Compare commits

..

No commits in common. "b3077c47a86784b25122ae301cea67d48633d502" and "a64911f9b77457dfc09829d96e5fd1324c64c851" have entirely different histories.

107 changed files with 927 additions and 828 deletions

View File

@ -628,7 +628,7 @@ hash to test this derived secret key against for authentication. It is
generally recommended that for each entry in `fido2HmacSalt` there's also a generally recommended that for each entry in `fido2HmacSalt` there's also a
matching one in `fido2HmacCredential`, and vice versa, with the same credential matching one in `fido2HmacCredential`, and vice versa, with the same credential
ID, appearing in the same order, but this should not be required by ID, appearing in the same order, but this should not be required by
applications processing user records. applications processing user recrods.
## Fields in the `perMachine` section ## Fields in the `perMachine` section

View File

@ -381,10 +381,6 @@ mouse:usb:v046dp101b:name:Logitech M705:
mouse:usb:v046dpc52b:name:Logitech Unifying Device. Wireless PID:101b: mouse:usb:v046dpc52b:name:Logitech Unifying Device. Wireless PID:101b:
MOUSE_DPI=1000@125 MOUSE_DPI=1000@125
# Logitech M705 (newer version?)
mouse:usb:v046dp406d:name:Logitech M705:
MOUSE_DPI=1000@167
# Logitech M305 Wireless Optical Mouse # Logitech M305 Wireless Optical Mouse
mouse:usb:v046dpc52f:name:Logitech USB Receiver: mouse:usb:v046dpc52f:name:Logitech USB Receiver:
MOUSE_DPI=1000@170 MOUSE_DPI=1000@170

View File

@ -49,7 +49,7 @@
<title>Options</title> <title>Options</title>
<para>All options are configured in the <para>All options are configured in the
[Coredump] section:</para> <literal>[Coredump]</literal> section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>

View File

@ -52,8 +52,8 @@
matching specified characteristics. If no command is matching specified characteristics. If no command is
specified, this is the implied default.</para> specified, this is the implied default.</para>
<para>The output is designed to be human readable and contains a table with the following <para>The output is designed to be human readable and contains list contains
columns:</para> a table with the following columns:</para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term>TIME</term> <term>TIME</term>

View File

@ -255,7 +255,6 @@
<listitem><para>Perform encryption using the same cpu that IO was submitted on. The default is to use <listitem><para>Perform encryption using the same cpu that IO was submitted on. The default is to use
an unbound workqueue so that encryption work is automatically balanced between available CPUs.</para> an unbound workqueue so that encryption work is automatically balanced between available CPUs.</para>
<para>This requires kernel 4.0 or newer.</para> <para>This requires kernel 4.0 or newer.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -264,10 +263,9 @@
<term><option>submit-from-crypt-cpus</option></term> <term><option>submit-from-crypt-cpus</option></term>
<listitem><para>Disable offloading writes to a separate thread after encryption. There are some <listitem><para>Disable offloading writes to a separate thread after encryption. There are some
situations where offloading write requests from the encryption threads to a dedicated thread degrades situations where offloading write bios from the encryption threads to a single thread degrades
performance significantly. The default is to offload write requests to a dedicated thread because it performance significantly. The default is to offload write bios to the same thread because it benefits
benefits the CFQ scheduler to have writes submitted using the same context.</para> CFQ to have writes submitted using the same context.</para>
<para>This requires kernel 4.0 or newer.</para> <para>This requires kernel 4.0 or newer.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -514,8 +512,7 @@ external /dev/sda3 keyfile:LABEL=keydev keyfile-timeout=10s</programlist
<para>The PKCS#11 logic allows hooking up any compatible security token that is capable of storing RSA <para>The PKCS#11 logic allows hooking up any compatible security token that is capable of storing RSA
decryption keys. Here's an example how to set up a Yubikey security token for this purpose, using decryption keys. Here's an example how to set up a Yubikey security token for this purpose, using
<citerefentry project='debian'><refentrytitle>ykmap</refentrytitle><manvolnum>1</manvolnum></citerefentry> <command>ykman</command> from the yubikey-manager project:</para>
from the yubikey-manager project:</para>
<programlisting><xi:include href="yubikey-crypttab.sh" parse="text" /></programlisting> <programlisting><xi:include href="yubikey-crypttab.sh" parse="text" /></programlisting>

View File

@ -357,7 +357,7 @@
special target unit <filename>sockets.target</filename>. It is special target unit <filename>sockets.target</filename>. It is
recommended to place a recommended to place a
<varname>WantedBy=sockets.target</varname> directive in the <varname>WantedBy=sockets.target</varname> directive in the
[Install] section to automatically add such a <literal>[Install]</literal> section to automatically add such a
dependency on installation of a socket unit. Unless dependency on installation of a socket unit. Unless
<varname>DefaultDependencies=no</varname> is set, the necessary <varname>DefaultDependencies=no</varname> is set, the necessary
ordering dependencies are implicitly created for all socket ordering dependencies are implicitly created for all socket
@ -520,7 +520,7 @@
operating system-independent.</para></listitem> operating system-independent.</para></listitem>
<listitem><para>Make sure to include an <listitem><para>Make sure to include an
[Install] section including installation <literal>[Install]</literal> section including installation
information for the unit file. See information for the unit file. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. To activate your service on boot, make sure to for details. To activate your service on boot, make sure to

View File

@ -648,7 +648,7 @@
<filename>/usr/share/</filename> hierarchy to the locations <filename>/usr/share/</filename> hierarchy to the locations
defined by the various relevant specifications.</para> defined by the various relevant specifications.</para>
<para>During runtime, and for local configuration and runtime state, <para>During runtime, and for local configuration and state,
additional directories are defined:</para> additional directories are defined:</para>
<table> <table>

View File

@ -119,9 +119,9 @@
<term><option>--identity=</option><replaceable>FILE</replaceable></term> <term><option>--identity=</option><replaceable>FILE</replaceable></term>
<listitem><para>Read the user's JSON record from the specified file. If passed as <listitem><para>Read the user's JSON record from the specified file. If passed as
<literal>-</literal> read the user record from standard input. The supplied JSON object must follow <literal>-</literal> reads the user record from standard input. The supplied JSON object must follow
the structure documented on <ulink url="https://systemd.io/USER_RECORD">JSON User Records</ulink>. the structure documented on <ulink url="https://systemd.io/USER_RECORDS">JSON User
This option may be used in conjunction with the <command>create</command> and Records</ulink>. This option may be used in conjunction with the <command>create</command> and
<command>update</command> commands (see below), where it allows configuring the user record in JSON <command>update</command> commands (see below), where it allows configuring the user record in JSON
as-is, instead of setting the individual user record properties (see below).</para></listitem> as-is, instead of setting the individual user record properties (see below).</para></listitem>
</varlistentry> </varlistentry>
@ -247,9 +247,10 @@
different system and the configured UID is taken by another user there, then different system and the configured UID is taken by another user there, then
<command>systemd-homed</command> may assign the user a different UID on that system. The specified <command>systemd-homed</command> may assign the user a different UID on that system. The specified
UID must be outside of the system user range. It is recommended to use the 60001…60513 UID range for UID must be outside of the system user range. It is recommended to use the 60001…60513 UID range for
this purpose. If not specified, the UID is automatically picked. If the home directory is found to be this purpose. If not specified the UID is automatically picked. When logging in and the home
owned by a different UID when logging in, the home directory and everything underneath it will have directory is found to be owned by a UID not matching the user's assigned one the home directory and
its ownership changed automatically before login completes.</para> all files and directories inside it will have their ownership changed automatically before login
completes.</para>
<para>Note that users managed by <command>systemd-homed</command> always have a matching group <para>Note that users managed by <command>systemd-homed</command> always have a matching group
associated with the same name as well as a GID matching the UID of the user. Thus, configuring the associated with the same name as well as a GID matching the UID of the user. Thus, configuring the
@ -265,19 +266,19 @@
privileges. Note that <command>systemd-homed</command> does not manage any groups besides a group privileges. Note that <command>systemd-homed</command> does not manage any groups besides a group
matching the user in name and numeric UID/GID. Thus any groups listed here must be registered matching the user in name and numeric UID/GID. Thus any groups listed here must be registered
independently, for example with <citerefentry independently, for example with <citerefentry
project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. If
Any non-existent groups are ignored. This option may be used more than once, in which case all non-existent groups that are listed there are ignored. This option may be used more than once, in
specified group lists are combined. If the user is currently a member of a group which is not listed, which case all specified group lists are combined. If the user is currently a member of a group
the user will be removed from the group.</para></listitem> which is not listed, the user will be removed from the group.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><option>--skel=</option><replaceable>PATH</replaceable></term> <term><option>--skel=</option><replaceable>PATH</replaceable></term>
<listitem><para>Takes a file system path to a directory. Specifies the skeleton directory to <listitem><para>Takes a file system path to a directory. Specifies the skeleton directory to
initialize the home directory with. All files and directories in the specified path are copied into initialize the home directory with. All files and directories in the specified are copied into any
any newly create home directory. If not specified defaults to <filename>/etc/skel/</filename>. newly create home directory. If not specified defaults to
</para></listitem> <filename>/etc/skel/</filename>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -312,7 +313,7 @@
<listitem><para>Takes a specifier indicating the preferred language of the user. The <listitem><para>Takes a specifier indicating the preferred language of the user. The
<varname>$LANG</varname> environment variable is initialized from this value on login, and thus a <varname>$LANG</varname> environment variable is initialized from this value on login, and thus a
value suitable for this environment variable is accepted here, for example value suitable for this environment variable is accepted here, for example
<option>--language=de_DE.UTF8</option>.</para></listitem> <option>--language=de_DE.UTF8</option></para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -330,8 +331,8 @@
security token with exactly one pair of X.509 certificate and private key. A random secret key is security token with exactly one pair of X.509 certificate and private key. A random secret key is
then generated, encrypted with the public key of the X.509 certificate, and stored as part of the then generated, encrypted with the public key of the X.509 certificate, and stored as part of the
user record. At login time it is decrypted with the PKCS#11 module and then used to unlock the user record. At login time it is decrypted with the PKCS#11 module and then used to unlock the
account and associated resources. See below for an example how to set up authentication with a account and associated resources. See below for an example how to set up authentication with security
security token.</para> token.</para>
<para>Instead of a valid PKCS#11 URI, the special strings <literal>list</literal> and <para>Instead of a valid PKCS#11 URI, the special strings <literal>list</literal> and
<literal>auto</literal> may be specified. If <literal>list</literal> is passed, a brief table of <literal>auto</literal> may be specified. If <literal>list</literal> is passed, a brief table of
@ -438,19 +439,19 @@
<listitem><para>Each of these options takes a time span specification as argument (in the syntax <listitem><para>Each of these options takes a time span specification as argument (in the syntax
documented in documented in
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and
configures various aspects of the user's password expiration policy. Specifically, configure various aspects of the user's password expiration policy. Specifically,
<option>--password-change-min=</option> configures how much time has to pass after changing the <option>--password-change-min=</option> configures how much time has to pass after changing the
password of the user until the password may be changed again. If the user tries to change their password of the user until the password may be changed again. If the user tries to change their
password before this time passes the attempt is refused. <option>--password-change-max=</option> password before this time passes the attempt is refused. <option>--password-change-max=</option>
configures how soon after it has been changed the password expires and needs to be changed again. configures how much time has to pass after the password is changed until the password expires and
After this time passes logging in may only proceed after the password is changed. needs to be changed again. After this time passes any attempts to log in may only proceed after the
<option>--password-change-warn=</option> specifies how much earlier than then the time configured password is changed. <option>--password-change-warn=</option> specifies how much earlier than then
with <option>--password-change-max=</option> the user is warned at login to change their password as the time configured with <option>--password-change-max=</option> the user is warned at login to
it will expire soon. Finally <option>--password-change-inactive=</option> configures the time which change their password as it will expire soon. Finally <option>--password-change-inactive=</option>
has to pass after the password as expired until the user is not permitted to log in or change the configures the time which has to pass after the password as expired until the user is not permitted
password anymore. Note that these options only apply to password authentication, and do not apply to to log in or change the password anymore. Note that these options only apply to password
other forms of authentication, for example PKCS#11-based security token authentication, and do not apply to other forms of authentication, for example PKCS#11-based security
authentication.</para></listitem> token authentication.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -694,8 +695,8 @@
<para>Activation of a home directory involves various operations that depend on the selected storage <para>Activation of a home directory involves various operations that depend on the selected storage
mechanism. If the LUKS2 mechanism is used, this generally involves: inquiring the user for a mechanism. If the LUKS2 mechanism is used, this generally involves: inquiring the user for a
password, setting up a loopback device, validating and activating the LUKS2 volume, checking the file password, setting up a loopback device, validating and activating the LUKS2 volume, checking the file
system, mounting the file system, and potentially changing the ownership of all included files to the system, mounting the file system, and potentiatlly changing the ownership of all included files to
correct UID/GID.</para></listitem> the correct UID/GID.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

View File

@ -42,7 +42,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>The following options are available in the [Home] section:</para> <para>The following options are available in the <literal>[Home]</literal> section:</para>
<variablelist class='home-directives'> <variablelist class='home-directives'>

View File

@ -49,7 +49,7 @@
<title>Options</title> <title>Options</title>
<para>All options are configured in the <para>All options are configured in the
[Remote] section:</para> <literal>[Remote]</literal> section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>
<varlistentry> <varlistentry>

View File

@ -43,7 +43,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>All options are configured in the [Upload] section:</para> <para>All options are configured in the <literal>[Upload]</literal> section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>
<varlistentry> <varlistentry>

View File

@ -555,7 +555,7 @@
is also added for <literal>_SYSTEMD_SLICE=<replaceable>UNIT</replaceable></literal>, is also added for <literal>_SYSTEMD_SLICE=<replaceable>UNIT</replaceable></literal>,
such that if the provided <replaceable>UNIT</replaceable> is a such that if the provided <replaceable>UNIT</replaceable> is a
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
unit, all logs of children of the slice will be shown. unit, all logs of the children of the slice will be logged.
</para> </para>
<para>This parameter can be specified multiple times.</para> <para>This parameter can be specified multiple times.</para>
@ -574,7 +574,7 @@
is also added for <literal>_SYSTEMD_USER_SLICE=<replaceable>UNIT</replaceable></literal>, is also added for <literal>_SYSTEMD_USER_SLICE=<replaceable>UNIT</replaceable></literal>,
such that if the provided <replaceable>UNIT</replaceable> is a such that if the provided <replaceable>UNIT</replaceable> is a
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
unit, all logs of children of the unit will be shown.</para> unit, all logs of the children of the unit will be logged.</para>
<para>This parameter can be specified multiple times.</para> <para>This parameter can be specified multiple times.</para>
</listitem> </listitem>
@ -761,8 +761,8 @@
underneath the specified directory instead of the root underneath the specified directory instead of the root
directory (e.g. <option>--update-catalog</option> will create directory (e.g. <option>--update-catalog</option> will create
<filename><replaceable>ROOT</replaceable>/var/lib/systemd/catalog/database</filename>, <filename><replaceable>ROOT</replaceable>/var/lib/systemd/catalog/database</filename>,
and journal files under <filename><replaceable>ROOT</replaceable>/run/journal/</filename> and journal files under <filename><replaceable>ROOT</replaceable>/run/journal</filename>
or <filename><replaceable>ROOT</replaceable>/var/log/journal/</filename> will be displayed). or <filename><replaceable>ROOT</replaceable>/var/log/journal</filename> will be displayed).
</para></listitem> </para></listitem>
</varlistentry> </varlistentry>
@ -929,10 +929,10 @@
<filename>/run/log/journal/</filename> into <filename>/var/log/journal/</filename>, if persistent <filename>/run/log/journal/</filename> into <filename>/var/log/journal/</filename>, if persistent
storage is enabled. This call does not return until the operation is complete. Note that this call is storage is enabled. This call does not return until the operation is complete. Note that this call is
idempotent: the data is only flushed from <filename>/run/log/journal/</filename> into idempotent: the data is only flushed from <filename>/run/log/journal/</filename> into
<filename>/var/log/journal/</filename> once during system runtime (but see <filename>/var/log/journal</filename> once during system runtime (but see
<option>--relinquish-var</option> below), and this command exits cleanly without executing any <option>--relinquish-var</option> below), and this command exits cleanly without executing any
operation if this has already happened. This command effectively guarantees that all data is flushed operation if this has already happened. This command effectively guarantees that all data is flushed
to <filename>/var/log/journal/</filename> at the time it returns.</para></listitem> to <filename>/var/log/journal</filename> at the time it returns.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

View File

@ -53,7 +53,7 @@
<title>Options</title> <title>Options</title>
<para>All options are configured in the <para>All options are configured in the
[Journal] section:</para> <literal>[Journal]</literal> section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>

View File

@ -36,7 +36,7 @@
<title>Description</title> <title>Description</title>
<para><command>kernel-install</command> is used to install and remove kernel and initramfs images to and <para><command>kernel-install</command> is used to install and remove kernel and initramfs images to and
from the boot loader partition, referred to as <varname>$BOOT</varname> here. It will usually be one of from the boot loader partition, referred to as <varname>$BOOT</varname> here. It will usually be one of
<filename>/boot/</filename>, <filename>/efi/</filename>, or <filename>/boot/efi/</filename>, see below. <filename>/boot</filename>, <filename>/efi</filename>, or <filename>/boot/efi</filename>, see below.
</para> </para>
<para><command>kernel-install</command> will execute the files <para><command>kernel-install</command> will execute the files
@ -137,7 +137,7 @@
<para>The partition where the kernels and <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot <para>The partition where the kernels and <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot
Loader Specification</ulink> snippets are located is called <varname>$BOOT</varname>. Loader Specification</ulink> snippets are located is called <varname>$BOOT</varname>.
<command>kernel-install</command> determines the location of this partition by checking <command>kernel-install</command> determines the location of this partition by checking
<filename>/efi/</filename>, <filename>/boot/</filename>, and <filename>/boot/efi/</filename> <filename>/efi/</filename>, <filename>/boot/</filename>, and <filename>/boot/efi</filename>
in turn. The first location where <filename>$BOOT/loader/entries/</filename> or in turn. The first location where <filename>$BOOT/loader/entries/</filename> or
<filename>$BOOT/$MACHINE_ID/</filename> exists is used.</para> <filename>$BOOT/$MACHINE_ID/</filename> exists is used.</para>
</refsect1> </refsect1>

View File

@ -46,7 +46,7 @@
<title>Options</title> <title>Options</title>
<para>All options are configured in the <para>All options are configured in the
[Login] section:</para> <literal>[Login]</literal> section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>
@ -277,7 +277,7 @@
<varlistentry> <varlistentry>
<term><varname>HoldoffTimeoutSec=</varname></term> <term><varname>HoldoffTimeoutSec=</varname></term>
<listitem><para>Specifies a period of time after system startup or <listitem><para>Specifies the timeout after system startup or
system resume in which systemd will hold off on reacting to system resume in which systemd will hold off on reacting to
lid events. This is required for the system to properly lid events. This is required for the system to properly
detect any hotplugged devices so systemd can ignore lid events detect any hotplugged devices so systemd can ignore lid events

View File

@ -39,7 +39,7 @@
<para>The machine ID may be set, for example when network booting, with the <para>The machine ID may be set, for example when network booting, with the
<varname>systemd.machine_id=</varname> kernel command line parameter or by passing the <varname>systemd.machine_id=</varname> kernel command line parameter or by passing the
option <option>--machine-id=</option> to systemd. An ID specified in this manner option <option>--machine-id=</option> to systemd. An ID is specified in this manner
has higher priority and will be used instead of the ID stored in has higher priority and will be used instead of the ID stored in
<filename>/etc/machine-id</filename>.</para> <filename>/etc/machine-id</filename>.</para>

View File

@ -320,7 +320,7 @@
<listitem><para>Copies files or directories from a container <listitem><para>Copies files or directories from a container
into the host system. Takes a container name, followed by the into the host system. Takes a container name, followed by the
source path in the container and the destination path on the host. source path in the container the destination path on the host.
If the destination path is omitted, the same as the source path If the destination path is omitted, the same as the source path
is used.</para> is used.</para>

View File

@ -45,7 +45,7 @@
<refsect1> <refsect1>
<title>[Network] Section Options</title> <title>[Network] Section Options</title>
<para>The following options are available in the [Network] section:</para> <para>The following options are available in the <literal>[Network]</literal> section:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>

View File

@ -18,7 +18,8 @@
<refnamediv> <refnamediv>
<refname>nss-myhostname</refname> <refname>nss-myhostname</refname>
<refname>libnss_myhostname.so.2</refname> <refname>libnss_myhostname.so.2</refname>
<refpurpose>Hostname resolution for the locally configured system hostname</refpurpose> <refpurpose>Provide hostname resolution for the locally
configured system hostname.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -18,7 +18,8 @@
<refnamediv> <refnamediv>
<refname>nss-mymachines</refname> <refname>nss-mymachines</refname>
<refname>libnss_mymachines.so.2</refname> <refname>libnss_mymachines.so.2</refname>
<refpurpose>Hostname resolution for local container instances</refpurpose> <refpurpose>Provide hostname resolution for local
container instances.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -18,7 +18,7 @@
<refnamediv> <refnamediv>
<refname>nss-resolve</refname> <refname>nss-resolve</refname>
<refname>libnss_resolve.so.2</refname> <refname>libnss_resolve.so.2</refname>
<refpurpose>Hostname resolution via <filename>systemd-resolved.service</filename></refpurpose> <refpurpose>Provide hostname resolution via <filename>systemd-resolved.service</filename></refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -18,7 +18,7 @@
<refnamediv> <refnamediv>
<refname>nss-systemd</refname> <refname>nss-systemd</refname>
<refname>libnss_systemd.so.2</refname> <refname>libnss_systemd.so.2</refname>
<refpurpose>UNIX user and group name resolution for user/group lookup via Varlink</refpurpose> <refpurpose>Provide UNIX user and group name resolution for user/group lookup via Varlink</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -153,7 +153,7 @@
hence be used to uniquely label files or other resources of this session. Combine this ID with the boot hence be used to uniquely label files or other resources of this session. Combine this ID with the boot
identifier, as returned by identifier, as returned by
<citerefentry><refentrytitle>sd_id128_get_boot</refentrytitle><manvolnum>3</manvolnum></citerefentry>, for a <citerefentry><refentrytitle>sd_id128_get_boot</refentrytitle><manvolnum>3</manvolnum></citerefentry>, for a
globally unique identifier.</para></listitem> globally unique identifier for the current session.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

View File

@ -118,7 +118,7 @@
<para>By default all unit files whose names start with a prefix generated from the image's file name are copied <para>By default all unit files whose names start with a prefix generated from the image's file name are copied
out. Specifically, the prefix is determined from the image file name with any suffix such as out. Specifically, the prefix is determined from the image file name with any suffix such as
<filename>.raw</filename> removed, truncated at the first occurrence of an underscore character <filename>.raw</filename> removed, truncated at the first occurrence of and underscore character
(<literal>_</literal>), if there is one. The underscore logic is supposed to be used to versioning so that the (<literal>_</literal>), if there is one. The underscore logic is supposed to be used to versioning so that the
an image file <filename>foobar_47.11.raw</filename> will result in a unit file matching prefix of an image file <filename>foobar_47.11.raw</filename> will result in a unit file matching prefix of
<filename>foobar</filename>. This prefix is then compared with all unit files names contained in the image in <filename>foobar</filename>. This prefix is then compared with all unit files names contained in the image in
@ -403,7 +403,7 @@
</tgroup> </tgroup>
</table> </table>
<para>For details on these profiles and their effects see their precise definitions, <para>For details on this profiles, and their effects please have a look at their precise definitions,
e.g. <filename>/usr/lib/systemd/portable/profile/default/service.conf</filename> and similar.</para> e.g. <filename>/usr/lib/systemd/portable/profile/default/service.conf</filename> and similar.</para>
</refsect1> </refsect1>

View File

@ -44,7 +44,7 @@
<title>Options</title> <title>Options</title>
<para>All options are configured in the <para>All options are configured in the
[PStore] section:</para> <literal>[PStore]</literal> section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>
@ -82,7 +82,7 @@
<refsect1> <refsect1>
<title>See Also</title> <title>See Also</title>
<para> <para>
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
</para> </para>
</refsect1> </refsect1>

View File

@ -41,7 +41,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>The following options are available in the [Resolve] section:</para> <para>The following options are available in the <literal>[Resolve]</literal> section:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>

View File

@ -19,7 +19,7 @@
<refnamediv> <refnamediv>
<refname>sd_bus_enqueue_for_read</refname> <refname>sd_bus_enqueue_for_read</refname>
<refpurpose>Re-enqueue a bus message on a bus connection, for reading</refpurpose> <refpurpose>Re-enqueue a bus message on a bus connection, for reading.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -20,7 +20,7 @@
<refname>sd_bus_is_open</refname> <refname>sd_bus_is_open</refname>
<refname>sd_bus_is_ready</refname> <refname>sd_bus_is_ready</refname>
<refpurpose>Check whether the bus connection is open or ready</refpurpose> <refpurpose>Check whether the a bus connection is open or ready.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -22,7 +22,7 @@
<refname>sd_bus_message_new_method_errno</refname> <refname>sd_bus_message_new_method_errno</refname>
<refname>sd_bus_message_new_method_errnof</refname> <refname>sd_bus_message_new_method_errnof</refname>
<refpurpose>Create an error reply for a method call</refpurpose> <refpurpose>Create a an error reply for a method call</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -20,7 +20,7 @@
<refname>sd_bus_set_connected_signal</refname> <refname>sd_bus_set_connected_signal</refname>
<refname>sd_bus_get_connected_signal</refname> <refname>sd_bus_get_connected_signal</refname>
<refpurpose>Control emission of local connection establishment signal on bus connections</refpurpose> <refpurpose>Control emmission of local connection establishment signal on bus connections</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -23,7 +23,7 @@
<refname>sd_bus_track_get_destroy_callback</refname> <refname>sd_bus_track_get_destroy_callback</refname>
<refname>sd_bus_destroy_t</refname> <refname>sd_bus_destroy_t</refname>
<refpurpose>Define the callback function for resource cleanup</refpurpose> <refpurpose>Define the callback function for resource cleanup.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -19,7 +19,7 @@
<refname>sd_bus_slot_set_floating</refname> <refname>sd_bus_slot_set_floating</refname>
<refname>sd_bus_slot_get_floating</refname> <refname>sd_bus_slot_get_floating</refname>
<refpurpose>Control whether a bus slot object is "floating"</refpurpose> <refpurpose>Control whether a bus slot object is "floating".</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -21,7 +21,7 @@
<refname>sd_event_source_get_destroy_callback</refname> <refname>sd_event_source_get_destroy_callback</refname>
<refname>sd_event_destroy_t</refname> <refname>sd_event_destroy_t</refname>
<refpurpose>Define the callback function for resource cleanup</refpurpose> <refpurpose>Define the callback function for resource cleanup.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -21,7 +21,7 @@
<refnamediv> <refnamediv>
<refname>sd_journal_has_runtime_files</refname> <refname>sd_journal_has_runtime_files</refname>
<refname>sd_journal_has_persistent_files</refname> <refname>sd_journal_has_persistent_files</refname>
<refpurpose>Query availability of runtime or persistent journal files</refpurpose> <refpurpose>Query availability of runtime or persistent journal files.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -19,7 +19,7 @@
<refname>sd_machine_get_class</refname> <refname>sd_machine_get_class</refname>
<refname>sd_machine_get_ifindices</refname> <refname>sd_machine_get_ifindices</refname>
<refpurpose>Determine the class and network interface indices of a <refpurpose>Determine the class and network interface indices of a
locally running virtual machine or container</refpurpose> locally running virtual machine or container.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -35,7 +35,7 @@
<refname>sd_peer_get_cgroup</refname> <refname>sd_peer_get_cgroup</refname>
<refpurpose>Determine the owner uid of the user unit or session, <refpurpose>Determine the owner uid of the user unit or session,
or the session, user unit, system unit, container/VM or slice that or the session, user unit, system unit, container/VM or slice that
a specific PID or socket peer belongs to</refpurpose> a specific PID or socket peer belongs to.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -70,11 +70,11 @@ key.pattern.overridden.with.glob = custom
followed by <literal>=</literal>, see SYNOPSIS.</para> followed by <literal>=</literal>, see SYNOPSIS.</para>
<para>Any access permission errors and attempts to write variables not present on the local system are <para>Any access permission errors and attempts to write variables not present on the local system are
logged at debug level and do not cause the service to fail. Moreover, if a variable assignment is logged, but do not cause the service to fail. Debug log level is used, which means that the message will
prefixed with a single <literal>-</literal> character, failure to set the variable for other reasons will not show up at all by default. Moreover, if a variable assignment is prefixed with a single
be logged at debug level and will not cause the service to fail. In other cases, errors when setting <literal>-</literal> character, any failure to set the variable will be logged at debug level, but will
variables are logged with higher priority and cause the service to return failure at the end (after not cause the service to fail. All other errors when setting variables are logged with higher priority
processing other variables).</para> and cause the service to return failure at the end (other variables are still processed).</para>
<para>The settings configured with <filename>sysctl.d</filename> files will be applied early on boot. The <para>The settings configured with <filename>sysctl.d</filename> files will be applied early on boot. The
network interface-specific options will also be applied individually for each network interface as it network interface-specific options will also be applied individually for each network interface as it

View File

@ -412,7 +412,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<para>The "Loaded:" line in the output will show <literal>loaded</literal> if the unit has been loaded into <para>The "Loaded:" line in the output will show <literal>loaded</literal> if the unit has been loaded into
memory. Other possible values for "Loaded:" include: <literal>error</literal> if there was a problem memory. Other possible values for "Loaded:" include: <literal>error</literal> if there was a problem
loading it, <literal>not-found</literal> if no unit file was found for this unit, loading it, <literal>not-found</literal> if not unit file was found for this unit,
<literal>bad-setting</literal> if an essential unit file setting could not be parsed and <literal>bad-setting</literal> if an essential unit file setting could not be parsed and
<literal>masked</literal> if the unit file has been masked. Along with showing the path to the unit file, <literal>masked</literal> if the unit file has been masked. Along with showing the path to the unit file,
this line will also show the enablement state. Enabled commands start at boot. See the full table of this line will also show the enablement state. Enabled commands start at boot. See the full table of
@ -582,7 +582,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<listitem> <listitem>
<para>Enable one or more units or unit instances. This will create a set of symlinks, as encoded in the <para>Enable one or more units or unit instances. This will create a set of symlinks, as encoded in the
[Install] sections of the indicated unit files. After the symlinks have been created, <literal>[Install]</literal> sections of the indicated unit files. After the symlinks have been created,
the system manager configuration is reloaded (in a way equivalent to <command>daemon-reload</command>), in the system manager configuration is reloaded (in a way equivalent to <command>daemon-reload</command>), in
order to ensure the changes are taken into account immediately. Note that this does order to ensure the changes are taken into account immediately. Note that this does
<emphasis>not</emphasis> have the effect of also starting any of the units being enabled. If this is <emphasis>not</emphasis> have the effect of also starting any of the units being enabled. If this is
@ -605,7 +605,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<option>--quiet</option>. <option>--quiet</option>.
</para> </para>
<para>Note that this operation creates only the symlinks suggested in the [Install] <para>Note that this operation creates only the symlinks suggested in the <literal>[Install]</literal>
section of the unit files. While this command is the recommended way to manipulate the unit configuration section of the unit files. While this command is the recommended way to manipulate the unit configuration
directory, the administrator is free to make additional changes manually by placing or removing symlinks directory, the administrator is free to make additional changes manually by placing or removing symlinks
below this directory. This is particularly useful to create configurations that deviate from the suggested below this directory. This is particularly useful to create configurations that deviate from the suggested
@ -645,7 +645,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<para>This command expects valid unit names only, it does not accept paths to unit files.</para> <para>This command expects valid unit names only, it does not accept paths to unit files.</para>
<para>In addition to the units specified as arguments, all units are disabled that are listed in the <para>In addition to the units specified as arguments, all units are disabled that are listed in the
<varname>Also=</varname> setting contained in the [Install] section of any of the unit <varname>Also=</varname> setting contained in the <literal>[Install]</literal> section of any of the unit
files being operated on.</para> files being operated on.</para>
<para>This command implicitly reloads the system manager configuration after completing the operation. Note <para>This command implicitly reloads the system manager configuration after completing the operation. Note
@ -668,7 +668,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<listitem> <listitem>
<para>Reenable one or more units, as specified on the command line. This is a combination of <para>Reenable one or more units, as specified on the command line. This is a combination of
<command>disable</command> and <command>enable</command> and is useful to reset the symlinks a unit file is <command>disable</command> and <command>enable</command> and is useful to reset the symlinks a unit file is
enabled with to the defaults configured in its [Install] section. This command expects enabled with to the defaults configured in its <literal>[Install]</literal> section. This command expects
a unit name only, it does not accept paths to unit files.</para> a unit name only, it does not accept paths to unit files.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -768,17 +768,17 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
</row> </row>
<row> <row>
<entry><literal>static</literal></entry> <entry><literal>static</literal></entry>
<entry>The unit file is not enabled, and has no provisions for enabling in the [Install] unit file section.</entry> <entry>The unit file is not enabled, and has no provisions for enabling in the <literal>[Install]</literal> unit file section.</entry>
<entry>0</entry> <entry>0</entry>
</row> </row>
<row> <row>
<entry><literal>indirect</literal></entry> <entry><literal>indirect</literal></entry>
<entry>The unit file itself is not enabled, but it has a non-empty <varname>Also=</varname> setting in the [Install] unit file section, listing other unit files that might be enabled, or it has an alias under a different name through a symlink that is not specified in <varname>Also=</varname>. For template unit files, an instance different than the one specified in <varname>DefaultInstance=</varname> is enabled.</entry> <entry>The unit file itself is not enabled, but it has a non-empty <varname>Also=</varname> setting in the <literal>[Install]</literal> unit file section, listing other unit files that might be enabled, or it has an alias under a different name through a symlink that is not specified in <varname>Also=</varname>. For template unit file, an instance different than the one specified in <varname>DefaultInstance=</varname> is enabled.</entry>
<entry>0</entry> <entry>0</entry>
</row> </row>
<row> <row>
<entry><literal>disabled</literal></entry> <entry><literal>disabled</literal></entry>
<entry>The unit file is not enabled, but contains an [Install] section with installation instructions.</entry> <entry>The unit file is not enabled, but contains an <literal>[Install]</literal> section with installation instructions.</entry>
<entry>&gt; 0</entry> <entry>&gt; 0</entry>
</row> </row>
<row> <row>

View File

@ -509,9 +509,9 @@ NAutoVTs=8
<para>This command will load unit files and print warnings if any errors are detected. Files specified <para>This command will load unit files and print warnings if any errors are detected. Files specified
on the command line will be loaded, but also any other units referenced by them. The full unit search on the command line will be loaded, but also any other units referenced by them. The full unit search
path is formed by combining the directories for all command line arguments, and the usual unit load path is formed by combining the directories for all command line arguments, and the usual unit load
paths. The variable <varname>$SYSTEMD_UNIT_PATH</varname> is supported, and may be used to replace or paths (variable <varname>$SYSTEMD_UNIT_PATH</varname> is supported, and may be used to replace or
augment the compiled in set of unit load paths; see augment the compiled in set of unit load paths; see
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. All <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>). All
units files present in the directories containing the command line arguments will be used in preference units files present in the directories containing the command line arguments will be used in preference
to the other paths.</para> to the other paths.</para>
@ -700,9 +700,9 @@ Service b@0.service not loaded, b.socket cannot be started.
<varlistentry> <varlistentry>
<term><option>--man=no</option></term> <term><option>--man=no</option></term>
<listitem><para>Do not invoke <listitem><para>Do not invoke man to verify the existence of
<citerefentry project='man-pages'><refentrytitle>man</refentrytitle><manvolnum>1</manvolnum></citerefentry> man pages listed in <varname>Documentation=</varname>.
to verify the existence of man pages listed in <varname>Documentation=</varname>.</para></listitem> </para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

View File

@ -17,7 +17,7 @@
<refnamediv> <refnamediv>
<refname>systemd-bless-boot-generator</refname> <refname>systemd-bless-boot-generator</refname>
<refpurpose>Pull <filename>systemd-bless-boot.service</filename> into the initial boot transaction when boot counting is in effect</refpurpose> <refpurpose>Pull <filename>systemd-bless-boot.service</filename> into the initial boot transaction when boot counting is in effect.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -91,7 +91,7 @@
<listitem><para>The boot manager optionally reads a random seed from the ESP partition, combines it <listitem><para>The boot manager optionally reads a random seed from the ESP partition, combines it
with a 'system token' stored in a persistent EFI variable and derives a random seed to use by the OS as with a 'system token' stored in a persistent EFI variable and derives a random seed to use by the OS as
entropy pool initialization, providing a full entropy pool during early boot.</para></listitem> entropy pool initializaton, providing a full entropy pool during early boot.</para></listitem>
</itemizedlist> </itemizedlist>
<para><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> <para><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
@ -313,7 +313,7 @@
is maintained persistently, while <varname>LoaderConfigTimeoutOneShot</varname> is a one-time override which is is maintained persistently, while <varname>LoaderConfigTimeoutOneShot</varname> is a one-time override which is
read once (in which case it takes precedence over <varname>LoaderConfigTimeout</varname>) and then read once (in which case it takes precedence over <varname>LoaderConfigTimeout</varname>) and then
removed. <varname>LoaderConfigTimeout</varname> may be manipulated with the removed. <varname>LoaderConfigTimeout</varname> may be manipulated with the
<keycap>t</keycap>/<keycap>T</keycap> keys, see above.</para></listitem> <keycap>t</keycap>/<keycap>T</keycap> keys, see above.)</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -422,9 +422,9 @@
<varlistentry> <varlistentry>
<term><varname>LoaderSystemToken</varname></term> <term><varname>LoaderSystemToken</varname></term>
<listitem><para>A binary random data field, that is used for generating the random seed to pass to <listitem><para>A binary random data field, that is used for generating the random see to pass to the
the OS (see above). Note that this random data is generally only generated once, during OS OS (see above). Note that this random data is generally only generated once, during OS installation,
installation, and is then never updated again.</para></listitem> and is then never updated again.</para></listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

View File

@ -19,7 +19,7 @@
<refname>systemd-gpt-auto-generator</refname> <refname>systemd-gpt-auto-generator</refname>
<refpurpose>Generator for automatically discovering and mounting root, <filename>/home/</filename>, <refpurpose>Generator for automatically discovering and mounting root, <filename>/home/</filename>,
<filename>/srv/</filename>, <filename>/var/</filename> and <filename>/var/tmp/</filename> partitions, as <filename>/srv/</filename>, <filename>/var/</filename> and <filename>/var/tmp/</filename> partitions, as
well as discovering and enabling swap partitions, based on GPT partition type GUIDs</refpurpose> well as discovering and enabling swap partitions, based on GPT partition type GUIDs.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -217,9 +217,9 @@
</para> </para>
<para>where <para>where
<replaceable>cursor</replaceable> is a cursor string, <option>cursor</option> is a cursor string,
<replaceable>num_skip</replaceable> is an integer, <option>num_skip</option> is an integer,
<replaceable>num_entries</replaceable> is an unsigned integer. <option>num_entries</option> is an unsigned integer.
</para> </para>
<para>Range defaults to all available events.</para> <para>Range defaults to all available events.</para>

View File

@ -267,7 +267,7 @@ openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
those files can be specified using those files can be specified using
<varname>TrustedCertificateFile=</varname>, <varname>TrustedCertificateFile=</varname>,
<varname>ServerCertificateFile=</varname>, <varname>ServerCertificateFile=</varname>,
and <varname>ServerKeyFile=</varname> in <varname>ServerKeyFile=</varname>, in
<filename>/etc/systemd/journal-remote.conf</filename> and <filename>/etc/systemd/journal-remote.conf</filename> and
<filename>/etc/systemd/journal-upload.conf</filename>, <filename>/etc/systemd/journal-upload.conf</filename>,
respectively. The default locations can be queried by using respectively. The default locations can be queried by using

View File

@ -103,7 +103,7 @@
<citerefentry><refentrytitle>systemd-user-sessions.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-user-sessions.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<citerefentry><refentrytitle>sd-login</refentrytitle><manvolnum>3</manvolnum></citerefentry> <citerefentry><refentrytitle>sd-login</refentrytitle><manvolnum>3</manvolnum></citerefentry>
</para> </para>
</refsect1> </refsect1>

View File

@ -50,11 +50,10 @@
<replaceable>WHERE</replaceable>.</para> <replaceable>WHERE</replaceable>.</para>
<para>In many ways, <command>systemd-mount</command> is similar to the lower-level <para>In many ways, <command>systemd-mount</command> is similar to the lower-level
<citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> <citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> command, however instead
command, however instead of executing the mount operation directly and immediately, of executing the mount operation directly and immediately, <command>systemd-mount</command> schedules it through
<command>systemd-mount</command> schedules it through the service manager job queue, so that it may pull the service manager job queue, so that it may pull in further dependencies (such as parent mounts, or a file system
in further dependencies (such as parent mounts, or a file system checker to execute a priori), and may checker to execute a priori), and may make use of the auto-mounting logic.</para>
make use of the auto-mounting logic.</para>
<para>The command takes either one or two arguments. If only one argument is specified it should refer to <para>The command takes either one or two arguments. If only one argument is specified it should refer to
a block device or regular file containing a file system (e.g. <literal>/dev/sdb1</literal> or a block device or regular file containing a file system (e.g. <literal>/dev/sdb1</literal> or
@ -62,15 +61,15 @@
label and other metadata, and is mounted to a directory below <filename>/run/media/system/</filename> label and other metadata, and is mounted to a directory below <filename>/run/media/system/</filename>
whose name is generated from the file system label. In this mode the block device or image file must whose name is generated from the file system label. In this mode the block device or image file must
exist at the time of invocation of the command, so that it may be probed. If the device is found to be a exist at the time of invocation of the command, so that it may be probed. If the device is found to be a
removable block device (e.g. a USB stick), an automount point is created instead of a regular mount point removable block device (e.g. a USB stick) an automount point instead of a regular mount point is created
(i.e. the <option>--automount=</option> option is implied, see below).</para> (i.e. the <option>--automount=</option> option is implied, see below).</para>
<para>If two arguments are specified, the first indicates the mount source (the <para>If two arguments are specified the first indicates the mount source (the <replaceable>WHAT</replaceable>) and
<replaceable>WHAT</replaceable>) and the second indicates the path to mount it on (the the second indicates the path to mount it on (the <replaceable>WHERE</replaceable>). In this mode no probing of the
<replaceable>WHERE</replaceable>). In this mode no probing of the source is attempted, and a backing source is attempted, and a backing device node doesn't have to exist yet. However, if this mode is combined with
device node doesn't have to exist. However, if this mode is combined with <option>--discover</option>, <option>--discover</option>, device node probing for additional metadata is enabled, and much like in the
device node probing for additional metadata is enabled, and much like in the single-argument case single-argument case discussed above the specified device has to exist at the time of invocation of the
discussed above the specified device has to exist at the time of invocation of the command.</para> command.</para>
<para>Use the <option>--list</option> command to show a terse table of all local, known block devices with file <para>Use the <option>--list</option> command to show a terse table of all local, known block devices with file
systems that may be mounted with this command.</para> systems that may be mounted with this command.</para>

View File

@ -531,9 +531,11 @@
<term><option>-u</option></term> <term><option>-u</option></term>
<term><option>--user=</option></term> <term><option>--user=</option></term>
<listitem><para>After transitioning into the container, change to the specified user defined in the <listitem><para>After transitioning into the container, change
container's user database. Like all other systemd-nspawn features, this is not a security feature and to the specified user-defined in the container's user
provides protection against accidental destructive operations only.</para></listitem> database. Like all other systemd-nspawn features, this is not
a security feature and provides protection against accidental
destructive operations only.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1165,9 +1167,10 @@
<para>Finally, if set to <literal>auto</literal> the file is left as it is if private networking is <para>Finally, if set to <literal>auto</literal> the file is left as it is if private networking is
turned on (see <option>--private-network</option>). Otherwise, if turned on (see <option>--private-network</option>). Otherwise, if
<filename>systemd-resolved.service</filename> is running its stub <filename>resolv.conf</filename> <filename>systemd-resolved.service</filename> is connectible its stub
file is used, and if not the host's <filename>/etc/resolv.conf</filename> file. In the latter cases <filename>resolv.conf</filename> file is used, and if not the host's
the file is copied if the image is writable, and bind mounted otherwise.</para> <filename>/etc/resolv.conf</filename> file is used. In the latter cases the file is copied if the
image is writable, and bind mounted otherwise.</para>
<para>It's recommended to use <literal>copy-…</literal> or <literal>replace-…</literal> if the <para>It's recommended to use <literal>copy-…</literal> or <literal>replace-…</literal> if the
container shall be able to make changes to the DNS configuration on its own, deviating from the container shall be able to make changes to the DNS configuration on its own, deviating from the
@ -1183,20 +1186,19 @@
<varlistentry> <varlistentry>
<term><option>--timezone=</option></term> <term><option>--timezone=</option></term>
<listitem><para>Configures how <filename>/etc/localtime</filename> inside of the container <listitem><para>Configures how <filename>/etc/localtime</filename> inside of the container (i.e. local timezone
(i.e. local timezone synchronization from host to container) shall be handled. Takes one of synchronization from host to container) shall be handled. Takes one of <literal>off</literal>,
<literal>off</literal>, <literal>copy</literal>, <literal>bind</literal>, <literal>symlink</literal>, <literal>copy</literal>, <literal>bind</literal>, <literal>symlink</literal>, <literal>delete</literal> or
<literal>delete</literal> or <literal>auto</literal>. If set to <literal>off</literal> the <literal>auto</literal>. If set to <literal>off</literal> the <filename>/etc/localtime</filename> file in the
<filename>/etc/localtime</filename> file in the container is left as it is included in the image, and container is left as it is included in the image, and neither modified nor bind mounted over. If set to
neither modified nor bind mounted over. If set to <literal>copy</literal> the <literal>copy</literal> the <filename>/etc/localtime</filename> file of the host is copied into the
<filename>/etc/localtime</filename> file of the host is copied into the container. Similarly, if container. Similar, if <literal>bind</literal> is used, it is bind mounted from the host into the container. If
<literal>bind</literal> is used, the file is bind mounted from the host into the container. If set to set to <literal>symlink</literal> a symlink from <filename>/etc/localtime</filename> in the container is
<literal>symlink</literal>, a symlink is created pointing from <filename>/etc/localtime</filename> in created pointing to the matching the timezone file of the container that matches the timezone setting on the
the container to the timezone file in the container that matches the timezone setting on the host. If host. If set to <literal>delete</literal> the file in the container is deleted, should it exist. If set to
set to <literal>delete</literal>, the file in the container is deleted, should it exist. If set to <literal>auto</literal> and the <filename>/etc/localtime</filename> file of the host is a symlink, then
<literal>auto</literal> and the <filename>/etc/localtime</filename> file of the host is a symlink, <literal>symlink</literal> mode is used, and <literal>copy</literal> otherwise, except if the image is
then <literal>symlink</literal> mode is used, and <literal>copy</literal> otherwise, except if the read-only in which case <literal>bind</literal> is used instead. Defaults to
image is read-only in which case <literal>bind</literal> is used instead. Defaults to
<literal>auto</literal>.</para></listitem> <literal>auto</literal>.</para></listitem>
</varlistentry> </varlistentry>
@ -1439,7 +1441,7 @@
<para>This installs a minimal Fedora distribution into the <para>This installs a minimal Fedora distribution into the
directory <filename index="false">/var/lib/machines/f&fedora_latest_version;</filename> directory <filename index="false">/var/lib/machines/f&fedora_latest_version;</filename>
and then boots that OS in a namespace container. Because the installation and then boots an OS in a namespace container in it. Because the installation
is located underneath the standard <filename>/var/lib/machines/</filename> is located underneath the standard <filename>/var/lib/machines/</filename>
directory, it is also possible to start the machine using directory, it is also possible to start the machine using
<command>systemd-nspawn -M f&fedora_latest_version;</command>.</para> <command>systemd-nspawn -M f&fedora_latest_version;</command>.</para>
@ -1453,7 +1455,7 @@
<para>This installs a minimal Debian unstable distribution into <para>This installs a minimal Debian unstable distribution into
the directory <filename>~/debian-tree/</filename> and then the directory <filename>~/debian-tree/</filename> and then
spawns a shell from this image in a namespace container.</para> spawns a shell in a namespace container in it.</para>
<para><command>debootstrap</command> supports <para><command>debootstrap</command> supports
<ulink url="https://www.debian.org">Debian</ulink>, <ulink url="https://www.debian.org">Debian</ulink>,

View File

@ -44,7 +44,7 @@
<citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, with <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, with
its <command>bootctl random-seed</command> functionality.</para> its <command>bootctl random-seed</command> functionality.</para>
<para>When loading the random seed from disk, the file is immediately updated with a new seed retrieved <para>When loading the random seed from disk its file is immediately updated with a new seed retrieved
from the kernel, in order to ensure no two boots operate with the same random seed. This new seed is from the kernel, in order to ensure no two boots operate with the same random seed. This new seed is
retrieved synchronously from the kernel, which means the service will not complete start-up until the retrieved synchronously from the kernel, which means the service will not complete start-up until the
random pool is fully initialized. On entropy-starved systems this may take a while. This functionality is random pool is fully initialized. On entropy-starved systems this may take a while. This functionality is

View File

@ -57,10 +57,9 @@
available but not yet used. Specifically the following use cases are among those covered:</para> available but not yet used. Specifically the following use cases are among those covered:</para>
<itemizedlist> <itemizedlist>
<listitem><para>The root partition may be grown to cover the whole available disk space.</para></listitem> <listitem><para>The root partition may be grown to cover the whole available disk space</para></listitem>
<listitem><para>A <filename>/home/</filename>, swap or <filename>/srv/</filename> partition can be <listitem><para>A <filename>/home/</filename>, swap or <filename>/srv/</filename> partition can be added in</para></listitem>
added.</para></listitem> <listitem><para>A second (or third, …) root partition may be added in, to cover A/B style setups
<listitem><para>A second (or third, …) root partition may be added, to cover A/B style setups
where a second version of the root file system is alternatingly used for implementing update where a second version of the root file system is alternatingly used for implementing update
schemes. The deployed image would carry only a single partition ("A") but on first boot a second schemes. The deployed image would carry only a single partition ("A") but on first boot a second
partition ("B") for this purpose is automatically created.</para></listitem> partition ("B") for this purpose is automatically created.</para></listitem>
@ -70,7 +69,7 @@
<orderedlist> <orderedlist>
<listitem><para>The <filename>repart.d/*.conf</filename> configuration files are loaded and parsed, <listitem><para>The <filename>repart.d/*.conf</filename> configuration files are loaded and parsed,
and ordered by filename (without the directory prefix).</para></listitem> and ordered by filename (without the directory suffix). </para></listitem>
<listitem><para>The partition table already existing on the block device is loaded and <listitem><para>The partition table already existing on the block device is loaded and
parsed.</para></listitem> parsed.</para></listitem>
@ -120,13 +119,13 @@
</orderedlist> </orderedlist>
<para>As exception to the normally strictly incremental operation, when called in a special "factory <para>As exception to the normally strictly incremental operation, when called in a special "factory
reset" mode, <command>systemd-repart</command> may also be used to erase existing partitions to reset" mode <command>systemd-repart</command> may also be used to erase select existing partitions to
reset an installation back to vendor defaults. This mode of operation is used when either the reset an installation back to vendor defaults. This mode of operation is used when either the
<option>--factory-reset=yes</option> switch is passed on the tool's command line, or the <option>--factory-reset=yes</option> switch is passed on the tool's command line, or the
<option>systemd.factory_reset=yes</option> option specified on the kernel command line, or the <option>systemd.factory_reset=yes</option> option specified on the kernel command line, or the
<varname>FactoryReset</varname> EFI variable (vendor UUID <varname>FactoryReset</varname> EFI variable (vendor UUID
<constant>8cf2644b-4b0b-428f-9387-6d876050dc67</constant>) is set to "yes". It alters the algorithm above <constant>8cf2644b-4b0b-428f-9387-6d876050dc67</constant>) is set to "yes". It alters the algorithm above
slightly: between the 3rd and the 4th step above any partition marked explicitly via the slightly: between the 3rd and the 4th step above the any partition marked explicitly via the
<varname>FactoryReset=</varname> boolean is deleted, and the algorithm restarted, thus immediately <varname>FactoryReset=</varname> boolean is deleted, and the algorithm restarted, thus immediately
re-creating these partitions anew empty.</para> re-creating these partitions anew empty.</para>
@ -268,9 +267,9 @@
<varlistentry> <varlistentry>
<term><option>--definitions=</option></term> <term><option>--definitions=</option></term>
<listitem><para>Takes a file system path. If specified the <filename>*.conf</filename> files are read <listitem><para>Takes a file system path. If specified the <filename>*.conf</filename> are directly
from the specified directory instead of searching in <filename>/usr/lib/repart.d/*.conf</filename>, read from the specified directory instead of searching in
<filename>/etc/repart.d/*.conf</filename>, <filename>/usr/lib/repart.d/*.conf</filename>, <filename>/etc/repart.d/*.conf</filename>,
<filename>/run/repart.d/*.conf</filename>.</para></listitem> <filename>/run/repart.d/*.conf</filename>.</para></listitem>
</varlistentry> </varlistentry>

View File

@ -105,7 +105,7 @@
<title>Options</title> <title>Options</title>
<para>The following options can be configured in the <para>The following options can be configured in the
[Sleep] section of <literal>[Sleep]</literal> section of
<filename>/etc/systemd/sleep.conf</filename> or a <filename>/etc/systemd/sleep.conf</filename> or a
<filename>sleep.conf.d</filename> file:</para> <filename>sleep.conf.d</filename> file:</para>

View File

@ -16,7 +16,7 @@
</refmeta> </refmeta>
<refnamediv> <refnamediv>
<refname>systemd-socket-proxyd</refname> <refname>systemd-socket-proxyd</refname>
<refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket</refpurpose> <refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>
<cmdsynopsis> <cmdsynopsis>

View File

@ -71,16 +71,19 @@
url="https://www.freedesktop.org/wiki/Software/systemd/inhibit">Inhibitor url="https://www.freedesktop.org/wiki/Software/systemd/inhibit">Inhibitor
interface</ulink>.</para> interface</ulink>.</para>
<para>Note that <filename>systemd-suspend.service</filename>, <para>Note that
<filename>systemd-hibernate.service</filename>, <filename>systemd-hybrid-sleep.service</filename>, and <filename>systemd-suspend.service</filename>,
<filename>systemd-suspend-then-hibernate.service</filename> should never be executed directly. Instead, <filename>systemd-hibernate.service</filename>, and
trigger system sleep with a command such as <command>systemctl suspend</command> or <command>systemctl <filename>systemd-hybrid-sleep.service</filename>
hibernate</command>.</para> <filename>systemd-suspend-then-hibernate.service</filename>
should never be executed directly. Instead, trigger system sleep
states with a command such as <literal>systemctl suspend</literal>
or similar.</para>
<para>Internally, this service will echo a string like <para>Internally, this service will echo a string like
<literal>mem</literal> into <filename>/sys/power/state</filename>, <literal>mem</literal> into <filename>/sys/power/state</filename>,
to trigger the actual system suspend. What exactly is written to trigger the actual system suspend. What exactly is written
where can be configured in the [Sleep] section where can be configured in the <literal>[Sleep]</literal> section
of <filename>/etc/systemd/sleep.conf</filename> or a of <filename>/etc/systemd/sleep.conf</filename> or a
<filename>sleep.conf.d</filename> file. See <filename>sleep.conf.d</filename> file. See
<citerefentry><refentrytitle>systemd-sleep.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>. <citerefentry><refentrytitle>systemd-sleep.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.

View File

@ -58,7 +58,7 @@
<title>Options</title> <title>Options</title>
<para>All options are configured in the <para>All options are configured in the
[Manager] section:</para> <literal>[Manager]</literal> section:</para>
<variablelist class='config-directives'> <variablelist class='config-directives'>
@ -149,7 +149,7 @@
for details. During the first phase of the shutdown operation the system and service manager remains running for details. During the first phase of the shutdown operation the system and service manager remains running
and hence <varname>RuntimeWatchdogSec=</varname> is still honoured. In order to define a timeout on this first and hence <varname>RuntimeWatchdogSec=</varname> is still honoured. In order to define a timeout on this first
phase of system shutdown, configure <varname>JobTimeoutSec=</varname> and <varname>JobTimeoutAction=</varname> phase of system shutdown, configure <varname>JobTimeoutSec=</varname> and <varname>JobTimeoutAction=</varname>
in the [Unit] section of the <filename>shutdown.target</filename> unit. By default in the <literal>[Unit]</literal> section of the <filename>shutdown.target</filename> unit. By default
<varname>RuntimeWatchdogSec=</varname> defaults to 0 (off), and <varname>RebootWatchdogSec=</varname> to <varname>RuntimeWatchdogSec=</varname> defaults to 0 (off), and <varname>RebootWatchdogSec=</varname> to
10min. <varname>KExecWatchdogSec=</varname> may be used to additionally enable the watchdog when kexec 10min. <varname>KExecWatchdogSec=</varname> may be used to additionally enable the watchdog when kexec
is being executed rather than when rebooting. Note that if the kernel does not reset the watchdog on kexec (depending is being executed rather than when rebooting. Note that if the kernel does not reset the watchdog on kexec (depending
@ -387,9 +387,9 @@
units. See units. See
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> for <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
details. These settings may be overridden in individual units using the corresponding details. These settings may be overridden in individual units using the corresponding
<varname>LimitXXX=</varname> directives and they accept the same parameter syntax, <varname>LimitXXX=</varname> directives, see
see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, for
for details. Note that these resource limits are only defaults details, and they accept the same parameter syntax. Note that these resource limits are only defaults
for units, they are not applied to the service manager process (i.e. PID 1) itself.</para></listitem> for units, they are not applied to the service manager process (i.e. PID 1) itself.</para></listitem>
</varlistentry> </varlistentry>

View File

@ -18,7 +18,7 @@
<refnamediv> <refnamediv>
<refname>systemd-time-wait-sync.service</refname> <refname>systemd-time-wait-sync.service</refname>
<refname>systemd-time-wait-sync</refname> <refname>systemd-time-wait-sync</refname>
<refpurpose>Wait until kernel time is synchronized</refpurpose> <refpurpose>Wait Until Kernel Time Synchronized</refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>

View File

@ -35,9 +35,9 @@
this unit type. See this unit type. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic [Unit] and configuration items are configured in the generic <literal>[Unit]</literal> and
[Install] sections. The automount specific configuration options <literal>[Install]</literal> sections. The automount specific configuration options
are configured in the [Automount] section.</para> are configured in the <literal>[Automount]</literal> section.</para>
<para>Automount units must be named after the automount directories they control. Example: the automount point <para>Automount units must be named after the automount directories they control. Example: the automount point
<filename index="false">/home/lennart</filename> must be configured in a unit file <filename index="false">/home/lennart</filename> must be configured in a unit file

View File

@ -36,8 +36,8 @@
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic configuration items are configured in the generic
[Unit] and [Install] <literal>[Unit]</literal> and <literal>[Install]</literal>
sections. A separate [Device] section does not sections. A separate <literal>[Device]</literal> section does not
exist, since no device-specific options may be configured.</para> exist, since no device-specific options may be configured.</para>
<para>systemd will dynamically create device units for all kernel <para>systemd will dynamically create device units for all kernel
@ -60,7 +60,7 @@
<para>Device units will be reloaded by systemd whenever the <para>Device units will be reloaded by systemd whenever the
corresponding device generates a <literal>changed</literal> event. corresponding device generates a <literal>changed</literal> event.
Other units can use <varname>ReloadPropagatedFrom=</varname> to react Other units can use <varname>ReloadPropagatedFrom=</varname> to react
to that event.</para> to that event</para>
</refsect1> </refsect1>
<refsect1> <refsect1>

View File

@ -64,7 +64,7 @@
<refsect1> <refsect1>
<title>[Service] Section Options</title> <title>[Service] Section Options</title>
<para>The network service file contains a [Service] <para>The network service file contains a <literal>[Service]</literal>
section, which specifies a discoverable network service announced in a section, which specifies a discoverable network service announced in a
local network with Multicast DNS broadcasts.</para> local network with Multicast DNS broadcasts.</para>

View File

@ -511,11 +511,10 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
<varlistentry> <varlistentry>
<term><varname>AppArmorProfile=</varname></term> <term><varname>AppArmorProfile=</varname></term>
<listitem><para>Takes a profile name as argument. The process executed by the unit will switch to <listitem><para>Takes a profile name as argument. The process executed by the unit will switch to this profile
this profile when started. Profiles must already be loaded in the kernel, or the unit will fail. If when started. Profiles must already be loaded in the kernel, or the unit will fail. This result in a non
prefixed by <literal>-</literal>, all errors will be ignored. This setting has no effect if AppArmor operation if AppArmor is not enabled. If prefixed by <literal>-</literal>, all errors will be ignored. This
is not enabled. This setting not affect commands prefixed with <literal>+</literal>.</para> does not affect commands prefixed with <literal>+</literal>.</para></listitem>
</listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -881,7 +880,7 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
in <varname>NUMAMask=</varname>. For more details on each policy please see, in <varname>NUMAMask=</varname>. For more details on each policy please see,
<citerefentry><refentrytitle>set_mempolicy</refentrytitle><manvolnum>2</manvolnum></citerefentry>. For overall <citerefentry><refentrytitle>set_mempolicy</refentrytitle><manvolnum>2</manvolnum></citerefentry>. For overall
overview of NUMA support in Linux see, overview of NUMA support in Linux see,
<citerefentry project='man-pages'><refentrytitle>numa</refentrytitle><manvolnum>7</manvolnum></citerefentry>. <citerefentry project='man-pages'><refentrytitle>numa</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para></listitem> </para></listitem>
</varlistentry> </varlistentry>
@ -1068,16 +1067,14 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
<varname>RootDirectory=</varname> or <varname>RootImage=</varname> these paths always reside on the host and <varname>RootDirectory=</varname> or <varname>RootImage=</varname> these paths always reside on the host and
are mounted from there into the unit's file system namespace.</para> are mounted from there into the unit's file system namespace.</para>
<para>If <varname>DynamicUser=</varname> is used in conjunction with <para>If <varname>DynamicUser=</varname> is used in conjunction with <varname>StateDirectory=</varname>,
<varname>StateDirectory=</varname>, the logic for <varname>CacheDirectory=</varname> and <varname>CacheDirectory=</varname> and <varname>LogsDirectory=</varname> is slightly altered: the directories
<varname>LogsDirectory=</varname> is slightly altered: the directories are created below are created below <filename>/var/lib/private</filename>, <filename>/var/cache/private</filename> and
<filename>/var/lib/private</filename>, <filename>/var/cache/private</filename> and
<filename>/var/log/private</filename>, respectively, which are host directories made inaccessible to <filename>/var/log/private</filename>, respectively, which are host directories made inaccessible to
unprivileged users, which ensures that access to these directories cannot be gained through dynamic unprivileged users, which ensures that access to these directories cannot be gained through dynamic user ID
user ID recycling. Symbolic links are created to hide this difference in behaviour. Both from recycling. Symbolic links are created to hide this difference in behaviour. Both from perspective of the host
perspective of the host and from inside the unit, the relevant directories hence always appear and from inside the unit, the relevant directories hence always appear directly below
directly below <filename>/var/lib</filename>, <filename>/var/cache</filename> and <filename>/var/lib</filename>, <filename>/var/cache</filename> and <filename>/var/log</filename>.</para>
<filename>/var/log</filename>.</para>
<para>Use <varname>RuntimeDirectory=</varname> to manage one or more runtime directories for the unit and bind <para>Use <varname>RuntimeDirectory=</varname> to manage one or more runtime directories for the unit and bind
their lifetime to the daemon runtime. This is particularly useful for unprivileged daemons that cannot create their lifetime to the daemon runtime. This is particularly useful for unprivileged daemons that cannot create
@ -1241,8 +1238,8 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
<term><varname>PrivateTmp=</varname></term> <term><varname>PrivateTmp=</varname></term>
<listitem><para>Takes a boolean argument. If true, sets up a new file system namespace for the executed <listitem><para>Takes a boolean argument. If true, sets up a new file system namespace for the executed
processes and mounts private <filename>/tmp/</filename> and <filename>/var/tmp/</filename> directories inside it processes and mounts private <filename>/tmp</filename> and <filename>/var/tmp</filename> directories inside it
that are not shared by processes outside of the namespace. This is useful to secure access to temporary files of that is not shared by processes outside of the namespace. This is useful to secure access to temporary files of
the process, but makes sharing between processes via <filename>/tmp</filename> or <filename>/var/tmp</filename> the process, but makes sharing between processes via <filename>/tmp</filename> or <filename>/var/tmp</filename>
impossible. If this is enabled, all temporary files created by a service in these directories will be removed impossible. If this is enabled, all temporary files created by a service in these directories will be removed
after the service is stopped. Defaults to false. It is possible to run two or more units within the same after the service is stopped. Defaults to false. It is possible to run two or more units within the same
@ -1402,7 +1399,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
this option removes <constant>CAP_SYS_TIME</constant> and <constant>CAP_WAKE_ALARM</constant> from the this option removes <constant>CAP_SYS_TIME</constant> and <constant>CAP_WAKE_ALARM</constant> from the
capability bounding set for this unit, installs a system call filter to block calls that can set the capability bounding set for this unit, installs a system call filter to block calls that can set the
clock, and <varname>DeviceAllow=char-rtc r</varname> is implied. This ensures <filename>/dev/rtc0</filename>, clock, and <varname>DeviceAllow=char-rtc r</varname> is implied. This ensures <filename>/dev/rtc0</filename>,
<filename>/dev/rtc1</filename>, etc. are made read-only to the service. See <filename>/dev/rtc1</filename>, etc are made read only to the service. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the details about <varname>DeviceAllow=</varname>.</para> for the details about <varname>DeviceAllow=</varname>.</para>
@ -1498,7 +1495,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>) <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
are unaffected. Also, sockets created with <function>socketpair()</function> (which creates connected are unaffected. Also, sockets created with <function>socketpair()</function> (which creates connected
AF_UNIX sockets only) are unaffected. Note that this option has no effect on 32-bit x86, s390, s390x, AF_UNIX sockets only) are unaffected. Note that this option has no effect on 32-bit x86, s390, s390x,
mips, mips-le, ppc, ppc-le, ppc64, ppc64-le and is ignored (but works correctly on other ABIs, mips, mips-le, ppc, ppc-le, pcc64, ppc64-le and is ignored (but works correctly on other ABIs,
including x86-64). Note that on systems supporting multiple ABIs (such as x86/x86-64) it is including x86-64). Note that on systems supporting multiple ABIs (such as x86/x86-64) it is
recommended to turn off alternative ABIs for services, so that they cannot be used to circumvent the recommended to turn off alternative ABIs for services, so that they cannot be used to circumvent the
restrictions of this option. Specifically, it is recommended to combine this option with restrictions of this option. Specifically, it is recommended to combine this option with
@ -1806,7 +1803,7 @@ RestrictNamespaces=~cgroup net</programlisting>
</row> </row>
<row> <row>
<entry>@file-system</entry> <entry>@file-system</entry>
<entry>File system operations: opening, creating files and directories for read and write, renaming and removing them, reading file properties, or creating hard and symbolic links</entry> <entry>File system operations: opening, creating files and directories for read and write, renaming and removing them, reading file properties, or creating hard and symbolic links.</entry>
</row> </row>
<row> <row>
<entry>@io-event</entry> <entry>@io-event</entry>
@ -1822,7 +1819,7 @@ RestrictNamespaces=~cgroup net</programlisting>
</row> </row>
<row> <row>
<entry>@memlock</entry> <entry>@memlock</entry>
<entry>Locking of memory in RAM (<citerefentry project='man-pages'><refentrytitle>mlock</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>mlockall</refentrytitle><manvolnum>2</manvolnum></citerefentry> and related calls)</entry> <entry>Locking of memory into RAM (<citerefentry project='man-pages'><refentrytitle>mlock</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>mlockall</refentrytitle><manvolnum>2</manvolnum></citerefentry> and related calls)</entry>
</row> </row>
<row> <row>
<entry>@module</entry> <entry>@module</entry>
@ -1846,7 +1843,7 @@ RestrictNamespaces=~cgroup net</programlisting>
</row> </row>
<row> <row>
<entry>@process</entry> <entry>@process</entry>
<entry>Process control, execution, namespaceing operations (<citerefentry project='man-pages'><refentrytitle>clone</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>kill</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>, …)</entry> <entry>Process control, execution, namespaceing operations (<citerefentry project='man-pages'><refentrytitle>clone</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>kill</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>, …</entry>
</row> </row>
<row> <row>
<entry>@raw-io</entry> <entry>@raw-io</entry>
@ -1874,7 +1871,7 @@ RestrictNamespaces=~cgroup net</programlisting>
</row> </row>
<row> <row>
<entry>@sync</entry> <entry>@sync</entry>
<entry>Synchronizing files and memory to disk (<citerefentry project='man-pages'><refentrytitle>fsync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>msync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, and related calls)</entry> <entry>Synchronizing files and memory to disk: (<citerefentry project='man-pages'><refentrytitle>fsync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>msync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, and related calls)</entry>
</row> </row>
<row> <row>
<entry>@system-service</entry> <entry>@system-service</entry>
@ -1952,7 +1949,7 @@ SystemCallErrorNumber=EPERM</programlisting>
manager is compiled for). If running in user mode, or in system mode, but without the manager is compiled for). If running in user mode, or in system mode, but without the
<constant>CAP_SYS_ADMIN</constant> capability (e.g. setting <varname>User=nobody</varname>), <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting <varname>User=nobody</varname>),
<varname>NoNewPrivileges=yes</varname> is implied. By default, this option is set to the empty list, i.e. no <varname>NoNewPrivileges=yes</varname> is implied. By default, this option is set to the empty list, i.e. no
filtering is applied.</para> system call architecture filtering is applied.</para>
<para>If this setting is used, processes of this unit will only be permitted to call native system calls, and <para>If this setting is used, processes of this unit will only be permitted to call native system calls, and
system calls of the specified architectures. For the purposes of this option, the x32 architecture is treated system calls of the specified architectures. For the purposes of this option, the x32 architecture is treated
@ -2216,9 +2213,8 @@ SystemCallErrorNumber=EPERM</programlisting>
<constant>AF_UNIX</constant> socket in the file system, as in that case only a <constant>AF_UNIX</constant> socket in the file system, as in that case only a
single stream connection is created for both input and output.</para> single stream connection is created for both input and output.</para>
<para><option>append:<replaceable>path</replaceable></option> is similar to <para><option>append:<replaceable>path</replaceable></option> is similar to <option>file:<replaceable>path
<option>file:<replaceable>path</replaceable></option> above, but it opens the file in append mode. </replaceable></option> above, but it opens the file in append mode.</para>
</para>
<para><option>socket</option> connects standard output to a socket acquired via socket activation. The <para><option>socket</option> connects standard output to a socket acquired via socket activation. The
semantics are similar to the same option of <varname>StandardInput=</varname>, see above.</para> semantics are similar to the same option of <varname>StandardInput=</varname>, see above.</para>
@ -2555,7 +2551,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
<varname>UnsetEnvironment=</varname> are removed again from the compiled environment variable list, immediately <varname>UnsetEnvironment=</varname> are removed again from the compiled environment variable list, immediately
before it is passed to the executed process.</para> before it is passed to the executed process.</para>
<para>The following environment variables are set or propagated by the service manager for each invoked <para>The following select environment variables are set or propagated by the service manager for each invoked
process:</para> process:</para>
<variablelist class='environment-variables'> <variablelist class='environment-variables'>
@ -2626,7 +2622,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
<term><varname>$LOGS_DIRECTORY</varname></term> <term><varname>$LOGS_DIRECTORY</varname></term>
<term><varname>$CONFIGURATION_DIRECTORY</varname></term> <term><varname>$CONFIGURATION_DIRECTORY</varname></term>
<listitem><para>Absolute paths to the directories defined with <listitem><para>Contains and absolute paths to the directories defined with
<varname>RuntimeDirectory=</varname>, <varname>StateDirectory=</varname>, <varname>RuntimeDirectory=</varname>, <varname>StateDirectory=</varname>,
<varname>CacheDirectory=</varname>, <varname>LogsDirectory=</varname>, and <varname>CacheDirectory=</varname>, <varname>LogsDirectory=</varname>, and
<varname>ConfigurationDirectory=</varname> when those settings are used.</para> <varname>ConfigurationDirectory=</varname> when those settings are used.</para>

View File

@ -524,8 +524,7 @@
structured log entries via calls such as structured log entries via calls such as
<citerefentry><refentrytitle>sd_journal_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>. <citerefentry><refentrytitle>sd_journal_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
They may also not be used as matches for They may also not be used as matches for
<citerefentry><refentrytitle>sd_journal_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry>. <citerefentry><refentrytitle>sd_journal_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry></para>
</para>
<variablelist class='journal-directives'> <variablelist class='journal-directives'>
<varlistentry> <varlistentry>

View File

@ -151,7 +151,7 @@
terminate upon receiving the initial <constant>SIGTERM</constant> terminate upon receiving the initial <constant>SIGTERM</constant>
signal. This can be achieved by configuring <varname>LimitCORE=</varname> signal. This can be achieved by configuring <varname>LimitCORE=</varname>
and setting <varname>FinalKillSignal=</varname> to either and setting <varname>FinalKillSignal=</varname> to either
<constant>SIGQUIT</constant> or <constant>SIGABRT</constant>. <constant>SIGQUIT</constant> or <constant>SIGABRT</constant>
Defaults to <constant>SIGKILL</constant>. Defaults to <constant>SIGKILL</constant>.
</para></listitem> </para></listitem>
</varlistentry> </varlistentry>

View File

@ -64,8 +64,8 @@
<title>[Match] Section Options</title> <title>[Match] Section Options</title>
<para>A link file is said to match a device if all matches specified by the <para>A link file is said to match a device if all matches specified by the
[Match] section are satisfied. When a link file does not contain valid settings <literal>[Match]</literal> section are satisfied. When a link file does not contain valid settings
in [Match] section, then the file will match all devices and in <literal>[Match]</literal> section, then the file will match all devices and
<command>systemd-udevd</command> warns about that. Hint: to avoid the warning and to make it clear <command>systemd-udevd</command> warns about that. Hint: to avoid the warning and to make it clear
that all interfaces shall be matched, add the following: that all interfaces shall be matched, add the following:
<programlisting>OriginalName=*</programlisting> <programlisting>OriginalName=*</programlisting>

View File

@ -34,9 +34,9 @@
this unit type. See this unit type. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic [Unit] and configuration items are configured in the generic <literal>[Unit]</literal> and
[Install] sections. The mount specific configuration options are <literal>[Install]</literal> sections. The mount specific configuration options are
configured in the [Mount] section.</para> configured in the <literal>[Mount]</literal> section.</para>
<para>Additional options are listed in <para>Additional options are listed in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,

View File

@ -357,7 +357,7 @@
</variablelist> </variablelist>
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this <para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this
particular version of systemd).</para> particular version of systemd.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>

View File

@ -114,10 +114,10 @@
<entry>An IPv4 over IPv4 tunnel.</entry></row> <entry>An IPv4 over IPv4 tunnel.</entry></row>
<row><entry><varname>ipvlan</varname></entry> <row><entry><varname>ipvlan</varname></entry>
<entry>An IPVLAN device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row> <entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
<row><entry><varname>ipvtap</varname></entry> <row><entry><varname>ipvtap</varname></entry>
<entry>An IPVTAP device is a stacked device which receives packets from its underlying device based on IP address filtering and can be accessed using the tap user space interface.</entry></row> <entry>An ipvtap device is a stacked device which receives packets from its underlying device based on IP address filtering and can be accessed using the tap user space interface.</entry></row>
<row><entry><varname>macvlan</varname></entry> <row><entry><varname>macvlan</varname></entry>
<entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row> <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
@ -193,7 +193,7 @@
<title>[Match] Section Options</title> <title>[Match] Section Options</title>
<para>A virtual network device is only created if the <para>A virtual network device is only created if the
[Match] section matches the current <literal>[Match]</literal> section matches the current
environment, or if the section is empty. The following keys are environment, or if the section is empty. The following keys are
accepted:</para> accepted:</para>
@ -259,7 +259,7 @@
<refsect1> <refsect1>
<title>[NetDev] Section Options</title> <title>[NetDev] Section Options</title>
<para>The [NetDev] section accepts the <para>The <literal>[NetDev]</literal> section accepts the
following keys:</para> following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -273,13 +273,13 @@
<term><varname>Name=</varname></term> <term><varname>Name=</varname></term>
<listitem> <listitem>
<para>The interface name used when creating the netdev. <para>The interface name used when creating the netdev.
This setting is compulsory.</para> This option is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>Kind=</varname></term> <term><varname>Kind=</varname></term>
<listitem> <listitem>
<para>The netdev kind. This setting is compulsory. See the <para>The netdev kind. This option is compulsory. See the
<literal>Supported netdev kinds</literal> section for the <literal>Supported netdev kinds</literal> section for the
valid keys.</para> valid keys.</para>
</listitem> </listitem>
@ -287,10 +287,10 @@
<varlistentry> <varlistentry>
<term><varname>MTUBytes=</varname></term> <term><varname>MTUBytes=</varname></term>
<listitem> <listitem>
<para>The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G <para>The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G,
are supported and are understood to the base of 1024. For <literal>tun</literal> or are supported and are understood to the base of 1024. For <literal>tun</literal> or
<literal>tap</literal> devices, <varname>MTUBytes=</varname> setting is not currently supported in <literal>tap</literal> devices, <varname>MTUBytes=</varname> setting is not currently supported in
[NetDev] section. Please specify it in [Link] section of <literal>[NetDev]</literal> section. Please specify it in <literal>[Link]</literal> section of
corresponding corresponding
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
files.</para> files.</para>
@ -300,8 +300,8 @@
<term><varname>MACAddress=</varname></term> <term><varname>MACAddress=</varname></term>
<listitem> <listitem>
<para>The MAC address to use for the device. For <literal>tun</literal> or <literal>tap</literal> <para>The MAC address to use for the device. For <literal>tun</literal> or <literal>tap</literal>
devices, setting <varname>MACAddress=</varname> in the [NetDev] section is not devices, setting <varname>MACAddress=</varname> in the <literal>[NetDev]</literal> section is not
supported. Please specify it in [Link] section of the corresponding supported. Please specify it in <literal>[Link]</literal> section of the corresponding
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
file. If this option is not set, <literal>vlan</literal> devices inherit the MAC address of the file. If this option is not set, <literal>vlan</literal> devices inherit the MAC address of the
physical interface. For other kind of netdevs, if this option is not set, then MAC address is physical interface. For other kind of netdevs, if this option is not set, then MAC address is
@ -316,7 +316,7 @@
<refsect1> <refsect1>
<title>[Bridge] Section Options</title> <title>[Bridge] Section Options</title>
<para>The [Bridge] section only applies for <para>The <literal>[Bridge]</literal> section only applies for
netdevs of kind <literal>bridge</literal>, and accepts the netdevs of kind <literal>bridge</literal>, and accepts the
following keys:</para> following keys:</para>
@ -436,7 +436,7 @@
<refsect1> <refsect1>
<title>[VLAN] Section Options</title> <title>[VLAN] Section Options</title>
<para>The [VLAN] section only applies for <para>The <literal>[VLAN]</literal> section only applies for
netdevs of kind <literal>vlan</literal>, and accepts the netdevs of kind <literal>vlan</literal>, and accepts the
following key:</para> following key:</para>
@ -445,7 +445,7 @@
<term><varname>Id=</varname></term> <term><varname>Id=</varname></term>
<listitem> <listitem>
<para>The VLAN ID to use. An integer in the range 04094. <para>The VLAN ID to use. An integer in the range 04094.
This setting is compulsory.</para> This option is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -478,8 +478,8 @@
<varlistentry> <varlistentry>
<term><varname>ReorderHeader=</varname></term> <term><varname>ReorderHeader=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. When enabled, the VLAN reorder header is used and VLAN interfaces behave <para>Takes a boolean. The VLAN reorder header is set VLAN interfaces behave like physical interfaces.
like physical interfaces. When unset, the kernel's default will be used.</para> When unset, the kernel's default will be used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -488,7 +488,7 @@
<refsect1> <refsect1>
<title>[MACVLAN] Section Options</title> <title>[MACVLAN] Section Options</title>
<para>The [MACVLAN] section only applies for <para>The <literal>[MACVLAN]</literal> section only applies for
netdevs of kind <literal>macvlan</literal>, and accepts the netdevs of kind <literal>macvlan</literal>, and accepts the
following key:</para> following key:</para>
@ -510,15 +510,15 @@
<refsect1> <refsect1>
<title>[MACVTAP] Section Options</title> <title>[MACVTAP] Section Options</title>
<para>The [MACVTAP] section applies for <para>The <literal>[MACVTAP]</literal> section applies for
netdevs of kind <literal>macvtap</literal> and accepts the netdevs of kind <literal>macvtap</literal> and accepts the
same key as [MACVLAN].</para> same key as <literal>[MACVLAN]</literal>.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>[IPVLAN] Section Options</title> <title>[IPVLAN] Section Options</title>
<para>The [IPVLAN] section only applies for <para>The <literal>[IPVLAN]</literal> section only applies for
netdevs of kind <literal>ipvlan</literal>, and accepts the netdevs of kind <literal>ipvlan</literal>, and accepts the
following key:</para> following key:</para>
@ -545,15 +545,15 @@
<refsect1> <refsect1>
<title>[IPVTAP] Section Options</title> <title>[IPVTAP] Section Options</title>
<para>The [IPVTAP] section only applies for <para>The <literal>[IPVTAP]</literal> section only applies for
netdevs of kind <literal>ipvtap</literal> and accepts the netdevs of kind <literal>ipvtap</literal> and accepts the
same key as [IPVLAN].</para> same key as <literal>[IPVLAN]</literal>.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>[VXLAN] Section Options</title> <title>[VXLAN] Section Options</title>
<para>The [VXLAN] section only applies for <para>The <literal>[VXLAN]</literal> section only applies for
netdevs of kind <literal>vxlan</literal>, and accepts the netdevs of kind <literal>vxlan</literal>, and accepts the
following keys:</para> following keys:</para>
@ -579,8 +579,7 @@
<varlistentry> <varlistentry>
<term><varname>Group=</varname></term> <term><varname>Group=</varname></term>
<listitem> <listitem>
<para>Configures VXLAN multicast group IP address. All members of a VXLAN must use the same <para>Configures VXLAN multicast group IP address. All members of a VXLAN must use the same multicast group address.</para>
multicast group address.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -638,7 +637,8 @@
<varlistentry> <varlistentry>
<term><varname>L3MissNotification=</varname></term> <term><varname>L3MissNotification=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. When true, enables netlink IP address miss notifications.</para> <para>Takes a boolean. When true, enables netlink IP address miss
notifications.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -739,7 +739,7 @@
<refsect1> <refsect1>
<title>[GENEVE] Section Options</title> <title>[GENEVE] Section Options</title>
<para>The [GENEVE] section only applies for <para>The <literal>[GENEVE]</literal> section only applies for
netdevs of kind <literal>geneve</literal>, and accepts the netdevs of kind <literal>geneve</literal>, and accepts the
following keys:</para> following keys:</para>
@ -765,16 +765,15 @@
<varlistentry> <varlistentry>
<term><varname>TTL=</varname></term> <term><varname>TTL=</varname></term>
<listitem> <listitem>
<para>Accepts the same values as in the [VXLAN] section, except that when unset <para>Accepts the same key in <literal>[VXLAN]</literal> section except when unset or
or set to 0, the kernel's default will be used, meaning that packet TTL will be set from set to 0, the kernel's default will be used meaning that packets TTL will be set from
<filename>/proc/sys/net/ipv4/ip_default_ttl</filename>.</para> <filename>/proc/sys/net/ipv4/ip_default_ttl</filename>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>UDPChecksum=</varname></term> <term><varname>UDPChecksum=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets <para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para>
over IPv4.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -805,7 +804,7 @@
<varlistentry> <varlistentry>
<term><varname>IPDoNotFragment=</varname></term> <term><varname>IPDoNotFragment=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in [VXLAN] section.</para> <para>Accepts the same key in <literal>[VXLAN]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -814,7 +813,7 @@
<refsect1> <refsect1>
<title>[L2TP] Section Options</title> <title>[L2TP] Section Options</title>
<para>The [L2TP] section only applies for <para>The <literal>[L2TP]</literal> section only applies for
netdevs of kind <literal>l2tp</literal>, and accepts the netdevs of kind <literal>l2tp</literal>, and accepts the
following keys:</para> following keys:</para>
@ -822,23 +821,21 @@
<varlistentry> <varlistentry>
<term><varname>TunnelId=</varname></term> <term><varname>TunnelId=</varname></term>
<listitem> <listitem>
<para>Specifies the tunnel identifier. Takes an number in the range 14294967295. The value used <para>Specifies the tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer.
must match the <literal>PeerTunnelId=</literal> value being used at the peer. This setting is Ranges a number between 1 and 4294967295). This option is compulsory.</para>
compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PeerTunnelId=</varname></term> <term><varname>PeerTunnelId=</varname></term>
<listitem> <listitem>
<para>Specifies the peer tunnel id. Takes a number in the range 1—4294967295. The value used must <para>Specifies the peer tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer.
match the <literal>PeerTunnelId=</literal> value being used at the peer. This setting is Ranges a number between 1 and 4294967295). This option is compulsory.</para>
compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>Remote=</varname></term> <term><varname>Remote=</varname></term>
<listitem> <listitem>
<para>Specifies the IP address of the remote peer. This setting is compulsory.</para> <para>Specifies the IP address of the remote peer. This option is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -855,29 +852,27 @@
<varlistentry> <varlistentry>
<term><varname>EncapsulationType=</varname></term> <term><varname>EncapsulationType=</varname></term>
<listitem> <listitem>
<para>Specifies the encapsulation type of the tunnel. Takes one of <literal>udp</literal> or <para>Specifies the encapsulation type of the tunnel. Takes one of <literal>udp</literal> or <literal>ip</literal>.</para>
<literal>ip</literal>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>UDPSourcePort=</varname></term> <term><varname>UDPSourcePort=</varname></term>
<listitem> <listitem>
<para>Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected <para>Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected it's mandotory. Ignored when ip
it's mandatory. Ignored when IP encapsulation is selected.</para> encapsulation is selected.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>UDPDestinationPort=</varname></term> <term><varname>UDPDestinationPort=</varname></term>
<listitem> <listitem>
<para>Specifies destination port. When UDP encapsulation is selected it's mandatory. Ignored when IP <para>Specifies destination port. When UDP encapsulation is selected it's mandotory. Ignored when ip
encapsulation is selected.</para> encapsulation is selected.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>UDPChecksum=</varname></term> <term><varname>UDPChecksum=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets <para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para>
over IPv4.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -898,30 +893,28 @@
<refsect1> <refsect1>
<title>[L2TPSession] Section Options</title> <title>[L2TPSession] Section Options</title>
<para>The [L2TPSession] section only applies for <para>The <literal>[L2TPSession]</literal> section only applies for
netdevs of kind <literal>l2tp</literal>, and accepts the netdevs of kind <literal>l2tp</literal>, and accepts the
following keys:</para> following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>Name=</varname></term> <term><varname>Name=</varname></term>
<listitem> <listitem>
<para>Specifies the name of the session. This setting is compulsory.</para> <para>Specifies the name of the session. This option is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>SessionId=</varname></term> <term><varname>SessionId=</varname></term>
<listitem> <listitem>
<para>Specifies the session identifier. Takes an number in the range 14294967295. The value used <para>Specifies the session id. The value used must match the <literal>SessionId=</literal> value being used at the peer.
must match the <literal>SessionId=</literal> value being used at the peer. This setting is Ranges a number between 1 and 4294967295). This option is compulsory.</para>
compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PeerSessionId=</varname></term> <term><varname>PeerSessionId=</varname></term>
<listitem> <listitem>
<para>Specifies the peer session identifier. Takes an number in the range 14294967295. <para>Specifies the peer session id. The value used must match the <literal>PeerSessionId=</literal> value being used at the peer.
The value used must match the <literal>PeerSessionId=</literal> value being used at the peer. Ranges a number between 1 and 4294967295). This option is compulsory.</para>
This setting is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -936,7 +929,7 @@
<refsect1> <refsect1>
<title>[MACsec] Section Options</title> <title>[MACsec] Section Options</title>
<para>The [MACsec] section only applies for network devices of kind <para>The <literal>[MACsec]</literal> section only applies for network devices of kind
<literal>macsec</literal>, and accepts the following keys:</para> <literal>macsec</literal>, and accepts the following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -959,7 +952,7 @@
<refsect1> <refsect1>
<title>[MACsecReceiveChannel] Section Options</title> <title>[MACsecReceiveChannel] Section Options</title>
<para>The [MACsecReceiveChannel] section only applies for network devices of <para>The <literal>[MACsecReceiveChannel]</literal> section only applies for network devices of
kind <literal>macsec</literal>, and accepts the following keys:</para> kind <literal>macsec</literal>, and accepts the following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -975,7 +968,7 @@
<term><varname>MACAddress=</varname></term> <term><varname>MACAddress=</varname></term>
<listitem> <listitem>
<para>Specifies the MAC address to be used for the MACsec receive channel. The MAC address <para>Specifies the MAC address to be used for the MACsec receive channel. The MAC address
used to make secure channel identifier (SCI). This setting is compulsory, and is not set by used to make secure channel identifier (SCI). This option is compulsory, and is not set by
default.</para> default.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -985,7 +978,7 @@
<refsect1> <refsect1>
<title>[MACsecTransmitAssociation] Section Options</title> <title>[MACsecTransmitAssociation] Section Options</title>
<para>The [MACsecTransmitAssociation] section only applies for network devices <para>The <literal>[MACsecTransmitAssociation]</literal> section only applies for network devices
of kind <literal>macsec</literal>, and accepts the following keys:</para> of kind <literal>macsec</literal>, and accepts the following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1009,7 +1002,7 @@
<term><varname>Key=</varname></term> <term><varname>Key=</varname></term>
<listitem> <listitem>
<para>Specifies the encryption key used in the transmission channel. The same key must be <para>Specifies the encryption key used in the transmission channel. The same key must be
configured on the peers matching receive channel. This setting is compulsory, and is not set configured on the peers matching receive channel. This option is compulsory, and is not set
by default. Takes a 128-bit key encoded in a hexadecimal string, for example by default. Takes a 128-bit key encoded in a hexadecimal string, for example
<literal>dffafc8d7b9a43d5b9a3dfbbf6a30c16</literal>.</para> <literal>dffafc8d7b9a43d5b9a3dfbbf6a30c16</literal>.</para>
</listitem> </listitem>
@ -1035,7 +1028,7 @@
<term><varname>UseForEncoding=</varname></term> <term><varname>UseForEncoding=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. If enabled, then the security association is used for encoding. Only <para>Takes a boolean. If enabled, then the security association is used for encoding. Only
one [MACsecTransmitAssociation] section can enable this option. When enabled, one <literal>[MACsecTransmitAssociation]</literal> section can enable this option. When enabled,
<varname>Activate=yes</varname> is implied. Defaults to unset.</para> <varname>Activate=yes</varname> is implied. Defaults to unset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1045,7 +1038,7 @@
<refsect1> <refsect1>
<title>[MACsecReceiveAssociation] Section Options</title> <title>[MACsecReceiveAssociation] Section Options</title>
<para>The [MACsecReceiveAssociation] section only applies for <para>The <literal>[MACsecReceiveAssociation]</literal> section only applies for
network devices of kind <literal>macsec</literal>, and accepts the network devices of kind <literal>macsec</literal>, and accepts the
following keys:</para> following keys:</para>
@ -1053,43 +1046,43 @@
<varlistentry> <varlistentry>
<term><varname>Port=</varname></term> <term><varname>Port=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in [MACsecReceiveChannel] section.</para> <para>Accepts the same key in <literal>[MACsecReceiveChannel]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>MACAddress=</varname></term> <term><varname>MACAddress=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in [MACsecReceiveChannel] section.</para> <para>Accepts the same key in <literal>[MACsecReceiveChannel]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PacketNumber=</varname></term> <term><varname>PacketNumber=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para> <para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>KeyId=</varname></term> <term><varname>KeyId=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para> <para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>Key=</varname></term> <term><varname>Key=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para> <para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>KeyFile=</varname></term> <term><varname>KeyFile=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para> <para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>Activate=</varname></term> <term><varname>Activate=</varname></term>
<listitem> <listitem>
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para> <para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -1098,7 +1091,7 @@
<refsect1> <refsect1>
<title>[Tunnel] Section Options</title> <title>[Tunnel] Section Options</title>
<para>The [Tunnel] section only applies for <para>The <literal>[Tunnel]</literal> section only applies for
netdevs of kind netdevs of kind
<literal>ipip</literal>, <literal>ipip</literal>,
<literal>sit</literal>, <literal>sit</literal>,
@ -1143,7 +1136,7 @@
<para>A fixed Time To Live N on tunneled packets. N is a <para>A fixed Time To Live N on tunneled packets. N is a
number in the range 1255. 0 is a special value meaning that number in the range 1255. 0 is a special value meaning that
packets inherit the TTL value. The default value for IPv4 packets inherit the TTL value. The default value for IPv4
tunnels is 0 (inherit). The default value for IPv6 tunnels is tunnels is: inherit. The default value for IPv6 tunnels is
64.</para> 64.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1199,7 +1192,7 @@
both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>). both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>).
The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad. The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad.
It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
and control path) in IP XFRM (framework used to implement IPsec protocol). and control path) in ip xfrm (framework used to implement IPsec protocol).
See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html"> See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6, ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6,
GRE, GRETAP, and ERSPAN tunnels.</para> GRE, GRETAP, and ERSPAN tunnels.</para>
@ -1281,7 +1274,7 @@
<varlistentry> <varlistentry>
<term><varname>Encapsulation=</varname></term> <term><varname>Encapsulation=</varname></term>
<listitem> <listitem>
<para>Accepts the same key as in the [FooOverUDP] section.</para> <para>Accepts the same key as in the <literal>[FooOverUDP]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1321,7 +1314,7 @@
<refsect1> <refsect1>
<title>[FooOverUDP] Section Options</title> <title>[FooOverUDP] Section Options</title>
<para>The [FooOverUDP] section only applies for <para>The <literal>[FooOverUDP]</literal> section only applies for
netdevs of kind <literal>fou</literal> and accepts the netdevs of kind <literal>fou</literal> and accepts the
following keys:</para> following keys:</para>
@ -1329,32 +1322,29 @@
<varlistentry> <varlistentry>
<term><varname>Encapsulation=</varname></term> <term><varname>Encapsulation=</varname></term>
<listitem> <listitem>
<para>Specifies the encapsulation mechanism used to store networking packets of various protocols <para>Specifies the encapsulation mechanism used to store networking packets of various protocols inside the UDP packets. Supports the following values:
inside the UDP packets. Supports the following values:
<literal>FooOverUDP</literal> provides the simplest no frills model of UDP encapsulation, it simply <literal>FooOverUDP</literal> provides the simplest no frills model of UDP encapsulation, it simply encapsulates
encapsulates packets directly in the UDP payload. <literal>GenericUDPEncapsulation</literal> is a packets directly in the UDP payload.
generic and extensible encapsulation, it allows encapsulation of packets for any IP protocol and <literal>GenericUDPEncapsulation</literal> is a generic and extensible encapsulation, it allows encapsulation of packets for any IP
optional data as part of the encapsulation. For more detailed information see <ulink protocol and optional data as part of the encapsulation.
url="https://lwn.net/Articles/615044">Generic UDP Encapsulation</ulink>. Defaults to For more detailed information see <ulink url="https://lwn.net/Articles/615044">Generic UDP Encapsulation</ulink>.
<literal>FooOverUDP</literal>. Defaults to <literal>FooOverUDP</literal>.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>Port=</varname></term> <term><varname>Port=</varname></term>
<listitem> <listitem>
<para>Specifies the port number, where the IP encapsulation packets will arrive. Please take note <para>Specifies the port number, where the IP encapsulation packets will arrive. Please take note that the packets
that the packets will arrive with the encapsulation will be removed. Then they will be manually fed will arrive with the encapsulation will be removed. Then they will be manually fed back into the network stack, and sent ahead
back into the network stack, and sent ahead for delivery to the real destination. This option is for delivery to the real destination. This option is mandatory.</para>
mandatory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PeerPort=</varname></term> <term><varname>PeerPort=</varname></term>
<listitem> <listitem>
<para>Specifies the peer port number. Defaults to unset. Note that when peer port is set <para>Specifies the peer port number. Defaults to unset. Note that when peer port is set <literal>Peer=</literal> address is mandotory.</para>
<literal>Peer=</literal> address is mandatory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1370,8 +1360,7 @@
<varlistentry> <varlistentry>
<term><varname>Peer=</varname></term> <term><varname>Peer=</varname></term>
<listitem> <listitem>
<para>Configures peer IP address. Note that when peer address is set <literal>PeerPort=</literal> <para>Configures peer IP address. Note that when peer address is set <literal>PeerPort=</literal> is mandotory.</para>
is mandatory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1386,7 +1375,7 @@
<refsect1> <refsect1>
<title>[Peer] Section Options</title> <title>[Peer] Section Options</title>
<para>The [Peer] section only applies for <para>The <literal>[Peer]</literal> section only applies for
netdevs of kind <literal>veth</literal> and accepts the netdevs of kind <literal>veth</literal> and accepts the
following keys:</para> following keys:</para>
@ -1395,7 +1384,7 @@
<term><varname>Name=</varname></term> <term><varname>Name=</varname></term>
<listitem> <listitem>
<para>The interface name used when creating the netdev. <para>The interface name used when creating the netdev.
This setting is compulsory.</para> This option is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1412,7 +1401,7 @@
<refsect1> <refsect1>
<title>[VXCAN] Section Options</title> <title>[VXCAN] Section Options</title>
<para>The [VXCAN] section only applies for <para>The <literal>[VXCAN]</literal> section only applies for
netdevs of kind <literal>vxcan</literal> and accepts the netdevs of kind <literal>vxcan</literal> and accepts the
following key:</para> following key:</para>
@ -1421,7 +1410,7 @@
<term><varname>Peer=</varname></term> <term><varname>Peer=</varname></term>
<listitem> <listitem>
<para>The peer interface name used when creating the netdev. <para>The peer interface name used when creating the netdev.
This setting is compulsory.</para> This option is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -1430,7 +1419,7 @@
<refsect1> <refsect1>
<title>[Tun] Section Options</title> <title>[Tun] Section Options</title>
<para>The [Tun] section only applies for <para>The <literal>[Tun]</literal> section only applies for
netdevs of kind <literal>tun</literal>, and accepts the following netdevs of kind <literal>tun</literal>, and accepts the following
keys:</para> keys:</para>
@ -1480,15 +1469,15 @@
<refsect1> <refsect1>
<title>[Tap] Section Options</title> <title>[Tap] Section Options</title>
<para>The [Tap] section only applies for <para>The <literal>[Tap]</literal> section only applies for
netdevs of kind <literal>tap</literal>, and accepts the same keys netdevs of kind <literal>tap</literal>, and accepts the same keys
as the [Tun] section.</para> as the <literal>[Tun]</literal> section.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>[WireGuard] Section Options</title> <title>[WireGuard] Section Options</title>
<para>The [WireGuard] section accepts the following <para>The <literal>[WireGuard]</literal> section accepts the following
keys:</para> keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1535,7 +1524,7 @@
<refsect1> <refsect1>
<title>[WireGuardPeer] Section Options</title> <title>[WireGuardPeer] Section Options</title>
<para>The [WireGuardPeer] section accepts the following <para>The <literal>[WireGuardPeer]</literal> section accepts the following
keys:</para> keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1611,7 +1600,7 @@
<refsect1> <refsect1>
<title>[Bond] Section Options</title> <title>[Bond] Section Options</title>
<para>The [Bond] section accepts the following <para>The <literal>[Bond]</literal> section accepts the following
key:</para> key:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1713,15 +1702,14 @@
<varlistentry> <varlistentry>
<term><varname>AdActorSystemPriority=</varname></term> <term><varname>AdActorSystemPriority=</varname></term>
<listitem> <listitem>
<para>Specifies the 802.3ad actor system priority. Takes a number in the range 1—65535.</para> <para>Specifies the 802.3ad actor system priority. Ranges [1-65535].</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>AdUserPortKey=</varname></term> <term><varname>AdUserPortKey=</varname></term>
<listitem> <listitem>
<para>Specifies the 802.3ad user defined portion of the port key. Takes a number in the range <para>Specifies the 802.3ad user defined portion of the port key. Ranges [0-1023].</para>
01023.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1891,7 +1879,7 @@
<refsect1> <refsect1>
<title>[Xfrm] Section Options</title> <title>[Xfrm] Section Options</title>
<para>The [Xfrm] section accepts the following <para>The <literal>[Xfrm]</literal> section accepts the following
keys:</para> keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1914,12 +1902,13 @@
</variablelist> </variablelist>
<para>For more detail information see <para>For more detail information see
<ulink url="https://lwn.net/Articles/757391">Virtual XFRM Interfaces</ulink>.</para> <ulink url="https://lwn.net/Articles/757391">
Virtual xfrm interfaces</ulink></para>
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>[VRF] Section Options</title> <title>[VRF] Section Options</title>
<para>The [VRF] section only applies for <para>The <literal>[VRF]</literal> section only applies for
netdevs of kind <literal>vrf</literal> and accepts the netdevs of kind <literal>vrf</literal> and accepts the
following key:</para> following key:</para>
@ -1927,7 +1916,7 @@
<varlistentry> <varlistentry>
<term><varname>Table=</varname></term> <term><varname>Table=</varname></term>
<listitem> <listitem>
<para>The numeric routing table identifier. This setting is compulsory.</para> <para>The numeric routing table identifier. This option is compulsory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

View File

@ -72,16 +72,21 @@
<refsect1> <refsect1>
<title>[Match] Section Options</title> <title>[Match] Section Options</title>
<para>The network file contains a [Match] section, which determines if a given network file may be <para>The network file contains a <literal>[Match]</literal>
applied to a given device; and a [Network] section specifying how the device should be configured. The section, which determines if a given network file may be applied
first (in lexical order) of the network files that matches a given device is applied, all later files to a given device; and a <literal>[Network]</literal> section
are ignored, even if they match as well.</para> specifying how the device should be configured. The first (in
lexical order) of the network files that matches a given device
is applied, all later files are ignored, even if they match as
well.</para>
<para>A network file is said to match a network interface if all matches specified by the [Match] <para>A network file is said to match a network interface if all matches specified by the
section are satisfied. When a network file does not contain valid settings in [Match] section, then the <literal>[Match]</literal> section are satisfied. When a network file does not contain valid
file will match all interfaces and <command>systemd-networkd</command> warns about that. Hint: to avoid settings in <literal>[Match]</literal> section, then the file will match all interfaces and
the warning and to make it clear that all interfaces shall be matched, add the following: <command>systemd-networkd</command> warns about that. Hint: to avoid the warning and to make it
<programlisting>Name=*</programlisting> The following keys are accepted:</para> clear that all interfaces shall be matched, add the following:
<programlisting>Name=*</programlisting>
The following keys are accepted:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="systemd.link.xml" xpointer="mac-address" /> <xi:include href="systemd.link.xml" xpointer="mac-address" />
@ -127,8 +132,9 @@
<listitem> <listitem>
<para>A whitespace-separated list of hardware address of the currently connected wireless <para>A whitespace-separated list of hardware address of the currently connected wireless
LAN. Use full colon-, hyphen- or dot-delimited hexadecimal. See the example in LAN. Use full colon-, hyphen- or dot-delimited hexadecimal. See the example in
<varname>MACAddress=</varname>. This option may appear more than once, in which case the <varname>MACAddress=</varname>. This option may appear more than one, in which case the
lists are merged. If the empty string is assigned to this option, the list is reset.</para> lists are merged. If the empty string is assigned to this option, the list of BSSID defined
prior to this is reset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -144,7 +150,7 @@
<refsect1> <refsect1>
<title>[Link] Section Options</title> <title>[Link] Section Options</title>
<para> The [Link] section accepts the following keys:</para> <para> The <literal>[Link]</literal> section accepts the following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -205,7 +211,7 @@
<para>Link groups are similar to port ranges found in managed switches. <para>Link groups are similar to port ranges found in managed switches.
When network interfaces are added to a numbered group, operations on When network interfaces are added to a numbered group, operations on
all the interfaces from that group can be performed at once. An unsigned all the interfaces from that group can be performed at once. An unsigned
integer in the range 0—4294967294. Defaults to unset.</para> integer ranges 0 to 4294967294. Default to unset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -233,11 +239,12 @@
<refsect1> <refsect1>
<title>[SR-IOV] Section Options</title> <title>[SR-IOV] Section Options</title>
<para>The [SR-IOV] section accepts the following keys. Specify several [SR-IOV] sections to configure <para>The <literal>[SR-IOV]</literal> section accepts the
several SR-IOVs. SR-IOV provides the ability to partition a single physical PCI resource into virtual following keys. Specify several <literal>[SR-IOV]</literal>
PCI functions which can then be injected into a VM. In the case of network VFs, SR-IOV improves sections to configure several SR-IOVs. SR-IOV provides the ability to partition a single physical PCI resource
north-south network performance (that is, traffic with endpoints outside the host machine) by allowing into virtual PCI functions which can then be injected into a VM. In the case of network VFs, SR-IOV improves
traffic to bypass the host machines network stack.</para> north-south network performance (that is, traffic with endpoints outside the host machine) by allowing traffic to
bypass the host machines network stack.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -320,7 +327,7 @@
<refsect1> <refsect1>
<title>[Network] Section Options</title> <title>[Network] Section Options</title>
<para>The [Network] section accepts the following keys:</para> <para>The <literal>[Network]</literal> section accepts the following keys:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -349,15 +356,16 @@
specified through DHCP is not used for name resolution. specified through DHCP is not used for name resolution.
See option <option>UseDomains=</option> below.</para> See option <option>UseDomains=</option> below.</para>
<para>See the [DHCPv4] or [DHCPv6] sections below for further configuration options for the DHCP <para>See the <literal>[DHCPv4]</literal> or <literal>[DHCPv6]</literal> section below for
client support.</para> further configuration options for the DHCP client support.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>DHCPServer=</varname></term> <term><varname>DHCPServer=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. If set to <literal>yes</literal>, DHCPv4 server will be started. Defaults <para>Takes a boolean. If set to <literal>yes</literal>, DHCPv4 server will be started. Defaults
to <literal>no</literal>. Further settings for the DHCP server may be set in the [DHCPServer] to <literal>no</literal>. Further settings for the DHCP
server may be set in the <literal>[DHCPServer]</literal>
section described below.</para> section described below.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -487,8 +495,10 @@
<varlistentry> <varlistentry>
<term><varname>DNSSEC=</varname></term> <term><varname>DNSSEC=</varname></term>
<listitem> <listitem>
<para>Takes a boolean or <literal>allow-downgrade</literal>. When true, enables <para>Takes a boolean. or
<ulink url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink> <literal>allow-downgrade</literal>. When true, enables
<ulink
url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink>
DNS validation support on the link. When set to DNS validation support on the link. When set to
<literal>allow-downgrade</literal>, compatibility with <literal>allow-downgrade</literal>, compatibility with
non-DNSSEC capable networks is increased, by automatically non-DNSSEC capable networks is increased, by automatically
@ -720,8 +730,8 @@
forwarding is enabled, and to enable it otherwise. Cannot be enabled on bond devices and when link forwarding is enabled, and to enable it otherwise. Cannot be enabled on bond devices and when link
local addressing is disabled.</para> local addressing is disabled.</para>
<para>Further settings for the IPv6 RA support may be configured in the [IPv6AcceptRA] section, see <para>Further settings for the IPv6 RA support may be configured in the
below.</para> <literal>[IPv6AcceptRA]</literal> section, see below.</para>
<para>Also see <ulink <para>Also see <ulink
url="https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt">ip-sysctl.txt</ulink> in the kernel url="https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt">ip-sysctl.txt</ulink> in the kernel
@ -760,7 +770,7 @@
<term><varname>IPv4ProxyARP=</varname></term> <term><varname>IPv4ProxyARP=</varname></term>
<listitem><para>Takes a boolean. Configures proxy ARP for IPv4. Proxy ARP is the technique in which one host, <listitem><para>Takes a boolean. Configures proxy ARP for IPv4. Proxy ARP is the technique in which one host,
usually a router, answers ARP requests intended for another machine. By "faking" its identity, usually a router, answers ARP requests intended for another machine. By "faking" its identity,
the router accepts responsibility for routing packets to the "real" destination. See <ulink the router accepts responsibility for routing packets to the "real" destination. (see <ulink
url="https://tools.ietf.org/html/rfc1027">RFC 1027</ulink>. url="https://tools.ietf.org/html/rfc1027">RFC 1027</ulink>.
When unset, the kernel's default will be used. When unset, the kernel's default will be used.
</para></listitem> </para></listitem>
@ -791,15 +801,18 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>IPv6PrefixDelegation=</varname></term> <term><varname>IPv6PrefixDelegation=</varname></term>
<listitem><para>Whether to enable or disable Router Advertisement sending on a link. Allowed <listitem><para>Whether to enable or disable Router Advertisement sending on a link.
values are <literal>static</literal> which distributes prefixes as defined in the Allowed values are <literal>static</literal> which distributes prefixes as defined in
[IPv6PrefixDelegation] and any [IPv6Prefix] sections, <literal>dhcpv6</literal> which requests the <literal>[IPv6PrefixDelegation]</literal> and any <literal>[IPv6Prefix]</literal>
prefixes using a DHCPv6 client configured for another link and any values configured in the sections, <literal>dhcpv6</literal> which requests prefixes using a DHCPv6 client
[IPv6PrefixDelegation] section while ignoring all static prefix configuration sections, configured for another link and any values configured in the
<literal>yes</literal> which uses both static configuration and DHCPv6, and <literal>[IPv6PrefixDelegation]</literal> section while ignoring all static prefix
<literal>false</literal> which turns off IPv6 prefix delegation altogether. Defaults to configuration sections, <literal>yes</literal> which uses both static configuration
<literal>false</literal>. See the [IPv6PrefixDelegation] and the [IPv6Prefix] sections for more and DHCPv6, and <literal>false</literal> which turns off IPv6 prefix delegation
configuration options.</para></listitem> altogether. Defaults to <literal>false</literal>. See the
<literal>[IPv6PrefixDelegation]</literal> and the <literal>[IPv6Prefix]</literal>
sections for more configuration options.
</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>IPv6PDSubnetId=</varname></term> <term><varname>IPv6PDSubnetId=</varname></term>
@ -965,15 +978,16 @@
<refsect1> <refsect1>
<title>[Address] Section Options</title> <title>[Address] Section Options</title>
<para>An [Address] section accepts the following keys. Specify several [Address] <para>An <literal>[Address]</literal> section accepts the
following keys. Specify several <literal>[Address]</literal>
sections to configure several addresses.</para> sections to configure several addresses.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>Address=</varname></term> <term><varname>Address=</varname></term>
<listitem> <listitem>
<para>As in the [Network] section. This key is mandatory. Each [Address] section can contain one <para>As in the <literal>[Network]</literal> section. This key is mandatory. Each
<varname>Address=</varname> setting.</para> <literal>[Address]</literal> section can contain one <varname>Address=</varname> setting.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1017,7 +1031,7 @@
<term><varname>Scope=</varname></term> <term><varname>Scope=</varname></term>
<listitem> <listitem>
<para>The scope of the address, which can be <literal>global</literal>, <para>The scope of the address, which can be <literal>global</literal>,
<literal>link</literal> or <literal>host</literal> or an unsigned integer in the range 0—255. <literal>link</literal> or <literal>host</literal> or an unsigned integer ranges 0 to 255.
Defaults to <literal>global</literal>.</para> Defaults to <literal>global</literal>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1079,10 +1093,12 @@
<refsect1> <refsect1>
<title>[Neighbor] Section Options</title> <title>[Neighbor] Section Options</title>
<para>A [Neighbor] section accepts the following keys. The neighbor section adds a permanent, static <para>A <literal>[Neighbor]</literal> section accepts the
entry to the neighbor table (IPv6) or ARP table (IPv4) for the given hardware address on the links following keys. The neighbor section adds a permanent, static
matched for the network. Specify several [Neighbor] sections to configure several static neighbors. entry to the neighbor table (IPv6) or ARP table (IPv4) for
</para> the given hardware address on the links matched for the network.
Specify several <literal>[Neighbor]</literal> sections to configure
several static neighbors.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -1103,17 +1119,18 @@
<refsect1> <refsect1>
<title>[IPv6AddressLabel] Section Options</title> <title>[IPv6AddressLabel] Section Options</title>
<para>An [IPv6AddressLabel] section accepts the following keys. Specify several [IPv6AddressLabel] <para>An <literal>[IPv6AddressLabel]</literal> section accepts the
sections to configure several address labels. IPv6 address labels are used for address selection. See following keys. Specify several <literal>[IPv6AddressLabel]</literal>
<ulink url="https://tools.ietf.org/html/rfc3484">RFC 3484</ulink>. Precedence is managed by userspace, sections to configure several address labels. IPv6 address labels are
and only the label itself is stored in the kernel</para> used for address selection. See <ulink url="https://tools.ietf.org/html/rfc3484">RFC 3484</ulink>.
Precedence is managed by userspace, and only the label itself is stored in the kernel</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>Label=</varname></term> <term><varname>Label=</varname></term>
<listitem> <listitem>
<para>The label for the prefix, an unsigned integer in the range 04294967294. <para> The label for the prefix (an unsigned integer) ranges 0 to 4294967294.
0xffffffff is reserved. This setting is mandatory.</para> 0xffffffff is reserved. This key is mandatory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1129,14 +1146,15 @@
<refsect1> <refsect1>
<title>[RoutingPolicyRule] Section Options</title> <title>[RoutingPolicyRule] Section Options</title>
<para>An [RoutingPolicyRule] section accepts the following keys. Specify several [RoutingPolicyRule] <para>An <literal>[RoutingPolicyRule]</literal> section accepts the
following keys. Specify several <literal>[RoutingPolicyRule]</literal>
sections to configure several rules.</para> sections to configure several rules.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>TypeOfService=</varname></term> <term><varname>TypeOfService=</varname></term>
<listitem> <listitem>
<para>Takes a number between 0 and 255 that specifies the type of service to match.</para> <para>Specifies the type of service to match a number between 0 to 255.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1243,15 +1261,16 @@
<refsect1> <refsect1>
<title>[NextHop] Section Options</title> <title>[NextHop] Section Options</title>
<para>The [NextHop] section is used to manipulate entries in the kernel's "nexthop" tables. The <para>The <literal>[NextHop]</literal> section accepts the
[NextHop] section accepts the following keys. Specify several [NextHop] sections to configure several following keys. Specify several <literal>[NextHop]</literal>
hops.</para> sections to configure several nexthop. Nexthop is used to manipulate entries in the kernel's nexthop
tables.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>Gateway=</varname></term> <term><varname>Gateway=</varname></term>
<listitem> <listitem>
<para>As in the [Network] section. This is mandatory.</para> <para>As in the <literal>[Network]</literal> section. This is mandatory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1265,8 +1284,9 @@
<refsect1> <refsect1>
<title>[Route] Section Options</title> <title>[Route] Section Options</title>
<para>The [Route] section accepts the following keys. Specify several [Route] sections to configure <para>The <literal>[Route]</literal> section accepts the
several routes.</para> following keys. Specify several <literal>[Route]</literal>
sections to configure several routes.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -1313,10 +1333,10 @@
<term><varname>IPv6Preference=</varname></term> <term><varname>IPv6Preference=</varname></term>
<listitem> <listitem>
<para>Specifies the route preference as defined in <ulink <para>Specifies the route preference as defined in <ulink
url="https://tools.ietf.org/html/rfc4191">RFC 4191</ulink> for Router Discovery messages. Which url="https://tools.ietf.org/html/rfc4191">RFC4191</ulink> for Router Discovery messages.
can be one of <literal>low</literal> the route has a lowest priority, <literal>medium</literal> Which can be one of <literal>low</literal> the route has a lowest priority,
the route has a default priority or <literal>high</literal> the route has a highest priority. <literal>medium</literal> the route has a default priority or
</para> <literal>high</literal> the route has a highest priority.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1451,7 +1471,8 @@
<refsect1> <refsect1>
<title>[DHCPv4] Section Options</title> <title>[DHCPv4] Section Options</title>
<para>The [DHCPv4] section configures the DHCPv4 client, if it is enabled with the <para>The <literal>[DHCPv4]</literal> section configures the
DHCPv4 client, if it is enabled with the
<varname>DHCP=</varname> setting described above:</para> <varname>DHCP=</varname> setting described above:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1696,8 +1717,8 @@
<para>The table identifier for DHCP routes (a number between 1 and 4294967295, or 0 to unset). <para>The table identifier for DHCP routes (a number between 1 and 4294967295, or 0 to unset).
The table can be retrieved using <command>ip route show table <replaceable>num</replaceable></command>. The table can be retrieved using <command>ip route show table <replaceable>num</replaceable></command>.
</para> </para>
<para>When used in combination with <varname>VRF=</varname>, the <para>When used in combination with <varname>VRF=</varname> the
VRF's routing table is used when this parameter is not specified. VRF's routing table is used unless this parameter is specified.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1736,12 +1757,11 @@
<varlistentry> <varlistentry>
<term><varname>SendDecline=</varname></term> <term><varname>SendDecline=</varname></term>
<listitem> <listitem>
<para>A boolean. When <literal>true</literal>, the DHCPv4 client receives the IP address from the <para>A boolean. When <literal>true</literal>, DHCPv4 clients receives IP address from DHCP server.
DHCP server. After a new IP is received, the DHCPv4 client performs IPv4 Duplicate Address After new IP is received, DHCPv4 performs IPv4 Duplicate Address Detection. If duplicate use of IP is detected
Detection. If duplicate use is detected, the DHCPv4 client rejects the IP by sending a the DHCPv4 client rejects the IP by sending a DHCPDECLINE packet DHCP clients try to obtain an IP address again.
DHCPDECLINE packet and tries to obtain an IP address again. See <ulink See <ulink url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>.
url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>. Defaults to Defaults to <literal>unset</literal>.</para>
<literal>unset</literal>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1794,7 +1814,7 @@
<refsect1> <refsect1>
<title>[DHCPv6] Section Options</title> <title>[DHCPv6] Section Options</title>
<para>The [DHCPv6] section configures the DHCPv6 client, if it is enabled with the <para>The <literal>[DHCPv6]</literal> section configures the DHCPv6 client, if it is enabled with the
<varname>DHCP=</varname> setting described above, or invoked by the IPv6 Router Advertisement:</para> <varname>DHCP=</varname> setting described above, or invoked by the IPv6 Router Advertisement:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -1802,7 +1822,7 @@
<term><varname>UseDNS=</varname></term> <term><varname>UseDNS=</varname></term>
<term><varname>UseNTP=</varname></term> <term><varname>UseNTP=</varname></term>
<listitem> <listitem>
<para>As in the [DHCPv4] section.</para> <para>As in the <literal>[DHCPv4]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1819,7 +1839,7 @@
<para>Takes a boolean. The DHCPv6 client can obtain configuration parameters from a DHCPv6 server through <para>Takes a boolean. The DHCPv6 client can obtain configuration parameters from a DHCPv6 server through
a rapid two-message exchange (solicit and reply). When the rapid commit option is enabled by both a rapid two-message exchange (solicit and reply). When the rapid commit option is enabled by both
the DHCPv6 client and the DHCPv6 server, the two-message exchange is used, rather than the default the DHCPv6 client and the DHCPv6 server, the two-message exchange is used, rather than the default
four-message exchange (solicit, advertise, request, and reply). The two-message exchange provides four-method exchange (solicit, advertise, request, and reply). The two-message exchange provides
faster client configuration and is beneficial in environments in which networks are under a heavy load. faster client configuration and is beneficial in environments in which networks are under a heavy load.
See <ulink url="https://tools.ietf.org/html/rfc3315#section-17.2.1">RFC 3315</ulink> for details. See <ulink url="https://tools.ietf.org/html/rfc3315#section-17.2.1">RFC 3315</ulink> for details.
Defaults to true.</para> Defaults to true.</para>
@ -1847,15 +1867,14 @@
<varlistentry> <varlistentry>
<term><varname>SendVendorOption=</varname></term> <term><varname>SendVendorOption=</varname></term>
<listitem> <listitem>
<para>Send an arbitrary vendor option in the DHCPv6 request. Takes an enterprise identifier, DHCP <para>Send an arbitrary vendor option in the DHCPv6 request. Takes an enterprise identifier, DHCP option number,
option number, data type, and data separated with a colon (<literal><replaceable>enterprise data type, and data separated with a colon
identifier</replaceable>:<replaceable>option</replaceable>:<replaceable>type</replaceable>: (<literal><replaceable>enterprise identifier</replaceable>:<replaceable>option</replaceable>:<replaceable>type</replaceable>:
<replaceable>value</replaceable></literal>). Enterprise identifier is an unsigned integer in the <replaceable>value</replaceable></literal>). Enterprise identifier is an unsigned integer ranges 1..4294967294.
range 14294967294. The option number must be an integer in the range 1254. Data type takes one The option number must be an integer in the range 1..254. Data type takes one of <literal>uint8</literal>,
of <literal>uint8</literal>, <literal>uint16</literal>, <literal>uint32</literal>, <literal>uint16</literal>, <literal>uint32</literal>, <literal>ipv4address</literal>, <literal>ipv6address</literal>, or
<literal>ipv4address</literal>, <literal>ipv6address</literal>, or <literal>string</literal>. Special characters in the data string may be escaped using
<literal>string</literal>. Special characters in the data string may be escaped using <ulink <ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
escapes</ulink>. This setting can be specified multiple times. If an empty string is specified, escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
then all options specified earlier are cleared. Defaults to unset.</para> then all options specified earlier are cleared. Defaults to unset.</para>
</listitem> </listitem>
@ -1899,26 +1918,24 @@
<varlistentry> <varlistentry>
<term><varname>PrefixDelegationHint=</varname></term> <term><varname>PrefixDelegationHint=</varname></term>
<listitem> <listitem>
<para>Takes an IPv6 address with prefix length in the same format as the <para>Takes an IPv6 address with prefix length as <varname>Address=</varname> in
<varname>Address=</varname> in the [Network] section. The DHCPv6 client will include a prefix the "[Network]" section. Specifies the DHCPv6 client for the requesting router to include
hint in the DHCPv6 solicitation sent to the server. The prefix length must be in the range a prefix-hint in the DHCPv6 solicitation. Prefix ranges 1..128. Defaults to unset.</para>
1128. Defaults to unset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>WithoutRA=</varname></term> <term><varname>WithoutRA=</varname></term>
<listitem> <listitem>
<para>Allows DHCPv6 client to start without router advertisements's managed or other address <para>Allows DHCPv6 client to start without router advertisements's managed or other address configuration flag.
configuration flag. Takes one of <literal>solicit</literal> or Takes one of <literal>solicit</literal> or <literal>information-request</literal>. Defaults to unset.</para>
<literal>information-request</literal>. Defaults to unset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>SendOption=</varname></term> <term><varname>SendOption=</varname></term>
<listitem> <listitem>
<para>As in the [DHCPv4] section, however because DHCPv6 uses 16-bit fields to store <para>As in the <literal>[DHCPv4]</literal> section, however because DHCPv6 uses 16-bit fields to store
option numbers, the option number is an integer in the range 1..65536.</para> option numbers, the option number is an integer in the range 1..65536.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1952,8 +1969,9 @@
<refsect1> <refsect1>
<title>[IPv6AcceptRA] Section Options</title> <title>[IPv6AcceptRA] Section Options</title>
<para>The [IPv6AcceptRA] section configures the IPv6 Router Advertisement (RA) client, if it is enabled <para>The <literal>[IPv6AcceptRA]</literal> section configures the IPv6 Router Advertisement
with the <varname>IPv6AcceptRA=</varname> setting described above:</para> (RA) client, if it is enabled with the <varname>IPv6AcceptRA=</varname> setting described
above:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -2033,7 +2051,8 @@
<refsect1> <refsect1>
<title>[DHCPServer] Section Options</title> <title>[DHCPServer] Section Options</title>
<para>The [DHCPServer] section contains settings for the DHCP server, if enabled via the <para>The <literal>[DHCPServer]</literal> section contains
settings for the DHCP server, if enabled via the
<varname>DHCPServer=</varname> option described above:</para> <varname>DHCPServer=</varname> option described above:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -2167,9 +2186,11 @@
<refsect1> <refsect1>
<title>[IPv6PrefixDelegation] Section Options</title> <title>[IPv6PrefixDelegation] Section Options</title>
<para>The [IPv6PrefixDelegation] section contains settings for sending IPv6 Router Advertisements and <para>The <literal>[IPv6PrefixDelegation]</literal> section contains
whether to act as a router, if enabled via the <varname>IPv6PrefixDelegation=</varname> option described settings for sending IPv6 Router Advertisements and whether to act as
above. IPv6 network prefixes are defined with one or more [IPv6Prefix] sections.</para> a router, if enabled via the <varname>IPv6PrefixDelegation=</varname>
option described above. IPv6 network prefixes are defined with one or
more <literal>[IPv6Prefix]</literal> sections.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -2213,26 +2234,32 @@
<term><varname>EmitDNS=</varname></term> <term><varname>EmitDNS=</varname></term>
<term><varname>DNS=</varname></term> <term><varname>DNS=</varname></term>
<listitem><para><varname>DNS=</varname> specifies a list of recursive DNS server IPv6 addresses that <listitem><para><varname>DNS=</varname> specifies a list of recursive DNS server IPv6 addresses
are distributed via Router Advertisement messages when <varname>EmitDNS=</varname> is that are distributed via Router Advertisement messages when <varname>EmitDNS=</varname> is
true. <varname>DNS=</varname> also takes special value <literal>_link_local</literal>; in that case true. <varname>DNS=</varname> also takes special value <literal>_link_local</literal>; in that
the IPv6 link local address is distributed. If <varname>DNS=</varname> is empty, DNS servers are read case the IPv6 link local address is distributed. If <varname>DNS=</varname> is empty, DNS
from the [Network] section. If the [Network] section does not contain any DNS servers either, DNS servers are read from the <literal>[Network]</literal> section. If the
servers from the uplink with the highest priority default route are used. When <literal>[Network]</literal> section does not contain any DNS servers either, DNS servers from
<varname>EmitDNS=</varname> is false, no DNS server information is sent in Router Advertisement the uplink with the highest priority default route are used. When <varname>EmitDNS=</varname>
messages. <varname>EmitDNS=</varname> defaults to true.</para></listitem> is false, no DNS server information is sent in Router Advertisement messages.
<varname>EmitDNS=</varname> defaults to true.
</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>EmitDomains=</varname></term> <term><varname>EmitDomains=</varname></term>
<term><varname>Domains=</varname></term> <term><varname>Domains=</varname></term>
<listitem><para>A list of DNS search domains distributed via Router Advertisement messages when <listitem><para>A list of DNS search domains distributed via Router
<varname>EmitDomains=</varname> is true. If <varname>Domains=</varname> is empty, DNS search domains Advertisement messages when <varname>EmitDomains=</varname> is true. If
are read from the [Network] section. If the [Network] section does not contain any DNS search domains <varname>Domains=</varname> is empty, DNS search domains are read from the
either, DNS search domains from the uplink with the highest priority default route are used. When <literal>[Network]</literal> section. If the <literal>[Network]</literal>
<varname>EmitDomains=</varname> is false, no DNS search domain information is sent in Router section does not contain any DNS search domains either, DNS search
Advertisement messages. <varname>EmitDomains=</varname> defaults to true.</para></listitem> domains from the uplink with the highest priority default route are
used. When <varname>EmitDomains=</varname> is false, no DNS search domain
information is sent in Router Advertisement messages.
<varname>EmitDomains=</varname> defaults to true.
</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -2248,9 +2275,10 @@
<refsect1> <refsect1>
<title>[IPv6Prefix] Section Options</title> <title>[IPv6Prefix] Section Options</title>
<para>One or more [IPv6Prefix] sections contain the IPv6 prefixes that are announced via Router <para>One or more <literal>[IPv6Prefix]</literal> sections contain the IPv6
Advertisements. See <ulink url="https://tools.ietf.org/html/rfc4861">RFC 4861</ulink> for further prefixes that are announced via Router Advertisements. See
details.</para> <ulink url="https://tools.ietf.org/html/rfc4861">RFC 4861</ulink>
for further details.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -2268,11 +2296,13 @@
<varlistentry> <varlistentry>
<term><varname>Prefix=</varname></term> <term><varname>Prefix=</varname></term>
<listitem><para>The IPv6 prefix that is to be distributed to hosts. Similarly to configuring static <listitem><para>The IPv6 prefix that is to be distributed to hosts.
IPv6 addresses, the setting is configured as an IPv6 prefix and its prefix length, separated by a Similarly to configuring static IPv6 addresses, the setting is
<literal>/</literal> character. Use multiple [IPv6Prefix] sections to configure multiple IPv6 configured as an IPv6 prefix and its prefix length, separated by a
prefixes since prefix lifetimes, address autoconfiguration and onlink status may differ from one <literal>/</literal> character. Use multiple
prefix to another.</para></listitem> <literal>[IPv6Prefix]</literal> sections to configure multiple IPv6
prefixes since prefix lifetimes, address autoconfiguration and onlink
status may differ from one prefix to another.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -2295,7 +2325,7 @@
<refsect1> <refsect1>
<title>[IPv6RoutePrefix] Section Options</title> <title>[IPv6RoutePrefix] Section Options</title>
<para>One or more [IPv6RoutePrefix] sections contain the IPv6 <para>One or more <literal>[IPv6RoutePrefix]</literal> sections contain the IPv6
prefix routes that are announced via Router Advertisements. See prefix routes that are announced via Router Advertisements. See
<ulink url="https://tools.ietf.org/html/rfc4191">RFC 4191</ulink> <ulink url="https://tools.ietf.org/html/rfc4191">RFC 4191</ulink>
for further details.</para> for further details.</para>
@ -2305,10 +2335,12 @@
<varlistentry> <varlistentry>
<term><varname>Route=</varname></term> <term><varname>Route=</varname></term>
<listitem><para>The IPv6 route that is to be distributed to hosts. Similarly to configuring static <listitem><para>The IPv6 route that is to be distributed to hosts.
IPv6 routes, the setting is configured as an IPv6 prefix routes and its prefix route length, Similarly to configuring static IPv6 routes, the setting is
separated by a <literal>/</literal> character. Use multiple [IPv6PrefixRoutes] sections to configure configured as an IPv6 prefix routes and its prefix route length,
multiple IPv6 prefix routes.</para></listitem> separated by a<literal>/</literal> character. Use multiple
<literal>[IPv6PrefixRoutes]</literal> sections to configure multiple IPv6
prefix routes.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -2324,7 +2356,8 @@
<refsect1> <refsect1>
<title>[Bridge] Section Options</title> <title>[Bridge] Section Options</title>
<para>The [Bridge] section accepts the following keys:</para> <para>The <literal>[Bridge]</literal> section accepts the
following keys.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>UnicastFlood=</varname></term> <term><varname>UnicastFlood=</varname></term>
@ -2372,9 +2405,10 @@
<varlistentry> <varlistentry>
<term><varname>HairPin=</varname></term> <term><varname>HairPin=</varname></term>
<listitem> <listitem>
<para>Takes a boolean. Configures whether traffic may be sent back out of the port on which it <para>Takes a boolean. Configures whether traffic may be sent back
was received. When this flag is false, then the bridge will not forward traffic back out of the out of the port on which it was received. When this flag is false, and the bridge
receiving port. When unset, the kernel's default will be used.</para> will not forward traffic back out of the receiving port.
When unset, the kernel's default will be used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -2450,14 +2484,17 @@
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>[BridgeFDB] Section Options</title> <title>[BridgeFDB] Section Options</title>
<para>The [BridgeFDB] section manages the forwarding database table of a port and accepts the following <para>The <literal>[BridgeFDB]</literal> section manages the
keys. Specify several [BridgeFDB] sections to configure several static MAC table entries.</para> forwarding database table of a port and accepts the following
keys. Specify several <literal>[BridgeFDB]</literal> sections to
configure several static MAC table entries.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>MACAddress=</varname></term> <term><varname>MACAddress=</varname></term>
<listitem> <listitem>
<para>As in the [Network] section. This key is mandatory.</para> <para>As in the <literal>[Network]</literal> section. This
key is mandatory.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -2500,8 +2537,8 @@
<refsect1> <refsect1>
<title>[LLDP] Section Options</title> <title>[LLDP] Section Options</title>
<para>The [LLDP] section manages the Link Layer Discovery Protocol (LLDP) and accepts the following <para>The <literal>[LLDP]</literal> section manages the Link Layer Discovery Protocol (LLDP) and accepts the
keys.</para> following keys.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>MUDURL=</varname></term> <term><varname>MUDURL=</varname></term>
@ -2522,8 +2559,8 @@
<refsect1> <refsect1>
<title>[CAN] Section Options</title> <title>[CAN] Section Options</title>
<para>The [CAN] section manages the Controller Area Network (CAN bus) and accepts the <para>The <literal>[CAN]</literal> section manages the Controller Area Network (CAN bus) and accepts the
following keys:</para> following keys.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
<term><varname>BitRate=</varname></term> <term><varname>BitRate=</varname></term>
@ -2601,7 +2638,7 @@
<refsect1> <refsect1>
<title>[QDisc] Section Options</title> <title>[QDisc] Section Options</title>
<para>The [QDisc] section manages the traffic control queueing discipline (qdisc).</para> <para>The <literal>[QDisc]</literal> section manages the traffic control queueing discipline (qdisc).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<varlistentry> <varlistentry>
@ -2618,10 +2655,10 @@
<refsect1> <refsect1>
<title>[NetworkEmulator] Section Options</title> <title>[NetworkEmulator] Section Options</title>
<para>The [NetworkEmulator] section manages the queueing discipline (qdisc) of the network emulator. It <para>The <literal>[NetworkEmulator]</literal> section manages the queueing discipline (qdisc) of
can be used to configure the kernel packet scheduler and simulate packet delay and loss for UDP or TCP the network emulator. It can be used to configure the kernel packet scheduler and simulate packet
applications, or limit the bandwidth usage of a particular service to simulate internet connections. delay and loss for UDP or TCP applications, or limit the bandwidth usage of a particular service to
</para> simulate internet connections.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2647,7 +2684,7 @@
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>Specifies the maximum number of packets the qdisc may hold queued at a time. <para>Specifies the maximum number of packets the qdisc may hold queued at a time.
An unsigned integer in the range 04294967294. Defaults to 1000.</para> An unsigned integer ranges 0 to 4294967294. Defaults to 1000.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2671,8 +2708,8 @@
<refsect1> <refsect1>
<title>[TokenBucketFilter] Section Options</title> <title>[TokenBucketFilter] Section Options</title>
<para>The [TokenBucketFilter] section manages the queueing discipline (qdisc) of token bucket filter <para>The <literal>[TokenBucketFilter]</literal> section manages the queueing discipline (qdisc) of
(tbf).</para> token bucket filter (tbf).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2745,8 +2782,8 @@
<refsect1> <refsect1>
<title>[PIE] Section Options</title> <title>[PIE] Section Options</title>
<para>The [PIE] section manages the queueing discipline (qdisc) of Proportional Integral <para>The <literal>[PIE]</literal> section manages the queueing discipline
controller-Enhanced (PIE).</para> (qdisc) of Proportional Integral controller-Enhanced (PIE).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2756,7 +2793,7 @@
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
dropped. An unsigned integer in the range 14294967294. Defaults to unset and kernel's default is used.</para> dropped. An unsigned integer ranges 1 to 4294967294. Defaults to unset and kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -2764,8 +2801,8 @@
<refsect1> <refsect1>
<title>[StochasticFairBlue] Section Options</title> <title>[StochasticFairBlue] Section Options</title>
<para>The [StochasticFairBlue] section manages the queueing discipline (qdisc) of stochastic fair blue <para>The <literal>[StochasticFairBlue]</literal> section manages the queueing discipline
(sfb).</para> (qdisc) of stochastic fair blue (sfb).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2774,9 +2811,8 @@
<varlistentry> <varlistentry>
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
incoming packets are dropped. An unsigned integer in the range 04294967294. Defaults to unset and dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -2784,8 +2820,8 @@
<refsect1> <refsect1>
<title>[StochasticFairnessQueueing] Section Options</title> <title>[StochasticFairnessQueueing] Section Options</title>
<para>The [StochasticFairnessQueueing] section manages the queueing discipline (qdisc) of stochastic <para>The <literal>[StochasticFairnessQueueing]</literal> section manages the queueing discipline
fairness queueing (sfq).</para> (qdisc) of stochastic fairness queueing (sfq).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2802,8 +2838,8 @@
<refsect1> <refsect1>
<title>[BFIFO] Section Options</title> <title>[BFIFO] Section Options</title>
<para>The [BFIFO] section manages the queueing discipline (qdisc) of Byte limited Packet First In First <para>The <literal>[BFIFO]</literal> section manages the queueing discipline (qdisc) of
Out (bfifo).</para> Byte limited Packet First In First Out (bfifo).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2812,11 +2848,10 @@
<varlistentry> <varlistentry>
<term><varname>LimitBytes=</varname></term> <term><varname>LimitBytes=</varname></term>
<listitem> <listitem>
<para>Specifies the hard limit on the FIFO size in bytes. The size limit (a buffer size) to prevent <para>Specifies the hard limit on the FIFO size in bytes. The size limit (a buffer size) to prevent it
it from overflowing in case it is unable to dequeue packets as quickly as it receives them. When from overflowing in case it is unable to dequeue packets as quickly as it receives them. When this limit
this limit is reached, incoming packets are dropped. When suffixed with K, M, or G, the specified is reached, incoming packets are dropped. When suffixed with K, M, or G, the specified size is parsed as
size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para>
to unset and kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -2824,8 +2859,8 @@
<refsect1> <refsect1>
<title>[PFIFO] Section Options</title> <title>[PFIFO] Section Options</title>
<para>The [PFIFO] section manages the queueing discipline (qdisc) of Packet First In First Out <para>The <literal>[PFIFO]</literal> section manages the queueing discipline (qdisc) of
(pfifo).</para> Packet First In First Out (pfifo).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2834,10 +2869,9 @@
<varlistentry> <varlistentry>
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>Specifies the hard limit on the FIFO size in number of packets. The size limit (a buffer <para>Specifies the hard limit on the FIFO size in number of packets. The size limit (a buffer size) to prevent it
size) to prevent it from overflowing in case it is unable to dequeue packets as quickly as it from overflowing in case it is unable to dequeue packets as quickly as it receives them. When this limit is reached,
receives them. When this limit is reached, incoming packets are dropped. An unsigned integer in the incoming packets are dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
range 04294967294. Defaults to unset and kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -2845,8 +2879,8 @@
<refsect1> <refsect1>
<title>[PFIFOHeadDrop] Section Options</title> <title>[PFIFOHeadDrop] Section Options</title>
<para>The [PFIFOHeadDrop] section manages the queueing discipline (qdisc) of Packet First In First Out <para>The <literal>[PFIFOHeadDrop]</literal> section manages the queueing discipline (qdisc) of
Head Drop (pfifo_head_drop).</para> Packet First In First Out Head Drop (pfifo_head_drop).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2855,15 +2889,15 @@
<varlistentry> <varlistentry>
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>As in [PFIFO] section.</para></listitem> <para>As in <literal>[PFIFO]</literal> section.</para></listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>[PFIFOFast] Section Options</title> <title>[PFIFOFast] Section Options</title>
<para>The [PFIFOFast] section manages the queueing discipline (qdisc) of Packet First In First Out Fast <para>The <literal>[PFIFOFast]</literal> section manages the queueing discipline (qdisc) of
(pfifo_fast).</para> Packet First In First Out Fast (pfifo_fast).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2873,8 +2907,8 @@
<refsect1> <refsect1>
<title>[CAKE] Section Options</title> <title>[CAKE] Section Options</title>
<para>The [CAKE] section manages the queueing discipline (qdisc) of Common Applications Kept Enhanced <para>The <literal>[CAKE]</literal> section manages the queueing discipline (qdisc) of
(CAKE).</para> Common Applications Kept Enhanced (CAKE).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2883,8 +2917,8 @@
<varlistentry> <varlistentry>
<term><varname>OverheadBytes=</varname></term> <term><varname>OverheadBytes=</varname></term>
<listitem> <listitem>
<para>Specifies that bytes to be addeded to the size of each packet. Bytes may be negative. Takes <para>Specifies that bytes to be addeded to the size of each packet. Bytes may be negative.
an integer in the range from -64 to 256. Defaults to unset and kernel's default is used.</para> Takes an integer ranges -64 to 256. Defaults to unset and kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2901,7 +2935,7 @@
<refsect1> <refsect1>
<title>[ControlledDelay] Section Options</title> <title>[ControlledDelay] Section Options</title>
<para>The [ControlledDelay] section manages the queueing discipline (qdisc) of <para>The <literal>[ControlledDelay]</literal> section manages the queueing discipline (qdisc) of
controlled delay (CoDel).</para> controlled delay (CoDel).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
@ -2911,9 +2945,8 @@
<varlistentry> <varlistentry>
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
incoming packets are dropped. An unsigned integer in the range 04294967294. Defaults to unset and dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2953,8 +2986,8 @@
<refsect1> <refsect1>
<title>[DeficitRoundRobinScheduler] Section Options</title> <title>[DeficitRoundRobinScheduler] Section Options</title>
<para>The [DeficitRoundRobinScheduler] section manages the queueing discipline (qdisc) of Deficit Round <para>The <literal>[DeficitRoundRobinScheduler]</literal> section manages the queueing discipline (qdisc) of
Robin Scheduler (DRR).</para> Deficit Round Robin Scheduler (DRR).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2964,8 +2997,8 @@
<refsect1> <refsect1>
<title>[DeficitRoundRobinSchedulerClass] Section Options</title> <title>[DeficitRoundRobinSchedulerClass] Section Options</title>
<para>The [DeficitRoundRobinSchedulerClass] section manages the traffic control class of Deficit Round <para>The <literal>[DeficitRoundRobinSchedulerClass]</literal> section manages the traffic control class of
Robin Scheduler (DRR).</para> Deficit Round Robin Scheduler (DRR).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="tclass-parent" /> <xi:include href="tc.xml" xpointer="tclass-parent" />
@ -2986,8 +3019,8 @@
<refsect1> <refsect1>
<title>[EnhancedTransmissionSelection] Section Options</title> <title>[EnhancedTransmissionSelection] Section Options</title>
<para>The [EnhancedTransmissionSelection] section manages the queueing discipline (qdisc) of Enhanced <para>The <literal>[EnhancedTransmissionSelection]</literal> section manages the queueing discipline (qdisc) of
Transmission Selection (ETS).</para> Enhanced Transmission Selection (ETS).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2996,17 +3029,18 @@
<varlistentry> <varlistentry>
<term><varname>Bands=</varname></term> <term><varname>Bands=</varname></term>
<listitem> <listitem>
<para>Specifies the number of bands. An unsigned integer in the range 116. This value has to be at <para>Specifies the number of bands. An unsigned integer ranges 1 to 16. This value has to be
least large enough to cover the strict bands specified through the <varname>StrictBands=</varname> at least large enough to cover the strict bands specified through the
and bandwidth-sharing bands specified in <varname>QuantumBytes=</varname>.</para> <varname>StrictBands=</varname> and bandwidth-sharing bands specified in
<varname>QuantumBytes=</varname>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>StrictBands=</varname></term> <term><varname>StrictBands=</varname></term>
<listitem> <listitem>
<para>Specifies the number of bands that should be created in strict mode. An unsigned integer in <para>Specifies the number of bands that should be created in strict mode. An unsigned integer
the range 116.</para> ranges 1 to 16.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -3037,8 +3071,8 @@
<refsect1> <refsect1>
<title>[GenericRandomEarlyDetection] Section Options</title> <title>[GenericRandomEarlyDetection] Section Options</title>
<para>The [GenericRandomEarlyDetection] section manages the queueing discipline (qdisc) of Generic Random <para>The <literal>[GenericRandomEarlyDetection]</literal> section manages the queueing discipline
Early Detection (GRED).</para> (qdisc) of Generic Random Early Detection (GRED).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3071,8 +3105,8 @@
<refsect1> <refsect1>
<title>[FairQueueingControlledDelay] Section Options</title> <title>[FairQueueingControlledDelay] Section Options</title>
<para>The [FairQueueingControlledDelay] section manages the queueing discipline (qdisc) of fair queuing <para>The <literal>[FairQueueingControlledDelay]</literal> section manages the queueing discipline
controlled delay (FQ-CoDel).</para> (qdisc) of fair queuing controlled delay (FQ-CoDel).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3122,7 +3156,7 @@
<varlistentry> <varlistentry>
<term><varname>QuantumBytes=</varname></term> <term><varname>QuantumBytes=</varname></term>
<listitem> <listitem>
<para>Specifies the number of bytes used as the "deficit" in the fair queuing algorithm timespan. <para>Specifies the number of bytes used as 'deficit' in the fair queuing algorithmtimespan.
When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para> respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para>
</listitem> </listitem>
@ -3148,8 +3182,8 @@
<refsect1> <refsect1>
<title>[FairQueueing] Section Options</title> <title>[FairQueueing] Section Options</title>
<para>The [FairQueueing] section manages the queueing discipline (qdisc) of fair queue traffic policing <para>The <literal>[FairQueueing]</literal> section manages the queueing discipline
(FQ).</para> (qdisc) of fair queue traffic policing (FQ).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3237,8 +3271,8 @@
<refsect1> <refsect1>
<title>[TrivialLinkEqualizer] Section Options</title> <title>[TrivialLinkEqualizer] Section Options</title>
<para>The [TrivialLinkEqualizer] section manages the queueing discipline (qdisc) of trivial link <para>The <literal>[TrivialLinkEqualizer]</literal> section manages the queueing discipline (qdisc) of
equalizer (teql).</para> trivial link equalizer (teql).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3258,8 +3292,8 @@
<refsect1> <refsect1>
<title>[HierarchyTokenBucket] Section Options</title> <title>[HierarchyTokenBucket] Section Options</title>
<para>The [HierarchyTokenBucket] section manages the queueing discipline (qdisc) of hierarchy token <para>The <literal>[HierarchyTokenBucket]</literal> section manages the queueing discipline (qdisc) of
bucket (htb).</para> hierarchy token bucket (htb).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3285,8 +3319,8 @@
<refsect1> <refsect1>
<title>[HierarchyTokenBucketClass] Section Options</title> <title>[HierarchyTokenBucketClass] Section Options</title>
<para>The [HierarchyTokenBucketClass] section manages the traffic control class of hierarchy token bucket <para>The <literal>[HierarchyTokenBucketClass]</literal> section manages the traffic control class of
(htb).</para> hierarchy token bucket (htb).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="tclass-parent" /> <xi:include href="tc.xml" xpointer="tclass-parent" />
@ -3367,8 +3401,8 @@
<refsect1> <refsect1>
<title>[HeavyHitterFilter] Section Options</title> <title>[HeavyHitterFilter] Section Options</title>
<para>The [HeavyHitterFilter] section manages the queueing discipline (qdisc) of Heavy Hitter Filter <para>The <literal>[HeavyHitterFilter]</literal> section manages the queueing discipline
(hhf).</para> (qdisc) of Heavy Hitter Filter (hhf).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3377,9 +3411,8 @@
<varlistentry> <varlistentry>
<term><varname>PacketLimit=</varname></term> <term><varname>PacketLimit=</varname></term>
<listitem> <listitem>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
incoming packets are dropped. An unsigned integer in the range 04294967294. Defaults to unset and dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
kernel's default is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -3387,8 +3420,8 @@
<refsect1> <refsect1>
<title>[QuickFairQueueing] Section Options</title> <title>[QuickFairQueueing] Section Options</title>
<para>The [QuickFairQueueing] section manages the queueing discipline (qdisc) of Quick Fair Queueing <para>The <literal>[QuickFairQueueing]</literal> section manages the queueing discipline
(QFQ).</para> (qdisc) of Quick Fair Queueing (QFQ).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" /> <xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -3398,8 +3431,8 @@
<refsect1> <refsect1>
<title>[QuickFairQueueingClass] Section Options</title> <title>[QuickFairQueueingClass] Section Options</title>
<para>The [QuickFairQueueingClass] section manages the traffic control class of Quick Fair Queueing <para>The <literal>[QuickFairQueueingClass]</literal> section manages the traffic control class of
(qfq).</para> Quick Fair Queueing (qfq).</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="tclass-parent" /> <xi:include href="tc.xml" xpointer="tclass-parent" />
@ -3426,9 +3459,9 @@
<refsect1> <refsect1>
<title>[BridgeVLAN] Section Options</title> <title>[BridgeVLAN] Section Options</title>
<para>The [BridgeVLAN] section manages the VLAN ID configuration of a bridge port and accepts the <para>The <literal>[BridgeVLAN]</literal> section manages the VLAN ID configuration of a bridge port and accepts
following keys. Specify several [BridgeVLAN] sections to configure several VLAN entries. The the following keys. Specify several <literal>[BridgeVLAN]</literal> sections to configure several VLAN entries.
<varname>VLANFiltering=</varname> option has to be enabled, see the [Bridge] section in The <varname>VLANFiltering=</varname> option has to be enabled, see <literal>[Bridge]</literal> section in
<citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>

View File

@ -80,7 +80,7 @@
<refsect1> <refsect1>
<title>[Exec] Section Options</title> <title>[Exec] Section Options</title>
<para>Settings files may include an [Exec] <para>Settings files may include an <literal>[Exec]</literal>
section, which carries various execution parameters:</para> section, which carries various execution parameters:</para>
<variablelist class='nspawn-directives'> <variablelist class='nspawn-directives'>
@ -344,7 +344,7 @@
<refsect1> <refsect1>
<title>[Files] Section Options</title> <title>[Files] Section Options</title>
<para>Settings files may include a [Files] <para>Settings files may include a <literal>[Files]</literal>
section, which carries various parameters configuring the file section, which carries various parameters configuring the file
system of the container:</para> system of the container:</para>
@ -405,7 +405,7 @@
<varlistentry> <varlistentry>
<term><varname>Inaccessible=</varname></term> <term><varname>Inaccessible=</varname></term>
<listitem><para>Masks the specified file or directory in the container, by over-mounting it with an empty file <listitem><para>Masks the specified file or directly in the container, by over-mounting it with an empty file
node of the same type with the most restrictive access mode. Takes a file system path as argument. This option node of the same type with the most restrictive access mode. Takes a file system path as argument. This option
may be used multiple times to mask multiple files or directories. This option is equivalent to the command line may be used multiple times to mask multiple files or directories. This option is equivalent to the command line
switch <option>--inaccessible=</option>, see switch <option>--inaccessible=</option>, see
@ -439,7 +439,7 @@
<refsect1> <refsect1>
<title>[Network] Section Options</title> <title>[Network] Section Options</title>
<para>Settings files may include a [Network] <para>Settings files may include a <literal>[Network]</literal>
section, which carries various parameters configuring the network section, which carries various parameters configuring the network
connectivity of the container:</para> connectivity of the container:</para>

View File

@ -33,7 +33,7 @@
<orderedlist> <orderedlist>
<listitem> <listitem>
<para>The package manager prepares system updates by downloading all (.rpm or .deb or <para>The package manager prepares system updates by downloading all (RPM or DEB or
whatever) packages to update off-line in a special directory whatever) packages to update off-line in a special directory
<filename index="false">/var/lib/system-update</filename> (or <filename index="false">/var/lib/system-update</filename> (or
another directory of the package/upgrade manager's choice).</para> another directory of the package/upgrade manager's choice).</para>
@ -85,8 +85,8 @@
</listitem> </listitem>
<listitem> <listitem>
<para>The update scripts should exit only after the update is finished. It is expected <para>The upgrade scripts should exit only after the update is finished. It is expected
that the service which performs the update will cause the machine to reboot after it that the service which performs the upgrade will cause the machine to reboot after it
is done. If the <filename>system-update.target</filename> is successfully reached, i.e. is done. If the <filename>system-update.target</filename> is successfully reached, i.e.
all update services have run, and the <filename>/system-update</filename> symlink still all update services have run, and the <filename>/system-update</filename> symlink still
exists, it will be removed and the machine rebooted as a safety measure.</para> exists, it will be removed and the machine rebooted as a safety measure.</para>

View File

@ -34,9 +34,9 @@
this unit type. See this unit type. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic [Unit] and configuration items are configured in the generic <literal>[Unit]</literal> and
[Install] sections. The path specific configuration options are <literal>[Install]</literal> sections. The path specific configuration options are
configured in the [Path] section.</para> configured in the <literal>[Path]</literal> section.</para>
<para>For each path file, a matching unit file must exist, <para>For each path file, a matching unit file must exist,
describing the unit to activate when the path changes. By default, describing the unit to activate when the path changes. By default,

View File

@ -89,7 +89,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>Scope files may include a [Scope] <para>Scope files may include a <literal>[Scope]</literal>
section, which carries information about the scope and the section, which carries information about the scope and the
units it contains. A number of options that may be used in units it contains. A number of options that may be used in
this section are shared with other unit types. These options are this section are shared with other unit types. These options are
@ -97,7 +97,7 @@
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
and and
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>. <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
The options specific to the [Scope] section The options specific to the <literal>[Scope]</literal> section
of scope units are the following:</para> of scope units are the following:</para>
<variablelist class='unit-directives'> <variablelist class='unit-directives'>

View File

@ -35,9 +35,9 @@
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic configuration items are configured in the generic
[Unit] and [Install] <literal>[Unit]</literal> and <literal>[Install]</literal>
sections. The service specific configuration options are sections. The service specific configuration options are
configured in the [Service] section.</para> configured in the <literal>[Service]</literal> section.</para>
<para>Additional options are listed in <para>Additional options are listed in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
@ -138,7 +138,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>Service files must include a [Service] <para>Service files must include a <literal>[Service]</literal>
section, which carries information about the service and the section, which carries information about the service and the
process it supervises. A number of options that may be used in process it supervises. A number of options that may be used in
this section are shared with other unit types. These options are this section are shared with other unit types. These options are
@ -147,7 +147,7 @@
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
and and
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>. <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
The options specific to the [Service] section The options specific to the <literal>[Service]</literal> section
of service units are the following:</para> of service units are the following:</para>
<variablelist class='unit-directives'> <variablelist class='unit-directives'>
@ -896,7 +896,7 @@
this option will have no effect.</para> this option will have no effect.</para>
<example> <example>
<title>A service with the <varname>SuccessExitStatus=</varname> setting</title> <title>A service with with the <varname>SuccessExitStatus=</varname> setting</title>
<programlisting>SuccessExitStatus=TEMPFAIL 250 SIGUSR1</programlisting> <programlisting>SuccessExitStatus=TEMPFAIL 250 SIGUSR1</programlisting>
@ -1495,7 +1495,7 @@ ExecStart=/usr/sbin/simple-dbus-service
WantedBy=multi-user.target</programlisting> WantedBy=multi-user.target</programlisting>
<para>For <emphasis>bus-activatable</emphasis> services, do not <para>For <emphasis>bus-activatable</emphasis> services, do not
include a [Install] section in the systemd include a <literal>[Install]</literal> section in the systemd
service file, but use the <varname>SystemdService=</varname> service file, but use the <varname>SystemdService=</varname>
option in the corresponding DBus service file, for example option in the corresponding DBus service file, for example
(<filename>/usr/share/dbus-1/system-services/org.example.simple-dbus-service.service</filename>):</para> (<filename>/usr/share/dbus-1/system-services/org.example.simple-dbus-service.service</filename>):</para>

View File

@ -55,9 +55,9 @@
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration for the common options of all unit configuration
files. The common configuration items are configured files. The common configuration items are configured
in the generic [Unit] and [Install] sections. The in the generic <literal>[Unit]</literal> and <literal>[Install]</literal> sections. The
slice specific configuration options are configured in slice specific configuration options are configured in
the [Slice] section. Currently, only generic resource control settings the <literal>[Slice]</literal> section. Currently, only generic resource control settings
as described in as described in
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> are allowed. <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> are allowed.
</para> </para>

View File

@ -35,9 +35,9 @@
this unit type. See this unit type. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic [Unit] and configuration items are configured in the generic <literal>[Unit]</literal> and
[Install] sections. The socket specific configuration options are <literal>[Install]</literal> sections. The socket specific configuration options are
configured in the [Socket] section.</para> configured in the <literal>[Socket]</literal> section.</para>
<para>Additional options are listed in <para>Additional options are listed in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
@ -117,9 +117,10 @@
<listitem><para>Socket units automatically gain a <varname>Before=</varname> <listitem><para>Socket units automatically gain a <varname>Before=</varname>
dependency on the service units they activate.</para></listitem> dependency on the service units they activate.</para></listitem>
<listitem><para>Socket units referring to file system paths (such as <constant>AF_UNIX</constant> <listitem><para>Socket units referring to file system paths (such as AF_UNIX
sockets or FIFOs) implicitly gain <varname>Requires=</varname> and <varname>After=</varname> sockets or FIFOs) implicitly gain <varname>Requires=</varname> and
dependencies on all mount units necessary to access those paths.</para></listitem> <varname>After=</varname> dependencies on all mount units
necessary to access those paths.</para></listitem>
<listitem><para>Socket units using the <varname>BindToDevice=</varname> <listitem><para>Socket units using the <varname>BindToDevice=</varname>
setting automatically gain a <varname>BindsTo=</varname> and setting automatically gain a <varname>BindsTo=</varname> and
@ -299,7 +300,7 @@
url="https://www.kernel.org/doc/Documentation/usb/functionfs.txt">USB url="https://www.kernel.org/doc/Documentation/usb/functionfs.txt">USB
FunctionFS</ulink> endpoints location to listen on, for FunctionFS</ulink> endpoints location to listen on, for
implementation of USB gadget functions. This expects an implementation of USB gadget functions. This expects an
absolute file system path of FunctionFS mount point as the argument. absolute file system path of functionfs mount point as the argument.
Behavior otherwise is very similar to the <varname>ListenFIFO=</varname> Behavior otherwise is very similar to the <varname>ListenFIFO=</varname>
directive above. Use this to open the FunctionFS endpoint directive above. Use this to open the FunctionFS endpoint
<filename>ep0</filename>. When using this option, the <filename>ep0</filename>. When using this option, the
@ -312,9 +313,9 @@
<varlistentry> <varlistentry>
<term><varname>SocketProtocol=</varname></term> <term><varname>SocketProtocol=</varname></term>
<listitem><para>Takes one of <option>udplite</option> <listitem><para>Takes one of <option>udplite</option>
or <option>sctp</option>. The socket will use the UDP-Lite or <option>sctp</option>. Specifies a socket protocol
(<constant>IPPROTO_UDPLITE</constant>) or SCTP (<constant>IPPROTO_UDPLITE</constant>) UDP-Lite
(<constant>IPPROTO_SCTP</constant>) protocol, respectively.</para> (<constant>IPPROTO_SCTP</constant>) SCTP socket respectively. </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -348,14 +349,16 @@
<varlistentry> <varlistentry>
<term><varname>BindToDevice=</varname></term> <term><varname>BindToDevice=</varname></term>
<listitem><para>Specifies a network interface name to bind this socket to. If set, traffic will only <listitem><para>Specifies a network interface name to bind
be accepted from the specified network interfaces. This controls the this socket to. If set, traffic will only be accepted from the
<constant>SO_BINDTODEVICE</constant> socket option (see <citerefentry specified network interfaces. This controls the
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for SO_BINDTODEVICE socket option (see <citerefentry
details). If this option is used, an implicit dependency from this socket unit on the network project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
interface device unit is created for details). If this option is used, an implicit dependency
(see <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>). from this socket unit on the network interface device unit
Note that setting this parameter might result in additional dependencies to be added to the unit (see (<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
is created. Note that setting this parameter might result in
additional dependencies to be added to the unit (see
above).</para></listitem> above).</para></listitem>
</varlistentry> </varlistentry>
@ -363,10 +366,12 @@
<term><varname>SocketUser=</varname></term> <term><varname>SocketUser=</varname></term>
<term><varname>SocketGroup=</varname></term> <term><varname>SocketGroup=</varname></term>
<listitem><para>Takes a UNIX user/group name. When specified, all <constant>AF_UNIX</constant> <listitem><para>Takes a UNIX user/group name. When specified,
sockets and FIFO nodes in the file system are owned by the specified user and group. If unset (the all AF_UNIX sockets and FIFO nodes in the file system are
default), the nodes are owned by the root user/group (if run in system context) or the invoking owned by the specified user and group. If unset (the default),
user/group (if run in user context). If only a user is specified but no group, then the group is the nodes are owned by the root user/group (if run in system
context) or the invoking user/group (if run in user context).
If only a user is specified but no group, then the group is
derived from the user's default group.</para></listitem> derived from the user's default group.</para></listitem>
</varlistentry> </varlistentry>
@ -415,10 +420,10 @@
to work unmodified with systemd socket to work unmodified with systemd socket
activation.</para> activation.</para>
<para>For IPv4 and IPv6 connections, the <varname>REMOTE_ADDR</varname> environment variable will <para>For IPv4 and IPv6 connections, the <varname>REMOTE_ADDR</varname>
contain the remote IP address, and <varname>REMOTE_PORT</varname> will contain the remote port. This environment variable will contain the remote IP address, and <varname>REMOTE_PORT</varname>
is the same as the format used by CGI. For <constant>SOCK_RAW</constant>, the port is the IP will contain the remote port. This is the same as the format used by CGI.
protocol.</para></listitem> For SOCK_RAW, the port is the IP protocol.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -451,13 +456,17 @@
<varlistentry> <varlistentry>
<term><varname>KeepAlive=</varname></term> <term><varname>KeepAlive=</varname></term>
<listitem><para>Takes a boolean argument. If true, the TCP/IP stack will send a keep alive message <listitem><para>Takes a boolean argument. If true, the TCP/IP
after 2h (depending on the configuration of stack will send a keep alive message after 2h (depending on
<filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>) for all TCP streams accepted on this the configuration of
socket. This controls the <constant>SO_KEEPALIVE</constant> socket option (see <citerefentry <filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>)
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> and for all TCP streams accepted on this socket. This controls the
the <ulink url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP Keepalive SO_KEEPALIVE socket option (see
HOWTO</ulink> for details.) Defaults to <option>false</option>.</para></listitem> <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
and the <ulink
url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
Keepalive HOWTO</ulink> for details.) Defaults to
<option>false</option>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -474,12 +483,15 @@
<varlistentry> <varlistentry>
<term><varname>KeepAliveIntervalSec=</varname></term> <term><varname>KeepAliveIntervalSec=</varname></term>
<listitem><para>Takes time (in seconds) as argument between individual keepalive probes, if the <listitem><para>Takes time (in seconds) as argument between
socket option <constant>SO_KEEPALIVE</constant> has been set on this socket. This controls the individual keepalive probes, if the socket option SO_KEEPALIVE
<constant>TCP_KEEPINTVL</constant> socket option (see <citerefentry has been set on this socket. This controls
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> and the TCP_KEEPINTVL socket option (see
the <ulink url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP Keepalive <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
HOWTO</ulink> for details.) Defaults value is 75 seconds.</para></listitem> and the <ulink
url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
Keepalive HOWTO</ulink> for details.) Defaults value is 75
seconds.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -501,16 +513,17 @@
algorithm works by combining a number of small outgoing algorithm works by combining a number of small outgoing
messages, and sending them all at once. This controls the messages, and sending them all at once. This controls the
TCP_NODELAY socket option (see TCP_NODELAY socket option (see
<citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>). <citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>
Defaults to <option>false</option>.</para></listitem> Defaults to <option>false</option>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>Priority=</varname></term> <term><varname>Priority=</varname></term>
<listitem><para>Takes an integer argument controlling the priority for all traffic sent from this <listitem><para>Takes an integer argument controlling the
socket. This controls the <constant>SO_PRIORITY</constant> socket option (see <citerefentry priority for all traffic sent from this socket. This controls
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for the SO_PRIORITY socket option (see
details.).</para></listitem> <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details.).</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -546,12 +559,12 @@
<varlistentry> <varlistentry>
<term><varname>ReceiveBuffer=</varname></term> <term><varname>ReceiveBuffer=</varname></term>
<term><varname>SendBuffer=</varname></term> <term><varname>SendBuffer=</varname></term>
<listitem><para>Takes an integer argument controlling the receive or send buffer sizes of this <listitem><para>Takes an integer argument controlling the
socket, respectively. This controls the <constant>SO_RCVBUF</constant> and receive or send buffer sizes of this socket, respectively.
<constant>SO_SNDBUF</constant> socket options (see <citerefentry This controls the SO_RCVBUF and SO_SNDBUF socket options (see
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
details.). The usual suffixes K, M, G are supported and are understood to the base of for details.). The usual suffixes K, M, G are supported and
1024.</para></listitem> are understood to the base of 1024.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -580,20 +593,23 @@
<varlistentry> <varlistentry>
<term><varname>Mark=</varname></term> <term><varname>Mark=</varname></term>
<listitem><para>Takes an integer value. Controls the firewall mark of packets generated by this <listitem><para>Takes an integer value. Controls the firewall
socket. This can be used in the firewall logic to filter packets from this socket. This sets the mark of packets generated by this socket. This can be used in
<constant>SO_MARK</constant> socket option. See <citerefentry the firewall logic to filter packets from this socket. This
project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry> for sets the SO_MARK socket option. See
details.</para></listitem> <citerefentry project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry>
for details.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>ReusePort=</varname></term> <term><varname>ReusePort=</varname></term>
<listitem><para>Takes a boolean value. If true, allows multiple <listitem><para>Takes a boolean value. If true, allows
<citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s to this TCP multiple
or UDP port. This controls the <constant>SO_REUSEPORT</constant> socket option. See <citerefentry <citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for to this TCP or UDP port. This controls the SO_REUSEPORT socket
details.</para></listitem> option. See
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -669,23 +685,28 @@
<varlistentry> <varlistentry>
<term><varname>Broadcast=</varname></term> <term><varname>Broadcast=</varname></term>
<listitem><para>Takes a boolean value. This controls the <constant>SO_BROADCAST</constant> socket <listitem><para>Takes a boolean value. This controls the
option, which allows broadcast datagrams to be sent from this socket. Defaults to SO_BROADCAST socket option, which allows broadcast datagrams
to be sent from this socket. Defaults to
<option>false</option>.</para></listitem> <option>false</option>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PassCredentials=</varname></term> <term><varname>PassCredentials=</varname></term>
<listitem><para>Takes a boolean value. This controls the <constant>SO_PASSCRED</constant> socket <listitem><para>Takes a boolean value. This controls the
option, which allows <constant>AF_UNIX</constant> sockets to receive the credentials of the sending SO_PASSCRED socket option, which allows
process in an ancillary message. Defaults to <option>false</option>.</para></listitem> <constant>AF_UNIX</constant> sockets to receive the
credentials of the sending process in an ancillary message.
Defaults to <option>false</option>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PassSecurity=</varname></term> <term><varname>PassSecurity=</varname></term>
<listitem><para>Takes a boolean value. This controls the <constant>SO_PASSSEC</constant> socket <listitem><para>Takes a boolean value. This controls the
option, which allows <constant>AF_UNIX</constant> sockets to receive the security context of the SO_PASSSEC socket option, which allows
sending process in an ancillary message. Defaults to <option>false</option>.</para></listitem> <constant>AF_UNIX</constant> sockets to receive the security
context of the sending process in an ancillary message.
Defaults to <option>false</option>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -699,10 +720,11 @@
<varlistentry> <varlistentry>
<term><varname>TCPCongestion=</varname></term> <term><varname>TCPCongestion=</varname></term>
<listitem><para>Takes a string value. Controls the TCP congestion algorithm used by this <listitem><para>Takes a string value. Controls the TCP
socket. Should be one of <literal>westwood</literal>, <literal>veno</literal>, congestion algorithm used by this socket. Should be one of
<literal>cubic</literal>, <literal>lp</literal> or any other available algorithm supported by the IP "westwood", "veno", "cubic", "lp" or any other available
stack. This setting applies only to stream sockets.</para></listitem> algorithm supported by the IP stack. This setting applies only
to stream sockets.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -766,12 +788,15 @@
<varlistentry> <varlistentry>
<term><varname>RemoveOnStop=</varname></term> <term><varname>RemoveOnStop=</varname></term>
<listitem><para>Takes a boolean argument. If enabled, any file nodes created by this socket unit are <listitem><para>Takes a boolean argument. If enabled, any file
removed when it is stopped. This applies to <constant>AF_UNIX</constant> sockets in the file system, nodes created by this socket unit are removed when it is
POSIX message queues, FIFOs, as well as any symlinks to them configured with stopped. This applies to AF_UNIX sockets in the file system,
<varname>Symlinks=</varname>. Normally, it should not be necessary to use this option, and is not POSIX message queues, FIFOs, as well as any symlinks to them
recommended as services might continue to run after the socket unit has been terminated and it should configured with <varname>Symlinks=</varname>. Normally, it
still be possible to communicate with them via their file system node. Defaults to should not be necessary to use this option, and is not
recommended as services might continue to run after the socket
unit has been terminated and it should still be possible to
communicate with them via their file system node. Defaults to
off.</para></listitem> off.</para></listitem>
</varlistentry> </varlistentry>

View File

@ -297,7 +297,7 @@
this unit (or <filename>multi-user.target</filename>) during this unit (or <filename>multi-user.target</filename>) during
installation. This is best configured via installation. This is best configured via
<varname>WantedBy=graphical.target</varname> in the unit's <varname>WantedBy=graphical.target</varname> in the unit's
[Install] section.</para> <literal>[Install]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -447,7 +447,7 @@
add <varname>Wants=</varname> dependencies for their unit to add <varname>Wants=</varname> dependencies for their unit to
this unit during installation. This is best configured via this unit during installation. This is best configured via
<varname>WantedBy=multi-user.target</varname> in the unit's <varname>WantedBy=multi-user.target</varname> in the unit's
[Install] section.</para> <literal>[Install]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -505,7 +505,7 @@
applications get pulled in via <varname>Wants=</varname> applications get pulled in via <varname>Wants=</varname>
dependencies from this unit. This is best configured via a dependencies from this unit. This is best configured via a
<varname>WantedBy=paths.target</varname> in the path unit's <varname>WantedBy=paths.target</varname> in the path unit's
[Install] section.</para> <literal>[Install]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -641,7 +641,7 @@
<para>Adding slice units to <filename>slices.target</filename> is generally not <para>Adding slice units to <filename>slices.target</filename> is generally not
necessary. Instead, when some unit that uses <varname>Slice=</varname> is started, the necessary. Instead, when some unit that uses <varname>Slice=</varname> is started, the
specified slice will be started automatically. Adding specified slice will be started automatically. Adding
<varname>WantedBy=slices.target</varname> lines to the [Install] <varname>WantedBy=slices.target</varname> lines to the <literal>[Install]</literal>
section should only be done for units that need to be always active. In that case care section should only be done for units that need to be always active. In that case care
needs to be taken to avoid creating a loop through the automatic dependencies on needs to be taken to avoid creating a loop through the automatic dependencies on
"parent" slices.</para> "parent" slices.</para>
@ -659,7 +659,7 @@
<varname>Wants=</varname> dependencies to this unit for <varname>Wants=</varname> dependencies to this unit for
their socket unit during installation. This is best their socket unit during installation. This is best
configured via a <varname>WantedBy=sockets.target</varname> configured via a <varname>WantedBy=sockets.target</varname>
in the socket unit's [Install] in the socket unit's <literal>[Install]</literal>
section.</para> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -742,7 +742,7 @@
applications get pulled in via <varname>Wants=</varname> applications get pulled in via <varname>Wants=</varname>
dependencies from this unit. This is best configured via dependencies from this unit. This is best configured via
<varname>WantedBy=timers.target</varname> in the timer <varname>WantedBy=timers.target</varname> in the timer
unit's [Install] section.</para> unit's <literal>[Install]</literal> section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1043,7 +1043,7 @@
<para>By default, all user processes and services started on <para>By default, all user processes and services started on
behalf of the user, including the per-user systemd instance behalf of the user, including the per-user systemd instance
are found in this slice. This is pulled in by are found in this slice. This is pulled in by
<filename>systemd-logind.service</filename>.</para> <filename>systemd-logind.service</filename></para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1053,7 +1053,7 @@
<para>By default, all virtual machines and containers <para>By default, all virtual machines and containers
registered with <command>systemd-machined</command> are registered with <command>systemd-machined</command> are
found in this slice. This is pulled in by found in this slice. This is pulled in by
<filename>systemd-machined.service</filename>.</para> <filename>systemd-machined.service</filename></para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -1104,7 +1104,7 @@
<para>This target is active whenever any graphical session is running. It is used to <para>This target is active whenever any graphical session is running. It is used to
stop user services which only apply to a graphical (X, Wayland, etc.) session when the stop user services which only apply to a graphical (X, Wayland, etc.) session when the
session is terminated. Such services should have session is terminated. Such services should have
<literal>PartOf=graphical-session.target</literal> in their [Unit] <literal>PartOf=graphical-session.target</literal> in their <literal>[Unit]</literal>
section. A target for a particular session (e. g. section. A target for a particular session (e. g.
<filename>gnome-session.target</filename>) starts and stops <filename>gnome-session.target</filename>) starts and stops
<literal>graphical-session.target</literal> with <literal>graphical-session.target</literal> with

View File

@ -37,9 +37,9 @@
this unit type. See this unit type. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic [Unit] and configuration items are configured in the generic <literal>[Unit]</literal> and
[Install] sections. The swap specific configuration options are <literal>[Install]</literal> sections. The swap specific configuration options are
configured in the [Swap] section.</para> configured in the <literal>[Swap]</literal> section.</para>
<para>Additional options are listed in <para>Additional options are listed in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
@ -166,7 +166,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>Swap unit files must include a [Swap] section, which carries <para>Swap files must include a [Swap] section, which carries
information about the swap device it supervises. A number of information about the swap device it supervises. A number of
options that may be used in this section are shared with other options that may be used in this section are shared with other
unit types. These options are documented in unit types. These options are documented in

View File

@ -98,10 +98,10 @@ KeyTwo=value 2 \
value 2 continued value 2 continued
[Section C] [Section C]
KeyThree=value 3\ KeyThree=value 2\
# this line is ignored # this line is ignored
; this line is ignored too ; this line is ignored too
value 3 continued value 2 continued
</programlisting></example> </programlisting></example>
<para>Boolean arguments used in configuration files can be written in <para>Boolean arguments used in configuration files can be written in

View File

@ -34,8 +34,8 @@
<para>This unit type has no specific options. See <para>This unit type has no specific options. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic [Unit] and configuration items are configured in the generic <literal>[Unit]</literal> and
[Install] sections. A separate [Target] section does not exist, <literal>[Install]</literal> sections. A separate <literal>[Target]</literal> section does not exist,
since no target-specific options may be configured.</para> since no target-specific options may be configured.</para>
<para>Target units do not offer any additional functionality on <para>Target units do not offer any additional functionality on

View File

@ -98,20 +98,18 @@
<refsect1> <refsect1>
<title>Parsing Timestamps</title> <title>Parsing Timestamps</title>
<para>When parsing, systemd will accept a similar syntax, but expects no timezone specification, unless <para>When parsing, systemd will accept a similar syntax, but expects no timezone specification, unless it is given
it is given as the literal string <literal>UTC</literal> (for the UTC timezone), or is specified to be as the literal string <literal>UTC</literal> (for the UTC timezone), or is specified to be the locally configured
the locally configured timezone, or the timezone name in the IANA timezone database format. The complete timezone, or the timezone name in the IANA timezone database format. The complete list of timezones
list of timezones supported on your system can be obtained using the <literal>timedatectl supported on your system can be obtained using the <literal>timedatectl list-timezones</literal>
list-timezones</literal> (see (see <citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
<citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>). Using Using IANA format is recommended over local timezone names, as less prone to errors (eg: with local timezone it's possible to
IANA format is recommended over local timezone names, as less prone to errors (e.g. with local timezone specify daylight saving time in winter, while it's incorrect). The weekday specification is optional, but when
it's possible to specify daylight saving time in winter, even though that is not correct). The weekday the weekday is specified, it must either be in the abbreviated (<literal>Wed</literal>) or non-abbreviated
specification is optional, but when the weekday is specified, it must either be in the abbreviated (<literal>Wednesday</literal>) English language form (case does not matter), and is not subject to the locale
(<literal>Wed</literal>) or non-abbreviated (<literal>Wednesday</literal>) English language form (case choice of the user. Either the date, or the time part may be omitted, in which case the current date or 00:00:00,
does not matter), and is not subject to the locale choice of the user. Either the date, or the time part respectively, is assumed. The seconds component of the time may also be omitted, in which case ":00" is
may be omitted, in which case the current date or 00:00:00, respectively, is assumed. The seconds assumed. Year numbers may be specified in full or may be abbreviated (omitting the century).</para>
component of the time may also be omitted, in which case ":00" is assumed. Year numbers may be specified
in full or may be abbreviated (omitting the century).</para>
<para>A timestamp is considered invalid if a weekday is specified and the date does not match the specified day of <para>A timestamp is considered invalid if a weekday is specified and the date does not match the specified day of
the week.</para> the week.</para>
@ -284,7 +282,7 @@ Wed..Sat,Tue 12-10-15 1:2:3 → Tue..Sat 2012-10-15 01:02:03
<para>Use the <command>calendar</command> command of <para>Use the <command>calendar</command> command of
<citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry> to validate <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry> to validate
and normalize calendar time specifications for testing purposes. The tool also calculates when a specified and normalize calendar time specifications for testing purposes. The tool also calculates when a specified
calendar event would occur next.</para> calendar event would elapse next.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>

View File

@ -35,9 +35,9 @@
this unit type. See this unit type. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the common options of all unit configuration files. The common for the common options of all unit configuration files. The common
configuration items are configured in the generic [Unit] and configuration items are configured in the generic <literal>[Unit]</literal> and
[Install] sections. The timer specific configuration options are <literal>[Install]</literal> sections. The timer specific configuration options are
configured in the [Timer] section.</para> configured in the <literal>[Timer]</literal> section.</para>
<para>For each timer file, a matching unit file must exist, <para>For each timer file, a matching unit file must exist,
describing the unit to activate when the timer elapses. By describing the unit to activate when the timer elapses. By

View File

@ -737,7 +737,7 @@
that the listed unit is fully started up before the configured unit is started.</para> that the listed unit is fully started up before the configured unit is started.</para>
<para>When two units with an ordering dependency between them are shut down, the inverse of the <para>When two units with an ordering dependency between them are shut down, the inverse of the
start-up order is applied. I.e. if a unit is configured with <varname>After=</varname> on another start-up order is applied. i.e. if a unit is configured with <varname>After=</varname> on another
unit, the former is stopped before the latter if both are shut down. Given two units with any unit, the former is stopped before the latter if both are shut down. Given two units with any
ordering dependency between them, if one unit is shut down and the other is started up, the shutdown ordering dependency between them, if one unit is shut down and the other is started up, the shutdown
is ordered before the start-up. It doesn't matter if the ordering dependency is is ordered before the start-up. It doesn't matter if the ordering dependency is
@ -833,7 +833,7 @@
<option>--job-mode=</option> option for details on the <option>--job-mode=</option> option for details on the
possible values. If this is set to <literal>isolate</literal>, possible values. If this is set to <literal>isolate</literal>,
only a single unit may be listed in only a single unit may be listed in
<varname>OnFailure=</varname>.</para></listitem> <varname>OnFailure=</varname>..</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1028,8 +1028,8 @@
<listitem><para>Configure an additional action to take if the rate limit configured with <listitem><para>Configure an additional action to take if the rate limit configured with
<varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same
values as the <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings. If values as the setting <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings and executes
<option>none</option> is set, hitting the rate limit will trigger no action except that the same actions. If <option>none</option> is set, hitting the rate limit will trigger no action besides that
the start will not be permitted. Defaults to <option>none</option>.</para></listitem> the start will not be permitted. Defaults to <option>none</option>.</para></listitem>
</varlistentry> </varlistentry>
@ -1639,7 +1639,7 @@
<refsect1> <refsect1>
<title>[Install] Section Options</title> <title>[Install] Section Options</title>
<para>Unit files may include an [Install] section, which carries installation information for <para>Unit files may include an <literal>[Install]</literal> section, which carries installation information for
the unit. This section is not interpreted by the unit. This section is not interpreted by
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is
used by the <command>enable</command> and <command>disable</command> commands of the used by the <command>enable</command> and <command>disable</command> commands of the

View File

@ -760,11 +760,13 @@
<varlistentry> <varlistentry>
<term><varname>systemd.crash_chvt</varname></term> <term><varname>systemd.crash_chvt</varname></term>
<listitem><para>Takes a positive integer, or a boolean argument. Can be also specified without an <listitem><para>Takes a positive integer, or a boolean argument. Can be also
argument, with the same effect as a positive boolean. If a positive integer (in the range 163) is specified without an argument, with the same effect as a positive boolean. If
specified, the system manager (PID 1) will activate the specified virtual terminal when it crashes. a positive integer (in the range 163) is specified, the system manager (PID
Defaults to disabled, meaning that no such switch is attempted. If set to enabled, the virtual 1) will activate the specified virtual terminal (VT) when it
terminal the kernel messages are written to is used instead.</para></listitem> crashes. Defaults to disabled, meaning that no such switch is attempted. If
set to enabled, the VT the kernel messages are written to is selected.
</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1087,15 +1089,14 @@
this context, because they are properly namespaced. When an option is specified both on the kernel this context, because they are properly namespaced. When an option is specified both on the kernel
command line, and as a normal command line argument, the latter has higher precedence.</para> command line, and as a normal command line argument, the latter has higher precedence.</para>
<para>When <command>systemd</command> is used as a user manager, the kernel command line is ignored and <para>When <command>systemd</command> is used a user manager, the kernel command line is ignored and
the options described are understood. Nevertheless, <command>systemd</command> is usually started in the options described are understood. Nevertheless, <command>systemd</command> is usually started in
this mode through the this mode through the
<citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
service, which is shared between all users, and it may be more convenient to use configuration files to service, which is shared between all users, and it may be more convenient to use configuration files to
modify settings, see modify settings, see
<citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
or a drop-in that specifies one of the environment variables listed above in the Environment section, or a drop-in that specifies one of the environment variables listed above in "Environment, see
see
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
<variablelist> <variablelist>
@ -1145,8 +1146,8 @@
<varlistentry> <varlistentry>
<term><option>--show-status</option></term> <term><option>--show-status</option></term>
<listitem><para>Show terse unit status information on the console during boot-up and shutdown. See <listitem><para>Show terse unit status information is shown on the console during boot-up and
<varname>systemd.show_status</varname> above.</para></listitem> shutdown. See <varname>systemd.show_status</varname> above.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

View File

@ -10,28 +10,27 @@
<varlistentry id='qdisc-parent'> <varlistentry id='qdisc-parent'>
<term><varname>Parent=</varname></term> <term><varname>Parent=</varname></term>
<listitem> <listitem>
<para>Configures the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>, <para>Specifies the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>,
<literal>clsact</literal>, <literal>ingress</literal> or a class identifier. The class identifier is <literal>clsact</literal>, <literal>ingress</literal> or a class id. The class id takes the
specified as the major and minor numbers in hexadecimal in the range 0x1Oxffff separated with a major and minor number in hexadecimal ranges 1 to ffff separated with a colon
colon (<literal>major:minor</literal>). Defaults to <literal>root</literal>.</para> (<literal>major:minor</literal>). Defaults to <literal>root</literal>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry id='qdisc-handle'> <varlistentry id='qdisc-handle'>
<term><varname>Handle=</varname></term> <term><varname>Handle=</varname></term>
<listitem> <listitem>
<para>Configures the major number of unique identifier of the qdisc, known as the handle. <para>Specifies the major number of unique identifier of the qdisc, known as the handle.
Takes a hexadecimal number in the range 0x10xffff. Defaults to unset.</para> Takes a number in hexadecimal ranges 1 to ffff. Defaults to unset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry id='tclass-parent'> <varlistentry id='tclass-parent'>
<term><varname>Parent=</varname></term> <term><varname>Parent=</varname></term>
<listitem> <listitem>
<para>Configures the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>, or a <para>Specifies the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>,
qdisc identifier. The qdisc identifier is specified as the major and minor numbers in hexadecimal in or a qdisc id. The qdisc id takes the major and minor number in hexadecimal ranges 1 to ffff
the range 0x1Oxffff separated with a colon (<literal>major:minor</literal>). Defaults to separated with a colon (<literal>major:minor</literal>). Defaults to <literal>root</literal>.
<literal>root</literal>.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -39,9 +38,8 @@
<varlistentry id='tclass-classid'> <varlistentry id='tclass-classid'>
<term><varname>ClassId=</varname></term> <term><varname>ClassId=</varname></term>
<listitem> <listitem>
<para>Configues the unique identifier of the class. It is specified as the major and minor numbers in <para>Specifies the major and minur number of unique identifier of the class, known as the
hexadecimal in the range 0x1Oxffff separated with a colon (<literal>major:minor</literal>). class ID. Each number is in hexadecimal ranges 1 to ffff. Defaults to unset.</para>
Defaults to unset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

View File

@ -41,7 +41,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>The following settings are configured in the [Time] section:</para> <para>The following settings are configured in the <literal>[Time]</literal> section:</para>
<variablelist class='network-directives'> <variablelist class='network-directives'>

View File

@ -163,10 +163,11 @@
<title>Well-Known Services</title> <title>Well-Known Services</title>
<para>The <command>userdbctl services</command> command will list all currently running services that <para>The <command>userdbctl services</command> command will list all currently running services that
provide user or group definitions to the system. The following well-known services are shown among provide user or group definitions to the system. The following are well-known services are shown among
this list:</para> this list.</para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><constant>io.systemd.DynamicUser</constant></term> <term><constant>io.systemd.DynamicUser</constant></term>

View File

@ -537,7 +537,8 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) {
} }
int unit_name_from_path_instance(const char *prefix, const char *path, const char *suffix, char **ret) { int unit_name_from_path_instance(const char *prefix, const char *path, const char *suffix, char **ret) {
_cleanup_free_ char *p = NULL, *s = NULL; _cleanup_free_ char *p = NULL;
char *s;
int r; int r;
assert(prefix); assert(prefix);
@ -563,7 +564,7 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha
if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE)) if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE))
return -EINVAL; return -EINVAL;
*ret = TAKE_PTR(s); *ret = s;
return 0; return 0;
} }

View File

@ -777,7 +777,7 @@ bool valid_user_group_name(const char *u, ValidUserFlags flags) {
return false; return false;
if (in_charset(u, "0123456789")) /* Don't allow fully numeric strings, they might be confused if (in_charset(u, "0123456789")) /* Don't allow fully numeric strings, they might be confused
* with UIDs (note that this test is more broad than * with with UIDs (note that this test is more broad than
* the parse_uid() test above, as it will cover more than * the parse_uid() test above, as it will cover more than
* the 32bit range, and it will detect 65535 (which is in * the 32bit range, and it will detect 65535 (which is in
* invalid UID, even though in the unsigned 32 bit range) */ * invalid UID, even though in the unsigned 32 bit range) */

View File

@ -142,12 +142,12 @@ static int list_homes(int argc, char *argv[], void *userdata) {
TABLE_UID, uid, TABLE_UID, uid,
TABLE_GID, gid); TABLE_GID, gid);
if (r < 0) if (r < 0)
return table_log_add_error(r); return log_error_errno(r, "Failed to add row to table: %m");
r = table_add_cell(table, &cell, TABLE_STRING, state); r = table_add_cell(table, &cell, TABLE_STRING, state);
if (r < 0) if (r < 0)
return table_log_add_error(r); return log_error_errno(r, "Failed to add field to table: %m");
color = user_record_state_color(state); color = user_record_state_color(state);
if (color) if (color)
@ -158,7 +158,7 @@ static int list_homes(int argc, char *argv[], void *userdata) {
TABLE_STRING, home, TABLE_STRING, home,
TABLE_STRING, strna(empty_to_null(shell))); TABLE_STRING, strna(empty_to_null(shell)));
if (r < 0) if (r < 0)
return table_log_add_error(r); return log_error_errno(r, "Failed to add row to table: %m");
} }
r = sd_bus_message_exit_container(reply); r = sd_bus_message_exit_container(reply);

View File

@ -13,8 +13,8 @@
#include "signal-util.h" #include "signal-util.h"
static int run(int argc, char *argv[]) { static int run(int argc, char *argv[]) {
_cleanup_(manager_freep) Manager *m = NULL;
_cleanup_(notify_on_cleanup) const char *notify_stop = NULL; _cleanup_(notify_on_cleanup) const char *notify_stop = NULL;
_cleanup_(manager_freep) Manager *m = NULL;
int r; int r;
log_setup_service(); log_setup_service();

View File

@ -14,14 +14,12 @@
#include "alloc-util.h" #include "alloc-util.h"
#include "bus-error.h" #include "bus-error.h"
#include "bus-util.h" #include "bus-util.h"
#include "daemon-util.h"
#include "def.h" #include "def.h"
#include "fd-util.h" #include "fd-util.h"
#include "format-util.h" #include "format-util.h"
#include "initreq.h" #include "initreq.h"
#include "list.h" #include "list.h"
#include "log.h" #include "log.h"
#include "main-func.h"
#include "memory-util.h" #include "memory-util.h"
#include "process-util.h" #include "process-util.h"
#include "special.h" #include "special.h"
@ -70,9 +68,11 @@ static const char *translate_runlevel(int runlevel, bool *isolate) {
{ '6', SPECIAL_REBOOT_TARGET, false }, { '6', SPECIAL_REBOOT_TARGET, false },
}; };
unsigned i;
assert(isolate); assert(isolate);
for (size_t i = 0; i < ELEMENTSOF(table); i++) for (i = 0; i < ELEMENTSOF(table); i++)
if (table[i].runlevel == runlevel) { if (table[i].runlevel == runlevel) {
*isolate = table[i].isolate; *isolate = table[i].isolate;
if (runlevel == '6' && kexec_loaded()) if (runlevel == '6' && kexec_loaded())
@ -228,7 +228,6 @@ static void fifo_free(Fifo *f) {
free(f); free(f);
} }
DEFINE_TRIVIAL_CLEANUP_FUNC(Fifo*, fifo_free);
static void server_done(Server *s) { static void server_done(Server *s) {
assert(s); assert(s);
@ -242,49 +241,79 @@ static void server_done(Server *s) {
static int server_init(Server *s, unsigned n_sockets) { static int server_init(Server *s, unsigned n_sockets) {
int r; int r;
unsigned i;
/* This function will leave s partially initialized on failure. Caller needs to clean up. */
assert(s); assert(s);
assert(n_sockets > 0); assert(n_sockets > 0);
s->epoll_fd = epoll_create1(EPOLL_CLOEXEC); *s = (struct Server) {
if (s->epoll_fd < 0) .epoll_fd = epoll_create1(EPOLL_CLOEXEC),
return log_error_errno(errno, "Failed to create epoll object: %m"); };
for (unsigned i = 0; i < n_sockets; i++) { if (s->epoll_fd < 0) {
_cleanup_(fifo_freep) Fifo *f = NULL; r = log_error_errno(errno,
int fd = SD_LISTEN_FDS_START + i; "Failed to create epoll object: %m");
goto fail;
}
for (i = 0; i < n_sockets; i++) {
Fifo *f;
int fd;
fd = SD_LISTEN_FDS_START+i;
r = sd_is_fifo(fd, NULL); r = sd_is_fifo(fd, NULL);
if (r < 0) if (r < 0) {
return log_error_errno(r, "Failed to determine file descriptor type: %m"); log_error_errno(r, "Failed to determine file descriptor type: %m");
if (!r) goto fail;
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Wrong file descriptor type."); }
if (!r) {
log_error("Wrong file descriptor type.");
r = -EINVAL;
goto fail;
}
f = new0(Fifo, 1); f = new0(Fifo, 1);
if (!f) if (!f) {
return log_oom(); r = -ENOMEM;
log_error_errno(errno, "Failed to create fifo object: %m");
goto fail;
}
f->fd = -1;
struct epoll_event ev = { struct epoll_event ev = {
.events = EPOLLIN, .events = EPOLLIN,
.data.ptr = f, .data.ptr = f,
}; };
if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, fd, &ev) < 0) if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, fd, &ev) < 0) {
return log_error_errno(errno, "Failed to add fifo fd to epoll object: %m"); r = -errno;
fifo_free(f);
log_error_errno(errno, "Failed to add fifo fd to epoll object: %m");
goto fail;
}
f->fd = fd; f->fd = fd;
LIST_PREPEND(fifo, s->fifos, f);
f->server = s; f->server = s;
LIST_PREPEND(fifo, s->fifos, TAKE_PTR(f));
s->n_fifos++; s->n_fifos++;
} }
r = bus_connect_system_systemd(&s->bus); r = bus_connect_system_systemd(&s->bus);
if (r < 0) if (r < 0) {
return log_error_errno(r, "Failed to get D-Bus connection: %m"); log_error_errno(r, "Failed to get D-Bus connection: %m");
r = -EIO;
goto fail;
}
return 0; return 0;
fail:
server_done(s);
return r;
} }
static int process_event(Server *s, struct epoll_event *ev) { static int process_event(Server *s, struct epoll_event *ev) {
@ -308,33 +337,43 @@ static int process_event(Server *s, struct epoll_event *ev) {
return 0; return 0;
} }
static int run(int argc, char *argv[]) { int main(int argc, char *argv[]) {
_cleanup_(server_done) Server server = { .epoll_fd = -1 }; Server server;
_cleanup_(notify_on_cleanup) const char *notify_stop = NULL; int r = EXIT_FAILURE, n;
int r, n;
if (argc > 1) if (getppid() != 1) {
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), log_error("This program should be invoked by init only.");
"This program does not take arguments."); return EXIT_FAILURE;
}
if (argc > 1) {
log_error("This program does not take arguments.");
return EXIT_FAILURE;
}
log_setup_service(); log_setup_service();
umask(0022); umask(0022);
n = sd_listen_fds(true); n = sd_listen_fds(true);
if (n < 0) if (n < 0) {
return log_error_errno(errno, log_error_errno(r, "Failed to read listening file descriptors from environment: %m");
"Failed to read listening file descriptors from environment: %m"); return EXIT_FAILURE;
}
if (n <= 0 || n > SERVER_FD_MAX) if (n <= 0 || n > SERVER_FD_MAX) {
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), log_error("No or too many file descriptors passed.");
"No or too many file descriptors passed."); return EXIT_FAILURE;
}
r = server_init(&server, (unsigned) n); if (server_init(&server, (unsigned) n) < 0)
if (r < 0) return EXIT_FAILURE;
return r;
notify_stop = notify_start(NOTIFY_READY, NOTIFY_STOPPING); log_debug("systemd-initctl running as pid "PID_FMT, getpid_cached());
sd_notify(false,
"READY=1\n"
"STATUS=Processing requests...");
while (!server.quit) { while (!server.quit) {
struct epoll_event event; struct epoll_event event;
@ -344,17 +383,27 @@ static int run(int argc, char *argv[]) {
if (k < 0) { if (k < 0) {
if (errno == EINTR) if (errno == EINTR)
continue; continue;
return log_error_errno(errno, "epoll_wait() failed: %m"); log_error_errno(errno, "epoll_wait() failed: %m");
goto fail;
} }
if (k == 0)
if (k <= 0)
break; break;
r = process_event(&server, &event); if (process_event(&server, &event) < 0)
if (r < 0) goto fail;
}
r = EXIT_SUCCESS;
log_debug("systemd-initctl stopped as pid "PID_FMT, getpid_cached());
fail:
sd_notify(false,
"STOPPING=1\n"
"STATUS=Shutting down...");
server_done(&server);
return r; return r;
} }
return 0;
}
DEFINE_MAIN_FUNCTION(run);

View File

@ -1104,8 +1104,8 @@ static int load_certificates(char **key, char **cert, char **trust) {
} }
static int run(int argc, char **argv) { static int run(int argc, char **argv) {
_cleanup_(journal_remote_server_destroy) RemoteServer s = {};
_cleanup_(notify_on_cleanup) const char *notify_message = NULL; _cleanup_(notify_on_cleanup) const char *notify_message = NULL;
_cleanup_(journal_remote_server_destroy) RemoteServer s = {};
_cleanup_free_ char *key = NULL, *cert = NULL, *trust = NULL; _cleanup_free_ char *key = NULL, *cert = NULL, *trust = NULL;
int r; int r;

View File

@ -815,8 +815,8 @@ static int open_journal(sd_journal **j) {
} }
static int run(int argc, char **argv) { static int run(int argc, char **argv) {
_cleanup_(destroy_uploader) Uploader u = {};
_cleanup_(notify_on_cleanup) const char *notify_message = NULL; _cleanup_(notify_on_cleanup) const char *notify_message = NULL;
_cleanup_(destroy_uploader) Uploader u = {};
bool use_journal; bool use_journal;
int r; int r;

View File

@ -625,7 +625,7 @@ int journal_file_fstat(JournalFile *f) {
f->last_stat_usec = now(CLOCK_MONOTONIC); f->last_stat_usec = now(CLOCK_MONOTONIC);
/* Refuse dealing with files that aren't regular */ /* Refuse dealing with with files that aren't regular */
r = stat_verify_regular(&f->last_stat); r = stat_verify_regular(&f->last_stat);
if (r < 0) if (r < 0)
return r; return r;

View File

@ -43,7 +43,7 @@ struct match_callback {
unsigned last_iteration; unsigned last_iteration;
/* Don't dispatch this slot with messages that arrived in any iteration before or at the this /* Don't dispatch this slot with with messages that arrived in any iteration before or at the this
* one. We use this to ensure that matches don't apply "retroactively" and thus can confuse the * one. We use this to ensure that matches don't apply "retroactively" and thus can confuse the
* caller: matches will only match incoming messages from the moment on the match was installed. */ * caller: matches will only match incoming messages from the moment on the match was installed. */
uint64_t after; uint64_t after;

View File

@ -4,6 +4,9 @@
#include <sys/ioctl.h> #include <sys/ioctl.h>
#include <sys/types.h> #include <sys/types.h>
#include <linux/vt.h> #include <linux/vt.h>
#if ENABLE_UTMP
#include <utmpx.h>
#endif
#include "sd-device.h" #include "sd-device.h"
@ -26,7 +29,6 @@
#include "udev-util.h" #include "udev-util.h"
#include "user-util.h" #include "user-util.h"
#include "userdb.h" #include "userdb.h"
#include "utmp-wtmp.h"
void manager_reset_config(Manager *m) { void manager_reset_config(Manager *m) {
assert(m); assert(m);
@ -683,14 +685,13 @@ bool manager_all_buttons_ignored(Manager *m) {
int manager_read_utmp(Manager *m) { int manager_read_utmp(Manager *m) {
#if ENABLE_UTMP #if ENABLE_UTMP
int r; int r;
_cleanup_(utxent_cleanup) bool utmpx = false;
assert(m); assert(m);
if (utmpxname(_PATH_UTMPX) < 0) if (utmpxname(_PATH_UTMPX) < 0)
return log_error_errno(errno, "Failed to set utmp path to " _PATH_UTMPX ": %m"); return log_error_errno(errno, "Failed to set utmp path to " _PATH_UTMPX ": %m");
utmpx = utxent_start(); setutxent();
for (;;) { for (;;) {
_cleanup_free_ char *t = NULL; _cleanup_free_ char *t = NULL;
@ -703,7 +704,8 @@ int manager_read_utmp(Manager *m) {
if (!u) { if (!u) {
if (errno != 0) if (errno != 0)
log_warning_errno(errno, "Failed to read " _PATH_UTMPX ", ignoring: %m"); log_warning_errno(errno, "Failed to read " _PATH_UTMPX ", ignoring: %m");
return 0; r = 0;
break;
} }
if (u->ut_type != USER_PROCESS) if (u->ut_type != USER_PROCESS)
@ -713,14 +715,18 @@ int manager_read_utmp(Manager *m) {
continue; continue;
t = strndup(u->ut_line, sizeof(u->ut_line)); t = strndup(u->ut_line, sizeof(u->ut_line));
if (!t) if (!t) {
return log_oom(); r = log_oom();
break;
}
c = path_startswith(t, "/dev/"); c = path_startswith(t, "/dev/");
if (c) { if (c) {
r = free_and_strdup(&t, c); r = free_and_strdup(&t, c);
if (r < 0) if (r < 0) {
return log_oom(); log_oom();
break;
}
} }
if (isempty(t)) if (isempty(t))
@ -750,6 +756,8 @@ int manager_read_utmp(Manager *m) {
log_debug("Acquired TTY information '%s' from utmp for session '%s'.", s->tty, s->id); log_debug("Acquired TTY information '%s' from utmp for session '%s'.", s->tty, s->id);
} }
endutxent();
return r;
#else #else
return 0; return 0;
#endif #endif

View File

@ -17,8 +17,8 @@
#include "user-util.h" #include "user-util.h"
static int run(int argc, char *argv[]) { static int run(int argc, char *argv[]) {
_cleanup_(manager_freep) Manager *m = NULL;
_cleanup_(notify_on_cleanup) const char *notify_message = NULL; _cleanup_(notify_on_cleanup) const char *notify_message = NULL;
_cleanup_(manager_freep) Manager *m = NULL;
int r; int r;
log_setup_service(); log_setup_service();

View File

@ -283,7 +283,7 @@ int config_parse_ets_prio(
lvalue, word); lvalue, word);
continue; continue;
} }
if (ets->n_prio > TC_PRIO_MAX) { if (ets->n_quanta > TC_PRIO_MAX) {
log_syntax(unit, LOG_ERR, filename, line, 0, log_syntax(unit, LOG_ERR, filename, line, 0,
"Too many priomap in '%s=', ignoring assignment: %s", "Too many priomap in '%s=', ignoring assignment: %s",
lvalue, word); lvalue, word);

View File

@ -183,8 +183,8 @@ static int parse_argv(int argc, char *argv[]) {
} }
static int run(int argc, char *argv[]) { static int run(int argc, char *argv[]) {
_cleanup_(manager_freep) Manager *m = NULL;
_cleanup_(notify_on_cleanup) const char *notify_message = NULL; _cleanup_(notify_on_cleanup) const char *notify_message = NULL;
_cleanup_(manager_freep) Manager *m = NULL;
int r; int r;
log_setup_service(); log_setup_service();

View File

@ -1666,7 +1666,7 @@ static int context_dump_partitions(Context *context, const char *node) {
TABLE_UINT64, p->new_padding, TABLE_UINT64, p->new_padding,
TABLE_STRING, padding_change, TABLE_SET_COLOR, !p->partitions_next && sum_padding > 0 ? ansi_underline() : NULL); TABLE_STRING, padding_change, TABLE_SET_COLOR, !p->partitions_next && sum_padding > 0 ? ansi_underline() : NULL);
if (r < 0) if (r < 0)
return table_log_add_error(r); return log_error_errno(r, "Failed to add row to table: %m");
} }
if (sum_padding > 0 || sum_size > 0) { if (sum_padding > 0 || sum_size > 0) {
@ -1689,7 +1689,7 @@ static int context_dump_partitions(Context *context, const char *node) {
TABLE_EMPTY, TABLE_EMPTY,
TABLE_STRING, b); TABLE_STRING, b);
if (r < 0) if (r < 0)
return table_log_add_error(r); return log_error_errno(r, "Failed to add row to table: %m");
} }
r = table_print(t, stdout); r = table_print(t, stdout);

View File

@ -22,8 +22,8 @@
#include "user-util.h" #include "user-util.h"
static int run(int argc, char *argv[]) { static int run(int argc, char *argv[]) {
_cleanup_(manager_freep) Manager *m = NULL;
_cleanup_(notify_on_cleanup) const char *notify_stop = NULL; _cleanup_(notify_on_cleanup) const char *notify_stop = NULL;
_cleanup_(manager_freep) Manager *m = NULL;
int r; int r;
log_setup_service(); log_setup_service();

View File

@ -202,7 +202,7 @@ typedef struct Fido2HmacSalt {
void *salt; void *salt;
size_t salt_size; size_t salt_size;
/* What to test the hashed salt value against, usually UNIX password hash here. */ /* What to test the hashed salt value against, usualy UNIX password hash here. */
char *hashed_password; char *hashed_password;
} Fido2HmacSalt; } Fido2HmacSalt;

View File

@ -25,8 +25,8 @@
#include "utmp-wtmp.h" #include "utmp-wtmp.h"
int utmp_get_runlevel(int *runlevel, int *previous) { int utmp_get_runlevel(int *runlevel, int *previous) {
_cleanup_(utxent_cleanup) bool utmpx = false;
struct utmpx *found, lookup = { .ut_type = RUN_LVL }; struct utmpx *found, lookup = { .ut_type = RUN_LVL };
int r;
const char *e; const char *e;
assert(runlevel); assert(runlevel);
@ -35,7 +35,8 @@ int utmp_get_runlevel(int *runlevel, int *previous) {
* precedence. Presumably, sysvinit does this to work around a * precedence. Presumably, sysvinit does this to work around a
* race condition that would otherwise exist where we'd always * race condition that would otherwise exist where we'd always
* go to disk and hence might read runlevel data that might be * go to disk and hence might read runlevel data that might be
* very new and not apply to the current script being executed. */ * very new and does not apply to the current script being
* executed. */
e = getenv("RUNLEVEL"); e = getenv("RUNLEVEL");
if (e && e[0] > 0) { if (e && e[0] > 0) {
@ -57,17 +58,27 @@ int utmp_get_runlevel(int *runlevel, int *previous) {
if (utmpxname(_PATH_UTMPX) < 0) if (utmpxname(_PATH_UTMPX) < 0)
return -errno; return -errno;
utmpx = utxent_start(); setutxent();
found = getutxid(&lookup); found = getutxid(&lookup);
if (!found) if (!found)
return -errno; r = -errno;
else {
int a, b;
*runlevel = found->ut_pid & 0xFF; a = found->ut_pid & 0xFF;
b = (found->ut_pid >> 8) & 0xFF;
*runlevel = a;
if (previous) if (previous)
*previous = (found->ut_pid >> 8) & 0xFF; *previous = b;
return 0; r = 0;
}
endutxent();
return r;
} }
static void init_timestamp(struct utmpx *store, usec_t t) { static void init_timestamp(struct utmpx *store, usec_t t) {
@ -95,7 +106,7 @@ static void init_entry(struct utmpx *store, usec_t t) {
} }
static int write_entry_utmp(const struct utmpx *store) { static int write_entry_utmp(const struct utmpx *store) {
_cleanup_(utxent_cleanup) bool utmpx = false; int r;
assert(store); assert(store);
@ -106,35 +117,26 @@ static int write_entry_utmp(const struct utmpx *store) {
if (utmpxname(_PATH_UTMPX) < 0) if (utmpxname(_PATH_UTMPX) < 0)
return -errno; return -errno;
utmpx = utxent_start(); setutxent();
if (pututxline(store)) if (!pututxline(store))
return 0; r = -errno;
if (errno == ENOENT) { else
/* If utmp/wtmp have been disabled, that's a good thing, hence ignore the error. */ r = 0;
log_debug_errno(errno, "Not writing utmp: %m");
return 0; endutxent();
}
return -errno; return r;
} }
static int write_entry_wtmp(const struct utmpx *store) { static int write_entry_wtmp(const struct utmpx *store) {
assert(store); assert(store);
/* wtmp is a simple append-only file where each entry is /* wtmp is a simple append-only file where each entry is
* simply appended to the end; i.e. basically a log. */ simply appended to the end; i.e. basically a log. */
errno = 0; errno = 0;
updwtmpx(_PATH_WTMPX, store); updwtmpx(_PATH_WTMPX, store);
if (errno == ENOENT) {
/* If utmp/wtmp have been disabled, that's a good thing, hence ignore the error. */
log_debug_errno(errno, "Not writing wtmp: %m");
return 0;
}
if (errno == EROFS) {
log_warning_errno(errno, "Failed to write wtmp record, ignoring: %m");
return 0;
}
return -errno; return -errno;
} }
@ -143,7 +145,16 @@ static int write_utmp_wtmp(const struct utmpx *store_utmp, const struct utmpx *s
r = write_entry_utmp(store_utmp); r = write_entry_utmp(store_utmp);
s = write_entry_wtmp(store_wtmp); s = write_entry_wtmp(store_wtmp);
return r < 0 ? r : s;
if (r >= 0)
r = s;
/* If utmp/wtmp have been disabled, that's a good thing, hence
* ignore the errors */
if (r == -ENOENT)
r = 0;
return r;
} }
static int write_entry_both(const struct utmpx *store) { static int write_entry_both(const struct utmpx *store) {

Some files were not shown because too many files have changed in this diff Show More