level
|
||||
<citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> command, however instead
|
||||
of executing the mount operation directly and immediately, <command>systemd-mount</command> schedules it through
|
||||
the service manager job queue, so that it may pull in further dependencies (such as parent mounts, or a file system
|
||||
checker to execute a priori), and may make use of the auto-mounting logic.</para>
|
||||
<citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
command, however instead of executing the mount operation directly and immediately,
|
||||
<command>systemd-mount</command> schedules it through the service manager job queue, so that it may pull
|
||||
in further dependencies (such as parent mounts, or a file system checker to execute a priori), and may
|
||||
make use of the auto-mounting logic.</para>
|
||||
|
||||
<para>The command takes either one or two arguments. If only one argument is specified it should refer to
|
||||
a block device or regular file containing a file system (e.g. <literal>/dev/sdb1</literal> or
|
||||
|
@ -61,15 +62,15 @@
|
|||
label and other metadata, and is mounted to a directory below <filename>/run/media/system/</filename>
|
||||
whose name is generated from the file system label. In this mode the block device or image file must
|
||||
exist at the time of invocation of the command, so that it may be probed. If the device is found to be a
|
||||
removable block device (e.g. a USB stick) an automount point instead of a regular mount point is created
|
||||
removable block device (e.g. a USB stick), an automount point is created instead of a regular mount point
|
||||
(i.e. the <option>--automount=</option> option is implied, see below).</para>
|
||||
|
||||
<para>If two arguments are specified the first indicates the mount source (the <replaceable>WHAT</replaceable>) and
|
||||
the second indicates the path to mount it on (the <replaceable>WHERE</replaceable>). In this mode no probing of the
|
||||
source is attempted, and a backing device node doesn't have to exist yet. However, if this mode is combined with
|
||||
<option>--discover</option>, device node probing for additional metadata is enabled, and – much like in the
|
||||
single-argument case discussed above – the specified device has to exist at the time of invocation of the
|
||||
command.</para>
|
||||
<para>If two arguments are specified, the first indicates the mount source (the
|
||||
<replaceable>WHAT</replaceable>) and the second indicates the path to mount it on (the
|
||||
<replaceable>WHERE</replaceable>). In this mode no probing of the source is attempted, and a backing
|
||||
device node doesn't have to exist. However, if this mode is combined with <option>--discover</option>,
|
||||
device node probing for additional metadata is enabled, and – much like in the single-argument case
|
||||
discussed above – the specified device has to exist at the time of invocation of the command.</para>
|
||||
|
||||
<para>Use the <option>--list</option> command to show a terse table of all local, known block devices with file
|
||||
systems that may be mounted with this command.</para>
|
||||
|
|
|
@ -531,11 +531,9 @@
|
|||
<term><option>-u</option></term>
|
||||
<term><option>--user=</option></term>
|
||||
|
||||
<listitem><para>After transitioning into the container, change
|
||||
to the specified user-defined in the container's user
|
||||
database. Like all other systemd-nspawn features, this is not
|
||||
a security feature and provides protection against accidental
|
||||
destructive operations only.</para></listitem>
|
||||
<listitem><para>After transitioning into the container, change to the specified user defined in the
|
||||
container's user database. Like all other systemd-nspawn features, this is not a security feature and
|
||||
provides protection against accidental destructive operations only.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -1167,10 +1165,9 @@
|
|||
|
||||
<para>Finally, if set to <literal>auto</literal> the file is left as it is if private networking is
|
||||
turned on (see <option>--private-network</option>). Otherwise, if
|
||||
<filename>systemd-resolved.service</filename> is connectible its stub
|
||||
<filename>resolv.conf</filename> file is used, and if not the host's
|
||||
<filename>/etc/resolv.conf</filename> file is used. In the latter cases the file is copied if the
|
||||
image is writable, and bind mounted otherwise.</para>
|
||||
<filename>systemd-resolved.service</filename> is running its stub <filename>resolv.conf</filename>
|
||||
file is used, and if not the host's <filename>/etc/resolv.conf</filename> file. In the latter cases
|
||||
the file is copied if the image is writable, and bind mounted otherwise.</para>
|
||||
|
||||
<para>It's recommended to use <literal>copy-…</literal> or <literal>replace-…</literal> if the
|
||||
container shall be able to make changes to the DNS configuration on its own, deviating from the
|
||||
|
@ -1186,19 +1183,20 @@
|
|||
<varlistentry>
|
||||
<term><option>--timezone=</option></term>
|
||||
|
||||
<listitem><para>Configures how <filename>/etc/localtime</filename> inside of the container (i.e. local timezone
|
||||
synchronization from host to container) shall be handled. Takes one of <literal>off</literal>,
|
||||
<literal>copy</literal>, <literal>bind</literal>, <literal>symlink</literal>, <literal>delete</literal> or
|
||||
<literal>auto</literal>. If set to <literal>off</literal> the <filename>/etc/localtime</filename> file in the
|
||||
container is left as it is included in the image, and neither modified nor bind mounted over. If set to
|
||||
<literal>copy</literal> the <filename>/etc/localtime</filename> file of the host is copied into the
|
||||
container. Similar, if <literal>bind</literal> is used, it is bind mounted from the host into the container. If
|
||||
set to <literal>symlink</literal> a symlink from <filename>/etc/localtime</filename> in the container is
|
||||
created pointing to the matching the timezone file of the container that matches the timezone setting on the
|
||||
host. If set to <literal>delete</literal> the file in the container is deleted, should it exist. If set to
|
||||
<literal>auto</literal> and the <filename>/etc/localtime</filename> file of the host is a symlink, then
|
||||
<literal>symlink</literal> mode is used, and <literal>copy</literal> otherwise, except if the image is
|
||||
read-only in which case <literal>bind</literal> is used instead. Defaults to
|
||||
<listitem><para>Configures how <filename>/etc/localtime</filename> inside of the container
|
||||
(i.e. local timezone synchronization from host to container) shall be handled. Takes one of
|
||||
<literal>off</literal>, <literal>copy</literal>, <literal>bind</literal>, <literal>symlink</literal>,
|
||||
<literal>delete</literal> or <literal>auto</literal>. If set to <literal>off</literal> the
|
||||
<filename>/etc/localtime</filename> file in the container is left as it is included in the image, and
|
||||
neither modified nor bind mounted over. If set to <literal>copy</literal> the
|
||||
<filename>/etc/localtime</filename> file of the host is copied into the container. Similarly, if
|
||||
<literal>bind</literal> is used, the file is bind mounted from the host into the container. If set to
|
||||
<literal>symlink</literal>, a symlink is created pointing from <filename>/etc/localtime</filename> in
|
||||
the container to the timezone file in the container that matches the timezone setting on the host. If
|
||||
set to <literal>delete</literal>, the file in the container is deleted, should it exist. If set to
|
||||
<literal>auto</literal> and the <filename>/etc/localtime</filename> file of the host is a symlink,
|
||||
then <literal>symlink</literal> mode is used, and <literal>copy</literal> otherwise, except if the
|
||||
image is read-only in which case <literal>bind</literal> is used instead. Defaults to
|
||||
<literal>auto</literal>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -1441,7 +1439,7 @@
|
|||
|
||||
<para>This installs a minimal Fedora distribution into the
|
||||
directory <filename index="false">/var/lib/machines/f&fedora_latest_version;</filename>
|
||||
and then boots an OS in a namespace container in it. Because the installation
|
||||
and then boots that OS in a namespace container. Because the installation
|
||||
is located underneath the standard <filename>/var/lib/machines/</filename>
|
||||
directory, it is also possible to start the machine using
|
||||
<command>systemd-nspawn -M f&fedora_latest_version;</command>.</para>
|
||||
|
@ -1455,7 +1453,7 @@
|
|||
|
||||
<para>This installs a minimal Debian unstable distribution into
|
||||
the directory <filename>~/debian-tree/</filename> and then
|
||||
spawns a shell in a namespace container in it.</para>
|
||||
spawns a shell from this image in a namespace container.</para>
|
||||
|
||||
<para><command>debootstrap</command> supports
|
||||
<ulink url="https://www.debian.org">Debian</ulink>,
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
<citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, with
|
||||
its <command>bootctl random-seed</command> functionality.</para>
|
||||
|
||||
<para>When loading the random seed from disk its file is immediately updated with a new seed retrieved
|
||||
<para>When loading the random seed from disk, the file is immediately updated with a new seed retrieved
|
||||
from the kernel, in order to ensure no two boots operate with the same random seed. This new seed is
|
||||
retrieved synchronously from the kernel, which means the service will not complete start-up until the
|
||||
random pool is fully initialized. On entropy-starved systems this may take a while. This functionality is
|
||||
|
|
|
@ -57,9 +57,10 @@
|
|||
available but not yet used. Specifically the following use cases are among those covered:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>The root partition may be grown to cover the whole available disk space</para></listitem>
|
||||
<listitem><para>A <filename>/home/</filename>, swap or <filename>/srv/</filename> partition can be added in</para></listitem>
|
||||
<listitem><para>A second (or third, …) root partition may be added in, to cover A/B style setups
|
||||
<listitem><para>The root partition may be grown to cover the whole available disk space.</para></listitem>
|
||||
<listitem><para>A <filename>/home/</filename>, swap or <filename>/srv/</filename> partition can be
|
||||
added.</para></listitem>
|
||||
<listitem><para>A second (or third, …) root partition may be added, to cover A/B style setups
|
||||
where a second version of the root file system is alternatingly used for implementing update
|
||||
schemes. The deployed image would carry only a single partition ("A") but on first boot a second
|
||||
partition ("B") for this purpose is automatically created.</para></listitem>
|
||||
|
@ -69,7 +70,7 @@
|
|||
|
||||
<orderedlist>
|
||||
<listitem><para>The <filename>repart.d/*.conf</filename> configuration files are loaded and parsed,
|
||||
and ordered by filename (without the directory suffix). </para></listitem>
|
||||
and ordered by filename (without the directory prefix).</para></listitem>
|
||||
|
||||
<listitem><para>The partition table already existing on the block device is loaded and
|
||||
parsed.</para></listitem>
|
||||
|
@ -119,13 +120,13 @@
|
|||
</orderedlist>
|
||||
|
||||
<para>As exception to the normally strictly incremental operation, when called in a special "factory
|
||||
reset" mode <command>systemd-repart</command> may also be used to erase select existing partitions to
|
||||
reset" mode, <command>systemd-repart</command> may also be used to erase existing partitions to
|
||||
reset an installation back to vendor defaults. This mode of operation is used when either the
|
||||
<option>--factory-reset=yes</option> switch is passed on the tool's command line, or the
|
||||
<option>systemd.factory_reset=yes</option> option specified on the kernel command line, or the
|
||||
<varname>FactoryReset</varname> EFI variable (vendor UUID
|
||||
<constant>8cf2644b-4b0b-428f-9387-6d876050dc67</constant>) is set to "yes". It alters the algorithm above
|
||||
slightly: between the 3rd and the 4th step above the any partition marked explicitly via the
|
||||
slightly: between the 3rd and the 4th step above any partition marked explicitly via the
|
||||
<varname>FactoryReset=</varname> boolean is deleted, and the algorithm restarted, thus immediately
|
||||
re-creating these partitions anew empty.</para>
|
||||
|
||||
|
@ -267,9 +268,9 @@
|
|||
<varlistentry>
|
||||
<term><option>--definitions=</option></term>
|
||||
|
||||
<listitem><para>Takes a file system path. If specified the <filename>*.conf</filename> are directly
|
||||
read from the specified directory instead of searching in
|
||||
<filename>/usr/lib/repart.d/*.conf</filename>, <filename>/etc/repart.d/*.conf</filename>,
|
||||
<listitem><para>Takes a file system path. If specified the <filename>*.conf</filename> files are read
|
||||
from the specified directory instead of searching in <filename>/usr/lib/repart.d/*.conf</filename>,
|
||||
<filename>/etc/repart.d/*.conf</filename>,
|
||||
<filename>/run/repart.d/*.conf</filename>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
|
@ -105,7 +105,7 @@
|
|||
<title>Options</title>
|
||||
|
||||
<para>The following options can be configured in the
|
||||
<literal>[Sleep]</literal> section of
|
||||
[Sleep] section of
|
||||
<filename>/etc/systemd/sleep.conf</filename> or a
|
||||
<filename>sleep.conf.d</filename> file:</para>
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
</refmeta>
|
||||
<refnamediv>
|
||||
<refname>systemd-socket-proxyd</refname>
|
||||
<refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose>
|
||||
<refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket</refpurpose>
|
||||
</refnamediv>
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
|
|
|
@ -71,19 +71,16 @@
|
|||
url="https://www.freedesktop.org/wiki/Software/systemd/inhibit">Inhibitor
|
||||
interface</ulink>.</para>
|
||||
|
||||
<para>Note that
|
||||
<filename>systemd-suspend.service</filename>,
|
||||
<filename>systemd-hibernate.service</filename>, and
|
||||
<filename>systemd-hybrid-sleep.service</filename>
|
||||
<filename>systemd-suspend-then-hibernate.service</filename>
|
||||
should never be executed directly. Instead, trigger system sleep
|
||||
states with a command such as <literal>systemctl suspend</literal>
|
||||
or similar.</para>
|
||||
<para>Note that <filename>systemd-suspend.service</filename>,
|
||||
<filename>systemd-hibernate.service</filename>, <filename>systemd-hybrid-sleep.service</filename>, and
|
||||
<filename>systemd-suspend-then-hibernate.service</filename> should never be executed directly. Instead,
|
||||
trigger system sleep with a command such as <command>systemctl suspend</command> or <command>systemctl
|
||||
hibernate</command>.</para>
|
||||
|
||||
<para>Internally, this service will echo a string like
|
||||
<literal>mem</literal> into <filename>/sys/power/state</filename>,
|
||||
to trigger the actual system suspend. What exactly is written
|
||||
where can be configured in the <literal>[Sleep]</literal> section
|
||||
where can be configured in the [Sleep] section
|
||||
of <filename>/etc/systemd/sleep.conf</filename> or a
|
||||
<filename>sleep.conf.d</filename> file. See
|
||||
<citerefentry><refentrytitle>systemd-sleep.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
|
|
|
@ -58,7 +58,7 @@
|
|||
<title>Options</title>
|
||||
|
||||
<para>All options are configured in the
|
||||
<literal>[Manager]</literal> section:</para>
|
||||
[Manager] section:</para>
|
||||
|
||||
<variablelist class='config-directives'>
|
||||
|
||||
|
@ -149,7 +149,7 @@
|
|||
for details. During the first phase of the shutdown operation the system and service manager remains running
|
||||
and hence <varname>RuntimeWatchdogSec=</varname> is still honoured. In order to define a timeout on this first
|
||||
phase of system shutdown, configure <varname>JobTimeoutSec=</varname> and <varname>JobTimeoutAction=</varname>
|
||||
in the <literal>[Unit]</literal> section of the <filename>shutdown.target</filename> unit. By default
|
||||
in the [Unit] section of the <filename>shutdown.target</filename> unit. By default
|
||||
<varname>RuntimeWatchdogSec=</varname> defaults to 0 (off), and <varname>RebootWatchdogSec=</varname> to
|
||||
10min. <varname>KExecWatchdogSec=</varname> may be used to additionally enable the watchdog when kexec
|
||||
is being executed rather than when rebooting. Note that if the kernel does not reset the watchdog on kexec (depending
|
||||
|
@ -387,9 +387,9 @@
|
|||
units. See
|
||||
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
|
||||
details. These settings may be overridden in individual units using the corresponding
|
||||
<varname>LimitXXX=</varname> directives, see
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, for
|
||||
details, and they accept the same parameter syntax. Note that these resource limits are only defaults
|
||||
<varname>LimitXXX=</varname> directives and they accept the same parameter syntax,
|
||||
see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for details. Note that these resource limits are only defaults
|
||||
for units, they are not applied to the service manager process (i.e. PID 1) itself.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<refnamediv>
|
||||
<refname>systemd-time-wait-sync.service</refname>
|
||||
<refname>systemd-time-wait-sync</refname>
|
||||
<refpurpose>Wait Until Kernel Time Synchronized</refpurpose>
|
||||
<refpurpose>Wait until kernel time is synchronized</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
|
|
@ -35,9 +35,9 @@
|
|||
this unit type. See
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for the common options of all unit configuration files. The common
|
||||
configuration items are configured in the generic <literal>[Unit]</literal> and
|
||||
<literal>[Install]</literal> sections. The automount specific configuration options
|
||||
are configured in the <literal>[Automount]</literal> section.</para>
|
||||
configuration items are configured in the generic [Unit] and
|
||||
[Install] sections. The automount specific configuration options
|
||||
are configured in the [Automount] section.</para>
|
||||
|
||||
<para>Automount units must be named after the automount directories they control. Example: the automount point
|
||||
<filename index="false">/home/lennart</filename> must be configured in a unit file
|
||||
|
|
|
@ -36,8 +36,8 @@
|
|||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for the common options of all unit configuration files. The common
|
||||
configuration items are configured in the generic
|
||||
<literal>[Unit]</literal> and <literal>[Install]</literal>
|
||||
sections. A separate <literal>[Device]</literal> section does not
|
||||
[Unit] and [Install]
|
||||
sections. A separate [Device] section does not
|
||||
exist, since no device-specific options may be configured.</para>
|
||||
|
||||
<para>systemd will dynamically create device units for all kernel
|
||||
|
@ -60,7 +60,7 @@
|
|||
<para>Device units will be reloaded by systemd whenever the
|
||||
corresponding device generates a <literal>changed</literal> event.
|
||||
Other units can use <varname>ReloadPropagatedFrom=</varname> to react
|
||||
to that event</para>
|
||||
to that event.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
|
@ -64,7 +64,7 @@
|
|||
<refsect1>
|
||||
<title>[Service] Section Options</title>
|
||||
|
||||
<para>The network service file contains a <literal>[Service]</literal>
|
||||
<para>The network service file contains a [Service]
|
||||
section, which specifies a discoverable network service announced in a
|
||||
local network with Multicast DNS broadcasts.</para>
|
||||
|
||||
|
|
|
@ -511,10 +511,11 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
|
|||
<varlistentry>
|
||||
<term><varname>AppArmorProfile=</varname></term>
|
||||
|
||||
<listitem><para>Takes a profile name as argument. The process executed by the unit will switch to this profile
|
||||
when started. Profiles must already be loaded in the kernel, or the unit will fail. This result in a non
|
||||
operation if AppArmor is not enabled. If prefixed by <literal>-</literal>, all errors will be ignored. This
|
||||
does not affect commands prefixed with <literal>+</literal>.</para></listitem>
|
||||
<listitem><para>Takes a profile name as argument. The process executed by the unit will switch to
|
||||
this profile when started. Profiles must already be loaded in the kernel, or the unit will fail. If
|
||||
prefixed by <literal>-</literal>, all errors will be ignored. This setting has no effect if AppArmor
|
||||
is not enabled. This setting not affect commands prefixed with <literal>+</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -880,7 +881,7 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
|
|||
in <varname>NUMAMask=</varname>. For more details on each policy please see,
|
||||
<citerefentry><refentrytitle>set_mempolicy</refentrytitle><manvolnum>2</manvolnum></citerefentry>. For overall
|
||||
overview of NUMA support in Linux see,
|
||||
<citerefentry project='man-pages'><refentrytitle>numa</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
<citerefentry project='man-pages'><refentrytitle>numa</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -1067,14 +1068,16 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
|
|||
<varname>RootDirectory=</varname> or <varname>RootImage=</varname> these paths always reside on the host and
|
||||
are mounted from there into the unit's file system namespace.</para>
|
||||
|
||||
<para>If <varname>DynamicUser=</varname> is used in conjunction with <varname>StateDirectory=</varname>,
|
||||
<varname>CacheDirectory=</varname> and <varname>LogsDirectory=</varname> is slightly altered: the directories
|
||||
are created below <filename>/var/lib/private</filename>, <filename>/var/cache/private</filename> and
|
||||
<para>If <varname>DynamicUser=</varname> is used in conjunction with
|
||||
<varname>StateDirectory=</varname>, the logic for <varname>CacheDirectory=</varname> and
|
||||
<varname>LogsDirectory=</varname> is slightly altered: the directories are created below
|
||||
<filename>/var/lib/private</filename>, <filename>/var/cache/private</filename> and
|
||||
<filename>/var/log/private</filename>, respectively, which are host directories made inaccessible to
|
||||
unprivileged users, which ensures that access to these directories cannot be gained through dynamic user ID
|
||||
recycling. Symbolic links are created to hide this difference in behaviour. Both from perspective of the host
|
||||
and from inside the unit, the relevant directories hence always appear directly below
|
||||
<filename>/var/lib</filename>, <filename>/var/cache</filename> and <filename>/var/log</filename>.</para>
|
||||
unprivileged users, which ensures that access to these directories cannot be gained through dynamic
|
||||
user ID recycling. Symbolic links are created to hide this difference in behaviour. Both from
|
||||
perspective of the host and from inside the unit, the relevant directories hence always appear
|
||||
directly below <filename>/var/lib</filename>, <filename>/var/cache</filename> and
|
||||
<filename>/var/log</filename>.</para>
|
||||
|
||||
<para>Use <varname>RuntimeDirectory=</varname> to manage one or more runtime directories for the unit and bind
|
||||
their lifetime to the daemon runtime. This is particularly useful for unprivileged daemons that cannot create
|
||||
|
@ -1238,8 +1241,8 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
|
|||
<term><varname>PrivateTmp=</varname></term>
|
||||
|
||||
<listitem><para>Takes a boolean argument. If true, sets up a new file system namespace for the executed
|
||||
processes and mounts private <filename>/tmp</filename> and <filename>/var/tmp</filename> directories inside it
|
||||
that is not shared by processes outside of the namespace. This is useful to secure access to temporary files of
|
||||
processes and mounts private <filename>/tmp/</filename> and <filename>/var/tmp/</filename> directories inside it
|
||||
that are not shared by processes outside of the namespace. This is useful to secure access to temporary files of
|
||||
the process, but makes sharing between processes via <filename>/tmp</filename> or <filename>/var/tmp</filename>
|
||||
impossible. If this is enabled, all temporary files created by a service in these directories will be removed
|
||||
after the service is stopped. Defaults to false. It is possible to run two or more units within the same
|
||||
|
@ -1399,7 +1402,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
|
|||
this option removes <constant>CAP_SYS_TIME</constant> and <constant>CAP_WAKE_ALARM</constant> from the
|
||||
capability bounding set for this unit, installs a system call filter to block calls that can set the
|
||||
clock, and <varname>DeviceAllow=char-rtc r</varname> is implied. This ensures <filename>/dev/rtc0</filename>,
|
||||
<filename>/dev/rtc1</filename>, etc are made read only to the service. See
|
||||
<filename>/dev/rtc1</filename>, etc. are made read-only to the service. See
|
||||
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for the details about <varname>DeviceAllow=</varname>.</para>
|
||||
|
||||
|
@ -1495,7 +1498,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
|
|||
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
|
||||
are unaffected. Also, sockets created with <function>socketpair()</function> (which creates connected
|
||||
AF_UNIX sockets only) are unaffected. Note that this option has no effect on 32-bit x86, s390, s390x,
|
||||
mips, mips-le, ppc, ppc-le, pcc64, ppc64-le and is ignored (but works correctly on other ABIs,
|
||||
mips, mips-le, ppc, ppc-le, ppc64, ppc64-le and is ignored (but works correctly on other ABIs,
|
||||
including x86-64). Note that on systems supporting multiple ABIs (such as x86/x86-64) it is
|
||||
recommended to turn off alternative ABIs for services, so that they cannot be used to circumvent the
|
||||
restrictions of this option. Specifically, it is recommended to combine this option with
|
||||
|
@ -1803,7 +1806,7 @@ RestrictNamespaces=~cgroup net</programlisting>
|
|||
</row>
|
||||
<row>
|
||||
<entry>@file-system</entry>
|
||||
<entry>File system operations: opening, creating files and directories for read and write, renaming and removing them, reading file properties, or creating hard and symbolic links.</entry>
|
||||
<entry>File system operations: opening, creating files and directories for read and write, renaming and removing them, reading file properties, or creating hard and symbolic links</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>@io-event</entry>
|
||||
|
@ -1819,7 +1822,7 @@ RestrictNamespaces=~cgroup net</programlisting>
|
|||
</row>
|
||||
<row>
|
||||
<entry>@memlock</entry>
|
||||
<entry>Locking of memory into RAM (<citerefentry project='man-pages'><refentrytitle>mlock</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>mlockall</refentrytitle><manvolnum>2</manvolnum></citerefentry> and related calls)</entry>
|
||||
<entry>Locking of memory in RAM (<citerefentry project='man-pages'><refentrytitle>mlock</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>mlockall</refentrytitle><manvolnum>2</manvolnum></citerefentry> and related calls)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>@module</entry>
|
||||
|
@ -1843,7 +1846,7 @@ RestrictNamespaces=~cgroup net</programlisting>
|
|||
</row>
|
||||
<row>
|
||||
<entry>@process</entry>
|
||||
<entry>Process control, execution, namespaceing operations (<citerefentry project='man-pages'><refentrytitle>clone</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>kill</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>, …</entry>
|
||||
<entry>Process control, execution, namespaceing operations (<citerefentry project='man-pages'><refentrytitle>clone</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>kill</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>, …)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>@raw-io</entry>
|
||||
|
@ -1871,7 +1874,7 @@ RestrictNamespaces=~cgroup net</programlisting>
|
|||
</row>
|
||||
<row>
|
||||
<entry>@sync</entry>
|
||||
<entry>Synchronizing files and memory to disk: (<citerefentry project='man-pages'><refentrytitle>fsync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>msync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, and related calls)</entry>
|
||||
<entry>Synchronizing files and memory to disk (<citerefentry project='man-pages'><refentrytitle>fsync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>msync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, and related calls)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>@system-service</entry>
|
||||
|
@ -1949,7 +1952,7 @@ SystemCallErrorNumber=EPERM</programlisting>
|
|||
manager is compiled for). If running in user mode, or in system mode, but without the
|
||||
<constant>CAP_SYS_ADMIN</constant> capability (e.g. setting <varname>User=nobody</varname>),
|
||||
<varname>NoNewPrivileges=yes</varname> is implied. By default, this option is set to the empty list, i.e. no
|
||||
system call architecture filtering is applied.</para>
|
||||
filtering is applied.</para>
|
||||
|
||||
<para>If this setting is used, processes of this unit will only be permitted to call native system calls, and
|
||||
system calls of the specified architectures. For the purposes of this option, the x32 architecture is treated
|
||||
|
@ -2213,8 +2216,9 @@ SystemCallErrorNumber=EPERM</programlisting>
|
|||
<constant>AF_UNIX</constant> socket in the file system, as in that case only a
|
||||
single stream connection is created for both input and output.</para>
|
||||
|
||||
<para><option>append:<replaceable>path</replaceable></option> is similar to <option>file:<replaceable>path
|
||||
</replaceable></option> above, but it opens the file in append mode.</para>
|
||||
<para><option>append:<replaceable>path</replaceable></option> is similar to
|
||||
<option>file:<replaceable>path</replaceable></option> above, but it opens the file in append mode.
|
||||
</para>
|
||||
|
||||
<para><option>socket</option> connects standard output to a socket acquired via socket activation. The
|
||||
semantics are similar to the same option of <varname>StandardInput=</varname>, see above.</para>
|
||||
|
@ -2551,7 +2555,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
|
|||
<varname>UnsetEnvironment=</varname> are removed again from the compiled environment variable list, immediately
|
||||
before it is passed to the executed process.</para>
|
||||
|
||||
<para>The following select environment variables are set or propagated by the service manager for each invoked
|
||||
<para>The following environment variables are set or propagated by the service manager for each invoked
|
||||
process:</para>
|
||||
|
||||
<variablelist class='environment-variables'>
|
||||
|
@ -2622,7 +2626,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
|
|||
<term><varname>$LOGS_DIRECTORY</varname></term>
|
||||
<term><varname>$CONFIGURATION_DIRECTORY</varname></term>
|
||||
|
||||
<listitem><para>Contains and absolute paths to the directories defined with
|
||||
<listitem><para>Absolute paths to the directories defined with
|
||||
<varname>RuntimeDirectory=</varname>, <varname>StateDirectory=</varname>,
|
||||
<varname>CacheDirectory=</varname>, <varname>LogsDirectory=</varname>, and
|
||||
<varname>ConfigurationDirectory=</varname> when those settings are used.</para>
|
||||
|
|
|
@ -524,7 +524,8 @@
|
|||
structured log entries via calls such as
|
||||
<citerefentry><refentrytitle>sd_journal_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
|
||||
They may also not be used as matches for
|
||||
<citerefentry><refentrytitle>sd_journal_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry></para>
|
||||
<citerefentry><refentrytitle>sd_journal_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
|
||||
</para>
|
||||
|
||||
<variablelist class='journal-directives'>
|
||||
<varlistentry>
|
||||
|
|
|
@ -151,7 +151,7 @@
|
|||
terminate upon receiving the initial <constant>SIGTERM</constant>
|
||||
signal. This can be achieved by configuring <varname>LimitCORE=</varname>
|
||||
and setting <varname>FinalKillSignal=</varname> to either
|
||||
<constant>SIGQUIT</constant> or <constant>SIGABRT</constant>
|
||||
<constant>SIGQUIT</constant> or <constant>SIGABRT</constant>.
|
||||
Defaults to <constant>SIGKILL</constant>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -64,8 +64,8 @@
|
|||
<title>[Match] Section Options</title>
|
||||
|
||||
<para>A link file is said to match a device if all matches specified by the
|
||||
<literal>[Match]</literal> section are satisfied. When a link file does not contain valid settings
|
||||
in <literal>[Match]</literal> section, then the file will match all devices and
|
||||
[Match] section are satisfied. When a link file does not contain valid settings
|
||||
in [Match] section, then the file will match all devices and
|
||||
<command>systemd-udevd</command> warns about that. Hint: to avoid the warning and to make it clear
|
||||
that all interfaces shall be matched, add the following:
|
||||
<programlisting>OriginalName=*</programlisting>
|
||||
|
|
|
@ -34,9 +34,9 @@
|
|||
this unit type. See
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for the common options of all unit configuration files. The common
|
||||
configuration items are configured in the generic <literal>[Unit]</literal> and
|
||||
<literal>[Install]</literal> sections. The mount specific configuration options are
|
||||
configured in the <literal>[Mount]</literal> section.</para>
|
||||
configuration items are configured in the generic [Unit] and
|
||||
[Install] sections. The mount specific configuration options are
|
||||
configured in the [Mount] section.</para>
|
||||
|
||||
<para>Additional options are listed in
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
|
|
|
@ -357,7 +357,7 @@
|
|||
</variablelist>
|
||||
|
||||
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this
|
||||
particular version of systemd.</para>
|
||||
particular version of systemd).</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
|
@ -114,10 +114,10 @@
|
|||
<entry>An IPv4 over IPv4 tunnel.</entry></row>
|
||||
|
||||
<row><entry><varname>ipvlan</varname></entry>
|
||||
<entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
|
||||
<entry>An IPVLAN device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
|
||||
|
||||
<row><entry><varname>ipvtap</varname></entry>
|
||||
<entry>An ipvtap device is a stacked device which receives packets from its underlying device based on IP address filtering and can be accessed using the tap user space interface.</entry></row>
|
||||
<entry>An IPVTAP device is a stacked device which receives packets from its underlying device based on IP address filtering and can be accessed using the tap user space interface.</entry></row>
|
||||
|
||||
<row><entry><varname>macvlan</varname></entry>
|
||||
<entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
|
||||
|
@ -193,7 +193,7 @@
|
|||
<title>[Match] Section Options</title>
|
||||
|
||||
<para>A virtual network device is only created if the
|
||||
<literal>[Match]</literal> section matches the current
|
||||
[Match] section matches the current
|
||||
environment, or if the section is empty. The following keys are
|
||||
accepted:</para>
|
||||
|
||||
|
@ -259,7 +259,7 @@
|
|||
<refsect1>
|
||||
<title>[NetDev] Section Options</title>
|
||||
|
||||
<para>The <literal>[NetDev]</literal> section accepts the
|
||||
<para>The [NetDev] section accepts the
|
||||
following keys:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
@ -273,13 +273,13 @@
|
|||
<term><varname>Name=</varname></term>
|
||||
<listitem>
|
||||
<para>The interface name used when creating the netdev.
|
||||
This option is compulsory.</para>
|
||||
This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>Kind=</varname></term>
|
||||
<listitem>
|
||||
<para>The netdev kind. This option is compulsory. See the
|
||||
<para>The netdev kind. This setting is compulsory. See the
|
||||
<literal>Supported netdev kinds</literal> section for the
|
||||
valid keys.</para>
|
||||
</listitem>
|
||||
|
@ -287,10 +287,10 @@
|
|||
<varlistentry>
|
||||
<term><varname>MTUBytes=</varname></term>
|
||||
<listitem>
|
||||
<para>The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G,
|
||||
<para>The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G
|
||||
are supported and are understood to the base of 1024. For <literal>tun</literal> or
|
||||
<literal>tap</literal> devices, <varname>MTUBytes=</varname> setting is not currently supported in
|
||||
<literal>[NetDev]</literal> section. Please specify it in <literal>[Link]</literal> section of
|
||||
[NetDev] section. Please specify it in [Link] section of
|
||||
corresponding
|
||||
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
files.</para>
|
||||
|
@ -300,8 +300,8 @@
|
|||
<term><varname>MACAddress=</varname></term>
|
||||
<listitem>
|
||||
<para>The MAC address to use for the device. For <literal>tun</literal> or <literal>tap</literal>
|
||||
devices, setting <varname>MACAddress=</varname> in the <literal>[NetDev]</literal> section is not
|
||||
supported. Please specify it in <literal>[Link]</literal> section of the corresponding
|
||||
devices, setting <varname>MACAddress=</varname> in the [NetDev] section is not
|
||||
supported. Please specify it in [Link] section of the corresponding
|
||||
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
file. If this option is not set, <literal>vlan</literal> devices inherit the MAC address of the
|
||||
physical interface. For other kind of netdevs, if this option is not set, then MAC address is
|
||||
|
@ -316,7 +316,7 @@
|
|||
<refsect1>
|
||||
<title>[Bridge] Section Options</title>
|
||||
|
||||
<para>The <literal>[Bridge]</literal> section only applies for
|
||||
<para>The [Bridge] section only applies for
|
||||
netdevs of kind <literal>bridge</literal>, and accepts the
|
||||
following keys:</para>
|
||||
|
||||
|
@ -436,7 +436,7 @@
|
|||
<refsect1>
|
||||
<title>[VLAN] Section Options</title>
|
||||
|
||||
<para>The <literal>[VLAN]</literal> section only applies for
|
||||
<para>The [VLAN] section only applies for
|
||||
netdevs of kind <literal>vlan</literal>, and accepts the
|
||||
following key:</para>
|
||||
|
||||
|
@ -445,7 +445,7 @@
|
|||
<term><varname>Id=</varname></term>
|
||||
<listitem>
|
||||
<para>The VLAN ID to use. An integer in the range 0–4094.
|
||||
This option is compulsory.</para>
|
||||
This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -478,8 +478,8 @@
|
|||
<varlistentry>
|
||||
<term><varname>ReorderHeader=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. The VLAN reorder header is set VLAN interfaces behave like physical interfaces.
|
||||
When unset, the kernel's default will be used.</para>
|
||||
<para>Takes a boolean. When enabled, the VLAN reorder header is used and VLAN interfaces behave
|
||||
like physical interfaces. When unset, the kernel's default will be used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -488,7 +488,7 @@
|
|||
<refsect1>
|
||||
<title>[MACVLAN] Section Options</title>
|
||||
|
||||
<para>The <literal>[MACVLAN]</literal> section only applies for
|
||||
<para>The [MACVLAN] section only applies for
|
||||
netdevs of kind <literal>macvlan</literal>, and accepts the
|
||||
following key:</para>
|
||||
|
||||
|
@ -510,15 +510,15 @@
|
|||
<refsect1>
|
||||
<title>[MACVTAP] Section Options</title>
|
||||
|
||||
<para>The <literal>[MACVTAP]</literal> section applies for
|
||||
<para>The [MACVTAP] section applies for
|
||||
netdevs of kind <literal>macvtap</literal> and accepts the
|
||||
same key as <literal>[MACVLAN]</literal>.</para>
|
||||
same key as [MACVLAN].</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>[IPVLAN] Section Options</title>
|
||||
|
||||
<para>The <literal>[IPVLAN]</literal> section only applies for
|
||||
<para>The [IPVLAN] section only applies for
|
||||
netdevs of kind <literal>ipvlan</literal>, and accepts the
|
||||
following key:</para>
|
||||
|
||||
|
@ -545,15 +545,15 @@
|
|||
<refsect1>
|
||||
<title>[IPVTAP] Section Options</title>
|
||||
|
||||
<para>The <literal>[IPVTAP]</literal> section only applies for
|
||||
<para>The [IPVTAP] section only applies for
|
||||
netdevs of kind <literal>ipvtap</literal> and accepts the
|
||||
same key as <literal>[IPVLAN]</literal>.</para>
|
||||
same key as [IPVLAN].</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>[VXLAN] Section Options</title>
|
||||
|
||||
<para>The <literal>[VXLAN]</literal> section only applies for
|
||||
<para>The [VXLAN] section only applies for
|
||||
netdevs of kind <literal>vxlan</literal>, and accepts the
|
||||
following keys:</para>
|
||||
|
||||
|
@ -579,7 +579,8 @@
|
|||
<varlistentry>
|
||||
<term><varname>Group=</varname></term>
|
||||
<listitem>
|
||||
<para>Configures VXLAN multicast group IP address. All members of a VXLAN must use the same multicast group address.</para>
|
||||
<para>Configures VXLAN multicast group IP address. All members of a VXLAN must use the same
|
||||
multicast group address.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -637,8 +638,7 @@
|
|||
<varlistentry>
|
||||
<term><varname>L3MissNotification=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. When true, enables netlink IP address miss
|
||||
notifications.</para>
|
||||
<para>Takes a boolean. When true, enables netlink IP address miss notifications.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -739,7 +739,7 @@
|
|||
<refsect1>
|
||||
<title>[GENEVE] Section Options</title>
|
||||
|
||||
<para>The <literal>[GENEVE]</literal> section only applies for
|
||||
<para>The [GENEVE] section only applies for
|
||||
netdevs of kind <literal>geneve</literal>, and accepts the
|
||||
following keys:</para>
|
||||
|
||||
|
@ -765,15 +765,16 @@
|
|||
<varlistentry>
|
||||
<term><varname>TTL=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in <literal>[VXLAN]</literal> section except when unset or
|
||||
set to 0, the kernel's default will be used meaning that packets TTL will be set from
|
||||
<para>Accepts the same values as in the [VXLAN] section, except that when unset
|
||||
or set to 0, the kernel's default will be used, meaning that packet TTL will be set from
|
||||
<filename>/proc/sys/net/ipv4/ip_default_ttl</filename>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>UDPChecksum=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para>
|
||||
<para>Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets
|
||||
over IPv4.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -804,7 +805,7 @@
|
|||
<varlistentry>
|
||||
<term><varname>IPDoNotFragment=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in <literal>[VXLAN]</literal> section.</para>
|
||||
<para>Accepts the same key in [VXLAN] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -813,7 +814,7 @@
|
|||
<refsect1>
|
||||
<title>[L2TP] Section Options</title>
|
||||
|
||||
<para>The <literal>[L2TP]</literal> section only applies for
|
||||
<para>The [L2TP] section only applies for
|
||||
netdevs of kind <literal>l2tp</literal>, and accepts the
|
||||
following keys:</para>
|
||||
|
||||
|
@ -821,21 +822,23 @@
|
|||
<varlistentry>
|
||||
<term><varname>TunnelId=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer.
|
||||
Ranges a number between 1 and 4294967295). This option is compulsory.</para>
|
||||
<para>Specifies the tunnel identifier. Takes an number in the range 1–4294967295. The value used
|
||||
must match the <literal>PeerTunnelId=</literal> value being used at the peer. This setting is
|
||||
compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>PeerTunnelId=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the peer tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer.
|
||||
Ranges a number between 1 and 4294967295). This option is compulsory.</para>
|
||||
<para>Specifies the peer tunnel id. Takes a number in the range 1—4294967295. The value used must
|
||||
match the <literal>PeerTunnelId=</literal> value being used at the peer. This setting is
|
||||
compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>Remote=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the IP address of the remote peer. This option is compulsory.</para>
|
||||
<para>Specifies the IP address of the remote peer. This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -852,27 +855,29 @@
|
|||
<varlistentry>
|
||||
<term><varname>EncapsulationType=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the encapsulation type of the tunnel. Takes one of <literal>udp</literal> or <literal>ip</literal>.</para>
|
||||
<para>Specifies the encapsulation type of the tunnel. Takes one of <literal>udp</literal> or
|
||||
<literal>ip</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>UDPSourcePort=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected it's mandotory. Ignored when ip
|
||||
encapsulation is selected.</para>
|
||||
<para>Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected
|
||||
it's mandatory. Ignored when IP encapsulation is selected.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>UDPDestinationPort=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies destination port. When UDP encapsulation is selected it's mandotory. Ignored when ip
|
||||
<para>Specifies destination port. When UDP encapsulation is selected it's mandatory. Ignored when IP
|
||||
encapsulation is selected.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>UDPChecksum=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para>
|
||||
<para>Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets
|
||||
over IPv4.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -893,28 +898,30 @@
|
|||
<refsect1>
|
||||
<title>[L2TPSession] Section Options</title>
|
||||
|
||||
<para>The <literal>[L2TPSession]</literal> section only applies for
|
||||
<para>The [L2TPSession] section only applies for
|
||||
netdevs of kind <literal>l2tp</literal>, and accepts the
|
||||
following keys:</para>
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
<term><varname>Name=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the name of the session. This option is compulsory.</para>
|
||||
<para>Specifies the name of the session. This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>SessionId=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the session id. The value used must match the <literal>SessionId=</literal> value being used at the peer.
|
||||
Ranges a number between 1 and 4294967295). This option is compulsory.</para>
|
||||
<para>Specifies the session identifier. Takes an number in the range 1–4294967295. The value used
|
||||
must match the <literal>SessionId=</literal> value being used at the peer. This setting is
|
||||
compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>PeerSessionId=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the peer session id. The value used must match the <literal>PeerSessionId=</literal> value being used at the peer.
|
||||
Ranges a number between 1 and 4294967295). This option is compulsory.</para>
|
||||
<para>Specifies the peer session identifier. Takes an number in the range 1–4294967295.
|
||||
The value used must match the <literal>PeerSessionId=</literal> value being used at the peer.
|
||||
This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -929,7 +936,7 @@
|
|||
<refsect1>
|
||||
<title>[MACsec] Section Options</title>
|
||||
|
||||
<para>The <literal>[MACsec]</literal> section only applies for network devices of kind
|
||||
<para>The [MACsec] section only applies for network devices of kind
|
||||
<literal>macsec</literal>, and accepts the following keys:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
@ -952,7 +959,7 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[MACsecReceiveChannel] Section Options</title>
|
||||
<para>The <literal>[MACsecReceiveChannel]</literal> section only applies for network devices of
|
||||
<para>The [MACsecReceiveChannel] section only applies for network devices of
|
||||
kind <literal>macsec</literal>, and accepts the following keys:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
@ -968,7 +975,7 @@
|
|||
<term><varname>MACAddress=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the MAC address to be used for the MACsec receive channel. The MAC address
|
||||
used to make secure channel identifier (SCI). This option is compulsory, and is not set by
|
||||
used to make secure channel identifier (SCI). This setting is compulsory, and is not set by
|
||||
default.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -978,7 +985,7 @@
|
|||
<refsect1>
|
||||
<title>[MACsecTransmitAssociation] Section Options</title>
|
||||
|
||||
<para>The <literal>[MACsecTransmitAssociation]</literal> section only applies for network devices
|
||||
<para>The [MACsecTransmitAssociation] section only applies for network devices
|
||||
of kind <literal>macsec</literal>, and accepts the following keys:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
@ -1002,7 +1009,7 @@
|
|||
<term><varname>Key=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the encryption key used in the transmission channel. The same key must be
|
||||
configured on the peer’s matching receive channel. This option is compulsory, and is not set
|
||||
configured on the peer’s matching receive channel. This setting is compulsory, and is not set
|
||||
by default. Takes a 128-bit key encoded in a hexadecimal string, for example
|
||||
<literal>dffafc8d7b9a43d5b9a3dfbbf6a30c16</literal>.</para>
|
||||
</listitem>
|
||||
|
@ -1028,7 +1035,7 @@
|
|||
<term><varname>UseForEncoding=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. If enabled, then the security association is used for encoding. Only
|
||||
one <literal>[MACsecTransmitAssociation]</literal> section can enable this option. When enabled,
|
||||
one [MACsecTransmitAssociation] section can enable this option. When enabled,
|
||||
<varname>Activate=yes</varname> is implied. Defaults to unset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -1038,7 +1045,7 @@
|
|||
<refsect1>
|
||||
<title>[MACsecReceiveAssociation] Section Options</title>
|
||||
|
||||
<para>The <literal>[MACsecReceiveAssociation]</literal> section only applies for
|
||||
<para>The [MACsecReceiveAssociation] section only applies for
|
||||
network devices of kind <literal>macsec</literal>, and accepts the
|
||||
following keys:</para>
|
||||
|
||||
|
@ -1046,43 +1053,43 @@
|
|||
<varlistentry>
|
||||
<term><varname>Port=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in <literal>[MACsecReceiveChannel]</literal> section.</para>
|
||||
<para>Accepts the same key in [MACsecReceiveChannel] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>MACAddress=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in <literal>[MACsecReceiveChannel]</literal> section.</para>
|
||||
<para>Accepts the same key in [MACsecReceiveChannel] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>PacketNumber=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para>
|
||||
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>KeyId=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para>
|
||||
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>Key=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para>
|
||||
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>KeyFile=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para>
|
||||
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>Activate=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para>
|
||||
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -1091,7 +1098,7 @@
|
|||
<refsect1>
|
||||
<title>[Tunnel] Section Options</title>
|
||||
|
||||
<para>The <literal>[Tunnel]</literal> section only applies for
|
||||
<para>The [Tunnel] section only applies for
|
||||
netdevs of kind
|
||||
<literal>ipip</literal>,
|
||||
<literal>sit</literal>,
|
||||
|
@ -1136,7 +1143,7 @@
|
|||
<para>A fixed Time To Live N on tunneled packets. N is a
|
||||
number in the range 1–255. 0 is a special value meaning that
|
||||
packets inherit the TTL value. The default value for IPv4
|
||||
tunnels is: inherit. The default value for IPv6 tunnels is
|
||||
tunnels is 0 (inherit). The default value for IPv6 tunnels is
|
||||
64.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -1192,7 +1199,7 @@
|
|||
both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>).
|
||||
The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad.
|
||||
It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
|
||||
and control path) in ip xfrm (framework used to implement IPsec protocol).
|
||||
and control path) in IP XFRM (framework used to implement IPsec protocol).
|
||||
See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
|
||||
ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6,
|
||||
GRE, GRETAP, and ERSPAN tunnels.</para>
|
||||
|
@ -1274,7 +1281,7 @@
|
|||
<varlistentry>
|
||||
<term><varname>Encapsulation=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key as in the <literal>[FooOverUDP]</literal> section.</para>
|
||||
<para>Accepts the same key as in the [FooOverUDP] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -1314,7 +1321,7 @@
|
|||
<refsect1>
|
||||
<title>[FooOverUDP] Section Options</title>
|
||||
|
||||
<para>The <literal>[FooOverUDP]</literal> section only applies for
|
||||
<para>The [FooOverUDP] section only applies for
|
||||
netdevs of kind <literal>fou</literal> and accepts the
|
||||
following keys:</para>
|
||||
|
||||
|
@ -1322,29 +1329,32 @@
|
|||
<varlistentry>
|
||||
<term><varname>Encapsulation=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the encapsulation mechanism used to store networking packets of various protocols inside the UDP packets. Supports the following values:
|
||||
<para>Specifies the encapsulation mechanism used to store networking packets of various protocols
|
||||
inside the UDP packets. Supports the following values:
|
||||
|
||||
<literal>FooOverUDP</literal> provides the simplest no frills model of UDP encapsulation, it simply encapsulates
|
||||
packets directly in the UDP payload.
|
||||
<literal>GenericUDPEncapsulation</literal> is a generic and extensible encapsulation, it allows encapsulation of packets for any IP
|
||||
protocol and optional data as part of the encapsulation.
|
||||
For more detailed information see <ulink url="https://lwn.net/Articles/615044">Generic UDP Encapsulation</ulink>.
|
||||
Defaults to <literal>FooOverUDP</literal>.
|
||||
<literal>FooOverUDP</literal> provides the simplest no frills model of UDP encapsulation, it simply
|
||||
encapsulates packets directly in the UDP payload. <literal>GenericUDPEncapsulation</literal> is a
|
||||
generic and extensible encapsulation, it allows encapsulation of packets for any IP protocol and
|
||||
optional data as part of the encapsulation. For more detailed information see <ulink
|
||||
url="https://lwn.net/Articles/615044">Generic UDP Encapsulation</ulink>. Defaults to
|
||||
<literal>FooOverUDP</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>Port=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the port number, where the IP encapsulation packets will arrive. Please take note that the packets
|
||||
will arrive with the encapsulation will be removed. Then they will be manually fed back into the network stack, and sent ahead
|
||||
for delivery to the real destination. This option is mandatory.</para>
|
||||
<para>Specifies the port number, where the IP encapsulation packets will arrive. Please take note
|
||||
that the packets will arrive with the encapsulation will be removed. Then they will be manually fed
|
||||
back into the network stack, and sent ahead for delivery to the real destination. This option is
|
||||
mandatory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>PeerPort=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the peer port number. Defaults to unset. Note that when peer port is set <literal>Peer=</literal> address is mandotory.</para>
|
||||
<para>Specifies the peer port number. Defaults to unset. Note that when peer port is set
|
||||
<literal>Peer=</literal> address is mandatory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -1360,7 +1370,8 @@
|
|||
<varlistentry>
|
||||
<term><varname>Peer=</varname></term>
|
||||
<listitem>
|
||||
<para>Configures peer IP address. Note that when peer address is set <literal>PeerPort=</literal> is mandotory.</para>
|
||||
<para>Configures peer IP address. Note that when peer address is set <literal>PeerPort=</literal>
|
||||
is mandatory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -1375,7 +1386,7 @@
|
|||
<refsect1>
|
||||
<title>[Peer] Section Options</title>
|
||||
|
||||
<para>The <literal>[Peer]</literal> section only applies for
|
||||
<para>The [Peer] section only applies for
|
||||
netdevs of kind <literal>veth</literal> and accepts the
|
||||
following keys:</para>
|
||||
|
||||
|
@ -1384,7 +1395,7 @@
|
|||
<term><varname>Name=</varname></term>
|
||||
<listitem>
|
||||
<para>The interface name used when creating the netdev.
|
||||
This option is compulsory.</para>
|
||||
This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -1401,7 +1412,7 @@
|
|||
<refsect1>
|
||||
<title>[VXCAN] Section Options</title>
|
||||
|
||||
<para>The <literal>[VXCAN]</literal> section only applies for
|
||||
<para>The [VXCAN] section only applies for
|
||||
netdevs of kind <literal>vxcan</literal> and accepts the
|
||||
following key:</para>
|
||||
|
||||
|
@ -1410,7 +1421,7 @@
|
|||
<term><varname>Peer=</varname></term>
|
||||
<listitem>
|
||||
<para>The peer interface name used when creating the netdev.
|
||||
This option is compulsory.</para>
|
||||
This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -1419,7 +1430,7 @@
|
|||
<refsect1>
|
||||
<title>[Tun] Section Options</title>
|
||||
|
||||
<para>The <literal>[Tun]</literal> section only applies for
|
||||
<para>The [Tun] section only applies for
|
||||
netdevs of kind <literal>tun</literal>, and accepts the following
|
||||
keys:</para>
|
||||
|
||||
|
@ -1469,15 +1480,15 @@
|
|||
<refsect1>
|
||||
<title>[Tap] Section Options</title>
|
||||
|
||||
<para>The <literal>[Tap]</literal> section only applies for
|
||||
<para>The [Tap] section only applies for
|
||||
netdevs of kind <literal>tap</literal>, and accepts the same keys
|
||||
as the <literal>[Tun]</literal> section.</para>
|
||||
as the [Tun] section.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>[WireGuard] Section Options</title>
|
||||
|
||||
<para>The <literal>[WireGuard]</literal> section accepts the following
|
||||
<para>The [WireGuard] section accepts the following
|
||||
keys:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
@ -1524,7 +1535,7 @@
|
|||
<refsect1>
|
||||
<title>[WireGuardPeer] Section Options</title>
|
||||
|
||||
<para>The <literal>[WireGuardPeer]</literal> section accepts the following
|
||||
<para>The [WireGuardPeer] section accepts the following
|
||||
keys:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
@ -1600,7 +1611,7 @@
|
|||
<refsect1>
|
||||
<title>[Bond] Section Options</title>
|
||||
|
||||
<para>The <literal>[Bond]</literal> section accepts the following
|
||||
<para>The [Bond] section accepts the following
|
||||
key:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
@ -1702,14 +1713,15 @@
|
|||
<varlistentry>
|
||||
<term><varname>AdActorSystemPriority=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the 802.3ad actor system priority. Ranges [1-65535].</para>
|
||||
<para>Specifies the 802.3ad actor system priority. Takes a number in the range 1—65535.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>AdUserPortKey=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the 802.3ad user defined portion of the port key. Ranges [0-1023].</para>
|
||||
<para>Specifies the 802.3ad user defined portion of the port key. Takes a number in the range
|
||||
0–1023.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -1879,7 +1891,7 @@
|
|||
<refsect1>
|
||||
<title>[Xfrm] Section Options</title>
|
||||
|
||||
<para>The <literal>[Xfrm]</literal> section accepts the following
|
||||
<para>The [Xfrm] section accepts the following
|
||||
keys:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
@ -1902,13 +1914,12 @@
|
|||
</variablelist>
|
||||
|
||||
<para>For more detail information see
|
||||
<ulink url="https://lwn.net/Articles/757391">
|
||||
Virtual xfrm interfaces</ulink></para>
|
||||
<ulink url="https://lwn.net/Articles/757391">Virtual XFRM Interfaces</ulink>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>[VRF] Section Options</title>
|
||||
<para>The <literal>[VRF]</literal> section only applies for
|
||||
<para>The [VRF] section only applies for
|
||||
netdevs of kind <literal>vrf</literal> and accepts the
|
||||
following key:</para>
|
||||
|
||||
|
@ -1916,7 +1927,7 @@
|
|||
<varlistentry>
|
||||
<term><varname>Table=</varname></term>
|
||||
<listitem>
|
||||
<para>The numeric routing table identifier. This option is compulsory.</para>
|
||||
<para>The numeric routing table identifier. This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
|
|
@ -72,21 +72,16 @@
|
|||
<refsect1>
|
||||
<title>[Match] Section Options</title>
|
||||
|
||||
<para>The network file contains a <literal>[Match]</literal>
|
||||
section, which determines if a given network file may be applied
|
||||
to a given device; and a <literal>[Network]</literal> section
|
||||
specifying how the device should be configured. The first (in
|
||||
lexical order) of the network files that matches a given device
|
||||
is applied, all later files are ignored, even if they match as
|
||||
well.</para>
|
||||
<para>The network file contains a [Match] section, which determines if a given network file may be
|
||||
applied to a given device; and a [Network] section specifying how the device should be configured. The
|
||||
first (in lexical order) of the network files that matches a given device is applied, all later files
|
||||
are ignored, even if they match as well.</para>
|
||||
|
||||
<para>A network file is said to match a network interface if all matches specified by the
|
||||
<literal>[Match]</literal> section are satisfied. When a network file does not contain valid
|
||||
settings in <literal>[Match]</literal> section, then the file will match all interfaces and
|
||||
<command>systemd-networkd</command> warns about that. Hint: to avoid the warning and to make it
|
||||
clear that all interfaces shall be matched, add the following:
|
||||
<programlisting>Name=*</programlisting>
|
||||
The following keys are accepted:</para>
|
||||
<para>A network file is said to match a network interface if all matches specified by the [Match]
|
||||
section are satisfied. When a network file does not contain valid settings in [Match] section, then the
|
||||
file will match all interfaces and <command>systemd-networkd</command> warns about that. Hint: to avoid
|
||||
the warning and to make it clear that all interfaces shall be matched, add the following:
|
||||
<programlisting>Name=*</programlisting> The following keys are accepted:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="systemd.link.xml" xpointer="mac-address" />
|
||||
|
@ -132,9 +127,8 @@
|
|||
<listitem>
|
||||
<para>A whitespace-separated list of hardware address of the currently connected wireless
|
||||
LAN. Use full colon-, hyphen- or dot-delimited hexadecimal. See the example in
|
||||
<varname>MACAddress=</varname>. This option may appear more than one, in which case the
|
||||
lists are merged. If the empty string is assigned to this option, the list of BSSID defined
|
||||
prior to this is reset.</para>
|
||||
<varname>MACAddress=</varname>. This option may appear more than once, in which case the
|
||||
lists are merged. If the empty string is assigned to this option, the list is reset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -150,7 +144,7 @@
|
|||
<refsect1>
|
||||
<title>[Link] Section Options</title>
|
||||
|
||||
<para> The <literal>[Link]</literal> section accepts the following keys:</para>
|
||||
<para> The [Link] section accepts the following keys:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
|
@ -211,7 +205,7 @@
|
|||
<para>Link groups are similar to port ranges found in managed switches.
|
||||
When network interfaces are added to a numbered group, operations on
|
||||
all the interfaces from that group can be performed at once. An unsigned
|
||||
integer ranges 0 to 4294967294. Default to unset.</para>
|
||||
integer in the range 0—4294967294. Defaults to unset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -239,12 +233,11 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[SR-IOV] Section Options</title>
|
||||
<para>The <literal>[SR-IOV]</literal> section accepts the
|
||||
following keys. Specify several <literal>[SR-IOV]</literal>
|
||||
sections to configure several SR-IOVs. SR-IOV provides the ability to partition a single physical PCI resource
|
||||
into virtual PCI functions which can then be injected into a VM. In the case of network VFs, SR-IOV improves
|
||||
north-south network performance (that is, traffic with endpoints outside the host machine) by allowing traffic to
|
||||
bypass the host machine’s network stack.</para>
|
||||
<para>The [SR-IOV] section accepts the following keys. Specify several [SR-IOV] sections to configure
|
||||
several SR-IOVs. SR-IOV provides the ability to partition a single physical PCI resource into virtual
|
||||
PCI functions which can then be injected into a VM. In the case of network VFs, SR-IOV improves
|
||||
north-south network performance (that is, traffic with endpoints outside the host machine) by allowing
|
||||
traffic to bypass the host machine’s network stack.</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
|
@ -327,7 +320,7 @@
|
|||
<refsect1>
|
||||
<title>[Network] Section Options</title>
|
||||
|
||||
<para>The <literal>[Network]</literal> section accepts the following keys:</para>
|
||||
<para>The [Network] section accepts the following keys:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
|
@ -356,16 +349,15 @@
|
|||
specified through DHCP is not used for name resolution.
|
||||
See option <option>UseDomains=</option> below.</para>
|
||||
|
||||
<para>See the <literal>[DHCPv4]</literal> or <literal>[DHCPv6]</literal> section below for
|
||||
further configuration options for the DHCP client support.</para>
|
||||
<para>See the [DHCPv4] or [DHCPv6] sections below for further configuration options for the DHCP
|
||||
client support.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>DHCPServer=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. If set to <literal>yes</literal>, DHCPv4 server will be started. Defaults
|
||||
to <literal>no</literal>. Further settings for the DHCP
|
||||
server may be set in the <literal>[DHCPServer]</literal>
|
||||
to <literal>no</literal>. Further settings for the DHCP server may be set in the [DHCPServer]
|
||||
section described below.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -495,10 +487,8 @@
|
|||
<varlistentry>
|
||||
<term><varname>DNSSEC=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. or
|
||||
<literal>allow-downgrade</literal>. When true, enables
|
||||
<ulink
|
||||
url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink>
|
||||
<para>Takes a boolean or <literal>allow-downgrade</literal>. When true, enables
|
||||
<ulink url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink>
|
||||
DNS validation support on the link. When set to
|
||||
<literal>allow-downgrade</literal>, compatibility with
|
||||
non-DNSSEC capable networks is increased, by automatically
|
||||
|
@ -730,8 +720,8 @@
|
|||
forwarding is enabled, and to enable it otherwise. Cannot be enabled on bond devices and when link
|
||||
local addressing is disabled.</para>
|
||||
|
||||
<para>Further settings for the IPv6 RA support may be configured in the
|
||||
<literal>[IPv6AcceptRA]</literal> section, see below.</para>
|
||||
<para>Further settings for the IPv6 RA support may be configured in the [IPv6AcceptRA] section, see
|
||||
below.</para>
|
||||
|
||||
<para>Also see <ulink
|
||||
url="https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt">ip-sysctl.txt</ulink> in the kernel
|
||||
|
@ -770,7 +760,7 @@
|
|||
<term><varname>IPv4ProxyARP=</varname></term>
|
||||
<listitem><para>Takes a boolean. Configures proxy ARP for IPv4. Proxy ARP is the technique in which one host,
|
||||
usually a router, answers ARP requests intended for another machine. By "faking" its identity,
|
||||
the router accepts responsibility for routing packets to the "real" destination. (see <ulink
|
||||
the router accepts responsibility for routing packets to the "real" destination. See <ulink
|
||||
url="https://tools.ietf.org/html/rfc1027">RFC 1027</ulink>.
|
||||
When unset, the kernel's default will be used.
|
||||
</para></listitem>
|
||||
|
@ -801,18 +791,15 @@
|
|||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>IPv6PrefixDelegation=</varname></term>
|
||||
<listitem><para>Whether to enable or disable Router Advertisement sending on a link.
|
||||
Allowed values are <literal>static</literal> which distributes prefixes as defined in
|
||||
the <literal>[IPv6PrefixDelegation]</literal> and any <literal>[IPv6Prefix]</literal>
|
||||
sections, <literal>dhcpv6</literal> which requests prefixes using a DHCPv6 client
|
||||
configured for another link and any values configured in the
|
||||
<literal>[IPv6PrefixDelegation]</literal> section while ignoring all static prefix
|
||||
configuration sections, <literal>yes</literal> which uses both static configuration
|
||||
and DHCPv6, and <literal>false</literal> which turns off IPv6 prefix delegation
|
||||
altogether. Defaults to <literal>false</literal>. See the
|
||||
<literal>[IPv6PrefixDelegation]</literal> and the <literal>[IPv6Prefix]</literal>
|
||||
sections for more configuration options.
|
||||
</para></listitem>
|
||||
<listitem><para>Whether to enable or disable Router Advertisement sending on a link. Allowed
|
||||
values are <literal>static</literal> which distributes prefixes as defined in the
|
||||
[IPv6PrefixDelegation] and any [IPv6Prefix] sections, <literal>dhcpv6</literal> which requests
|
||||
prefixes using a DHCPv6 client configured for another link and any values configured in the
|
||||
[IPv6PrefixDelegation] section while ignoring all static prefix configuration sections,
|
||||
<literal>yes</literal> which uses both static configuration and DHCPv6, and
|
||||
<literal>false</literal> which turns off IPv6 prefix delegation altogether. Defaults to
|
||||
<literal>false</literal>. See the [IPv6PrefixDelegation] and the [IPv6Prefix] sections for more
|
||||
configuration options.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>IPv6PDSubnetId=</varname></term>
|
||||
|
@ -978,16 +965,15 @@
|
|||
<refsect1>
|
||||
<title>[Address] Section Options</title>
|
||||
|
||||
<para>An <literal>[Address]</literal> section accepts the
|
||||
following keys. Specify several <literal>[Address]</literal>
|
||||
<para>An [Address] section accepts the following keys. Specify several [Address]
|
||||
sections to configure several addresses.</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
<term><varname>Address=</varname></term>
|
||||
<listitem>
|
||||
<para>As in the <literal>[Network]</literal> section. This key is mandatory. Each
|
||||
<literal>[Address]</literal> section can contain one <varname>Address=</varname> setting.</para>
|
||||
<para>As in the [Network] section. This key is mandatory. Each [Address] section can contain one
|
||||
<varname>Address=</varname> setting.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -1031,7 +1017,7 @@
|
|||
<term><varname>Scope=</varname></term>
|
||||
<listitem>
|
||||
<para>The scope of the address, which can be <literal>global</literal>,
|
||||
<literal>link</literal> or <literal>host</literal> or an unsigned integer ranges 0 to 255.
|
||||
<literal>link</literal> or <literal>host</literal> or an unsigned integer in the range 0—255.
|
||||
Defaults to <literal>global</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -1093,12 +1079,10 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[Neighbor] Section Options</title>
|
||||
<para>A <literal>[Neighbor]</literal> section accepts the
|
||||
following keys. The neighbor section adds a permanent, static
|
||||
entry to the neighbor table (IPv6) or ARP table (IPv4) for
|
||||
the given hardware address on the links matched for the network.
|
||||
Specify several <literal>[Neighbor]</literal> sections to configure
|
||||
several static neighbors.</para>
|
||||
<para>A [Neighbor] section accepts the following keys. The neighbor section adds a permanent, static
|
||||
entry to the neighbor table (IPv6) or ARP table (IPv4) for the given hardware address on the links
|
||||
matched for the network. Specify several [Neighbor] sections to configure several static neighbors.
|
||||
</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
|
@ -1119,18 +1103,17 @@
|
|||
<refsect1>
|
||||
<title>[IPv6AddressLabel] Section Options</title>
|
||||
|
||||
<para>An <literal>[IPv6AddressLabel]</literal> section accepts the
|
||||
following keys. Specify several <literal>[IPv6AddressLabel]</literal>
|
||||
sections to configure several address labels. IPv6 address labels are
|
||||
used for address selection. See <ulink url="https://tools.ietf.org/html/rfc3484">RFC 3484</ulink>.
|
||||
Precedence is managed by userspace, and only the label itself is stored in the kernel</para>
|
||||
<para>An [IPv6AddressLabel] section accepts the following keys. Specify several [IPv6AddressLabel]
|
||||
sections to configure several address labels. IPv6 address labels are used for address selection. See
|
||||
<ulink url="https://tools.ietf.org/html/rfc3484">RFC 3484</ulink>. Precedence is managed by userspace,
|
||||
and only the label itself is stored in the kernel</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
<term><varname>Label=</varname></term>
|
||||
<listitem>
|
||||
<para> The label for the prefix (an unsigned integer) ranges 0 to 4294967294.
|
||||
0xffffffff is reserved. This key is mandatory.</para>
|
||||
<para>The label for the prefix, an unsigned integer in the range 0–4294967294.
|
||||
0xffffffff is reserved. This setting is mandatory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -1146,15 +1129,14 @@
|
|||
<refsect1>
|
||||
<title>[RoutingPolicyRule] Section Options</title>
|
||||
|
||||
<para>An <literal>[RoutingPolicyRule]</literal> section accepts the
|
||||
following keys. Specify several <literal>[RoutingPolicyRule]</literal>
|
||||
<para>An [RoutingPolicyRule] section accepts the following keys. Specify several [RoutingPolicyRule]
|
||||
sections to configure several rules.</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
<term><varname>TypeOfService=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the type of service to match a number between 0 to 255.</para>
|
||||
<para>Takes a number between 0 and 255 that specifies the type of service to match.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -1261,16 +1243,15 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[NextHop] Section Options</title>
|
||||
<para>The <literal>[NextHop]</literal> section accepts the
|
||||
following keys. Specify several <literal>[NextHop]</literal>
|
||||
sections to configure several nexthop. Nexthop is used to manipulate entries in the kernel's nexthop
|
||||
tables.</para>
|
||||
<para>The [NextHop] section is used to manipulate entries in the kernel's "nexthop" tables. The
|
||||
[NextHop] section accepts the following keys. Specify several [NextHop] sections to configure several
|
||||
hops.</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
<term><varname>Gateway=</varname></term>
|
||||
<listitem>
|
||||
<para>As in the <literal>[Network]</literal> section. This is mandatory.</para>
|
||||
<para>As in the [Network] section. This is mandatory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -1284,9 +1265,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[Route] Section Options</title>
|
||||
<para>The <literal>[Route]</literal> section accepts the
|
||||
following keys. Specify several <literal>[Route]</literal>
|
||||
sections to configure several routes.</para>
|
||||
<para>The [Route] section accepts the following keys. Specify several [Route] sections to configure
|
||||
several routes.</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
|
@ -1333,10 +1313,10 @@
|
|||
<term><varname>IPv6Preference=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the route preference as defined in <ulink
|
||||
url="https://tools.ietf.org/html/rfc4191">RFC4191</ulink> for Router Discovery messages.
|
||||
Which can be one of <literal>low</literal> the route has a lowest priority,
|
||||
<literal>medium</literal> the route has a default priority or
|
||||
<literal>high</literal> the route has a highest priority.</para>
|
||||
url="https://tools.ietf.org/html/rfc4191">RFC 4191</ulink> for Router Discovery messages. Which
|
||||
can be one of <literal>low</literal> the route has a lowest priority, <literal>medium</literal>
|
||||
the route has a default priority or <literal>high</literal> the route has a highest priority.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -1471,8 +1451,7 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[DHCPv4] Section Options</title>
|
||||
<para>The <literal>[DHCPv4]</literal> section configures the
|
||||
DHCPv4 client, if it is enabled with the
|
||||
<para>The [DHCPv4] section configures the DHCPv4 client, if it is enabled with the
|
||||
<varname>DHCP=</varname> setting described above:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
@ -1717,8 +1696,8 @@
|
|||
<para>The table identifier for DHCP routes (a number between 1 and 4294967295, or 0 to unset).
|
||||
The table can be retrieved using <command>ip route show table <replaceable>num</replaceable></command>.
|
||||
</para>
|
||||
<para>When used in combination with <varname>VRF=</varname> the
|
||||
VRF's routing table is used unless this parameter is specified.
|
||||
<para>When used in combination with <varname>VRF=</varname>, the
|
||||
VRF's routing table is used when this parameter is not specified.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -1757,11 +1736,12 @@
|
|||
<varlistentry>
|
||||
<term><varname>SendDecline=</varname></term>
|
||||
<listitem>
|
||||
<para>A boolean. When <literal>true</literal>, DHCPv4 clients receives IP address from DHCP server.
|
||||
After new IP is received, DHCPv4 performs IPv4 Duplicate Address Detection. If duplicate use of IP is detected
|
||||
the DHCPv4 client rejects the IP by sending a DHCPDECLINE packet DHCP clients try to obtain an IP address again.
|
||||
See <ulink url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>.
|
||||
Defaults to <literal>unset</literal>.</para>
|
||||
<para>A boolean. When <literal>true</literal>, the DHCPv4 client receives the IP address from the
|
||||
DHCP server. After a new IP is received, the DHCPv4 client performs IPv4 Duplicate Address
|
||||
Detection. If duplicate use is detected, the DHCPv4 client rejects the IP by sending a
|
||||
DHCPDECLINE packet and tries to obtain an IP address again. See <ulink
|
||||
url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>. Defaults to
|
||||
<literal>unset</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -1814,7 +1794,7 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[DHCPv6] Section Options</title>
|
||||
<para>The <literal>[DHCPv6]</literal> section configures the DHCPv6 client, if it is enabled with the
|
||||
<para>The [DHCPv6] section configures the DHCPv6 client, if it is enabled with the
|
||||
<varname>DHCP=</varname> setting described above, or invoked by the IPv6 Router Advertisement:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
@ -1822,7 +1802,7 @@
|
|||
<term><varname>UseDNS=</varname></term>
|
||||
<term><varname>UseNTP=</varname></term>
|
||||
<listitem>
|
||||
<para>As in the <literal>[DHCPv4]</literal> section.</para>
|
||||
<para>As in the [DHCPv4] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -1839,7 +1819,7 @@
|
|||
<para>Takes a boolean. The DHCPv6 client can obtain configuration parameters from a DHCPv6 server through
|
||||
a rapid two-message exchange (solicit and reply). When the rapid commit option is enabled by both
|
||||
the DHCPv6 client and the DHCPv6 server, the two-message exchange is used, rather than the default
|
||||
four-method exchange (solicit, advertise, request, and reply). The two-message exchange provides
|
||||
four-message exchange (solicit, advertise, request, and reply). The two-message exchange provides
|
||||
faster client configuration and is beneficial in environments in which networks are under a heavy load.
|
||||
See <ulink url="https://tools.ietf.org/html/rfc3315#section-17.2.1">RFC 3315</ulink> for details.
|
||||
Defaults to true.</para>
|
||||
|
@ -1867,14 +1847,15 @@
|
|||
<varlistentry>
|
||||
<term><varname>SendVendorOption=</varname></term>
|
||||
<listitem>
|
||||
<para>Send an arbitrary vendor option in the DHCPv6 request. Takes an enterprise identifier, DHCP option number,
|
||||
data type, and data separated with a colon
|
||||
(<literal><replaceable>enterprise identifier</replaceable>:<replaceable>option</replaceable>:<replaceable>type</replaceable>:
|
||||
<replaceable>value</replaceable></literal>). Enterprise identifier is an unsigned integer ranges 1..4294967294.
|
||||
The option number must be an integer in the range 1..254. Data type takes one of <literal>uint8</literal>,
|
||||
<literal>uint16</literal>, <literal>uint32</literal>, <literal>ipv4address</literal>, <literal>ipv6address</literal>, or
|
||||
<literal>string</literal>. Special characters in the data string may be escaped using
|
||||
<ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
|
||||
<para>Send an arbitrary vendor option in the DHCPv6 request. Takes an enterprise identifier, DHCP
|
||||
option number, data type, and data separated with a colon (<literal><replaceable>enterprise
|
||||
identifier</replaceable>:<replaceable>option</replaceable>:<replaceable>type</replaceable>:
|
||||
<replaceable>value</replaceable></literal>). Enterprise identifier is an unsigned integer in the
|
||||
range 1–4294967294. The option number must be an integer in the range 1–254. Data type takes one
|
||||
of <literal>uint8</literal>, <literal>uint16</literal>, <literal>uint32</literal>,
|
||||
<literal>ipv4address</literal>, <literal>ipv6address</literal>, or
|
||||
<literal>string</literal>. Special characters in the data string may be escaped using <ulink
|
||||
url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
|
||||
escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
|
||||
then all options specified earlier are cleared. Defaults to unset.</para>
|
||||
</listitem>
|
||||
|
@ -1918,24 +1899,26 @@
|
|||
<varlistentry>
|
||||
<term><varname>PrefixDelegationHint=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes an IPv6 address with prefix length as <varname>Address=</varname> in
|
||||
the "[Network]" section. Specifies the DHCPv6 client for the requesting router to include
|
||||
a prefix-hint in the DHCPv6 solicitation. Prefix ranges 1..128. Defaults to unset.</para>
|
||||
<para>Takes an IPv6 address with prefix length in the same format as the
|
||||
<varname>Address=</varname> in the [Network] section. The DHCPv6 client will include a prefix
|
||||
hint in the DHCPv6 solicitation sent to the server. The prefix length must be in the range
|
||||
1–128. Defaults to unset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>WithoutRA=</varname></term>
|
||||
<listitem>
|
||||
<para>Allows DHCPv6 client to start without router advertisements's managed or other address configuration flag.
|
||||
Takes one of <literal>solicit</literal> or <literal>information-request</literal>. Defaults to unset.</para>
|
||||
<para>Allows DHCPv6 client to start without router advertisements's managed or other address
|
||||
configuration flag. Takes one of <literal>solicit</literal> or
|
||||
<literal>information-request</literal>. Defaults to unset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>SendOption=</varname></term>
|
||||
<listitem>
|
||||
<para>As in the <literal>[DHCPv4]</literal> section, however because DHCPv6 uses 16-bit fields to store
|
||||
<para>As in the [DHCPv4] section, however because DHCPv6 uses 16-bit fields to store
|
||||
option numbers, the option number is an integer in the range 1..65536.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -1969,9 +1952,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[IPv6AcceptRA] Section Options</title>
|
||||
<para>The <literal>[IPv6AcceptRA]</literal> section configures the IPv6 Router Advertisement
|
||||
(RA) client, if it is enabled with the <varname>IPv6AcceptRA=</varname> setting described
|
||||
above:</para>
|
||||
<para>The [IPv6AcceptRA] section configures the IPv6 Router Advertisement (RA) client, if it is enabled
|
||||
with the <varname>IPv6AcceptRA=</varname> setting described above:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
|
@ -2051,8 +2033,7 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[DHCPServer] Section Options</title>
|
||||
<para>The <literal>[DHCPServer]</literal> section contains
|
||||
settings for the DHCP server, if enabled via the
|
||||
<para>The [DHCPServer] section contains settings for the DHCP server, if enabled via the
|
||||
<varname>DHCPServer=</varname> option described above:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
@ -2186,11 +2167,9 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[IPv6PrefixDelegation] Section Options</title>
|
||||
<para>The <literal>[IPv6PrefixDelegation]</literal> section contains
|
||||
settings for sending IPv6 Router Advertisements and whether to act as
|
||||
a router, if enabled via the <varname>IPv6PrefixDelegation=</varname>
|
||||
option described above. IPv6 network prefixes are defined with one or
|
||||
more <literal>[IPv6Prefix]</literal> sections.</para>
|
||||
<para>The [IPv6PrefixDelegation] section contains settings for sending IPv6 Router Advertisements and
|
||||
whether to act as a router, if enabled via the <varname>IPv6PrefixDelegation=</varname> option described
|
||||
above. IPv6 network prefixes are defined with one or more [IPv6Prefix] sections.</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
||||
|
@ -2234,32 +2213,26 @@
|
|||
<term><varname>EmitDNS=</varname></term>
|
||||
<term><varname>DNS=</varname></term>
|
||||
|
||||
<listitem><para><varname>DNS=</varname> specifies a list of recursive DNS server IPv6 addresses
|
||||
that are distributed via Router Advertisement messages when <varname>EmitDNS=</varname> is
|
||||
true. <varname>DNS=</varname> also takes special value <literal>_link_local</literal>; in that
|
||||
case the IPv6 link local address is distributed. If <varname>DNS=</varname> is empty, DNS
|
||||
servers are read from the <literal>[Network]</literal> section. If the
|
||||
<literal>[Network]</literal> section does not contain any DNS servers either, DNS servers from
|
||||
the uplink with the highest priority default route are used. When <varname>EmitDNS=</varname>
|
||||
is false, no DNS server information is sent in Router Advertisement messages.
|
||||
<varname>EmitDNS=</varname> defaults to true.
|
||||
</para></listitem>
|
||||
<listitem><para><varname>DNS=</varname> specifies a list of recursive DNS server IPv6 addresses that
|
||||
are distributed via Router Advertisement messages when <varname>EmitDNS=</varname> is
|
||||
true. <varname>DNS=</varname> also takes special value <literal>_link_local</literal>; in that case
|
||||
the IPv6 link local address is distributed. If <varname>DNS=</varname> is empty, DNS servers are read
|
||||
from the [Network] section. If the [Network] section does not contain any DNS servers either, DNS
|
||||
servers from the uplink with the highest priority default route are used. When
|
||||
<varname>EmitDNS=</varname> is false, no DNS server information is sent in Router Advertisement
|
||||
messages. <varname>EmitDNS=</varname> defaults to true.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>EmitDomains=</varname></term>
|
||||
<term><varname>Domains=</varname></term>
|
||||
|
||||
<listitem><para>A list of DNS search domains distributed via Router
|
||||
Advertisement messages when <varname>EmitDomains=</varname> is true. If
|
||||
<varname>Domains=</varname> is empty, DNS search domains are read from the
|
||||
<literal>[Network]</literal> section. If the <literal>[Network]</literal>
|
||||
section does not contain any DNS search domains either, DNS search
|
||||
domains from the uplink with the highest priority default route are
|
||||
used. When <varname>EmitDomains=</varname> is false, no DNS search domain
|
||||
information is sent in Router Advertisement messages.
|
||||
<varname>EmitDomains=</varname> defaults to true.
|
||||
</para></listitem>
|
||||
<listitem><para>A list of DNS search domains distributed via Router Advertisement messages when
|
||||
<varname>EmitDomains=</varname> is true. If <varname>Domains=</varname> is empty, DNS search domains
|
||||
are read from the [Network] section. If the [Network] section does not contain any DNS search domains
|
||||
either, DNS search domains from the uplink with the highest priority default route are used. When
|
||||
<varname>EmitDomains=</varname> is false, no DNS search domain information is sent in Router
|
||||
Advertisement messages. <varname>EmitDomains=</varname> defaults to true.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -2275,10 +2248,9 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[IPv6Prefix] Section Options</title>
|
||||
<para>One or more <literal>[IPv6Prefix]</literal> sections contain the IPv6
|
||||
prefixes that are announced via Router Advertisements. See
|
||||
<ulink url="https://tools.ietf.org/html/rfc4861">RFC 4861</ulink>
|
||||
for further details.</para>
|
||||
<para>One or more [IPv6Prefix] sections contain the IPv6 prefixes that are announced via Router
|
||||
Advertisements. See <ulink url="https://tools.ietf.org/html/rfc4861">RFC 4861</ulink> for further
|
||||
details.</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
||||
|
@ -2296,13 +2268,11 @@
|
|||
<varlistentry>
|
||||
<term><varname>Prefix=</varname></term>
|
||||
|
||||
<listitem><para>The IPv6 prefix that is to be distributed to hosts.
|
||||
Similarly to configuring static IPv6 addresses, the setting is
|
||||
configured as an IPv6 prefix and its prefix length, separated by a
|
||||
<literal>/</literal> character. Use multiple
|
||||
<literal>[IPv6Prefix]</literal> sections to configure multiple IPv6
|
||||
prefixes since prefix lifetimes, address autoconfiguration and onlink
|
||||
status may differ from one prefix to another.</para></listitem>
|
||||
<listitem><para>The IPv6 prefix that is to be distributed to hosts. Similarly to configuring static
|
||||
IPv6 addresses, the setting is configured as an IPv6 prefix and its prefix length, separated by a
|
||||
<literal>/</literal> character. Use multiple [IPv6Prefix] sections to configure multiple IPv6
|
||||
prefixes since prefix lifetimes, address autoconfiguration and onlink status may differ from one
|
||||
prefix to another.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -2325,7 +2295,7 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[IPv6RoutePrefix] Section Options</title>
|
||||
<para>One or more <literal>[IPv6RoutePrefix]</literal> sections contain the IPv6
|
||||
<para>One or more [IPv6RoutePrefix] sections contain the IPv6
|
||||
prefix routes that are announced via Router Advertisements. See
|
||||
<ulink url="https://tools.ietf.org/html/rfc4191">RFC 4191</ulink>
|
||||
for further details.</para>
|
||||
|
@ -2335,12 +2305,10 @@
|
|||
<varlistentry>
|
||||
<term><varname>Route=</varname></term>
|
||||
|
||||
<listitem><para>The IPv6 route that is to be distributed to hosts.
|
||||
Similarly to configuring static IPv6 routes, the setting is
|
||||
configured as an IPv6 prefix routes and its prefix route length,
|
||||
separated by a<literal>/</literal> character. Use multiple
|
||||
<literal>[IPv6PrefixRoutes]</literal> sections to configure multiple IPv6
|
||||
prefix routes.</para></listitem>
|
||||
<listitem><para>The IPv6 route that is to be distributed to hosts. Similarly to configuring static
|
||||
IPv6 routes, the setting is configured as an IPv6 prefix routes and its prefix route length,
|
||||
separated by a <literal>/</literal> character. Use multiple [IPv6PrefixRoutes] sections to configure
|
||||
multiple IPv6 prefix routes.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -2356,8 +2324,7 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[Bridge] Section Options</title>
|
||||
<para>The <literal>[Bridge]</literal> section accepts the
|
||||
following keys.</para>
|
||||
<para>The [Bridge] section accepts the following keys:</para>
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
<term><varname>UnicastFlood=</varname></term>
|
||||
|
@ -2405,10 +2372,9 @@
|
|||
<varlistentry>
|
||||
<term><varname>HairPin=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. Configures whether traffic may be sent back
|
||||
out of the port on which it was received. When this flag is false, and the bridge
|
||||
will not forward traffic back out of the receiving port.
|
||||
When unset, the kernel's default will be used.</para>
|
||||
<para>Takes a boolean. Configures whether traffic may be sent back out of the port on which it
|
||||
was received. When this flag is false, then the bridge will not forward traffic back out of the
|
||||
receiving port. When unset, the kernel's default will be used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -2484,17 +2450,14 @@
|
|||
</refsect1>
|
||||
<refsect1>
|
||||
<title>[BridgeFDB] Section Options</title>
|
||||
<para>The <literal>[BridgeFDB]</literal> section manages the
|
||||
forwarding database table of a port and accepts the following
|
||||
keys. Specify several <literal>[BridgeFDB]</literal> sections to
|
||||
configure several static MAC table entries.</para>
|
||||
<para>The [BridgeFDB] section manages the forwarding database table of a port and accepts the following
|
||||
keys. Specify several [BridgeFDB] sections to configure several static MAC table entries.</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
<term><varname>MACAddress=</varname></term>
|
||||
<listitem>
|
||||
<para>As in the <literal>[Network]</literal> section. This
|
||||
key is mandatory.</para>
|
||||
<para>As in the [Network] section. This key is mandatory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -2537,8 +2500,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[LLDP] Section Options</title>
|
||||
<para>The <literal>[LLDP]</literal> section manages the Link Layer Discovery Protocol (LLDP) and accepts the
|
||||
following keys.</para>
|
||||
<para>The [LLDP] section manages the Link Layer Discovery Protocol (LLDP) and accepts the following
|
||||
keys.</para>
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
<term><varname>MUDURL=</varname></term>
|
||||
|
@ -2559,8 +2522,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[CAN] Section Options</title>
|
||||
<para>The <literal>[CAN]</literal> section manages the Controller Area Network (CAN bus) and accepts the
|
||||
following keys.</para>
|
||||
<para>The [CAN] section manages the Controller Area Network (CAN bus) and accepts the
|
||||
following keys:</para>
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
<term><varname>BitRate=</varname></term>
|
||||
|
@ -2638,7 +2601,7 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[QDisc] Section Options</title>
|
||||
<para>The <literal>[QDisc]</literal> section manages the traffic control queueing discipline (qdisc).</para>
|
||||
<para>The [QDisc] section manages the traffic control queueing discipline (qdisc).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
|
@ -2655,10 +2618,10 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[NetworkEmulator] Section Options</title>
|
||||
<para>The <literal>[NetworkEmulator]</literal> section manages the queueing discipline (qdisc) of
|
||||
the network emulator. It can be used to configure the kernel packet scheduler and simulate packet
|
||||
delay and loss for UDP or TCP applications, or limit the bandwidth usage of a particular service to
|
||||
simulate internet connections.</para>
|
||||
<para>The [NetworkEmulator] section manages the queueing discipline (qdisc) of the network emulator. It
|
||||
can be used to configure the kernel packet scheduler and simulate packet delay and loss for UDP or TCP
|
||||
applications, or limit the bandwidth usage of a particular service to simulate internet connections.
|
||||
</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -2684,7 +2647,7 @@
|
|||
<term><varname>PacketLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the maximum number of packets the qdisc may hold queued at a time.
|
||||
An unsigned integer ranges 0 to 4294967294. Defaults to 1000.</para>
|
||||
An unsigned integer in the range 0–4294967294. Defaults to 1000.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -2708,8 +2671,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[TokenBucketFilter] Section Options</title>
|
||||
<para>The <literal>[TokenBucketFilter]</literal> section manages the queueing discipline (qdisc) of
|
||||
token bucket filter (tbf).</para>
|
||||
<para>The [TokenBucketFilter] section manages the queueing discipline (qdisc) of token bucket filter
|
||||
(tbf).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -2782,8 +2745,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[PIE] Section Options</title>
|
||||
<para>The <literal>[PIE]</literal> section manages the queueing discipline
|
||||
(qdisc) of Proportional Integral controller-Enhanced (PIE).</para>
|
||||
<para>The [PIE] section manages the queueing discipline (qdisc) of Proportional Integral
|
||||
controller-Enhanced (PIE).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -2793,7 +2756,7 @@
|
|||
<term><varname>PacketLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
|
||||
dropped. An unsigned integer ranges 1 to 4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
dropped. An unsigned integer in the range 1–4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -2801,8 +2764,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[StochasticFairBlue] Section Options</title>
|
||||
<para>The <literal>[StochasticFairBlue]</literal> section manages the queueing discipline
|
||||
(qdisc) of stochastic fair blue (sfb).</para>
|
||||
<para>The [StochasticFairBlue] section manages the queueing discipline (qdisc) of stochastic fair blue
|
||||
(sfb).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -2811,8 +2774,9 @@
|
|||
<varlistentry>
|
||||
<term><varname>PacketLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
|
||||
dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
|
||||
incoming packets are dropped. An unsigned integer in the range 0–4294967294. Defaults to unset and
|
||||
kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -2820,8 +2784,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[StochasticFairnessQueueing] Section Options</title>
|
||||
<para>The <literal>[StochasticFairnessQueueing]</literal> section manages the queueing discipline
|
||||
(qdisc) of stochastic fairness queueing (sfq).</para>
|
||||
<para>The [StochasticFairnessQueueing] section manages the queueing discipline (qdisc) of stochastic
|
||||
fairness queueing (sfq).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -2838,8 +2802,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[BFIFO] Section Options</title>
|
||||
<para>The <literal>[BFIFO]</literal> section manages the queueing discipline (qdisc) of
|
||||
Byte limited Packet First In First Out (bfifo).</para>
|
||||
<para>The [BFIFO] section manages the queueing discipline (qdisc) of Byte limited Packet First In First
|
||||
Out (bfifo).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -2848,10 +2812,11 @@
|
|||
<varlistentry>
|
||||
<term><varname>LimitBytes=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the hard limit on the FIFO size in bytes. The size limit (a buffer size) to prevent it
|
||||
from overflowing in case it is unable to dequeue packets as quickly as it receives them. When this limit
|
||||
is reached, incoming packets are dropped. When suffixed with K, M, or G, the specified size is parsed as
|
||||
Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para>
|
||||
<para>Specifies the hard limit on the FIFO size in bytes. The size limit (a buffer size) to prevent
|
||||
it from overflowing in case it is unable to dequeue packets as quickly as it receives them. When
|
||||
this limit is reached, incoming packets are dropped. When suffixed with K, M, or G, the specified
|
||||
size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults
|
||||
to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -2859,8 +2824,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[PFIFO] Section Options</title>
|
||||
<para>The <literal>[PFIFO]</literal> section manages the queueing discipline (qdisc) of
|
||||
Packet First In First Out (pfifo).</para>
|
||||
<para>The [PFIFO] section manages the queueing discipline (qdisc) of Packet First In First Out
|
||||
(pfifo).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -2869,9 +2834,10 @@
|
|||
<varlistentry>
|
||||
<term><varname>PacketLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the hard limit on the FIFO size in number of packets. The size limit (a buffer size) to prevent it
|
||||
from overflowing in case it is unable to dequeue packets as quickly as it receives them. When this limit is reached,
|
||||
incoming packets are dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
<para>Specifies the hard limit on the FIFO size in number of packets. The size limit (a buffer
|
||||
size) to prevent it from overflowing in case it is unable to dequeue packets as quickly as it
|
||||
receives them. When this limit is reached, incoming packets are dropped. An unsigned integer in the
|
||||
range 0–4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -2879,8 +2845,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[PFIFOHeadDrop] Section Options</title>
|
||||
<para>The <literal>[PFIFOHeadDrop]</literal> section manages the queueing discipline (qdisc) of
|
||||
Packet First In First Out Head Drop (pfifo_head_drop).</para>
|
||||
<para>The [PFIFOHeadDrop] section manages the queueing discipline (qdisc) of Packet First In First Out
|
||||
Head Drop (pfifo_head_drop).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -2889,15 +2855,15 @@
|
|||
<varlistentry>
|
||||
<term><varname>PacketLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>As in <literal>[PFIFO]</literal> section.</para></listitem>
|
||||
<para>As in [PFIFO] section.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>[PFIFOFast] Section Options</title>
|
||||
<para>The <literal>[PFIFOFast]</literal> section manages the queueing discipline (qdisc) of
|
||||
Packet First In First Out Fast (pfifo_fast).</para>
|
||||
<para>The [PFIFOFast] section manages the queueing discipline (qdisc) of Packet First In First Out Fast
|
||||
(pfifo_fast).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -2907,8 +2873,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[CAKE] Section Options</title>
|
||||
<para>The <literal>[CAKE]</literal> section manages the queueing discipline (qdisc) of
|
||||
Common Applications Kept Enhanced (CAKE).</para>
|
||||
<para>The [CAKE] section manages the queueing discipline (qdisc) of Common Applications Kept Enhanced
|
||||
(CAKE).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -2917,8 +2883,8 @@
|
|||
<varlistentry>
|
||||
<term><varname>OverheadBytes=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies that bytes to be addeded to the size of each packet. Bytes may be negative.
|
||||
Takes an integer ranges -64 to 256. Defaults to unset and kernel's default is used.</para>
|
||||
<para>Specifies that bytes to be addeded to the size of each packet. Bytes may be negative. Takes
|
||||
an integer in the range from -64 to 256. Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -2935,7 +2901,7 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[ControlledDelay] Section Options</title>
|
||||
<para>The <literal>[ControlledDelay]</literal> section manages the queueing discipline (qdisc) of
|
||||
<para>The [ControlledDelay] section manages the queueing discipline (qdisc) of
|
||||
controlled delay (CoDel).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
@ -2945,8 +2911,9 @@
|
|||
<varlistentry>
|
||||
<term><varname>PacketLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
|
||||
dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
|
||||
incoming packets are dropped. An unsigned integer in the range 0–4294967294. Defaults to unset and
|
||||
kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -2986,8 +2953,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[DeficitRoundRobinScheduler] Section Options</title>
|
||||
<para>The <literal>[DeficitRoundRobinScheduler]</literal> section manages the queueing discipline (qdisc) of
|
||||
Deficit Round Robin Scheduler (DRR).</para>
|
||||
<para>The [DeficitRoundRobinScheduler] section manages the queueing discipline (qdisc) of Deficit Round
|
||||
Robin Scheduler (DRR).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -2997,8 +2964,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[DeficitRoundRobinSchedulerClass] Section Options</title>
|
||||
<para>The <literal>[DeficitRoundRobinSchedulerClass]</literal> section manages the traffic control class of
|
||||
Deficit Round Robin Scheduler (DRR).</para>
|
||||
<para>The [DeficitRoundRobinSchedulerClass] section manages the traffic control class of Deficit Round
|
||||
Robin Scheduler (DRR).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="tclass-parent" />
|
||||
|
@ -3019,8 +2986,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[EnhancedTransmissionSelection] Section Options</title>
|
||||
<para>The <literal>[EnhancedTransmissionSelection]</literal> section manages the queueing discipline (qdisc) of
|
||||
Enhanced Transmission Selection (ETS).</para>
|
||||
<para>The [EnhancedTransmissionSelection] section manages the queueing discipline (qdisc) of Enhanced
|
||||
Transmission Selection (ETS).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -3029,18 +2996,17 @@
|
|||
<varlistentry>
|
||||
<term><varname>Bands=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the number of bands. An unsigned integer ranges 1 to 16. This value has to be
|
||||
at least large enough to cover the strict bands specified through the
|
||||
<varname>StrictBands=</varname> and bandwidth-sharing bands specified in
|
||||
<varname>QuantumBytes=</varname>.</para>
|
||||
<para>Specifies the number of bands. An unsigned integer in the range 1–16. This value has to be at
|
||||
least large enough to cover the strict bands specified through the <varname>StrictBands=</varname>
|
||||
and bandwidth-sharing bands specified in <varname>QuantumBytes=</varname>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>StrictBands=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the number of bands that should be created in strict mode. An unsigned integer
|
||||
ranges 1 to 16.</para>
|
||||
<para>Specifies the number of bands that should be created in strict mode. An unsigned integer in
|
||||
the range 1–16.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -3071,8 +3037,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[GenericRandomEarlyDetection] Section Options</title>
|
||||
<para>The <literal>[GenericRandomEarlyDetection]</literal> section manages the queueing discipline
|
||||
(qdisc) of Generic Random Early Detection (GRED).</para>
|
||||
<para>The [GenericRandomEarlyDetection] section manages the queueing discipline (qdisc) of Generic Random
|
||||
Early Detection (GRED).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -3105,8 +3071,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[FairQueueingControlledDelay] Section Options</title>
|
||||
<para>The <literal>[FairQueueingControlledDelay]</literal> section manages the queueing discipline
|
||||
(qdisc) of fair queuing controlled delay (FQ-CoDel).</para>
|
||||
<para>The [FairQueueingControlledDelay] section manages the queueing discipline (qdisc) of fair queuing
|
||||
controlled delay (FQ-CoDel).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -3156,7 +3122,7 @@
|
|||
<varlistentry>
|
||||
<term><varname>QuantumBytes=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the number of bytes used as 'deficit' in the fair queuing algorithmtimespan.
|
||||
<para>Specifies the number of bytes used as the "deficit" in the fair queuing algorithm timespan.
|
||||
When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
|
||||
respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
|
@ -3182,8 +3148,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[FairQueueing] Section Options</title>
|
||||
<para>The <literal>[FairQueueing]</literal> section manages the queueing discipline
|
||||
(qdisc) of fair queue traffic policing (FQ).</para>
|
||||
<para>The [FairQueueing] section manages the queueing discipline (qdisc) of fair queue traffic policing
|
||||
(FQ).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -3271,8 +3237,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[TrivialLinkEqualizer] Section Options</title>
|
||||
<para>The <literal>[TrivialLinkEqualizer]</literal> section manages the queueing discipline (qdisc) of
|
||||
trivial link equalizer (teql).</para>
|
||||
<para>The [TrivialLinkEqualizer] section manages the queueing discipline (qdisc) of trivial link
|
||||
equalizer (teql).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -3292,8 +3258,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[HierarchyTokenBucket] Section Options</title>
|
||||
<para>The <literal>[HierarchyTokenBucket]</literal> section manages the queueing discipline (qdisc) of
|
||||
hierarchy token bucket (htb).</para>
|
||||
<para>The [HierarchyTokenBucket] section manages the queueing discipline (qdisc) of hierarchy token
|
||||
bucket (htb).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -3319,8 +3285,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[HierarchyTokenBucketClass] Section Options</title>
|
||||
<para>The <literal>[HierarchyTokenBucketClass]</literal> section manages the traffic control class of
|
||||
hierarchy token bucket (htb).</para>
|
||||
<para>The [HierarchyTokenBucketClass] section manages the traffic control class of hierarchy token bucket
|
||||
(htb).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="tclass-parent" />
|
||||
|
@ -3401,8 +3367,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[HeavyHitterFilter] Section Options</title>
|
||||
<para>The <literal>[HeavyHitterFilter]</literal> section manages the queueing discipline
|
||||
(qdisc) of Heavy Hitter Filter (hhf).</para>
|
||||
<para>The [HeavyHitterFilter] section manages the queueing discipline (qdisc) of Heavy Hitter Filter
|
||||
(hhf).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -3411,8 +3377,9 @@
|
|||
<varlistentry>
|
||||
<term><varname>PacketLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
|
||||
dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
|
||||
incoming packets are dropped. An unsigned integer in the range 0–4294967294. Defaults to unset and
|
||||
kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -3420,8 +3387,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[QuickFairQueueing] Section Options</title>
|
||||
<para>The <literal>[QuickFairQueueing]</literal> section manages the queueing discipline
|
||||
(qdisc) of Quick Fair Queueing (QFQ).</para>
|
||||
<para>The [QuickFairQueueing] section manages the queueing discipline (qdisc) of Quick Fair Queueing
|
||||
(QFQ).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
|
@ -3431,8 +3398,8 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[QuickFairQueueingClass] Section Options</title>
|
||||
<para>The <literal>[QuickFairQueueingClass]</literal> section manages the traffic control class of
|
||||
Quick Fair Queueing (qfq).</para>
|
||||
<para>The [QuickFairQueueingClass] section manages the traffic control class of Quick Fair Queueing
|
||||
(qfq).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="tclass-parent" />
|
||||
|
@ -3459,9 +3426,9 @@
|
|||
|
||||
<refsect1>
|
||||
<title>[BridgeVLAN] Section Options</title>
|
||||
<para>The <literal>[BridgeVLAN]</literal> section manages the VLAN ID configuration of a bridge port and accepts
|
||||
the following keys. Specify several <literal>[BridgeVLAN]</literal> sections to configure several VLAN entries.
|
||||
The <varname>VLANFiltering=</varname> option has to be enabled, see <literal>[Bridge]</literal> section in
|
||||
<para>The [BridgeVLAN] section manages the VLAN ID configuration of a bridge port and accepts the
|
||||
following keys. Specify several [BridgeVLAN] sections to configure several VLAN entries. The
|
||||
<varname>VLANFiltering=</varname> option has to be enabled, see the [Bridge] section in
|
||||
<citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
|
|
@ -80,7 +80,7 @@
|
|||
<refsect1>
|
||||
<title>[Exec] Section Options</title>
|
||||
|
||||
<para>Settings files may include an <literal>[Exec]</literal>
|
||||
<para>Settings files may include an [Exec]
|
||||
section, which carries various execution parameters:</para>
|
||||
|
||||
<variablelist class='nspawn-directives'>
|
||||
|
@ -344,7 +344,7 @@
|
|||
<refsect1>
|
||||
<title>[Files] Section Options</title>
|
||||
|
||||
<para>Settings files may include a <literal>[Files]</literal>
|
||||
<para>Settings files may include a [Files]
|
||||
section, which carries various parameters configuring the file
|
||||
system of the container:</para>
|
||||
|
||||
|
@ -405,7 +405,7 @@
|
|||
<varlistentry>
|
||||
<term><varname>Inaccessible=</varname></term>
|
||||
|
||||
<listitem><para>Masks the specified file or directly in the container, by over-mounting it with an empty file
|
||||
<listitem><para>Masks the specified file or directory in the container, by over-mounting it with an empty file
|
||||
node of the same type with the most restrictive access mode. Takes a file system path as argument. This option
|
||||
may be used multiple times to mask multiple files or directories. This option is equivalent to the command line
|
||||
switch <option>--inaccessible=</option>, see
|
||||
|
@ -439,7 +439,7 @@
|
|||
<refsect1>
|
||||
<title>[Network] Section Options</title>
|
||||
|
||||
<para>Settings files may include a <literal>[Network]</literal>
|
||||
<para>Settings files may include a [Network]
|
||||
section, which carries various parameters configuring the network
|
||||
connectivity of the container:</para>
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@
|
|||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>The package manager prepares system updates by downloading all (RPM or DEB or
|
||||
<para>The package manager prepares system updates by downloading all (.rpm or .deb or
|
||||
whatever) packages to update off-line in a special directory
|
||||
<filename index="false">/var/lib/system-update</filename> (or
|
||||
another directory of the package/upgrade manager's choice).</para>
|
||||
|
@ -85,8 +85,8 @@
|
|||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>The upgrade scripts should exit only after the update is finished. It is expected
|
||||
that the service which performs the upgrade will cause the machine to reboot after it
|
||||
<para>The update scripts should exit only after the update is finished. It is expected
|
||||
that the service which performs the update will cause the machine to reboot after it
|
||||
is done. If the <filename>system-update.target</filename> is successfully reached, i.e.
|
||||
all update services have run, and the <filename>/system-update</filename> symlink still
|
||||
exists, it will be removed and the machine rebooted as a safety measure.</para>
|
||||
|
|
|
@ -34,9 +34,9 @@
|
|||
this unit type. See
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for the common options of all unit configuration files. The common
|
||||
configuration items are configured in the generic <literal>[Unit]</literal> and
|
||||
<literal>[Install]</literal> sections. The path specific configuration options are
|
||||
configured in the <literal>[Path]</literal> section.</para>
|
||||
configuration items are configured in the generic [Unit] and
|
||||
[Install] sections. The path specific configuration options are
|
||||
configured in the [Path] section.</para>
|
||||
|
||||
<para>For each path file, a matching unit file must exist,
|
||||
describing the unit to activate when the path changes. By default,
|
||||
|
|
|
@ -89,7 +89,7 @@
|
|||
<refsect1>
|
||||
<title>Options</title>
|
||||
|
||||
<para>Scope files may include a <literal>[Scope]</literal>
|
||||
<para>Scope files may include a [Scope]
|
||||
section, which carries information about the scope and the
|
||||
units it contains. A number of options that may be used in
|
||||
this section are shared with other unit types. These options are
|
||||
|
@ -97,7 +97,7 @@
|
|||
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
and
|
||||
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
The options specific to the <literal>[Scope]</literal> section
|
||||
The options specific to the [Scope] section
|
||||
of scope units are the following:</para>
|
||||
|
||||
<variablelist class='unit-directives'>
|
||||
|
|
|
@ -35,9 +35,9 @@
|
|||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for the common options of all unit configuration files. The common
|
||||
configuration items are configured in the generic
|
||||
<literal>[Unit]</literal> and <literal>[Install]</literal>
|
||||
[Unit] and [Install]
|
||||
sections. The service specific configuration options are
|
||||
configured in the <literal>[Service]</literal> section.</para>
|
||||
configured in the [Service] section.</para>
|
||||
|
||||
<para>Additional options are listed in
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
|
@ -138,7 +138,7 @@
|
|||
<refsect1>
|
||||
<title>Options</title>
|
||||
|
||||
<para>Service files must include a <literal>[Service]</literal>
|
||||
<para>Service files must include a [Service]
|
||||
section, which carries information about the service and the
|
||||
process it supervises. A number of options that may be used in
|
||||
this section are shared with other unit types. These options are
|
||||
|
@ -147,7 +147,7 @@
|
|||
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
and
|
||||
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
The options specific to the <literal>[Service]</literal> section
|
||||
The options specific to the [Service] section
|
||||
of service units are the following:</para>
|
||||
|
||||
<variablelist class='unit-directives'>
|
||||
|
@ -896,7 +896,7 @@
|
|||
this option will have no effect.</para>
|
||||
|
||||
<example>
|
||||
<title>A service with with the <varname>SuccessExitStatus=</varname> setting</title>
|
||||
<title>A service with the <varname>SuccessExitStatus=</varname> setting</title>
|
||||
|
||||
<programlisting>SuccessExitStatus=TEMPFAIL 250 SIGUSR1</programlisting>
|
||||
|
||||
|
@ -1495,7 +1495,7 @@ ExecStart=/usr/sbin/simple-dbus-service
|
|||
WantedBy=multi-user.target</programlisting>
|
||||
|
||||
<para>For <emphasis>bus-activatable</emphasis> services, do not
|
||||
include a <literal>[Install]</literal> section in the systemd
|
||||
include a [Install] section in the systemd
|
||||
service file, but use the <varname>SystemdService=</varname>
|
||||
option in the corresponding DBus service file, for example
|
||||
(<filename>/usr/share/dbus-1/system-services/org.example.simple-dbus-service.service</filename>):</para>
|
||||
|
|
|
@ -55,9 +55,9 @@
|
|||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for the common options of all unit configuration
|
||||
files. The common configuration items are configured
|
||||
in the generic <literal>[Unit]</literal> and <literal>[Install]</literal> sections. The
|
||||
in the generic [Unit] and [Install] sections. The
|
||||
slice specific configuration options are configured in
|
||||
the <literal>[Slice]</literal> section. Currently, only generic resource control settings
|
||||
the [Slice] section. Currently, only generic resource control settings
|
||||
as described in
|
||||
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> are allowed.
|
||||
</para>
|
||||
|
|
|
@ -35,9 +35,9 @@
|
|||
this unit type. See
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for the common options of all unit configuration files. The common
|
||||
configuration items are configured in the generic <literal>[Unit]</literal> and
|
||||
<literal>[Install]</literal> sections. The socket specific configuration options are
|
||||
configured in the <literal>[Socket]</literal> section.</para>
|
||||
configuration items are configured in the generic [Unit] and
|
||||
[Install] sections. The socket specific configuration options are
|
||||
configured in the [Socket] section.</para>
|
||||
|
||||
<para>Additional options are listed in
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
|
@ -117,10 +117,9 @@
|
|||
<listitem><para>Socket units automatically gain a <varname>Before=</varname>
|
||||
dependency on the service units they activate.</para></listitem>
|
||||
|
||||
<listitem><para>Socket units referring to file system paths (such as AF_UNIX
|
||||
sockets or FIFOs) implicitly gain <varname>Requires=</varname> and
|
||||
<varname>After=</varname> dependencies on all mount units
|
||||
necessary to access those paths.</para></listitem>
|
||||
<listitem><para>Socket units referring to file system paths (such as <constant>AF_UNIX</constant>
|
||||
sockets or FIFOs) implicitly gain <varname>Requires=</varname> and <varname>After=</varname>
|
||||
dependencies on all mount units necessary to access those paths.</para></listitem>
|
||||
|
||||
<listitem><para>Socket units using the <varname>BindToDevice=</varname>
|
||||
setting automatically gain a <varname>BindsTo=</varname> and
|
||||
|
@ -300,7 +299,7 @@
|
|||
url="https://www.kernel.org/doc/Documentation/usb/functionfs.txt">USB
|
||||
FunctionFS</ulink> endpoints location to listen on, for
|
||||
implementation of USB gadget functions. This expects an
|
||||
absolute file system path of functionfs mount point as the argument.
|
||||
absolute file system path of FunctionFS mount point as the argument.
|
||||
Behavior otherwise is very similar to the <varname>ListenFIFO=</varname>
|
||||
directive above. Use this to open the FunctionFS endpoint
|
||||
<filename>ep0</filename>. When using this option, the
|
||||
|
@ -313,9 +312,9 @@
|
|||
<varlistentry>
|
||||
<term><varname>SocketProtocol=</varname></term>
|
||||
<listitem><para>Takes one of <option>udplite</option>
|
||||
or <option>sctp</option>. Specifies a socket protocol
|
||||
(<constant>IPPROTO_UDPLITE</constant>) UDP-Lite
|
||||
(<constant>IPPROTO_SCTP</constant>) SCTP socket respectively. </para>
|
||||
or <option>sctp</option>. The socket will use the UDP-Lite
|
||||
(<constant>IPPROTO_UDPLITE</constant>) or SCTP
|
||||
(<constant>IPPROTO_SCTP</constant>) protocol, respectively.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -349,16 +348,14 @@
|
|||
|
||||
<varlistentry>
|
||||
<term><varname>BindToDevice=</varname></term>
|
||||
<listitem><para>Specifies a network interface name to bind
|
||||
this socket to. If set, traffic will only be accepted from the
|
||||
specified network interfaces. This controls the
|
||||
SO_BINDTODEVICE socket option (see <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
for details). If this option is used, an implicit dependency
|
||||
from this socket unit on the network interface device unit
|
||||
(<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
is created. Note that setting this parameter might result in
|
||||
additional dependencies to be added to the unit (see
|
||||
<listitem><para>Specifies a network interface name to bind this socket to. If set, traffic will only
|
||||
be accepted from the specified network interfaces. This controls the
|
||||
<constant>SO_BINDTODEVICE</constant> socket option (see <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
|
||||
details). If this option is used, an implicit dependency from this socket unit on the network
|
||||
interface device unit is created
|
||||
(see <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
|
||||
Note that setting this parameter might result in additional dependencies to be added to the unit (see
|
||||
above).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -366,12 +363,10 @@
|
|||
<term><varname>SocketUser=</varname></term>
|
||||
<term><varname>SocketGroup=</varname></term>
|
||||
|
||||
<listitem><para>Takes a UNIX user/group name. When specified,
|
||||
all AF_UNIX sockets and FIFO nodes in the file system are
|
||||
owned by the specified user and group. If unset (the default),
|
||||
the nodes are owned by the root user/group (if run in system
|
||||
context) or the invoking user/group (if run in user context).
|
||||
If only a user is specified but no group, then the group is
|
||||
<listitem><para>Takes a UNIX user/group name. When specified, all <constant>AF_UNIX</constant>
|
||||
sockets and FIFO nodes in the file system are owned by the specified user and group. If unset (the
|
||||
default), the nodes are owned by the root user/group (if run in system context) or the invoking
|
||||
user/group (if run in user context). If only a user is specified but no group, then the group is
|
||||
derived from the user's default group.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -420,10 +415,10 @@
|
|||
to work unmodified with systemd socket
|
||||
activation.</para>
|
||||
|
||||
<para>For IPv4 and IPv6 connections, the <varname>REMOTE_ADDR</varname>
|
||||
environment variable will contain the remote IP address, and <varname>REMOTE_PORT</varname>
|
||||
will contain the remote port. This is the same as the format used by CGI.
|
||||
For SOCK_RAW, the port is the IP protocol.</para></listitem>
|
||||
<para>For IPv4 and IPv6 connections, the <varname>REMOTE_ADDR</varname> environment variable will
|
||||
contain the remote IP address, and <varname>REMOTE_PORT</varname> will contain the remote port. This
|
||||
is the same as the format used by CGI. For <constant>SOCK_RAW</constant>, the port is the IP
|
||||
protocol.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -456,17 +451,13 @@
|
|||
|
||||
<varlistentry>
|
||||
<term><varname>KeepAlive=</varname></term>
|
||||
<listitem><para>Takes a boolean argument. If true, the TCP/IP
|
||||
stack will send a keep alive message after 2h (depending on
|
||||
the configuration of
|
||||
<filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>)
|
||||
for all TCP streams accepted on this socket. This controls the
|
||||
SO_KEEPALIVE socket option (see
|
||||
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
and the <ulink
|
||||
url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
|
||||
Keepalive HOWTO</ulink> for details.) Defaults to
|
||||
<option>false</option>.</para></listitem>
|
||||
<listitem><para>Takes a boolean argument. If true, the TCP/IP stack will send a keep alive message
|
||||
after 2h (depending on the configuration of
|
||||
<filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>) for all TCP streams accepted on this
|
||||
socket. This controls the <constant>SO_KEEPALIVE</constant> socket option (see <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> and
|
||||
the <ulink url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP Keepalive
|
||||
HOWTO</ulink> for details.) Defaults to <option>false</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -483,15 +474,12 @@
|
|||
|
||||
<varlistentry>
|
||||
<term><varname>KeepAliveIntervalSec=</varname></term>
|
||||
<listitem><para>Takes time (in seconds) as argument between
|
||||
individual keepalive probes, if the socket option SO_KEEPALIVE
|
||||
has been set on this socket. This controls
|
||||
the TCP_KEEPINTVL socket option (see
|
||||
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
and the <ulink
|
||||
url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
|
||||
Keepalive HOWTO</ulink> for details.) Defaults value is 75
|
||||
seconds.</para></listitem>
|
||||
<listitem><para>Takes time (in seconds) as argument between individual keepalive probes, if the
|
||||
socket option <constant>SO_KEEPALIVE</constant> has been set on this socket. This controls the
|
||||
<constant>TCP_KEEPINTVL</constant> socket option (see <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> and
|
||||
the <ulink url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP Keepalive
|
||||
HOWTO</ulink> for details.) Defaults value is 75 seconds.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -513,17 +501,16 @@
|
|||
algorithm works by combining a number of small outgoing
|
||||
messages, and sending them all at once. This controls the
|
||||
TCP_NODELAY socket option (see
|
||||
<citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
<citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
|
||||
Defaults to <option>false</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>Priority=</varname></term>
|
||||
<listitem><para>Takes an integer argument controlling the
|
||||
priority for all traffic sent from this socket. This controls
|
||||
the SO_PRIORITY socket option (see
|
||||
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
for details.).</para></listitem>
|
||||
<listitem><para>Takes an integer argument controlling the priority for all traffic sent from this
|
||||
socket. This controls the <constant>SO_PRIORITY</constant> socket option (see <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
|
||||
details.).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -559,12 +546,12 @@
|
|||
<varlistentry>
|
||||
<term><varname>ReceiveBuffer=</varname></term>
|
||||
<term><varname>SendBuffer=</varname></term>
|
||||
<listitem><para>Takes an integer argument controlling the
|
||||
receive or send buffer sizes of this socket, respectively.
|
||||
This controls the SO_RCVBUF and SO_SNDBUF socket options (see
|
||||
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
for details.). The usual suffixes K, M, G are supported and
|
||||
are understood to the base of 1024.</para></listitem>
|
||||
<listitem><para>Takes an integer argument controlling the receive or send buffer sizes of this
|
||||
socket, respectively. This controls the <constant>SO_RCVBUF</constant> and
|
||||
<constant>SO_SNDBUF</constant> socket options (see <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
|
||||
details.). The usual suffixes K, M, G are supported and are understood to the base of
|
||||
1024.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -593,23 +580,20 @@
|
|||
|
||||
<varlistentry>
|
||||
<term><varname>Mark=</varname></term>
|
||||
<listitem><para>Takes an integer value. Controls the firewall
|
||||
mark of packets generated by this socket. This can be used in
|
||||
the firewall logic to filter packets from this socket. This
|
||||
sets the SO_MARK socket option. See
|
||||
<citerefentry project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
for details.</para></listitem>
|
||||
<listitem><para>Takes an integer value. Controls the firewall mark of packets generated by this
|
||||
socket. This can be used in the firewall logic to filter packets from this socket. This sets the
|
||||
<constant>SO_MARK</constant> socket option. See <citerefentry
|
||||
project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
|
||||
details.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>ReusePort=</varname></term>
|
||||
<listitem><para>Takes a boolean value. If true, allows
|
||||
multiple
|
||||
<citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s
|
||||
to this TCP or UDP port. This controls the SO_REUSEPORT socket
|
||||
option. See
|
||||
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
for details.</para></listitem>
|
||||
<listitem><para>Takes a boolean value. If true, allows multiple
|
||||
<citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s to this TCP
|
||||
or UDP port. This controls the <constant>SO_REUSEPORT</constant> socket option. See <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
|
||||
details.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -685,28 +669,23 @@
|
|||
|
||||
<varlistentry>
|
||||
<term><varname>Broadcast=</varname></term>
|
||||
<listitem><para>Takes a boolean value. This controls the
|
||||
SO_BROADCAST socket option, which allows broadcast datagrams
|
||||
to be sent from this socket. Defaults to
|
||||
<listitem><para>Takes a boolean value. This controls the <constant>SO_BROADCAST</constant> socket
|
||||
option, which allows broadcast datagrams to be sent from this socket. Defaults to
|
||||
<option>false</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>PassCredentials=</varname></term>
|
||||
<listitem><para>Takes a boolean value. This controls the
|
||||
SO_PASSCRED socket option, which allows
|
||||
<constant>AF_UNIX</constant> sockets to receive the
|
||||
credentials of the sending process in an ancillary message.
|
||||
Defaults to <option>false</option>.</para></listitem>
|
||||
<listitem><para>Takes a boolean value. This controls the <constant>SO_PASSCRED</constant> socket
|
||||
option, which allows <constant>AF_UNIX</constant> sockets to receive the credentials of the sending
|
||||
process in an ancillary message. Defaults to <option>false</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>PassSecurity=</varname></term>
|
||||
<listitem><para>Takes a boolean value. This controls the
|
||||
SO_PASSSEC socket option, which allows
|
||||
<constant>AF_UNIX</constant> sockets to receive the security
|
||||
context of the sending process in an ancillary message.
|
||||
Defaults to <option>false</option>.</para></listitem>
|
||||
<listitem><para>Takes a boolean value. This controls the <constant>SO_PASSSEC</constant> socket
|
||||
option, which allows <constant>AF_UNIX</constant> sockets to receive the security context of the
|
||||
sending process in an ancillary message. Defaults to <option>false</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -720,11 +699,10 @@
|
|||
|
||||
<varlistentry>
|
||||
<term><varname>TCPCongestion=</varname></term>
|
||||
<listitem><para>Takes a string value. Controls the TCP
|
||||
congestion algorithm used by this socket. Should be one of
|
||||
"westwood", "veno", "cubic", "lp" or any other available
|
||||
algorithm supported by the IP stack. This setting applies only
|
||||
to stream sockets.</para></listitem>
|
||||
<listitem><para>Takes a string value. Controls the TCP congestion algorithm used by this
|
||||
socket. Should be one of <literal>westwood</literal>, <literal>veno</literal>,
|
||||
<literal>cubic</literal>, <literal>lp</literal> or any other available algorithm supported by the IP
|
||||
stack. This setting applies only to stream sockets.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -788,15 +766,12 @@
|
|||
|
||||
<varlistentry>
|
||||
<term><varname>RemoveOnStop=</varname></term>
|
||||
<listitem><para>Takes a boolean argument. If enabled, any file
|
||||
nodes created by this socket unit are removed when it is
|
||||
stopped. This applies to AF_UNIX sockets in the file system,
|
||||
POSIX message queues, FIFOs, as well as any symlinks to them
|
||||
configured with <varname>Symlinks=</varname>. Normally, it
|
||||
should not be necessary to use this option, and is not
|
||||
recommended as services might continue to run after the socket
|
||||
unit has been terminated and it should still be possible to
|
||||
communicate with them via their file system node. Defaults to
|
||||
<listitem><para>Takes a boolean argument. If enabled, any file nodes created by this socket unit are
|
||||
removed when it is stopped. This applies to <constant>AF_UNIX</constant> sockets in the file system,
|
||||
POSIX message queues, FIFOs, as well as any symlinks to them configured with
|
||||
<varname>Symlinks=</varname>. Normally, it should not be necessary to use this option, and is not
|
||||
recommended as services might continue to run after the socket unit has been terminated and it should
|
||||
still be possible to communicate with them via their file system node. Defaults to
|
||||
off.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
|
@ -297,7 +297,7 @@
|
|||
this unit (or <filename>multi-user.target</filename>) during
|
||||
installation. This is best configured via
|
||||
<varname>WantedBy=graphical.target</varname> in the unit's
|
||||
<literal>[Install]</literal> section.</para>
|
||||
[Install] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -447,7 +447,7 @@
|
|||
add <varname>Wants=</varname> dependencies for their unit to
|
||||
this unit during installation. This is best configured via
|
||||
<varname>WantedBy=multi-user.target</varname> in the unit's
|
||||
<literal>[Install]</literal> section.</para>
|
||||
[Install] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -505,7 +505,7 @@
|
|||
applications get pulled in via <varname>Wants=</varname>
|
||||
dependencies from this unit. This is best configured via a
|
||||
<varname>WantedBy=paths.target</varname> in the path unit's
|
||||
<literal>[Install]</literal> section.</para>
|
||||
[Install] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -641,7 +641,7 @@
|
|||
<para>Adding slice units to <filename>slices.target</filename> is generally not
|
||||
necessary. Instead, when some unit that uses <varname>Slice=</varname> is started, the
|
||||
specified slice will be started automatically. Adding
|
||||
<varname>WantedBy=slices.target</varname> lines to the <literal>[Install]</literal>
|
||||
<varname>WantedBy=slices.target</varname> lines to the [Install]
|
||||
section should only be done for units that need to be always active. In that case care
|
||||
needs to be taken to avoid creating a loop through the automatic dependencies on
|
||||
"parent" slices.</para>
|
||||
|
@ -659,7 +659,7 @@
|
|||
<varname>Wants=</varname> dependencies to this unit for
|
||||
their socket unit during installation. This is best
|
||||
configured via a <varname>WantedBy=sockets.target</varname>
|
||||
in the socket unit's <literal>[Install]</literal>
|
||||
in the socket unit's [Install]
|
||||
section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -742,7 +742,7 @@
|
|||
applications get pulled in via <varname>Wants=</varname>
|
||||
dependencies from this unit. This is best configured via
|
||||
<varname>WantedBy=timers.target</varname> in the timer
|
||||
unit's <literal>[Install]</literal> section.</para>
|
||||
unit's [Install] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -1043,7 +1043,7 @@
|
|||
<para>By default, all user processes and services started on
|
||||
behalf of the user, including the per-user systemd instance
|
||||
are found in this slice. This is pulled in by
|
||||
<filename>systemd-logind.service</filename></para>
|
||||
<filename>systemd-logind.service</filename>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -1053,7 +1053,7 @@
|
|||
<para>By default, all virtual machines and containers
|
||||
registered with <command>systemd-machined</command> are
|
||||
found in this slice. This is pulled in by
|
||||
<filename>systemd-machined.service</filename></para>
|
||||
<filename>systemd-machined.service</filename>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -1104,7 +1104,7 @@
|
|||
<para>This target is active whenever any graphical session is running. It is used to
|
||||
stop user services which only apply to a graphical (X, Wayland, etc.) session when the
|
||||
session is terminated. Such services should have
|
||||
<literal>PartOf=graphical-session.target</literal> in their <literal>[Unit]</literal>
|
||||
<literal>PartOf=graphical-session.target</literal> in their [Unit]
|
||||
section. A target for a particular session (e. g.
|
||||
<filename>gnome-session.target</filename>) starts and stops
|
||||
<literal>graphical-session.target</literal> with
|
||||
|
|
|
@ -37,9 +37,9 @@
|
|||
this unit type. See
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for the common options of all unit configuration files. The common
|
||||
configuration items are configured in the generic <literal>[Unit]</literal> and
|
||||
<literal>[Install]</literal> sections. The swap specific configuration options are
|
||||
configured in the <literal>[Swap]</literal> section.</para>
|
||||
configuration items are configured in the generic [Unit] and
|
||||
[Install] sections. The swap specific configuration options are
|
||||
configured in the [Swap] section.</para>
|
||||
|
||||
<para>Additional options are listed in
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
|
@ -166,7 +166,7 @@
|
|||
<refsect1>
|
||||
<title>Options</title>
|
||||
|
||||
<para>Swap files must include a [Swap] section, which carries
|
||||
<para>Swap unit files must include a [Swap] section, which carries
|
||||
information about the swap device it supervises. A number of
|
||||
options that may be used in this section are shared with other
|
||||
unit types. These options are documented in
|
||||
|
|
|
@ -98,10 +98,10 @@ KeyTwo=value 2 \
|
|||
value 2 continued
|
||||
|
||||
[Section C]
|
||||
KeyThree=value 2\
|
||||
KeyThree=value 3\
|
||||
# this line is ignored
|
||||
; this line is ignored too
|
||||
value 2 continued
|
||||
value 3 continued
|
||||
</programlisting></example>
|
||||
|
||||
<para>Boolean arguments used in configuration files can be written in
|
||||
|
|
|
@ -34,8 +34,8 @@
|
|||
<para>This unit type has no specific options. See
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for the common options of all unit configuration files. The common
|
||||
configuration items are configured in the generic <literal>[Unit]</literal> and
|
||||
<literal>[Install]</literal> sections. A separate <literal>[Target]</literal> section does not exist,
|
||||
configuration items are configured in the generic [Unit] and
|
||||
[Install] sections. A separate [Target] section does not exist,
|
||||
since no target-specific options may be configured.</para>
|
||||
|
||||
<para>Target units do not offer any additional functionality on
|
||||
|
|
|
@ -98,18 +98,20 @@
|
|||
<refsect1>
|
||||
<title>Parsing Timestamps</title>
|
||||
|
||||
<para>When parsing, systemd will accept a similar syntax, but expects no timezone specification, unless it is given
|
||||
as the literal string <literal>UTC</literal> (for the UTC timezone), or is specified to be the locally configured
|
||||
timezone, or the timezone name in the IANA timezone database format. The complete list of timezones
|
||||
supported on your system can be obtained using the <literal>timedatectl list-timezones</literal>
|
||||
(see <citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
|
||||
Using IANA format is recommended over local timezone names, as less prone to errors (eg: with local timezone it's possible to
|
||||
specify daylight saving time in winter, while it's incorrect). The weekday specification is optional, but when
|
||||
the weekday is specified, it must either be in the abbreviated (<literal>Wed</literal>) or non-abbreviated
|
||||
(<literal>Wednesday</literal>) English language form (case does not matter), and is not subject to the locale
|
||||
choice of the user. Either the date, or the time part may be omitted, in which case the current date or 00:00:00,
|
||||
respectively, is assumed. The seconds component of the time may also be omitted, in which case ":00" is
|
||||
assumed. Year numbers may be specified in full or may be abbreviated (omitting the century).</para>
|
||||
<para>When parsing, systemd will accept a similar syntax, but expects no timezone specification, unless
|
||||
it is given as the literal string <literal>UTC</literal> (for the UTC timezone), or is specified to be
|
||||
the locally configured timezone, or the timezone name in the IANA timezone database format. The complete
|
||||
list of timezones supported on your system can be obtained using the <literal>timedatectl
|
||||
list-timezones</literal> (see
|
||||
<citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>). Using
|
||||
IANA format is recommended over local timezone names, as less prone to errors (e.g. with local timezone
|
||||
it's possible to specify daylight saving time in winter, even though that is not correct). The weekday
|
||||
specification is optional, but when the weekday is specified, it must either be in the abbreviated
|
||||
(<literal>Wed</literal>) or non-abbreviated (<literal>Wednesday</literal>) English language form (case
|
||||
does not matter), and is not subject to the locale choice of the user. Either the date, or the time part
|
||||
may be omitted, in which case the current date or 00:00:00, respectively, is assumed. The seconds
|
||||
component of the time may also be omitted, in which case ":00" is assumed. Year numbers may be specified
|
||||
in full or may be abbreviated (omitting the century).</para>
|
||||
|
||||
<para>A timestamp is considered invalid if a weekday is specified and the date does not match the specified day of
|
||||
the week.</para>
|
||||
|
@ -282,7 +284,7 @@ Wed..Sat,Tue 12-10-15 1:2:3 → Tue..Sat 2012-10-15 01:02:03
|
|||
<para>Use the <command>calendar</command> command of
|
||||
<citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry> to validate
|
||||
and normalize calendar time specifications for testing purposes. The tool also calculates when a specified
|
||||
calendar event would elapse next.</para>
|
||||
calendar event would occur next.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
|
@ -35,9 +35,9 @@
|
|||
this unit type. See
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for the common options of all unit configuration files. The common
|
||||
configuration items are configured in the generic <literal>[Unit]</literal> and
|
||||
<literal>[Install]</literal> sections. The timer specific configuration options are
|
||||
configured in the <literal>[Timer]</literal> section.</para>
|
||||
configuration items are configured in the generic [Unit] and
|
||||
[Install] sections. The timer specific configuration options are
|
||||
configured in the [Timer] section.</para>
|
||||
|
||||
<para>For each timer file, a matching unit file must exist,
|
||||
describing the unit to activate when the timer elapses. By
|
||||
|
|
|
@ -737,7 +737,7 @@
|
|||
that the listed unit is fully started up before the configured unit is started.</para>
|
||||
|
||||
<para>When two units with an ordering dependency between them are shut down, the inverse of the
|
||||
start-up order is applied. i.e. if a unit is configured with <varname>After=</varname> on another
|
||||
start-up order is applied. I.e. if a unit is configured with <varname>After=</varname> on another
|
||||
unit, the former is stopped before the latter if both are shut down. Given two units with any
|
||||
ordering dependency between them, if one unit is shut down and the other is started up, the shutdown
|
||||
is ordered before the start-up. It doesn't matter if the ordering dependency is
|
||||
|
@ -833,7 +833,7 @@
|
|||
<option>--job-mode=</option> option for details on the
|
||||
possible values. If this is set to <literal>isolate</literal>,
|
||||
only a single unit may be listed in
|
||||
<varname>OnFailure=</varname>..</para></listitem>
|
||||
<varname>OnFailure=</varname>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -1028,8 +1028,8 @@
|
|||
|
||||
<listitem><para>Configure an additional action to take if the rate limit configured with
|
||||
<varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same
|
||||
values as the setting <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings and executes
|
||||
the same actions. If <option>none</option> is set, hitting the rate limit will trigger no action besides that
|
||||
values as the <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings. If
|
||||
<option>none</option> is set, hitting the rate limit will trigger no action except that
|
||||
the start will not be permitted. Defaults to <option>none</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -1639,7 +1639,7 @@
|
|||
<refsect1>
|
||||
<title>[Install] Section Options</title>
|
||||
|
||||
<para>Unit files may include an <literal>[Install]</literal> section, which carries installation information for
|
||||
<para>Unit files may include an [Install] section, which carries installation information for
|
||||
the unit. This section is not interpreted by
|
||||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is
|
||||
used by the <command>enable</command> and <command>disable</command> commands of the
|
||||
|
|
|
@ -760,13 +760,11 @@
|
|||
<varlistentry>
|
||||
<term><varname>systemd.crash_chvt</varname></term>
|
||||
|
||||
<listitem><para>Takes a positive integer, or a boolean argument. Can be also
|
||||
specified without an argument, with the same effect as a positive boolean. If
|
||||
a positive integer (in the range 1–63) is specified, the system manager (PID
|
||||
1) will activate the specified virtual terminal (VT) when it
|
||||
crashes. Defaults to disabled, meaning that no such switch is attempted. If
|
||||
set to enabled, the VT the kernel messages are written to is selected.
|
||||
</para></listitem>
|
||||
<listitem><para>Takes a positive integer, or a boolean argument. Can be also specified without an
|
||||
argument, with the same effect as a positive boolean. If a positive integer (in the range 1–63) is
|
||||
specified, the system manager (PID 1) will activate the specified virtual terminal when it crashes.
|
||||
Defaults to disabled, meaning that no such switch is attempted. If set to enabled, the virtual
|
||||
terminal the kernel messages are written to is used instead.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -1089,14 +1087,15 @@
|
|||
this context, because they are properly namespaced. When an option is specified both on the kernel
|
||||
command line, and as a normal command line argument, the latter has higher precedence.</para>
|
||||
|
||||
<para>When <command>systemd</command> is used a user manager, the kernel command line is ignored and
|
||||
<para>When <command>systemd</command> is used as a user manager, the kernel command line is ignored and
|
||||
the options described are understood. Nevertheless, <command>systemd</command> is usually started in
|
||||
this mode through the
|
||||
<citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
service, which is shared between all users, and it may be more convenient to use configuration files to
|
||||
modify settings, see
|
||||
<citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
or a drop-in that specifies one of the environment variables listed above in "Environment, see
|
||||
or a drop-in that specifies one of the environment variables listed above in the Environment section,
|
||||
see
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
|
||||
<variablelist>
|
||||
|
@ -1146,8 +1145,8 @@
|
|||
<varlistentry>
|
||||
<term><option>--show-status</option></term>
|
||||
|
||||
<listitem><para>Show terse unit status information is shown on the console during boot-up and
|
||||
shutdown. See <varname>systemd.show_status</varname> above.</para></listitem>
|
||||
<listitem><para>Show terse unit status information on the console during boot-up and shutdown. See
|
||||
<varname>systemd.show_status</varname> above.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
24
man/tc.xml
24
man/tc.xml
|
@ -10,27 +10,28 @@
|
|||
<varlistentry id='qdisc-parent'>
|
||||
<term><varname>Parent=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>,
|
||||
<literal>clsact</literal>, <literal>ingress</literal> or a class id. The class id takes the
|
||||
major and minor number in hexadecimal ranges 1 to ffff separated with a colon
|
||||
(<literal>major:minor</literal>). Defaults to <literal>root</literal>.</para>
|
||||
<para>Configures the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>,
|
||||
<literal>clsact</literal>, <literal>ingress</literal> or a class identifier. The class identifier is
|
||||
specified as the major and minor numbers in hexadecimal in the range 0x1–Oxffff separated with a
|
||||
colon (<literal>major:minor</literal>). Defaults to <literal>root</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry id='qdisc-handle'>
|
||||
<term><varname>Handle=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the major number of unique identifier of the qdisc, known as the handle.
|
||||
Takes a number in hexadecimal ranges 1 to ffff. Defaults to unset.</para>
|
||||
<para>Configures the major number of unique identifier of the qdisc, known as the handle.
|
||||
Takes a hexadecimal number in the range 0x1–0xffff. Defaults to unset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry id='tclass-parent'>
|
||||
<term><varname>Parent=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>,
|
||||
or a qdisc id. The qdisc id takes the major and minor number in hexadecimal ranges 1 to ffff
|
||||
separated with a colon (<literal>major:minor</literal>). Defaults to <literal>root</literal>.
|
||||
<para>Configures the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>, or a
|
||||
qdisc identifier. The qdisc identifier is specified as the major and minor numbers in hexadecimal in
|
||||
the range 0x1–Oxffff separated with a colon (<literal>major:minor</literal>). Defaults to
|
||||
<literal>root</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -38,8 +39,9 @@
|
|||
<varlistentry id='tclass-classid'>
|
||||
<term><varname>ClassId=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the major and minur number of unique identifier of the class, known as the
|
||||
class ID. Each number is in hexadecimal ranges 1 to ffff. Defaults to unset.</para>
|
||||
<para>Configues the unique identifier of the class. It is specified as the major and minor numbers in
|
||||
hexadecimal in the range 0x1–Oxffff separated with a colon (<literal>major:minor</literal>).
|
||||
Defaults to unset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
<refsect1>
|
||||
<title>Options</title>
|
||||
|
||||
<para>The following settings are configured in the <literal>[Time]</literal> section:</para>
|
||||
<para>The following settings are configured in the [Time] section:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
||||
|
|
|
@ -163,11 +163,10 @@
|
|||
<title>Well-Known Services</title>
|
||||
|
||||
<para>The <command>userdbctl services</command> command will list all currently running services that
|
||||
provide user or group definitions to the system. The following are well-known services are shown among
|
||||
this list.</para>
|
||||
provide user or group definitions to the system. The following well-known services are shown among
|
||||
this list:</para>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term><constant>io.systemd.DynamicUser</constant></term>
|
||||
|
||||
|
|
|
@ -537,8 +537,7 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) {
|
|||
}
|
||||
|
||||
int unit_name_from_path_instance(const char *prefix, const char *path, const char *suffix, char **ret) {
|
||||
_cleanup_free_ char *p = NULL;
|
||||
char *s;
|
||||
_cleanup_free_ char *p = NULL, *s = NULL;
|
||||
int r;
|
||||
|
||||
assert(prefix);
|
||||
|
@ -564,7 +563,7 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha
|
|||
if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE))
|
||||
return -EINVAL;
|
||||
|
||||
*ret = s;
|
||||
*ret = TAKE_PTR(s);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -777,7 +777,7 @@ bool valid_user_group_name(const char *u, ValidUserFlags flags) {
|
|||
return false;
|
||||
|
||||
if (in_charset(u, "0123456789")) /* Don't allow fully numeric strings, they might be confused
|
||||
* with with UIDs (note that this test is more broad than
|
||||
* with UIDs (note that this test is more broad than
|
||||
* the parse_uid() test above, as it will cover more than
|
||||
* the 32bit range, and it will detect 65535 (which is in
|
||||
* invalid UID, even though in the unsigned 32 bit range) */
|
||||
|
|
|
@ -142,12 +142,12 @@ static int list_homes(int argc, char *argv[], void *userdata) {
|
|||
TABLE_UID, uid,
|
||||
TABLE_GID, gid);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to add row to table: %m");
|
||||
return table_log_add_error(r);
|
||||
|
||||
|
||||
r = table_add_cell(table, &cell, TABLE_STRING, state);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to add field to table: %m");
|
||||
return table_log_add_error(r);
|
||||
|
||||
color = user_record_state_color(state);
|
||||
if (color)
|
||||
|
@ -158,7 +158,7 @@ static int list_homes(int argc, char *argv[], void *userdata) {
|
|||
TABLE_STRING, home,
|
||||
TABLE_STRING, strna(empty_to_null(shell)));
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to add row to table: %m");
|
||||
return table_log_add_error(r);
|
||||
}
|
||||
|
||||
r = sd_bus_message_exit_container(reply);
|
||||
|
|
|
@ -13,8 +13,8 @@
|
|||
#include "signal-util.h"
|
||||
|
||||
static int run(int argc, char *argv[]) {
|
||||
_cleanup_(notify_on_cleanup) const char *notify_stop = NULL;
|
||||
_cleanup_(manager_freep) Manager *m = NULL;
|
||||
_cleanup_(notify_on_cleanup) const char *notify_stop = NULL;
|
||||
int r;
|
||||
|
||||
log_setup_service();
|
||||
|
|
|
@ -14,12 +14,14 @@
|
|||
#include "alloc-util.h"
|
||||
#include "bus-error.h"
|
||||
#include "bus-util.h"
|
||||
#include "daemon-util.h"
|
||||
#include "def.h"
|
||||
#include "fd-util.h"
|
||||
#include "format-util.h"
|
||||
#include "initreq.h"
|
||||
#include "list.h"
|
||||
#include "log.h"
|
||||
#include "main-func.h"
|
||||
#include "memory-util.h"
|
||||
#include "process-util.h"
|
||||
#include "special.h"
|
||||
|
@ -68,11 +70,9 @@ static const char *translate_runlevel(int runlevel, bool *isolate) {
|
|||
{ '6', SPECIAL_REBOOT_TARGET, false },
|
||||
};
|
||||
|
||||
unsigned i;
|
||||
|
||||
assert(isolate);
|
||||
|
||||
for (i = 0; i < ELEMENTSOF(table); i++)
|
||||
for (size_t i = 0; i < ELEMENTSOF(table); i++)
|
||||
if (table[i].runlevel == runlevel) {
|
||||
*isolate = table[i].isolate;
|
||||
if (runlevel == '6' && kexec_loaded())
|
||||
|
@ -228,6 +228,7 @@ static void fifo_free(Fifo *f) {
|
|||
|
||||
free(f);
|
||||
}
|
||||
DEFINE_TRIVIAL_CLEANUP_FUNC(Fifo*, fifo_free);
|
||||
|
||||
static void server_done(Server *s) {
|
||||
assert(s);
|
||||
|
@ -241,79 +242,49 @@ static void server_done(Server *s) {
|
|||
|
||||
static int server_init(Server *s, unsigned n_sockets) {
|
||||
int r;
|
||||
unsigned i;
|
||||
|
||||
/* This function will leave s partially initialized on failure. Caller needs to clean up. */
|
||||
|
||||
assert(s);
|
||||
assert(n_sockets > 0);
|
||||
|
||||
*s = (struct Server) {
|
||||
.epoll_fd = epoll_create1(EPOLL_CLOEXEC),
|
||||
};
|
||||
s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
|
||||
if (s->epoll_fd < 0)
|
||||
return log_error_errno(errno, "Failed to create epoll object: %m");
|
||||
|
||||
if (s->epoll_fd < 0) {
|
||||
r = log_error_errno(errno,
|
||||
"Failed to create epoll object: %m");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
for (i = 0; i < n_sockets; i++) {
|
||||
Fifo *f;
|
||||
int fd;
|
||||
|
||||
fd = SD_LISTEN_FDS_START+i;
|
||||
for (unsigned i = 0; i < n_sockets; i++) {
|
||||
_cleanup_(fifo_freep) Fifo *f = NULL;
|
||||
int fd = SD_LISTEN_FDS_START + i;
|
||||
|
||||
r = sd_is_fifo(fd, NULL);
|
||||
if (r < 0) {
|
||||
log_error_errno(r, "Failed to determine file descriptor type: %m");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (!r) {
|
||||
log_error("Wrong file descriptor type.");
|
||||
r = -EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to determine file descriptor type: %m");
|
||||
if (!r)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Wrong file descriptor type.");
|
||||
|
||||
f = new0(Fifo, 1);
|
||||
if (!f) {
|
||||
r = -ENOMEM;
|
||||
log_error_errno(errno, "Failed to create fifo object: %m");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
f->fd = -1;
|
||||
if (!f)
|
||||
return log_oom();
|
||||
|
||||
struct epoll_event ev = {
|
||||
.events = EPOLLIN,
|
||||
.data.ptr = f,
|
||||
};
|
||||
|
||||
if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, fd, &ev) < 0) {
|
||||
r = -errno;
|
||||
fifo_free(f);
|
||||
log_error_errno(errno, "Failed to add fifo fd to epoll object: %m");
|
||||
goto fail;
|
||||
}
|
||||
if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, fd, &ev) < 0)
|
||||
return log_error_errno(errno, "Failed to add fifo fd to epoll object: %m");
|
||||
|
||||
f->fd = fd;
|
||||
LIST_PREPEND(fifo, s->fifos, f);
|
||||
f->server = s;
|
||||
LIST_PREPEND(fifo, s->fifos, TAKE_PTR(f));
|
||||
s->n_fifos++;
|
||||
}
|
||||
|
||||
r = bus_connect_system_systemd(&s->bus);
|
||||
if (r < 0) {
|
||||
log_error_errno(r, "Failed to get D-Bus connection: %m");
|
||||
r = -EIO;
|
||||
goto fail;
|
||||
}
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to get D-Bus connection: %m");
|
||||
|
||||
return 0;
|
||||
|
||||
fail:
|
||||
server_done(s);
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
static int process_event(Server *s, struct epoll_event *ev) {
|
||||
|
@ -337,43 +308,33 @@ static int process_event(Server *s, struct epoll_event *ev) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
Server server;
|
||||
int r = EXIT_FAILURE, n;
|
||||
static int run(int argc, char *argv[]) {
|
||||
_cleanup_(server_done) Server server = { .epoll_fd = -1 };
|
||||
_cleanup_(notify_on_cleanup) const char *notify_stop = NULL;
|
||||
int r, n;
|
||||
|
||||
if (getppid() != 1) {
|
||||
log_error("This program should be invoked by init only.");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
if (argc > 1) {
|
||||
log_error("This program does not take arguments.");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
if (argc > 1)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"This program does not take arguments.");
|
||||
|
||||
log_setup_service();
|
||||
|
||||
umask(0022);
|
||||
|
||||
n = sd_listen_fds(true);
|
||||
if (n < 0) {
|
||||
log_error_errno(r, "Failed to read listening file descriptors from environment: %m");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
if (n < 0)
|
||||
return log_error_errno(errno,
|
||||
"Failed to read listening file descriptors from environment: %m");
|
||||
|
||||
if (n <= 0 || n > SERVER_FD_MAX) {
|
||||
log_error("No or too many file descriptors passed.");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
if (n <= 0 || n > SERVER_FD_MAX)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"No or too many file descriptors passed.");
|
||||
|
||||
if (server_init(&server, (unsigned) n) < 0)
|
||||
return EXIT_FAILURE;
|
||||
r = server_init(&server, (unsigned) n);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
log_debug("systemd-initctl running as pid "PID_FMT, getpid_cached());
|
||||
|
||||
sd_notify(false,
|
||||
"READY=1\n"
|
||||
"STATUS=Processing requests...");
|
||||
notify_stop = notify_start(NOTIFY_READY, NOTIFY_STOPPING);
|
||||
|
||||
while (!server.quit) {
|
||||
struct epoll_event event;
|
||||
|
@ -383,27 +344,17 @@ int main(int argc, char *argv[]) {
|
|||
if (k < 0) {
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
log_error_errno(errno, "epoll_wait() failed: %m");
|
||||
goto fail;
|
||||
return log_error_errno(errno, "epoll_wait() failed: %m");
|
||||
}
|
||||
|
||||
if (k <= 0)
|
||||
if (k == 0)
|
||||
break;
|
||||
|
||||
if (process_event(&server, &event) < 0)
|
||||
goto fail;
|
||||
}
|
||||
|
||||
r = EXIT_SUCCESS;
|
||||
|
||||
log_debug("systemd-initctl stopped as pid "PID_FMT, getpid_cached());
|
||||
|
||||
fail:
|
||||
sd_notify(false,
|
||||
"STOPPING=1\n"
|
||||
"STATUS=Shutting down...");
|
||||
|
||||
server_done(&server);
|
||||
|
||||
r = process_event(&server, &event);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
DEFINE_MAIN_FUNCTION(run);
|
||||
|
|
|
@ -1104,8 +1104,8 @@ static int load_certificates(char **key, char **cert, char **trust) {
|
|||
}
|
||||
|
||||
static int run(int argc, char **argv) {
|
||||
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
|
||||
_cleanup_(journal_remote_server_destroy) RemoteServer s = {};
|
||||
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
|
||||
_cleanup_free_ char *key = NULL, *cert = NULL, *trust = NULL;
|
||||
int r;
|
||||
|
||||
|
|
|
@ -815,8 +815,8 @@ static int open_journal(sd_journal **j) {
|
|||
}
|
||||
|
||||
static int run(int argc, char **argv) {
|
||||
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
|
||||
_cleanup_(destroy_uploader) Uploader u = {};
|
||||
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
|
||||
bool use_journal;
|
||||
int r;
|
||||
|
||||
|
|
|
@ -625,7 +625,7 @@ int journal_file_fstat(JournalFile *f) {
|
|||
|
||||
f->last_stat_usec = now(CLOCK_MONOTONIC);
|
||||
|
||||
/* Refuse dealing with with files that aren't regular */
|
||||
/* Refuse dealing with files that aren't regular */
|
||||
r = stat_verify_regular(&f->last_stat);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
|
|
@ -43,7 +43,7 @@ struct match_callback {
|
|||
|
||||
unsigned last_iteration;
|
||||
|
||||
/* Don't dispatch this slot with with messages that arrived in any iteration before or at the this
|
||||
/* Don't dispatch this slot with messages that arrived in any iteration before or at the this
|
||||
* one. We use this to ensure that matches don't apply "retroactively" and thus can confuse the
|
||||
* caller: matches will only match incoming messages from the moment on the match was installed. */
|
||||
uint64_t after;
|
||||
|
|
|
@ -4,9 +4,6 @@
|
|||
#include <sys/ioctl.h>
|
||||
#include <sys/types.h>
|
||||
#include <linux/vt.h>
|
||||
#if ENABLE_UTMP
|
||||
#include <utmpx.h>
|
||||
#endif
|
||||
|
||||
#include "sd-device.h"
|
||||
|
||||
|
@ -29,6 +26,7 @@
|
|||
#include "udev-util.h"
|
||||
#include "user-util.h"
|
||||
#include "userdb.h"
|
||||
#include "utmp-wtmp.h"
|
||||
|
||||
void manager_reset_config(Manager *m) {
|
||||
assert(m);
|
||||
|
@ -685,13 +683,14 @@ bool manager_all_buttons_ignored(Manager *m) {
|
|||
int manager_read_utmp(Manager *m) {
|
||||
#if ENABLE_UTMP
|
||||
int r;
|
||||
_cleanup_(utxent_cleanup) bool utmpx = false;
|
||||
|
||||
assert(m);
|
||||
|
||||
if (utmpxname(_PATH_UTMPX) < 0)
|
||||
return log_error_errno(errno, "Failed to set utmp path to " _PATH_UTMPX ": %m");
|
||||
|
||||
setutxent();
|
||||
utmpx = utxent_start();
|
||||
|
||||
for (;;) {
|
||||
_cleanup_free_ char *t = NULL;
|
||||
|
@ -704,8 +703,7 @@ int manager_read_utmp(Manager *m) {
|
|||
if (!u) {
|
||||
if (errno != 0)
|
||||
log_warning_errno(errno, "Failed to read " _PATH_UTMPX ", ignoring: %m");
|
||||
r = 0;
|
||||
break;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (u->ut_type != USER_PROCESS)
|
||||
|
@ -715,18 +713,14 @@ int manager_read_utmp(Manager *m) {
|
|||
continue;
|
||||
|
||||
t = strndup(u->ut_line, sizeof(u->ut_line));
|
||||
if (!t) {
|
||||
r = log_oom();
|
||||
break;
|
||||
}
|
||||
if (!t)
|
||||
return log_oom();
|
||||
|
||||
c = path_startswith(t, "/dev/");
|
||||
if (c) {
|
||||
r = free_and_strdup(&t, c);
|
||||
if (r < 0) {
|
||||
log_oom();
|
||||
break;
|
||||
}
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
if (isempty(t))
|
||||
|
@ -756,8 +750,6 @@ int manager_read_utmp(Manager *m) {
|
|||
log_debug("Acquired TTY information '%s' from utmp for session '%s'.", s->tty, s->id);
|
||||
}
|
||||
|
||||
endutxent();
|
||||
return r;
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
|
|
|
@ -17,8 +17,8 @@
|
|||
#include "user-util.h"
|
||||
|
||||
static int run(int argc, char *argv[]) {
|
||||
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
|
||||
_cleanup_(manager_freep) Manager *m = NULL;
|
||||
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
|
||||
int r;
|
||||
|
||||
log_setup_service();
|
||||
|
|
|
@ -283,7 +283,7 @@ int config_parse_ets_prio(
|
|||
lvalue, word);
|
||||
continue;
|
||||
}
|
||||
if (ets->n_quanta > TC_PRIO_MAX) {
|
||||
if (ets->n_prio > TC_PRIO_MAX) {
|
||||
log_syntax(unit, LOG_ERR, filename, line, 0,
|
||||
"Too many priomap in '%s=', ignoring assignment: %s",
|
||||
lvalue, word);
|
||||
|
|
|
@ -183,8 +183,8 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
static int run(int argc, char *argv[]) {
|
||||
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
|
||||
_cleanup_(manager_freep) Manager *m = NULL;
|
||||
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
|
||||
int r;
|
||||
|
||||
log_setup_service();
|
||||
|
|
|
@ -1666,7 +1666,7 @@ static int context_dump_partitions(Context *context, const char *node) {
|
|||
TABLE_UINT64, p->new_padding,
|
||||
TABLE_STRING, padding_change, TABLE_SET_COLOR, !p->partitions_next && sum_padding > 0 ? ansi_underline() : NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to add row to table: %m");
|
||||
return table_log_add_error(r);
|
||||
}
|
||||
|
||||
if (sum_padding > 0 || sum_size > 0) {
|
||||
|
@ -1689,7 +1689,7 @@ static int context_dump_partitions(Context *context, const char *node) {
|
|||
TABLE_EMPTY,
|
||||
TABLE_STRING, b);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to add row to table: %m");
|
||||
return table_log_add_error(r);
|
||||
}
|
||||
|
||||
r = table_print(t, stdout);
|
||||
|
|
|
@ -22,8 +22,8 @@
|
|||
#include "user-util.h"
|
||||
|
||||
static int run(int argc, char *argv[]) {
|
||||
_cleanup_(notify_on_cleanup) const char *notify_stop = NULL;
|
||||
_cleanup_(manager_freep) Manager *m = NULL;
|
||||
_cleanup_(notify_on_cleanup) const char *notify_stop = NULL;
|
||||
int r;
|
||||
|
||||
log_setup_service();
|
||||
|
|
|
@ -202,7 +202,7 @@ typedef struct Fido2HmacSalt {
|
|||
void *salt;
|
||||
size_t salt_size;
|
||||
|
||||
/* What to test the hashed salt value against, usualy UNIX password hash here. */
|
||||
/* What to test the hashed salt value against, usually UNIX password hash here. */
|
||||
char *hashed_password;
|
||||
} Fido2HmacSalt;
|
||||
|
||||
|
|
|
@ -25,8 +25,8 @@
|
|||
#include "utmp-wtmp.h"
|
||||
|
||||
int utmp_get_runlevel(int *runlevel, int *previous) {
|
||||
_cleanup_(utxent_cleanup) bool utmpx = false;
|
||||
struct utmpx *found, lookup = { .ut_type = RUN_LVL };
|
||||
int r;
|
||||
const char *e;
|
||||
|
||||
assert(runlevel);
|
||||
|
@ -35,8 +35,7 @@ int utmp_get_runlevel(int *runlevel, int *previous) {
|
|||
* precedence. Presumably, sysvinit does this to work around a
|
||||
* race condition that would otherwise exist where we'd always
|
||||
* go to disk and hence might read runlevel data that might be
|
||||
* very new and does not apply to the current script being
|
||||
* executed. */
|
||||
* very new and not apply to the current script being executed. */
|
||||
|
||||
e = getenv("RUNLEVEL");
|
||||
if (e && e[0] > 0) {
|
||||
|
@ -58,27 +57,17 @@ int utmp_get_runlevel(int *runlevel, int *previous) {
|
|||
if (utmpxname(_PATH_UTMPX) < 0)
|
||||
return -errno;
|
||||
|
||||
setutxent();
|
||||
utmpx = utxent_start();
|
||||
|
||||
found = getutxid(&lookup);
|
||||
if (!found)
|
||||
r = -errno;
|
||||
else {
|
||||
int a, b;
|
||||
return -errno;
|
||||
|
||||
a = found->ut_pid & 0xFF;
|
||||
b = (found->ut_pid >> 8) & 0xFF;
|
||||
|
||||
*runlevel = a;
|
||||
*runlevel = found->ut_pid & 0xFF;
|
||||
if (previous)
|
||||
*previous = b;
|
||||
*previous = (found->ut_pid >> 8) & 0xFF;
|
||||
|
||||
r = 0;
|
||||
}
|
||||
|
||||
endutxent();
|
||||
|
||||
return r;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void init_timestamp(struct utmpx *store, usec_t t) {
|
||||
|
@ -106,7 +95,7 @@ static void init_entry(struct utmpx *store, usec_t t) {
|
|||
}
|
||||
|
||||
static int write_entry_utmp(const struct utmpx *store) {
|
||||
int r;
|
||||
_cleanup_(utxent_cleanup) bool utmpx = false;
|
||||
|
||||
assert(store);
|
||||
|
||||
|
@ -117,26 +106,35 @@ static int write_entry_utmp(const struct utmpx *store) {
|
|||
if (utmpxname(_PATH_UTMPX) < 0)
|
||||
return -errno;
|
||||
|
||||
setutxent();
|
||||
utmpx = utxent_start();
|
||||
|
||||
if (!pututxline(store))
|
||||
r = -errno;
|
||||
else
|
||||
r = 0;
|
||||
|
||||
endutxent();
|
||||
|
||||
return r;
|
||||
if (pututxline(store))
|
||||
return 0;
|
||||
if (errno == ENOENT) {
|
||||
/* If utmp/wtmp have been disabled, that's a good thing, hence ignore the error. */
|
||||
log_debug_errno(errno, "Not writing utmp: %m");
|
||||
return 0;
|
||||
}
|
||||
return -errno;
|
||||
}
|
||||
|
||||
static int write_entry_wtmp(const struct utmpx *store) {
|
||||
assert(store);
|
||||
|
||||
/* wtmp is a simple append-only file where each entry is
|
||||
simply appended to the end; i.e. basically a log. */
|
||||
* simply appended to the end; i.e. basically a log. */
|
||||
|
||||
errno = 0;
|
||||
updwtmpx(_PATH_WTMPX, store);
|
||||
if (errno == ENOENT) {
|
||||
/* If utmp/wtmp have been disabled, that's a good thing, hence ignore the error. */
|
||||
log_debug_errno(errno, "Not writing wtmp: %m");
|
||||
return 0;
|
||||
}
|
||||
if (errno == EROFS) {
|
||||
log_warning_errno(errno, "Failed to write wtmp record, ignoring: %m");
|
||||
return 0;
|
||||
}
|
||||
return -errno;
|
||||
}
|
||||
|
||||
|
@ -145,16 +143,7 @@ static int write_utmp_wtmp(const struct utmpx *store_utmp, const struct utmpx *s
|
|||
|
||||
r = write_entry_utmp(store_utmp);
|
||||
s = write_entry_wtmp(store_wtmp);
|
||||
|
||||
if (r >= 0)
|
||||
r = s;
|
||||
|
||||
/* If utmp/wtmp have been disabled, that's a good thing, hence
|
||||
* ignore the errors */
|
||||
if (r == -ENOENT)
|
||||
r = 0;
|
||||
|
||||
return r;
|
||||
return r < 0 ? r : s;
|
||||
}
|
||||
|
||||
static int write_entry_both(const struct utmpx *store) {
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue