Compare commits
29 Commits
e3820eeaf1
...
644af26285
| Author | SHA1 | Date |
|---|---|---|
Jan Schlüter
|
644af26285 | |
|
Lennart Poettering
|
533ee38b56 | |
|
Lennart Poettering
|
d1f6e01e47 | |
|
Lennart Poettering
|
626fb9f301 | |
|
Lennart Poettering
|
54565e509d | |
|
Lennart Poettering
|
24d86fdb2f | |
|
Lennart Poettering
|
b3ffa2b5f3 | |
|
Zbigniew Jędrzejewski-Szmek
|
885a4e6ca7 | |
|
Zbigniew Jędrzejewski-Szmek
|
0558f3035f | |
|
Zbigniew Jędrzejewski-Szmek
|
9e7600cfd7 | |
|
Zbigniew Jędrzejewski-Szmek
|
0b4d17c9a5 | |
|
Zbigniew Jędrzejewski-Szmek
|
211c99c761 | |
|
Zbigniew Jędrzejewski-Szmek
|
ab1a8ff57d | |
|
Zbigniew Jędrzejewski-Szmek
|
32520ff3de | |
|
Zbigniew Jędrzejewski-Szmek
|
7fd897c51c | |
|
Zbigniew Jędrzejewski-Szmek
|
fa26ff47f7 | |
|
Zbigniew Jędrzejewski-Szmek
|
21006e0e3e | |
|
Zbigniew Jędrzejewski-Szmek
|
5ced292d10 | |
|
Lennart Poettering
|
147a5046aa | |
|
Lennart Poettering
|
4261ab654c | |
|
Ronan Pigott
|
60b254ca1a | |
|
nl6720
|
bbbfe49b5e | |
|
Lennart Poettering
|
8e24b1d23f | |
|
RussianNeuroMancer
|
4796a4fba9 | |
|
Ronan Pigott
|
0fb8f02506 | |
|
Lennart Poettering
|
38ffc7d18a | |
|
Lennart Poettering
|
9ee806d1a8 | |
|
Yu Watanabe
|
3cb7af5baa | |
|
Yu Watanabe
|
fef160b5ab |
|
|
@ -45,6 +45,8 @@
|
|||
|
||||
# Hyperpen 12000U
|
||||
evdev:input:b0003v08CAp0010*
|
||||
# Hyperpen 6000U
|
||||
evdev:input:b0003v08CAp0020*
|
||||
EVDEV_ABS_00=::20
|
||||
EVDEV_ABS_01=::20
|
||||
|
||||
|
|
|
|||
|
|
@ -637,11 +637,16 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPProBook11G1:pvr*
|
|||
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP:pnHPZBookStudioG4:pvr*
|
||||
KEYBOARD_KEY_f8=wlan # Wireless HW switch button
|
||||
|
||||
# HP Folio 1040g2
|
||||
# HP EliteBook Folio 1040 G2
|
||||
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPEliteBookFolio1040G2:pvr*
|
||||
KEYBOARD_KEY_d8=!f23 # touchpad off
|
||||
KEYBOARD_KEY_d9=!f22 # touchpad on
|
||||
|
||||
# HP EliteBook Folio G1
|
||||
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP:pnHPEliteBookFolioG1:pvr*
|
||||
KEYBOARD_KEY_64=calendar
|
||||
KEYBOARD_KEY_81=micmute
|
||||
|
||||
# HP ProBook 650
|
||||
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHP*ProBook*650*:pvr*
|
||||
KEYBOARD_KEY_f8=wlan # Wireless HW switch button
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@
|
|||
<title>Setup environment to allow access to a program installed in
|
||||
<filename index="false">/opt/foo</filename></title>
|
||||
|
||||
<para><filename>/etc/environment.d/60-foo.conf</filename>:
|
||||
<para><filename index="false">/etc/environment.d/60-foo.conf</filename>:
|
||||
</para>
|
||||
<programlisting>
|
||||
FOO_DEBUG=force-software-gl,log-verbose
|
||||
|
|
|
|||
|
|
@ -603,13 +603,12 @@
|
|||
<refsect1>
|
||||
<title>System Packages</title>
|
||||
|
||||
<para>Developers of system packages should follow strict rules
|
||||
when placing their own files in the file system. The following
|
||||
table lists recommended locations for specific types of files
|
||||
supplied by the vendor.</para>
|
||||
<para>Developers of system packages should follow strict rules when placing their files in the file
|
||||
system. The following table lists recommended locations for specific types of files supplied by the
|
||||
vendor.</para>
|
||||
|
||||
<table>
|
||||
<title>System Package Vendor Files Locations</title>
|
||||
<title>System package vendor files locations</title>
|
||||
<tgroup cols='2' align='left' colsep='1' rowsep='1'>
|
||||
<colspec colname="directory" />
|
||||
<colspec colname="purpose" />
|
||||
|
|
@ -648,11 +647,11 @@
|
|||
<filename>/usr/share/</filename> hierarchy to the locations
|
||||
defined by the various relevant specifications.</para>
|
||||
|
||||
<para>During runtime, and for local configuration and runtime state,
|
||||
additional directories are defined:</para>
|
||||
<para>The following directories shall be used by the package for local configuration and files created
|
||||
during runtime:</para>
|
||||
|
||||
<table>
|
||||
<title>System Package Variable Files Locations</title>
|
||||
<title>System package variable files locations</title>
|
||||
<tgroup cols='2' align='left' colsep='1' rowsep='1'>
|
||||
<colspec colname="directory" />
|
||||
<colspec colname="purpose" />
|
||||
|
|
@ -699,16 +698,13 @@
|
|||
<refsect1>
|
||||
<title>User Packages</title>
|
||||
|
||||
<para>Programs running in user context should follow strict rules
|
||||
when placing their own files in the user's home directory. The
|
||||
following table lists recommended locations in the home directory
|
||||
for specific types of files supplied by the vendor if the
|
||||
application is installed in the home directory. (Note, however,
|
||||
that user applications installed system-wide should follow the
|
||||
rules outlined above regarding placing vendor files.)</para>
|
||||
<para>Programs running in user context should follow strict rules when placing their own files in the
|
||||
user's home directory. The following table lists recommended locations in the home directory for specific
|
||||
types of files supplied by the vendor if the application is installed in the home directory. (User
|
||||
applications installed system-wide are covered by the rules outlined above for vendor files.)</para>
|
||||
|
||||
<table>
|
||||
<title>User Package Vendor File Locations</title>
|
||||
<title>Vendor package file locations under the home directory of the user</title>
|
||||
<tgroup cols='2' align='left' colsep='1' rowsep='1'>
|
||||
<colspec colname="directory" />
|
||||
<colspec colname="purpose" />
|
||||
|
|
@ -725,7 +721,7 @@
|
|||
</row>
|
||||
<row>
|
||||
<entry><filename>~/.local/lib/<replaceable>arch-id</replaceable>/</filename></entry>
|
||||
<entry>Public shared libraries of the package. As above, be careful with using too generic names, and pick unique names for your libraries to place here to avoid name clashes.</entry>
|
||||
<entry>Public shared libraries of the package. As above, be careful with using overly generic names, and pick unique names for your libraries to place here to avoid name clashes.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><filename>~/.local/lib/<replaceable>package</replaceable>/</filename></entry>
|
||||
|
|
@ -739,15 +735,15 @@
|
|||
</tgroup>
|
||||
</table>
|
||||
|
||||
<para>Additional static vendor files may be installed in the
|
||||
<filename>~/.local/share/</filename> hierarchy to the locations
|
||||
defined by the various relevant specifications.</para>
|
||||
<para>Additional static vendor files may be installed in the <filename>~/.local/share/</filename>
|
||||
hierarchy, mirroring the subdirectories specified in the section "Vendor-supplied operating system
|
||||
resources" above.</para>
|
||||
|
||||
<para>During runtime, and for local configuration and state,
|
||||
additional directories are defined:</para>
|
||||
<para>The following directories shall be used by the package for per-user local configuration and files
|
||||
created during runtime:</para>
|
||||
|
||||
<table>
|
||||
<title>User Package Variable File Locations</title>
|
||||
<title>User package variable file locations</title>
|
||||
<tgroup cols='2' align='left' colsep='1' rowsep='1'>
|
||||
<colspec colname="directory" />
|
||||
<colspec colname="purpose" />
|
||||
|
|
|
|||
|
|
@ -120,7 +120,7 @@
|
|||
|
||||
<listitem><para>Read the user's JSON record from the specified file. If passed as
|
||||
<literal>-</literal> read the user record from standard input. The supplied JSON object must follow
|
||||
the structure documented on <ulink url="https://systemd.io/USER_RECORD">JSON User Records</ulink>.
|
||||
the structure documented in <ulink url="https://systemd.io/USER_RECORD">JSON User Records</ulink>.
|
||||
This option may be used in conjunction with the <command>create</command> and
|
||||
<command>update</command> commands (see below), where it allows configuring the user record in JSON
|
||||
as-is, instead of setting the individual user record properties (see below).</para></listitem>
|
||||
|
|
@ -299,11 +299,13 @@
|
|||
<varlistentry>
|
||||
<term><option>--timezone=</option><replaceable>TIMEZONE</replaceable></term>
|
||||
|
||||
<listitem><para>Takes a timezone specification as string that sets the timezone for the specified
|
||||
user. Expects a `tzdata` location string. When the user logs in the <varname>$TZ</varname>
|
||||
environment variable is initialized from this setting. Example:
|
||||
<option>--timezone=Europe/Amsterdam</option> will result in the environment variable
|
||||
<literal>TZ=:Europe/Amsterdam</literal>.</para></listitem>
|
||||
<listitem><para>Takes a time zone location name that sets the timezone for the specified user. When
|
||||
the user logs in the <varname>$TZ</varname> environment variable is initialized from this
|
||||
setting. Example: <option>--timezone=Europe/Amsterdam</option> will result in the environment
|
||||
variable <literal>TZ=:Europe/Amsterdam</literal>. (<literal>:</literal> is used intentionally as part
|
||||
of the timezone specification, see
|
||||
<citerefentry><refentrytitle>tzset</refentrytitle><manvolnum>3</manvolnum></citerefentry>.)
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -419,7 +421,7 @@
|
|||
|
||||
<listitem><para>Takes a password hint to store alongside the user record. This string is stored
|
||||
accessible only to privileged users and the user itself and may not be queried by other users.
|
||||
Example: <option>--password-hint="My first pet's name"</option></para></listitem>
|
||||
Example: <option>--password-hint="My first pet's name"</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -819,6 +821,15 @@
|
|||
their home directories are removed from memory.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>deactivate-all</command></term>
|
||||
|
||||
<listitem><para>Execute the <command>deactivate</command> command on all active home directories at
|
||||
once. This operation is generally executed on system shut down (i.e. by <command>systemctl
|
||||
poweroff</command> and related commands), to ensure all active user's home directories are fully
|
||||
deactivated before <filename>/home/</filename> and related file systems are unmounted.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>with</command> <replaceable>USER</replaceable> <replaceable>COMMAND…</replaceable></term>
|
||||
|
||||
|
|
|
|||
|
|
@ -95,6 +95,7 @@ node /org/freedesktop/home1 {
|
|||
out h send_fd);
|
||||
ReleaseHome(in s user_name);
|
||||
LockAllHomes();
|
||||
DeactivateAllHomes();
|
||||
properties:
|
||||
readonly a(sso) AutoLogin = [...];
|
||||
};
|
||||
|
|
@ -156,6 +157,8 @@ node /org/freedesktop/home1 {
|
|||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="LockAllHomes()"/>
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="DeactivateAllHomes()"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="AutoLogin"/>
|
||||
|
||||
<!--End of Autogenerated section-->
|
||||
|
|
@ -340,6 +343,9 @@ node /org/freedesktop/home1 {
|
|||
<para><function>LockAllHomes()</function> locks all active home directories that only have references
|
||||
that opted into automatic suspending during system suspend. This is usually invoked automatically
|
||||
shortly before system suspend.</para>
|
||||
|
||||
<para><function>DeactivateAllHomes()</function> deactivates all home areas that are currently
|
||||
active. This is usually invoked automatically shortly before system shutdown.</para>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
|
|
|
|||
|
|
@ -147,6 +147,8 @@ node /org/freedesktop/resolve1 {
|
|||
readonly as DNSSECNegativeTrustAnchors = ['...', ...];
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly s DNSStubListener = '...';
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly s ResolvConfMode = '...';
|
||||
};
|
||||
interface org.freedesktop.DBus.Peer { ... };
|
||||
interface org.freedesktop.DBus.Introspectable { ... };
|
||||
|
|
@ -272,6 +274,8 @@ node /org/freedesktop/resolve1 {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="DNSStubListener"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="ResolvConfMode"/>
|
||||
|
||||
<!--End of Autogenerated section-->
|
||||
|
||||
<refsect2>
|
||||
|
|
@ -555,9 +559,12 @@ node /org/freedesktop/resolve1 {
|
|||
DNSSEC is supported by DNS servers until it verifies that this is not the case. Thus, the reported
|
||||
value may initially be true, until the first transactions are executed.</para>
|
||||
|
||||
<para>The <varname>LogLevel</varname> property shows the (maximum) log level of the manager, with the
|
||||
same values as the <option>--log-level=</option> option described in
|
||||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
|
||||
<para>The <varname>ResolvConfMode</varname> property exposes how <filename>/etc/resolv.conf</filename>
|
||||
is managed on the host. Currently, the values <literal>uplink</literal>, <literal>stub</literal>,
|
||||
<literal>static</literal> (these three correspond to the three different files
|
||||
<filename>systemd-resolved.service</filename> provides), <literal>foreign</literal> (the file is
|
||||
managed by admin or another service, <filename>systemd-resolved.service</filename> just consumes it),
|
||||
<literal>missing</literal> (<filename>/etc/resolv.conf</filename> is missing).</para>
|
||||
</refsect2>
|
||||
</refsect1>
|
||||
|
||||
|
|
|
|||
|
|
@ -68,6 +68,14 @@
|
|||
single receiver). It's behavior is similar to calling
|
||||
<citerefentry><refentrytitle>sd_bus_message_set_destination</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||||
followed by calling <function>sd_bus_send()</function>.</para>
|
||||
|
||||
<para><function>sd_bus_send()</function>/<function>sd_bus_send_to()</function> will write the message
|
||||
directly to the underlying transport (e.g. kernel socket buffer) if possible. If the connection is not
|
||||
set up fully yet the message is queued locally. If the transport buffers are congested any unwritten
|
||||
message data is queued locally, too. If the connection has been closed or is currently being closed the
|
||||
call fails.
|
||||
<citerefentry><refentrytitle>sd_bus_process</refentrytitle><manvolnum>3</manvolnum></citerefentry> should
|
||||
be invoked to write out any queued message data to the transport.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
@ -142,7 +150,8 @@
|
|||
<citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>sd_bus_call_method</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>sd_bus_message_set_destination</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>sd_bus_reply_method_return</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||||
<citerefentry><refentrytitle>sd_bus_reply_method_return</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>sd_bus_process</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
|
|
|||
|
|
@ -70,11 +70,11 @@ key.pattern.overridden.with.glob = custom
|
|||
followed by <literal>=</literal>, see SYNOPSIS.</para>
|
||||
|
||||
<para>Any access permission errors and attempts to write variables not present on the local system are
|
||||
logged at debug level and do not cause the service to fail. Moreover, if a variable assignment is
|
||||
prefixed with a single <literal>-</literal> character, failure to set the variable for other reasons will
|
||||
be logged at debug level and will not cause the service to fail. In other cases, errors when setting
|
||||
variables are logged with higher priority and cause the service to return failure at the end (after
|
||||
processing other variables).</para>
|
||||
logged at debug level and do not cause the service to fail. Other types of errors when setting variables
|
||||
are logged with higher priority and cause the service to return failure at the end (after processing
|
||||
other variables). As an exception, if a variable assignment is prefixed with a single
|
||||
<literal>-</literal> character, failure to set the variable for any reason will be logged at debug level
|
||||
and will not cause the service to fail.</para>
|
||||
|
||||
<para>The settings configured with <filename>sysctl.d</filename> files will be applied early on boot. The
|
||||
network interface-specific options will also be applied individually for each network interface as it
|
||||
|
|
|
|||
|
|
@ -211,8 +211,8 @@
|
|||
<varlistentry>
|
||||
<term><option>--prompt</option></term>
|
||||
|
||||
<listitem><para>Query the user for locale, keymap, timezone, hostname
|
||||
and root password. This is equivalent to specifying
|
||||
<listitem><para>Query the user for locale, keymap, timezone, hostname,
|
||||
root's password, and root's shell. This is equivalent to specifying
|
||||
<option>--prompt-locale</option>,
|
||||
<option>--prompt-keymap</option>,
|
||||
<option>--prompt-timezone</option>,
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@
|
|||
|
||||
<listitem><para>Takes a path to the resume device. Both
|
||||
persistent block device paths like
|
||||
<filename>/dev/disk/by-foo/bar</filename> and
|
||||
<filename index="false">/dev/disk/by-foo/bar</filename> and
|
||||
<citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>-style
|
||||
specifiers like <literal>FOO=bar</literal> are
|
||||
supported.</para></listitem>
|
||||
|
|
|
|||
|
|
@ -86,9 +86,9 @@
|
|||
<para>In order to migrate a home directory from a host <literal>foobar</literal> to another host
|
||||
<literal>quux</literal> it is hence sufficient to copy
|
||||
<filename>/var/lib/systemd/home/local.public</filename> from the host <literal>foobar</literal> to
|
||||
<literal>quux</literal>, maybe calling the file on the destination
|
||||
<filename>/var/lib/systemd/home/foobar.public</filename>, reflecting the origin of the key. If the user
|
||||
record should be modifiable on <literal>quux</literal> the pair
|
||||
<literal>quux</literal>, maybe calling the file on the destination <filename
|
||||
index="false">/var/lib/systemd/home/foobar.public</filename>, reflecting the origin of the key. If the
|
||||
user record should be modifiable on <literal>quux</literal> the pair
|
||||
<filename>/var/lib/systemd/home/local.public</filename> and
|
||||
<filename>/var/lib/systemd/home/local.private</filename> need to be copied from <literal>foobar</literal>
|
||||
to <literal>quux</literal>, and placed under the identical paths there, as currently only a single
|
||||
|
|
|
|||
|
|
@ -107,9 +107,9 @@
|
|||
For more information please consult
|
||||
<citerefentry><refentrytitle>sd-login</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||||
and
|
||||
<citerefentry><refentrytitle>org.freedesktop.machine1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
<citerefentry><refentrytitle>org.freedesktop.machine1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
and
|
||||
<citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
<citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
</para>
|
||||
|
||||
<para>A small companion daemon
|
||||
|
|
|
|||
|
|
@ -131,8 +131,9 @@
|
|||
<term><option>--type=</option></term>
|
||||
<term><option>-t</option></term>
|
||||
|
||||
<listitem><para>Specifies the file system type to mount (e.g. <literal>vfat</literal>, <literal>ext4</literal>,
|
||||
…). If omitted (or set to <literal>auto</literal>) the file system is determined automatically.</para></listitem>
|
||||
<listitem><para>Specifies the file system type to mount (e.g. <literal>vfat</literal> or
|
||||
<literal>ext4</literal>). If omitted or set to <literal>auto</literal>, the file system type is
|
||||
determined automatically.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
|||
|
|
@ -136,11 +136,10 @@
|
|||
<varlistentry>
|
||||
<term><option>--no-block</option></term>
|
||||
|
||||
<listitem><para>Do not synchronously wait for the requested operation to finish.
|
||||
Use of this option is only recommended when <command>systemd-notify</command>
|
||||
is spawned by the service manager, or when the invoking process is directly spawned
|
||||
by the service manager and has enough privileges to allow <command>systemd-notify
|
||||
</command> to send the notification on its behalf. Sending notifications with
|
||||
<listitem><para>Do not synchronously wait for the requested operation to finish. Use of this option
|
||||
is only recommended when <command>systemd-notify</command> is spawned by the service manager, or when
|
||||
the invoking process is directly spawned by the service manager and has enough privileges to allow
|
||||
<command>systemd-notify</command> to send the notification on its behalf. Sending notifications with
|
||||
this option set is prone to race conditions in all other cases.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
|
|||
|
|
@ -348,16 +348,17 @@
|
|||
terminated. When the mode parameter is specified as <option>no</option> (the default), the whole OS tree is
|
||||
made available writable (unless <option>--read-only</option> is specified, see above).</para>
|
||||
|
||||
<para>Note that if one of the volatile modes is chosen, its effect is limited to the root file system (or
|
||||
<filename>/var/</filename> in case of <option>state</option>), and any other mounts placed in the hierarchy are
|
||||
unaffected — regardless if they are established automatically (e.g. the EFI system partition that might be
|
||||
mounted to <filename>/efi/</filename> or <filename>/boot/</filename>) or explicitly (e.g. through an additional
|
||||
command line option such as <option>--bind=</option>, see below). This means, even if
|
||||
<option>--volatile=overlay</option> is used changes to <filename>/efi/</filename> or
|
||||
<filename>/boot/</filename> are prohibited in case such a partition exists in the container image operated on,
|
||||
and even if <option>--volatile=state</option> is used the hypothetical file <filename>/etc/foobar</filename> is
|
||||
potentially writable if <option>--bind=/etc/foobar</option> if used to mount it from outside the read-only
|
||||
container <filename>/etc</filename> directory.</para>
|
||||
<para>Note that if one of the volatile modes is chosen, its effect is limited to the root file system
|
||||
(or <filename>/var/</filename> in case of <option>state</option>), and any other mounts placed in the
|
||||
hierarchy are unaffected — regardless if they are established automatically (e.g. the EFI system
|
||||
partition that might be mounted to <filename>/efi/</filename> or <filename>/boot/</filename>) or
|
||||
explicitly (e.g. through an additional command line option such as <option>--bind=</option>, see
|
||||
below). This means, even if <option>--volatile=overlay</option> is used changes to
|
||||
<filename>/efi/</filename> or <filename>/boot/</filename> are prohibited in case such a partition
|
||||
exists in the container image operated on, and even if <option>--volatile=state</option> is used the
|
||||
hypothetical file <filename index="false">/etc/foobar</filename> is potentially writable if
|
||||
<option>--bind=/etc/foobar</option> if used to mount it from outside the read-only container
|
||||
<filename>/etc</filename> directory.</para>
|
||||
|
||||
<para>The <option>--ephemeral</option> option is closely related to this setting, and provides similar
|
||||
behaviour by making a temporary, ephemeral copy of the whole OS image and executing that. For further details,
|
||||
|
|
@ -404,24 +405,20 @@
|
|||
<literal>user.verity.usrhash</literal> extended file attribute or via a <filename>.usrhash</filename>
|
||||
file adjacent to the disk image, following the same format and logic as for the root hash for the
|
||||
root file system described here. Note that there's currently no switch to configure the root hash for
|
||||
the <filename>/usr/</filename> from the command line.</para></listitem>
|
||||
the <filename>/usr/</filename> from the command line.</para>
|
||||
|
||||
<para>Also see the <varname>RootHash=</varname> option in
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--root-hash-sig=</option></term>
|
||||
|
||||
<listitem><para>Takes a PKCS7 formatted binary signature of the <option>--root-hash=</option> option as a path
|
||||
to a DER encoded signature file or as an ASCII base64 string encoding of the DER encoded signature, prefixed
|
||||
by <literal>base64:</literal>. The dm-verity volume will only be opened if the signature of the root hash hex
|
||||
string is valid and done by a public key present in the kernel keyring. If this option is not specified, but a
|
||||
file with the <filename>.roothash.p7s</filename> suffix is found next to the image file, bearing otherwise the
|
||||
same name (except if the image has the <filename>.raw</filename> suffix, in which case the signature file must
|
||||
not have it in its name), the signature is read from it and automatically used.</para>
|
||||
|
||||
<para>The root hash for the <filename>/usr/</filename> file system included in a disk image may be
|
||||
configured via a <filename>.usrhash.p7s</filename> file adjacent to the disk image. There's currently
|
||||
no switch to configure the signature of the root hash of the <filename>/usr/</filename> file system
|
||||
from the command line.</para></listitem>
|
||||
<listitem><para>Takes a PKCS7 signature of the <option>--root-hash=</option> option.
|
||||
The semantics are the same as for the <varname>RootHashSignature=</varname> option, see
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
|||
|
|
@ -212,9 +212,9 @@
|
|||
receives any DNS traffic not matching any of its configured search/route-only domains, set the "DNS
|
||||
default route" option for it to false.</para>
|
||||
|
||||
<para>See the <ulink url="https://www.freedesktop.org/wiki/Software/systemd/resolved">resolved D-Bus API
|
||||
Documentation</ulink> for information about the APIs <filename>systemd-resolved</filename> provides.
|
||||
</para>
|
||||
<para>See
|
||||
<citerefentry><refentrytitle>org.freedesktop.resolve1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for information about the D-Bus APIs <filename>systemd-resolved</filename> provides.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
|
|||
|
|
@ -231,13 +231,14 @@
|
|||
<varlistentry>
|
||||
<term><varname>RootHashSignature=</varname></term>
|
||||
|
||||
<listitem><para>Takes a PKCS7 formatted binary signature of the <varname>RootHash=</varname> option as a path
|
||||
to a DER encoded signature file or as an ASCII base64 string encoding of the DER encoded signature, prefixed
|
||||
by <literal>base64:</literal>. The dm-verity volume will only be opened if the signature of the root hash
|
||||
signature is valid and created by a public key present in the kernel keyring. If this option is not specified,
|
||||
but a file with the <filename>.roothash.p7s</filename> suffix is found next to the image file, bearing otherwise
|
||||
the same name (except if the image has the <filename>.raw</filename> suffix, in which case the signature file
|
||||
must not have it in its name), the signature is read from it and automatically used.</para>
|
||||
<listitem><para>Takes a PKCS7 signature of the <varname>RootHash=</varname> option as a path to a
|
||||
DER-encoded signature file, or as an ASCII base64 string encoding of a DER-encoded signature prefixed
|
||||
by <literal>base64:</literal>. The dm-verity volume will only be opened if the signature of the root
|
||||
hash is valid and signed by a public key present in the kernel keyring. If this option is not
|
||||
specified, but a file with the <filename>.roothash.p7s</filename> suffix is found next to the image
|
||||
file, bearing otherwise the same name (except if the image has the <filename>.raw</filename> suffix,
|
||||
in which case the signature file must not have it in its name), the signature is read from it and
|
||||
automatically used.</para>
|
||||
|
||||
<para>If the disk image contains a separate <filename>/usr/</filename> partition it may also be
|
||||
Verity protected, in which case the signature for the root hash may configured via a
|
||||
|
|
@ -681,7 +682,7 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
|
|||
<listitem><para>Takes a profile name as argument. The process executed by the unit will switch to
|
||||
this profile when started. Profiles must already be loaded in the kernel, or the unit will fail. If
|
||||
prefixed by <literal>-</literal>, all errors will be ignored. This setting has no effect if AppArmor
|
||||
is not enabled. This setting not affect commands prefixed with <literal>+</literal>.</para>
|
||||
is not enabled. This setting does not affect commands prefixed with <literal>+</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
@ -1025,10 +1026,12 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
|
|||
<varlistentry>
|
||||
<term><varname>CPUSchedulingResetOnFork=</varname></term>
|
||||
|
||||
<listitem><para>Takes a boolean argument. If true, elevated CPU scheduling priorities and policies will be
|
||||
reset when the executed processes fork, and can hence not leak into child processes. See
|
||||
<citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
|
||||
details. Defaults to false.</para></listitem>
|
||||
<listitem><para>Takes a boolean argument. If true, elevated CPU scheduling priorities and policies
|
||||
will be reset when the executed processes call
|
||||
<citerefentry project='man-pages'><refentrytitle>fork</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
|
||||
and can hence not leak into child processes. See
|
||||
<citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
|
||||
for details. Defaults to false.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -1167,12 +1170,12 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
|
|||
<term><varname>LogsDirectory=</varname></term>
|
||||
<term><varname>ConfigurationDirectory=</varname></term>
|
||||
|
||||
<listitem><para>These options take a whitespace-separated list of directory names. The specified directory
|
||||
names must be relative, and may not include <literal>..</literal>. If set, one or more
|
||||
directories by the specified names will be created (including their parents) below the locations
|
||||
defined in the following table, when the unit is started. Also, the corresponding environment variable
|
||||
is defined with the full path of directories. If multiple directories are set, then in the environment variable
|
||||
the paths are concatenated with colon (<literal>:</literal>).</para>
|
||||
<listitem><para>These options take a whitespace-separated list of directory names. The specified
|
||||
directory names must be relative, and may not include <literal>..</literal>. If set, when the unit is
|
||||
started, one or more directories by the specified names will be created (including their parents)
|
||||
below the locations defined in the following table. Also, the corresponding environment variable will
|
||||
be defined with the full paths of the directories. If multiple directories are set, then in the
|
||||
environment variable the paths are concatenated with colon (<literal>:</literal>).</para>
|
||||
<table>
|
||||
<title>Automatic directory creation and environment variables</title>
|
||||
<tgroup cols='4'>
|
||||
|
|
@ -1275,7 +1278,7 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
|
|||
|
||||
<para>Example: if a system service unit has the following,
|
||||
<programlisting>RuntimeDirectory=foo/bar baz</programlisting>
|
||||
the service manager creates <filename>/run/foo</filename> (if it does not exist),
|
||||
the service manager creates <filename index='false'>/run/foo</filename> (if it does not exist),
|
||||
|
||||
<filename index='false'>/run/foo/bar</filename>, and <filename index='false'>/run/baz</filename>. The
|
||||
directories <filename index='false'>/run/foo/bar</filename> and
|
||||
|
|
@ -1334,10 +1337,10 @@ StateDirectory=aaa/bbb ccc</programlisting>
|
|||
<term><varname>ReadOnlyPaths=</varname></term>
|
||||
<term><varname>InaccessiblePaths=</varname></term>
|
||||
|
||||
<listitem><para>Sets up a new file system namespace for executed processes. These options may be used to limit
|
||||
access a process might have to the file system hierarchy. Each setting takes a space-separated list of paths
|
||||
relative to the host's root directory (i.e. the system running the service manager). Note that if paths
|
||||
contain symlinks, they are resolved relative to the root directory set with
|
||||
<listitem><para>Sets up a new file system namespace for executed processes. These options may be used
|
||||
to limit access a process has to the file system. Each setting takes a space-separated list of paths
|
||||
relative to the host's root directory (i.e. the system running the service manager). Note that if
|
||||
paths contain symlinks, they are resolved relative to the root directory set with
|
||||
<varname>RootDirectory=</varname>/<varname>RootImage=</varname>.</para>
|
||||
|
||||
<para>Paths listed in <varname>ReadWritePaths=</varname> are accessible from within the namespace
|
||||
|
|
@ -2960,8 +2963,8 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
|
|||
<varlistentry>
|
||||
<term><varname>$LOG_NAMESPACE</varname></term>
|
||||
|
||||
<listitem><para>If the <varname>LogNamespace=</varname> service setting is used, contains name of the
|
||||
selected logging namespace.</para></listitem>
|
||||
<listitem><para>Contains the name of the selected logging namespace when the
|
||||
<varname>LogNamespace=</varname> service setting is used.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -3623,7 +3626,8 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
|
|||
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry project='man-pages'><refentrytitle>exec</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||||
<citerefentry project='man-pages'><refentrytitle>exec</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||
<citerefentry project='man-pages'><refentrytitle>fork</refentrytitle><manvolnum>2</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
|
|
|||
|
|
@ -149,6 +149,13 @@
|
|||
<literal>file:/</literal>, <literal>man:</literal> or <literal>info:</literal> URL.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>TID=</varname></term>
|
||||
<listitem>
|
||||
<para>The numeric thread ID (TID) the log message originates from.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
|
@ -212,12 +219,10 @@
|
|||
<term><varname>_SYSTEMD_OWNER_UID=</varname></term>
|
||||
|
||||
<listitem>
|
||||
<para>The control group path in the systemd hierarchy, the
|
||||
the systemd slice unit name, the systemd unit name, the
|
||||
unit name in the systemd user manager (if any), the systemd
|
||||
session ID (if any), and the owner UID of the systemd user
|
||||
unit or systemd session (if any) of the process the journal
|
||||
entry originates from.</para>
|
||||
<para>The control group path in the systemd hierarchy, the systemd slice unit name, the systemd
|
||||
unit name, the unit name in the systemd user manager (if any), the systemd session ID (if any), and
|
||||
the owner UID of the systemd user unit or systemd session (if any) of the process the journal entry
|
||||
originates from.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
@ -391,15 +396,12 @@
|
|||
<varlistentry>
|
||||
<term><varname>_KERNEL_DEVICE=</varname></term>
|
||||
<listitem>
|
||||
<para>The kernel device name. If the entry is associated to
|
||||
a block device, the major and minor of the device node,
|
||||
separated by <literal>:</literal> and prefixed by
|
||||
<literal>b</literal>. Similar for character devices but
|
||||
prefixed by <literal>c</literal>. For network devices, this
|
||||
is the interface index prefixed by <literal>n</literal>. For
|
||||
all other devices, this is the subsystem name prefixed by
|
||||
<literal>+</literal>, followed by <literal>:</literal>,
|
||||
followed by the kernel device name.</para>
|
||||
<para>The kernel device name. If the entry is associated to a block device, contains the major and
|
||||
minor numbers of the device node, separated by <literal>:</literal> and prefixed by
|
||||
<literal>b</literal>. Similarly for character devices, but prefixed by <literal>c</literal>. For
|
||||
network devices, this is the interface index prefixed by <literal>n</literal>. For all other
|
||||
devices, this is the subsystem name prefixed by <literal>+</literal>, followed by
|
||||
<literal>:</literal>, followed by the kernel device name.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
|
|
|||
|
|
@ -523,9 +523,8 @@
|
|||
<refsect1>
|
||||
<title>[MACVTAP] Section Options</title>
|
||||
|
||||
<para>The [MACVTAP] section applies for
|
||||
netdevs of kind <literal>macvtap</literal> and accepts the
|
||||
same key as [MACVLAN].</para>
|
||||
<para>The [MACVTAP] section applies for netdevs of kind <literal>macvtap</literal> and accepts the same
|
||||
keys as [MACVLAN].</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
@ -558,9 +557,8 @@
|
|||
<refsect1>
|
||||
<title>[IPVTAP] Section Options</title>
|
||||
|
||||
<para>The [IPVTAP] section only applies for
|
||||
netdevs of kind <literal>ipvtap</literal> and accepts the
|
||||
same key as [IPVLAN].</para>
|
||||
<para>The [IPVTAP] section only applies for netdevs of kind <literal>ipvtap</literal> and accepts the
|
||||
same keys as [IPVLAN].</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
@ -818,7 +816,7 @@
|
|||
<varlistentry>
|
||||
<term><varname>IPDoNotFragment=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in [VXLAN] section.</para>
|
||||
<para>Accepts the same key as in [VXLAN] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
|
@ -876,8 +874,8 @@
|
|||
<term><varname>PeerTunnelId=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the peer tunnel id. Takes a number in the range 1—4294967295. The value used must
|
||||
match the <literal>PeerTunnelId=</literal> value being used at the peer. This setting is
|
||||
compulsory.</para>
|
||||
match the <literal>TunnelId=</literal> value being used at the peer. This setting is compulsory.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
|
@ -1100,43 +1098,43 @@
|
|||
<varlistentry>
|
||||
<term><varname>Port=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in [MACsecReceiveChannel] section.</para>
|
||||
<para>Accepts the same key as in [MACsecReceiveChannel] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>MACAddress=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in [MACsecReceiveChannel] section.</para>
|
||||
<para>Accepts the same key as in [MACsecReceiveChannel] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>PacketNumber=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
|
||||
<para>Accepts the same key as in [MACsecTransmitAssociation] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>KeyId=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
|
||||
<para>Accepts the same key as in [MACsecTransmitAssociation] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>Key=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
|
||||
<para>Accepts the same key as in [MACsecTransmitAssociation] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>KeyFile=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
|
||||
<para>Accepts the same key as in [MACsecTransmitAssociation] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>Activate=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in [MACsecTransmitAssociation] section.</para>
|
||||
<para>Accepts the same key as in [MACsecTransmitAssociation] section.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
|
@ -1379,7 +1377,7 @@
|
|||
<para>Specifies the encapsulation mechanism used to store networking packets of various protocols
|
||||
inside the UDP packets. Supports the following values:
|
||||
|
||||
<literal>FooOverUDP</literal> provides the simplest no frills model of UDP encapsulation, it simply
|
||||
<literal>FooOverUDP</literal> provides the simplest no-frills model of UDP encapsulation, it simply
|
||||
encapsulates packets directly in the UDP payload. <literal>GenericUDPEncapsulation</literal> is a
|
||||
generic and extensible encapsulation, it allows encapsulation of packets for any IP protocol and
|
||||
optional data as part of the encapsulation. For more detailed information see <ulink
|
||||
|
|
@ -1391,10 +1389,9 @@
|
|||
<varlistentry>
|
||||
<term><varname>Port=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the port number, where the IP encapsulation packets will arrive. Please take note
|
||||
that the packets will arrive with the encapsulation will be removed. Then they will be manually fed
|
||||
back into the network stack, and sent ahead for delivery to the real destination. This option is
|
||||
mandatory.</para>
|
||||
<para>Specifies the port number where the encapsulated packets will arrive. Those packets will be
|
||||
removed and manually fed back into the network stack with the encapsulation removed to be sent to
|
||||
the real destination. This option is mandatory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
|
|
|||
|
|
@ -1389,21 +1389,22 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
|
|||
<varlistentry>
|
||||
<term><varname>InitialCongestionWindow=</varname></term>
|
||||
<listitem>
|
||||
<para>The TCP initial congestion window is used during the start of a TCP connection. During the start of a TCP
|
||||
session, when a client requests a resource, the server's initial congestion window determines how many data bytes
|
||||
will be sent during the initial burst of data. Takes a size in bytes between 1 and 4294967295 (2^32 - 1). The usual
|
||||
suffixes K, M, G are supported and are understood to the base of 1024. When unset, the kernel's default will be used.
|
||||
</para>
|
||||
<para>The TCP initial congestion window is used during the start of a TCP connection.
|
||||
During the start of a TCP session, when a client requests a resource, the server's initial
|
||||
congestion window determines how many packets will be sent during the initial burst of data
|
||||
without waiting for acknowledgement. Takes a number between 1 and 1023. Note that 100 is
|
||||
considered an extremely large value for this option. When unset, the kernel's default
|
||||
(typically 10) will be used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>InitialAdvertisedReceiveWindow=</varname></term>
|
||||
<listitem>
|
||||
<para>The TCP initial advertised receive window is the amount of receive data (in bytes) that can initially be buffered at one time
|
||||
on a connection. The sending host can send only that amount of data before waiting for an acknowledgment and window update
|
||||
from the receiving host. Takes a size in bytes between 1 and 4294967295 (2^32 - 1). The usual suffixes K, M, G are supported
|
||||
and are understood to the base of 1024. When unset, the kernel's default will be used.
|
||||
</para>
|
||||
<para>The TCP initial advertised receive window is the amount of receive data (in bytes)
|
||||
that can initially be buffered at one time on a connection. The sending host can send only
|
||||
that amount of data before waiting for an acknowledgment and window update from the
|
||||
receiving host. Takes a number between 1 and 1023. Note that 100 is considered an extremely
|
||||
large value for this option. When unset, the kernel's default will be used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
|
@ -1548,11 +1549,16 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
|
|||
<varlistentry>
|
||||
<term><varname>MUDURL=</varname></term>
|
||||
<listitem>
|
||||
<para>When configured, the Manufacturer Usage Descriptions (MUD) URL will be sent to the
|
||||
DHCPv4 server. Takes an URL of length up to 255 characters. A superficial verification that
|
||||
the string is a valid URL will be performed. DHCPv4 clients are intended to have at most one
|
||||
MUD URL associated with them. See
|
||||
<ulink url="https://tools.ietf.org/html/rfc8520">RFC 8520</ulink>.</para>
|
||||
<para>When configured, the specified Manufacturer Usage Description (MUD) URL will be sent to the
|
||||
DHCPv4 server. Takes a URL of length up to 255 characters. A superficial verification that the
|
||||
string is a valid URL will be performed. DHCPv4 clients are intended to have at most one MUD URL
|
||||
associated with them. See <ulink url="https://tools.ietf.org/html/rfc8520">RFC 8520</ulink>.
|
||||
</para>
|
||||
|
||||
<para>MUD is an embedded software standard defined by the IETF that allows IoT device makers to
|
||||
advertise device specifications, including the intended communication patterns for their device
|
||||
when it connects to the network. The network can then use this to author a context-specific
|
||||
access policy, so the device functions only within those parameters.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
@ -1847,18 +1853,18 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
|
|||
<varlistentry>
|
||||
<term><varname>MUDURL=</varname></term>
|
||||
<listitem>
|
||||
<para>When configured, the Manufacturer Usage Descriptions (MUD) URL will be sent to the DHCPV6 server.
|
||||
Takes an URL of length up to 255 characters. A superficial verification that the string is a valid URL
|
||||
will be performed. DHCPv6 clients are intended to have at most one MUD URL associated with them. See
|
||||
<ulink url="https://tools.ietf.org/html/rfc8520">RFC 8520</ulink>.</para>
|
||||
<para>When configured, the specified Manufacturer Usage Description (MUD) URL will be sent to
|
||||
the DHCPV6 server. The syntax and semantics are the same as for <varname>MUDURL=</varname> in the
|
||||
[DHCPv4] section described above.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>RequestOptions=</varname></term>
|
||||
<listitem>
|
||||
<para>When configured, allows to set arbitrary request options in the DHCPv6 request options list and will
|
||||
sent to the DHCPV6 server. A whitespace-separated list of integers in the range 1..254. Defaults to unset.</para>
|
||||
<para>When configured, allows to set arbitrary request options in the DHCPv6 request options list
|
||||
that will be sent to the DHCPV6 server. A whitespace-separated list of integers in the range
|
||||
1..254. Defaults to unset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
@ -2049,8 +2055,8 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
|
|||
<varlistentry>
|
||||
<term><varname>UseOnLinkPrefix=</varname></term>
|
||||
<listitem>
|
||||
<para>When true (the default), the onlink prefix received in the Router Advertisement will be used and take
|
||||
precedence over any statically configured ones.</para>
|
||||
<para>When true (the default), the onlink prefix received in the Router Advertisement will be
|
||||
used and takes precedence over any statically configured ones.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
@ -2562,19 +2568,16 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
|
|||
<refsect1>
|
||||
<title>[LLDP] Section Options</title>
|
||||
<para>The [LLDP] section manages the Link Layer Discovery Protocol (LLDP) and accepts the following
|
||||
keys.</para>
|
||||
keys:</para>
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
<term><varname>MUDURL=</varname></term>
|
||||
<listitem>
|
||||
<para>Controls support for Ethernet LLDP packet's Manufacturer Usage Description (MUD). MUD is an embedded software
|
||||
standard defined by the IETF that allows IoT Device makers to advertise device specifications, including the intended
|
||||
communication patterns for their device when it connects to the network. The network can then use this intent to author
|
||||
a context-specific access policy, so the device functions only within those parameters. Takes an URL of length up to 255
|
||||
characters. A superficial verification that the string is a valid URL
|
||||
will be performed. See
|
||||
<ulink url="https://tools.ietf.org/html/rfc8520">RFC 8520</ulink> for details. The MUD URL received
|
||||
from the LLDP packets will be saved at the state files and can be read via
|
||||
<para>When configured, the specified Manufacturer Usage Descriptions (MUD) URL will be sent in
|
||||
LLDP packets. The syntax and semantics are the same as for <varname>MUDURL=</varname> in the
|
||||
[DHCPv4] section described above.</para>
|
||||
|
||||
<para>The MUD URLs received via LLDP packets are saved and can be read using the
|
||||
<function>sd_lldp_neighbor_get_mud_url()</function> function.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
|
@ -2892,11 +2895,11 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
|
|||
<varlistentry>
|
||||
<term><varname>LimitBytes=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the hard limit on the FIFO size in bytes. The size limit (a buffer size) to prevent
|
||||
it from overflowing in case it is unable to dequeue packets as quickly as it receives them. When
|
||||
this limit is reached, incoming packets are dropped. When suffixed with K, M, or G, the specified
|
||||
size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults
|
||||
to unset and kernel's default is used.</para>
|
||||
<para>Specifies the hard limit in bytes on the FIFO buffer size. The size limit prevents overflow
|
||||
in case the kernel is unable to dequeue packets as quickly as it receives them. When this limit is
|
||||
reached, incoming packets are dropped. When suffixed with K, M, or G, the specified size is parsed
|
||||
as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and
|
||||
kernel default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
|
@ -3103,13 +3106,12 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
|
|||
<varlistentry>
|
||||
<term><varname>PriorityMap=</varname></term>
|
||||
<listitem>
|
||||
<para>The priority map maps the priority of a packet to a band. The argument is a white-space
|
||||
separated list of numbers. The first number indicates which band the packets with priority
|
||||
0 should be put to, the second is for priority 1, and so on. There can be up to 16 numbers in
|
||||
the list. If there are fewer, the default band that traffic with one of the unmentioned
|
||||
priorities goes to is the last one. Each band number must be 0..255. This setting can be
|
||||
specified multiple times. If an empty string is assigned, then the all previous assignments
|
||||
are cleared.</para>
|
||||
<para>The priority map maps the priority of a packet to a band. The argument is a whitespace
|
||||
separated list of numbers. The first number indicates which band the packets with priority 0 should
|
||||
be put to, the second is for priority 1, and so on. There can be up to 16 numbers in the list. If
|
||||
there are fewer, the default band that traffic with one of the unmentioned priorities goes to is
|
||||
the last one. Each band number must be in the range 0..255. This setting can be specified multiple
|
||||
times. If an empty string is assigned, then the all previous assignments are cleared.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
|
|
|||
|
|
@ -126,8 +126,8 @@
|
|||
script exits uncleanly (by non-zero error code, or signal/coredump). If your script succeeds
|
||||
you should trigger the reboot in your own code, for example by invoking logind's
|
||||
<command>Reboot()</command> call or calling <command>systemctl reboot</command>. See
|
||||
<ulink url="https://www.freedesktop.org/wiki/Software/systemd/logind">logind dbus API</ulink>
|
||||
for details.</para>
|
||||
<citerefentry><refentrytitle>org.freedesktop.login1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for details about the logind D-Bus API.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
|
|
|
|||
|
|
@ -1307,7 +1307,7 @@ ls</programlisting>
|
|||
<title>Simple service</title>
|
||||
|
||||
<para>The following unit file creates a service that will
|
||||
execute <filename>/usr/sbin/foo-daemon</filename>. Since no
|
||||
execute <filename index="false">/usr/sbin/foo-daemon</filename>. Since no
|
||||
<varname>Type=</varname> is specified, the default
|
||||
<varname>Type=</varname><option>simple</option> will be assumed.
|
||||
systemd will assume the unit to be started immediately after the
|
||||
|
|
|
|||
|
|
@ -299,7 +299,7 @@
|
|||
url="https://www.kernel.org/doc/Documentation/usb/functionfs.txt">USB
|
||||
FunctionFS</ulink> endpoints location to listen on, for
|
||||
implementation of USB gadget functions. This expects an
|
||||
absolute file system path of FunctionFS mount point as the argument.
|
||||
absolute file system path of a FunctionFS mount point as the argument.
|
||||
Behavior otherwise is very similar to the <varname>ListenFIFO=</varname>
|
||||
directive above. Use this to open the FunctionFS endpoint
|
||||
<filename>ep0</filename>. When using this option, the
|
||||
|
|
|
|||
|
|
@ -862,8 +862,8 @@
|
|||
pulled in via a <option>Wants=</option> dependency of the storage daemon and thus generally not be
|
||||
part of any transaction unless a storage daemon is used. The instance name for instances of this
|
||||
template unit must be a properly escaped block device node path, e.g.
|
||||
<filename>blockdev@dev-mapper-foobar.target</filename> for the storage device
|
||||
<filename>/dev/mapper/foobar</filename>.</para></listitem>
|
||||
<filename index="false">blockdev@dev-mapper-foobar.target</filename> for the storage device
|
||||
<filename index="false">/dev/mapper/foobar</filename>.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><filename>cryptsetup-pre.target</filename></term>
|
||||
|
|
@ -1162,7 +1162,7 @@
|
|||
<citerefentry><refentrytitle>systemd-xdg-autostart-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
for the XDG desktop files in autostart directories.
|
||||
Desktop Environments can opt-in to use this service by adding a <varname>Wants=</varname>
|
||||
dependency on <literal>xdg-desktop-autostart.target</literal></para>.
|
||||
dependency on <literal>xdg-desktop-autostart.target</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
|
|
|||
|
|
@ -279,7 +279,7 @@
|
|||
<para>When the input qualifies as absolute file system path, this algorithm is extended slightly: the path to the
|
||||
root directory <literal>/</literal> is encoded as single dash <literal>-</literal>. In addition, any leading,
|
||||
trailing or duplicate <literal>/</literal> characters are removed from the string before transformation. Example:
|
||||
<filename>/foo//bar/baz/</filename> becomes <literal>foo-bar-baz</literal>.</para>
|
||||
<filename index="false">/foo//bar/baz/</filename> becomes <literal>foo-bar-baz</literal>.</para>
|
||||
|
||||
<para>This escaping is fully reversible, as long as it is known whether the escaped string was a path (the
|
||||
unescaping results are different for paths and non-path strings). The
|
||||
|
|
@ -1922,7 +1922,7 @@ ExecStart=/usr/sbin/foo-daemon
|
|||
|
||||
<para>After running <command>systemctl enable</command>, a
|
||||
symlink
|
||||
<filename>/etc/systemd/system/multi-user.target.wants/foo.service</filename>
|
||||
<filename index="false">/etc/systemd/system/multi-user.target.wants/foo.service</filename>
|
||||
linking to the actual unit will be created. It tells systemd to
|
||||
pull in the unit when starting
|
||||
<filename>multi-user.target</filename>. The inverse
|
||||
|
|
|
|||
|
|
@ -613,37 +613,38 @@
|
|||
<variablelist class='environment-variables'>
|
||||
<varlistentry>
|
||||
<term><varname>$SYSTEMD_LOG_COLOR</varname></term>
|
||||
<listitem><para>Controls whether systemd highlights important
|
||||
log messages. This can be overridden with
|
||||
<option>--log-color</option>.</para></listitem>
|
||||
<listitem><para>Controls whether systemd highlights important log messages. This can be overridden
|
||||
with <option>--log-color=</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>$SYSTEMD_LOG_LEVEL</varname></term>
|
||||
<listitem><para>systemd reads the log level from this
|
||||
environment variable. This can be overridden with
|
||||
<option>--log-level=</option>.</para></listitem>
|
||||
<listitem><para>systemd reads the log level from this environment variable. This can be overridden
|
||||
with <option>--log-level=</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>$SYSTEMD_LOG_LOCATION</varname></term>
|
||||
<listitem><para>Controls whether systemd prints the code
|
||||
location along with log messages. This can be overridden with
|
||||
<option>--log-location</option>.</para></listitem>
|
||||
<listitem><para>Controls whether systemd prints the code location along with log messages. This can
|
||||
be overridden with <option>--log-location=</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>$SYSTEMD_LOG_TARGET</varname></term>
|
||||
<listitem><para>systemd reads the log target from this
|
||||
environment variable. This can be overridden with
|
||||
<option>--log-target=</option>.</para></listitem>
|
||||
<listitem><para>systemd reads the log target from this environment variable. This can be overridden
|
||||
with <option>--log-target=</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>$SYSTEMD_LOG_TIME</varname></term>
|
||||
<listitem><para>Controls whether systemd prefixes log
|
||||
messages with the current time. This can be overridden with
|
||||
<option>--log-time=</option>.</para></listitem>
|
||||
<listitem><para>Controls whether systemd prefixes log messages with the current time. This can be
|
||||
overridden with <option>--log-time=</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>$SYSTEMD_LOG_TID</varname></term>
|
||||
<listitem><para>Controls whether systemd prefixes log messages with the current thread ID
|
||||
(TID).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -669,7 +670,7 @@
|
|||
<para>These variables may contain a list of paths, separated by colons
|
||||
(<literal>:</literal>). When set, if the list ends with an empty
|
||||
component (<literal>...:</literal>), this list is prepended to the
|
||||
usual set of of paths. Otherwise, the specified list replaces the usual
|
||||
usual set of paths. Otherwise, the specified list replaces the usual
|
||||
set of paths.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
|
@ -844,16 +845,15 @@
|
|||
<term><varname>systemd.log_location</varname></term>
|
||||
<term><varname>systemd.log_target=</varname></term>
|
||||
<term><varname>systemd.log_time</varname></term>
|
||||
<term><varname>systemd.log_tid</varname></term>
|
||||
|
||||
<listitem><para>Controls log output, with the same effect as the
|
||||
<varname>$SYSTEMD_LOG_COLOR</varname>,
|
||||
<varname>$SYSTEMD_LOG_LEVEL</varname>,
|
||||
<varname>$SYSTEMD_LOG_LOCATION</varname>,
|
||||
<varname>$SYSTEMD_LOG_TARGET</varname>,
|
||||
<varname>$SYSTEMD_LOG_TIME</varname>, environment variables described above.
|
||||
<varname>systemd.log_color</varname>, <varname>systemd.log_location</varname>, and
|
||||
<varname>systemd.log_time</varname> can be specified without an argument, with the
|
||||
same effect as a positive boolean.</para></listitem>
|
||||
<varname>$SYSTEMD_LOG_COLOR</varname>, <varname>$SYSTEMD_LOG_LEVEL</varname>,
|
||||
<varname>$SYSTEMD_LOG_LOCATION</varname>, <varname>$SYSTEMD_LOG_TARGET</varname>,
|
||||
<varname>$SYSTEMD_LOG_TIME</varname>, and <varname>$SYSTEMD_LOG_TID</varname> environment variables
|
||||
described above. <varname>systemd.log_color</varname>, <varname>systemd.log_location</varname>,
|
||||
<varname>systemd.log_time</varname>, and <varname>systemd.log_tid=</varname> can be specified without
|
||||
an argument, with the same effect as a positive boolean.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -1084,18 +1084,18 @@
|
|||
<para>Those options correspond directly to options listed above in "Kernel Command Line". Both forms
|
||||
may be used equivalently for the system manager, but it is recommended to use the forms listed above in
|
||||
this context, because they are properly namespaced. When an option is specified both on the kernel
|
||||
command line, and as a normal command line argument, the latter has higher precedence.</para>
|
||||
command line and as a normal command line argument, the latter has higher precedence.</para>
|
||||
|
||||
<para>When <command>systemd</command> is used as a user manager, the kernel command line is ignored and
|
||||
the options described are understood. Nevertheless, <command>systemd</command> is usually started in
|
||||
this mode through the
|
||||
only the options described below are understood. Nevertheless, <command>systemd</command> is usually
|
||||
started in this mode through the
|
||||
<citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
service, which is shared between all users, and it may be more convenient to use configuration files to
|
||||
modify settings, see
|
||||
<citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
or a drop-in that specifies one of the environment variables listed above in the Environment section,
|
||||
see
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
modify settings (see
|
||||
<citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>),
|
||||
or a drop-in that specifies one of the environment variables listed above in the Environment section
|
||||
(see the discussion of <varname>Environment=</varname> and <varname>EnvironmentFile=</varname> in
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>).</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
|
|
|
|||
|
|
@ -35,6 +35,9 @@ for fun in session-status show-session activate lock-session unlock-session term
|
|||
_loginctl_$fun() {
|
||||
local -a _sys_all_sessions{,_descr}
|
||||
|
||||
_sys_all_sessions=( "self" )
|
||||
_sys_all_sessions_descr=( "self:alias for the current session" )
|
||||
|
||||
_loginctl_all_sessions
|
||||
for _ignore in $words[2,-1]; do
|
||||
_sys_all_sessions[(i)$_ignore]=()
|
||||
|
|
@ -81,6 +84,9 @@ done
|
|||
_loginctl_seats() {
|
||||
local -a _sys_all_seats{,_descr}
|
||||
|
||||
_sys_all_seats=( "self" )
|
||||
_sys_all_seats_descr=( "self:alias for the current seat" )
|
||||
|
||||
_loginctl_all_seats
|
||||
for _ignore in $words[2,-1]; do
|
||||
_sys_all_seats[(i)$_ignore]=()
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
#include "io-util.h"
|
||||
#include "log.h"
|
||||
#include "macro.h"
|
||||
#include "missing_syscall.h"
|
||||
#include "parse-util.h"
|
||||
#include "proc-cmdline.h"
|
||||
#include "process-util.h"
|
||||
|
|
@ -53,6 +54,7 @@ static bool syslog_is_stream = false;
|
|||
static bool show_color = false;
|
||||
static bool show_location = false;
|
||||
static bool show_time = false;
|
||||
static bool show_tid = false;
|
||||
|
||||
static bool upgrade_syslog_to_journal = false;
|
||||
static bool always_reopen_console = false;
|
||||
|
|
@ -360,8 +362,9 @@ static int write_to_console(
|
|||
|
||||
char location[256],
|
||||
header_time[FORMAT_TIMESTAMP_MAX],
|
||||
prefix[1 + DECIMAL_STR_MAX(int) + 2];
|
||||
struct iovec iovec[8] = {};
|
||||
prefix[1 + DECIMAL_STR_MAX(int) + 2],
|
||||
tid_string[3 + DECIMAL_STR_MAX(pid_t) + 1];
|
||||
struct iovec iovec[9];
|
||||
const char *on = NULL, *off = NULL;
|
||||
size_t n = 0;
|
||||
|
||||
|
|
@ -380,6 +383,11 @@ static int write_to_console(
|
|||
}
|
||||
}
|
||||
|
||||
if (show_tid) {
|
||||
xsprintf(tid_string, "(" PID_FMT ") ", gettid());
|
||||
iovec[n++] = IOVEC_MAKE_STRING(tid_string);
|
||||
}
|
||||
|
||||
if (show_color)
|
||||
get_log_colors(LOG_PRI(level), &on, &off, NULL);
|
||||
|
||||
|
|
@ -539,6 +547,7 @@ static int log_do_header(
|
|||
r = snprintf(header, size,
|
||||
"PRIORITY=%i\n"
|
||||
"SYSLOG_FACILITY=%i\n"
|
||||
"TID=" PID_FMT "\n"
|
||||
"%s%.256s%s" /* CODE_FILE */
|
||||
"%s%.*i%s" /* CODE_LINE */
|
||||
"%s%.256s%s" /* CODE_FUNC */
|
||||
|
|
@ -548,6 +557,7 @@ static int log_do_header(
|
|||
"SYSLOG_IDENTIFIER=%.256s\n",
|
||||
LOG_PRI(level),
|
||||
LOG_FAC(level),
|
||||
gettid(),
|
||||
isempty(file) ? "" : "CODE_FILE=",
|
||||
isempty(file) ? "" : file,
|
||||
isempty(file) ? "" : "\n",
|
||||
|
|
@ -1133,6 +1143,11 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
|
|||
if (log_show_location_from_string(value ?: "1") < 0)
|
||||
log_warning("Failed to parse log location setting '%s'. Ignoring.", value);
|
||||
|
||||
} else if (proc_cmdline_key_streq(key, "systemd.log_tid")) {
|
||||
|
||||
if (log_show_tid_from_string(value ?: "1") < 0)
|
||||
log_warning("Failed to parse log tid setting '%s'. Ignoring.", value);
|
||||
|
||||
} else if (proc_cmdline_key_streq(key, "systemd.log_time")) {
|
||||
|
||||
if (log_show_time_from_string(value ?: "1") < 0)
|
||||
|
|
@ -1177,6 +1192,10 @@ void log_parse_environment_cli_realm(LogRealm realm) {
|
|||
e = getenv("SYSTEMD_LOG_TIME");
|
||||
if (e && log_show_time_from_string(e) < 0)
|
||||
log_warning("Failed to parse log time '%s'. Ignoring.", e);
|
||||
|
||||
e = getenv("SYSTEMD_LOG_TID");
|
||||
if (e && log_show_tid_from_string(e) < 0)
|
||||
log_warning("Failed to parse log tid '%s'. Ignoring.", e);
|
||||
}
|
||||
|
||||
LogTarget log_get_target(void) {
|
||||
|
|
@ -1211,6 +1230,14 @@ bool log_get_show_time(void) {
|
|||
return show_time;
|
||||
}
|
||||
|
||||
void log_show_tid(bool b) {
|
||||
show_tid = b;
|
||||
}
|
||||
|
||||
bool log_get_show_tid(void) {
|
||||
return show_tid;
|
||||
}
|
||||
|
||||
int log_show_color_from_string(const char *e) {
|
||||
int t;
|
||||
|
||||
|
|
@ -1244,6 +1271,17 @@ int log_show_time_from_string(const char *e) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
int log_show_tid_from_string(const char *e) {
|
||||
int t;
|
||||
|
||||
t = parse_boolean(e);
|
||||
if (t < 0)
|
||||
return t;
|
||||
|
||||
log_show_tid(t);
|
||||
return 0;
|
||||
}
|
||||
|
||||
bool log_on_console(void) {
|
||||
if (IN_SET(log_target, LOG_TARGET_CONSOLE,
|
||||
LOG_TARGET_CONSOLE_PREFIXED))
|
||||
|
|
|
|||
|
|
@ -61,10 +61,13 @@ void log_show_location(bool b);
|
|||
bool log_get_show_location(void) _pure_;
|
||||
void log_show_time(bool b);
|
||||
bool log_get_show_time(void) _pure_;
|
||||
void log_show_tid(bool b);
|
||||
bool log_get_show_tid(void) _pure_;
|
||||
|
||||
int log_show_color_from_string(const char *e);
|
||||
int log_show_location_from_string(const char *e);
|
||||
int log_show_time_from_string(const char *e);
|
||||
int log_show_tid_from_string(const char *e);
|
||||
|
||||
LogTarget log_get_target(void) _pure_;
|
||||
int log_get_max_level_realm(LogRealm realm) _pure_;
|
||||
|
|
|
|||
|
|
@ -1844,7 +1844,28 @@ static int lock_all_homes(int argc, char *argv[], void *userdata) {
|
|||
|
||||
r = sd_bus_call(bus, m, HOME_SLOW_BUS_CALL_TIMEOUT_USEC, &error, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to lock home: %s", bus_error_message(&error, r));
|
||||
return log_error_errno(r, "Failed to lock all homes: %s", bus_error_message(&error, r));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int deactivate_all_homes(int argc, char *argv[], void *userdata) {
|
||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
|
||||
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
||||
int r;
|
||||
|
||||
r = acquire_bus(&bus);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = bus_message_new_method_call(bus, &m, bus_mgr, "DeactivateAllHomes");
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
|
||||
r = sd_bus_call(bus, m, HOME_SLOW_BUS_CALL_TIMEOUT_USEC, &error, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to deactivate all homes: %s", bus_error_message(&error, r));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -1902,6 +1923,7 @@ static int help(int argc, char *argv[], void *userdata) {
|
|||
" lock USER… Temporarily lock an active home area\n"
|
||||
" unlock USER… Unlock a temporarily locked home area\n"
|
||||
" lock-all Lock all suitable home areas\n"
|
||||
" deactivate-all Deactivate all active home areas\n"
|
||||
" with USER [COMMAND…] Run shell or command with access to a home area\n"
|
||||
"\n%4$sOptions:%5$s\n"
|
||||
" -h --help Show this help\n"
|
||||
|
|
@ -3328,21 +3350,22 @@ static int redirect_bus_mgr(void) {
|
|||
|
||||
static int run(int argc, char *argv[]) {
|
||||
static const Verb verbs[] = {
|
||||
{ "help", VERB_ANY, VERB_ANY, 0, help },
|
||||
{ "list", VERB_ANY, 1, VERB_DEFAULT, list_homes },
|
||||
{ "activate", 2, VERB_ANY, 0, activate_home },
|
||||
{ "deactivate", 2, VERB_ANY, 0, deactivate_home },
|
||||
{ "inspect", VERB_ANY, VERB_ANY, 0, inspect_home },
|
||||
{ "authenticate", VERB_ANY, VERB_ANY, 0, authenticate_home },
|
||||
{ "create", VERB_ANY, 2, 0, create_home },
|
||||
{ "remove", 2, VERB_ANY, 0, remove_home },
|
||||
{ "update", VERB_ANY, 2, 0, update_home },
|
||||
{ "passwd", VERB_ANY, 2, 0, passwd_home },
|
||||
{ "resize", 2, 3, 0, resize_home },
|
||||
{ "lock", 2, VERB_ANY, 0, lock_home },
|
||||
{ "unlock", 2, VERB_ANY, 0, unlock_home },
|
||||
{ "with", 2, VERB_ANY, 0, with_home },
|
||||
{ "lock-all", VERB_ANY, 1, 0, lock_all_homes },
|
||||
{ "help", VERB_ANY, VERB_ANY, 0, help },
|
||||
{ "list", VERB_ANY, 1, VERB_DEFAULT, list_homes },
|
||||
{ "activate", 2, VERB_ANY, 0, activate_home },
|
||||
{ "deactivate", 2, VERB_ANY, 0, deactivate_home },
|
||||
{ "inspect", VERB_ANY, VERB_ANY, 0, inspect_home },
|
||||
{ "authenticate", VERB_ANY, VERB_ANY, 0, authenticate_home },
|
||||
{ "create", VERB_ANY, 2, 0, create_home },
|
||||
{ "remove", 2, VERB_ANY, 0, remove_home },
|
||||
{ "update", VERB_ANY, 2, 0, update_home },
|
||||
{ "passwd", VERB_ANY, 2, 0, passwd_home },
|
||||
{ "resize", 2, 3, 0, resize_home },
|
||||
{ "lock", 2, VERB_ANY, 0, lock_home },
|
||||
{ "unlock", 2, VERB_ANY, 0, unlock_home },
|
||||
{ "with", 2, VERB_ANY, 0, with_home },
|
||||
{ "lock-all", VERB_ANY, 1, 0, lock_all_homes },
|
||||
{ "deactivate-all", VERB_ANY, 1, 0, deactivate_all_homes },
|
||||
{}
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -2482,6 +2482,50 @@ static int home_dispatch_lock_all(Home *h, Operation *o) {
|
|||
return 1;
|
||||
}
|
||||
|
||||
static int home_dispatch_deactivate_all(Home *h, Operation *o) {
|
||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||
int r;
|
||||
|
||||
assert(h);
|
||||
assert(o);
|
||||
assert(o->type == OPERATION_DEACTIVATE_ALL);
|
||||
|
||||
switch (home_get_state(h)) {
|
||||
|
||||
case HOME_UNFIXATED:
|
||||
case HOME_ABSENT:
|
||||
case HOME_INACTIVE:
|
||||
case HOME_DIRTY:
|
||||
log_info("Home %s is already deactivated.", h->user_name);
|
||||
r = 1; /* done */
|
||||
break;
|
||||
|
||||
case HOME_LOCKED:
|
||||
log_info("Home %s is currently locked, not deactivating.", h->user_name);
|
||||
r = 1; /* done */
|
||||
break;
|
||||
|
||||
case HOME_ACTIVE:
|
||||
log_info("Deactivating home %s.", h->user_name);
|
||||
r = home_deactivate_internal(h, false, &error);
|
||||
break;
|
||||
|
||||
default:
|
||||
/* All other cases means we are currently executing an operation, which means the job remains
|
||||
* pending. */
|
||||
return 0;
|
||||
}
|
||||
|
||||
assert(!h->current_operation);
|
||||
|
||||
if (r != 0) /* failure or completed */
|
||||
operation_result(o, r, &error);
|
||||
else /* ongoing */
|
||||
h->current_operation = operation_ref(o);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int home_dispatch_pipe_eof(Home *h, Operation *o) {
|
||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||
int r;
|
||||
|
|
@ -2579,6 +2623,7 @@ static int on_pending(sd_event_source *s, void *userdata) {
|
|||
[OPERATION_ACQUIRE] = home_dispatch_acquire,
|
||||
[OPERATION_RELEASE] = home_dispatch_release,
|
||||
[OPERATION_LOCK_ALL] = home_dispatch_lock_all,
|
||||
[OPERATION_DEACTIVATE_ALL] = home_dispatch_deactivate_all,
|
||||
[OPERATION_PIPE_EOF] = home_dispatch_pipe_eof,
|
||||
[OPERATION_DEACTIVATE_FORCE] = home_dispatch_deactivate_force,
|
||||
};
|
||||
|
|
|
|||
|
|
@ -591,7 +591,45 @@ static int method_lock_all_homes(sd_bus_message *message, void *userdata, sd_bus
|
|||
}
|
||||
|
||||
if (waiting) /* At least one lock operation was enqeued, let's leave here without a reply: it will
|
||||
* be sent as soon as the last of the lock operations completed. */
|
||||
* be sent as soon as the last of the lock operations completed. */
|
||||
return 1;
|
||||
|
||||
return sd_bus_reply_method_return(message, NULL);
|
||||
}
|
||||
|
||||
static int method_deactivate_all_homes(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
||||
_cleanup_(operation_unrefp) Operation *o = NULL;
|
||||
bool waiting = false;
|
||||
Manager *m = userdata;
|
||||
Home *h;
|
||||
int r;
|
||||
|
||||
assert(m);
|
||||
|
||||
/* This is called from systemd-homed-activate.service's ExecStop= command to ensure that all home
|
||||
* directories are shutdown before the system goes down. Note that we don't do this from
|
||||
* systemd-homed.service itself since we want to allow restarting of it without tearing down all home
|
||||
* directories. */
|
||||
|
||||
HASHMAP_FOREACH(h, m->homes_by_name) {
|
||||
|
||||
if (!o) {
|
||||
o = operation_new(OPERATION_DEACTIVATE_ALL, message);
|
||||
if (!o)
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
log_info("Automatically deactivating home of user %s.", h->user_name);
|
||||
|
||||
r = home_schedule_operation(h, o, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
waiting = true;
|
||||
}
|
||||
|
||||
if (waiting) /* At least one lock operation was enqeued, let's leave here without a reply: it will be
|
||||
* sent as soon as the last of the deactivation operations completed. */
|
||||
return 1;
|
||||
|
||||
return sd_bus_reply_method_return(message, NULL);
|
||||
|
|
@ -804,6 +842,7 @@ static const sd_bus_vtable manager_vtable[] = {
|
|||
|
||||
/* An operation that acts on all homes that allow it */
|
||||
SD_BUS_METHOD("LockAllHomes", NULL, NULL, method_lock_all_homes, 0),
|
||||
SD_BUS_METHOD("DeactivateAllHomes", NULL, NULL, method_deactivate_all_homes, 0),
|
||||
|
||||
SD_BUS_VTABLE_END
|
||||
};
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ typedef enum OperationType {
|
|||
OPERATION_ACQUIRE, /* enqueued on AcquireHome() */
|
||||
OPERATION_RELEASE, /* enqueued on ReleaseHome() */
|
||||
OPERATION_LOCK_ALL, /* enqueued on LockAllHomes() */
|
||||
OPERATION_DEACTIVATE_ALL, /* enqueued on DeactivateAllHomes() */
|
||||
OPERATION_PIPE_EOF, /* enqueued when we see EOF on the per-home reference pipes */
|
||||
OPERATION_DEACTIVATE_FORCE, /* enqueued on hard $HOME unplug */
|
||||
OPERATION_IMMEDIATE, /* this is never enqueued, it's just a marker we immediately started executing an operation without enqueuing anything first. */
|
||||
|
|
|
|||
|
|
@ -1266,6 +1266,7 @@ static int help(int argc, char *argv[], void *userdata) {
|
|||
" -H --host=[USER@]HOST Operate on remote host\n"
|
||||
" -M --machine=CONTAINER Operate on local container\n"
|
||||
" -p --property=NAME Show only properties by this name\n"
|
||||
" -P NAME Equivalent to --value --property=NAME\n"
|
||||
" -a --all Show all properties, including empty ones\n"
|
||||
" --value When showing properties, only print the value\n"
|
||||
" -l --full Do not ellipsize output\n"
|
||||
|
|
@ -1321,7 +1322,7 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
assert(argc >= 0);
|
||||
assert(argv);
|
||||
|
||||
while ((c = getopt_long(argc, argv, "hp:als:H:M:n:o:", options, NULL)) >= 0)
|
||||
while ((c = getopt_long(argc, argv, "hp:P:als:H:M:n:o:", options, NULL)) >= 0)
|
||||
|
||||
switch (c) {
|
||||
|
||||
|
|
@ -1331,6 +1332,10 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
case ARG_VERSION:
|
||||
return version();
|
||||
|
||||
case 'P':
|
||||
arg_value = true;
|
||||
_fallthrough_;
|
||||
|
||||
case 'p': {
|
||||
r = strv_extend(&arg_property, optarg);
|
||||
if (r < 0)
|
||||
|
|
|
|||
|
|
@ -1465,7 +1465,7 @@ int config_parse_tcp_window(
|
|||
|
||||
_cleanup_(route_free_or_set_invalidp) Route *n = NULL;
|
||||
Network *network = userdata;
|
||||
uint64_t k;
|
||||
uint32_t k;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
|
|
@ -1483,13 +1483,13 @@ int config_parse_tcp_window(
|
|||
return 0;
|
||||
}
|
||||
|
||||
r = parse_size(rvalue, 1024, &k);
|
||||
r = safe_atou32(rvalue, &k);
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, r,
|
||||
"Could not parse TCP %s \"%s\", ignoring assignment: %m", lvalue, rvalue);
|
||||
return 0;
|
||||
}
|
||||
if (k > UINT32_MAX) {
|
||||
if (k >= 1024) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||
"Specified TCP %s \"%s\" is too large, ignoring assignment: %m", lvalue, rvalue);
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -16,3 +16,4 @@
|
|||
|
||||
nameserver 127.0.0.53
|
||||
options edns0 trust-ad
|
||||
search .
|
||||
|
|
|
|||
|
|
@ -1662,6 +1662,7 @@ struct global_info {
|
|||
const char *mdns;
|
||||
const char *dns_over_tls;
|
||||
const char *dnssec;
|
||||
const char *resolv_conf_mode;
|
||||
bool dnssec_supported;
|
||||
};
|
||||
|
||||
|
|
@ -1691,6 +1692,7 @@ static int status_global(sd_bus *bus, StatusMode mode, bool *empty_line) {
|
|||
{ "DNSOverTLS", "s", NULL, offsetof(struct global_info, dns_over_tls) },
|
||||
{ "DNSSEC", "s", NULL, offsetof(struct global_info, dnssec) },
|
||||
{ "DNSSECSupported", "b", NULL, offsetof(struct global_info, dnssec_supported) },
|
||||
{ "ResolvConfMode", "s", NULL, offsetof(struct global_info, resolv_conf_mode) },
|
||||
{}
|
||||
};
|
||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||
|
|
@ -1775,6 +1777,14 @@ static int status_global(sd_bus *bus, StatusMode mode, bool *empty_line) {
|
|||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
|
||||
if (global_info.resolv_conf_mode) {
|
||||
r = table_add_many(table,
|
||||
TABLE_STRING, "resolv.conf mode:",
|
||||
TABLE_STRING, global_info.resolv_conf_mode);
|
||||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
}
|
||||
|
||||
if (global_info.current_dns) {
|
||||
r = table_add_many(table,
|
||||
TABLE_STRING, "Current DNS Server:",
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@
|
|||
#include "resolved-dnssd-bus.h"
|
||||
#include "resolved-dnssd.h"
|
||||
#include "resolved-link-bus.h"
|
||||
#include "resolved-resolv-conf.h"
|
||||
#include "socket-netlink.h"
|
||||
#include "stdio-util.h"
|
||||
#include "strv.h"
|
||||
|
|
@ -1620,6 +1621,28 @@ static BUS_DEFINE_PROPERTY_GET(bus_property_get_dnssec_supported, "b", Manager,
|
|||
static BUS_DEFINE_PROPERTY_GET2(bus_property_get_dnssec_mode, "s", Manager, manager_get_dnssec_mode, dnssec_mode_to_string);
|
||||
static BUS_DEFINE_PROPERTY_GET2(bus_property_get_dns_over_tls_mode, "s", Manager, manager_get_dns_over_tls_mode, dns_over_tls_mode_to_string);
|
||||
|
||||
static int bus_property_get_resolv_conf_mode(
|
||||
sd_bus *bus,
|
||||
const char *path,
|
||||
const char *interface,
|
||||
const char *property,
|
||||
sd_bus_message *reply,
|
||||
void *userdata,
|
||||
sd_bus_error *error) {
|
||||
|
||||
int r;
|
||||
|
||||
assert(reply);
|
||||
|
||||
r = resolv_conf_mode();
|
||||
if (r < 0) {
|
||||
log_warning_errno(r, "Failed to test /etc/resolv.conf mode, ignoring: %m");
|
||||
return sd_bus_message_append(reply, "s", NULL);
|
||||
}
|
||||
|
||||
return sd_bus_message_append(reply, "s", resolv_conf_mode_to_string(r));
|
||||
}
|
||||
|
||||
static int bus_method_reset_statistics(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
||||
Manager *m = userdata;
|
||||
DnsScope *s;
|
||||
|
|
@ -2000,6 +2023,7 @@ static const sd_bus_vtable resolve_vtable[] = {
|
|||
SD_BUS_PROPERTY("DNSSECSupported", "b", bus_property_get_dnssec_supported, 0, 0),
|
||||
SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", bus_property_get_ntas, 0, 0),
|
||||
SD_BUS_PROPERTY("DNSStubListener", "s", bus_property_get_dns_stub_listener_mode, offsetof(Manager, dns_stub_listener_mode), 0),
|
||||
SD_BUS_PROPERTY("ResolvConfMode", "s", bus_property_get_resolv_conf_mode, 0, 0),
|
||||
|
||||
SD_BUS_METHOD_WITH_ARGS("ResolveHostname",
|
||||
SD_BUS_ARGS("i", ifindex, "s", name, "i", family, "t", flags),
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@
|
|||
#include "resolved-dns-server.h"
|
||||
#include "resolved-resolv-conf.h"
|
||||
#include "stat-util.h"
|
||||
#include "string-table.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
#include "tmpfile-util-label.h"
|
||||
|
|
@ -271,7 +272,10 @@ static int write_uplink_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSe
|
|||
write_resolv_conf_server(s, f, &count);
|
||||
}
|
||||
|
||||
if (!ordered_set_isempty(domains))
|
||||
if (ordered_set_isempty(domains))
|
||||
fputs("search .", f); /* Make sure that if the local hostname is chosen as fqdn this does not
|
||||
* imply a search domain */
|
||||
else
|
||||
write_resolv_conf_search(domains, f);
|
||||
|
||||
return fflush_and_check(f);
|
||||
|
|
@ -297,7 +301,10 @@ static int write_stub_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSet
|
|||
"nameserver 127.0.0.53\n"
|
||||
"options edns0 trust-ad\n", f);
|
||||
|
||||
if (!ordered_set_isempty(domains))
|
||||
if (ordered_set_isempty(domains))
|
||||
fputs("search .", f); /* Make sure that if the local hostname is chosen as fqdn this does not
|
||||
* imply a search domain */
|
||||
else
|
||||
write_resolv_conf_search(domains, f);
|
||||
|
||||
return fflush_and_check(f);
|
||||
|
|
@ -371,3 +378,49 @@ int manager_write_resolv_conf(Manager *m) {
|
|||
|
||||
return r;
|
||||
}
|
||||
|
||||
int resolv_conf_mode(void) {
|
||||
static const char * const table[_RESOLV_CONF_MODE_MAX] = {
|
||||
[RESOLV_CONF_UPLINK] = PRIVATE_UPLINK_RESOLV_CONF,
|
||||
[RESOLV_CONF_STUB] = PRIVATE_STUB_RESOLV_CONF,
|
||||
[RESOLV_CONF_STATIC] = PRIVATE_STATIC_RESOLV_CONF,
|
||||
};
|
||||
|
||||
struct stat system_st;
|
||||
|
||||
if (stat("/etc/resolv.conf", &system_st) < 0) {
|
||||
if (errno == ENOENT)
|
||||
return RESOLV_CONF_MISSING;
|
||||
|
||||
return -errno;
|
||||
}
|
||||
|
||||
for (ResolvConfMode m = 0; m < _RESOLV_CONF_MODE_MAX; m++) {
|
||||
struct stat our_st;
|
||||
|
||||
if (!table[m])
|
||||
continue;
|
||||
|
||||
if (stat(table[m], &our_st) < 0) {
|
||||
if (errno != ENOENT)
|
||||
log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", table[m]);
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if (system_st.st_dev == our_st.st_dev &&
|
||||
system_st.st_ino == our_st.st_ino)
|
||||
return m;
|
||||
}
|
||||
|
||||
return RESOLV_CONF_FOREIGN;
|
||||
}
|
||||
|
||||
static const char* const resolv_conf_mode_table[_RESOLV_CONF_MODE_MAX] = {
|
||||
[RESOLV_CONF_UPLINK] = "uplink",
|
||||
[RESOLV_CONF_STUB] = "stub",
|
||||
[RESOLV_CONF_STATIC] = "static",
|
||||
[RESOLV_CONF_MISSING] = "missing",
|
||||
[RESOLV_CONF_FOREIGN] = "foreign",
|
||||
};
|
||||
DEFINE_STRING_TABLE_LOOKUP(resolv_conf_mode, ResolvConfMode);
|
||||
|
|
|
|||
|
|
@ -6,3 +6,18 @@
|
|||
int manager_check_resolv_conf(const Manager *m);
|
||||
int manager_read_resolv_conf(Manager *m);
|
||||
int manager_write_resolv_conf(Manager *m);
|
||||
|
||||
typedef enum ResolvConfMode {
|
||||
RESOLV_CONF_UPLINK,
|
||||
RESOLV_CONF_STUB,
|
||||
RESOLV_CONF_STATIC,
|
||||
RESOLV_CONF_FOREIGN,
|
||||
RESOLV_CONF_MISSING,
|
||||
_RESOLV_CONF_MODE_MAX,
|
||||
_RESOLV_CONF_MODE_INVALID = -1,
|
||||
} ResolvConfMode;
|
||||
|
||||
int resolv_conf_mode(void);
|
||||
|
||||
const char* resolv_conf_mode_to_string(ResolvConfMode m) _const_;
|
||||
ResolvConfMode resolv_conf_mode_from_string(const char *s) _pure_;
|
||||
|
|
|
|||
|
|
@ -272,6 +272,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
|
|||
.name = "@default",
|
||||
.help = "System calls that are always permitted",
|
||||
.value =
|
||||
"cacheflush\0"
|
||||
"clock_getres\0"
|
||||
"clock_getres_time64\0"
|
||||
"clock_gettime\0"
|
||||
|
|
|
|||
|
|
@ -693,7 +693,7 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch
|
|||
ORDERED_HASHMAP_FOREACH(i, todo_gids) {
|
||||
struct sgrp n = {
|
||||
.sg_namp = i->name,
|
||||
.sg_passwd = (char*) "!!",
|
||||
.sg_passwd = (char*) "!*",
|
||||
};
|
||||
|
||||
r = putsgent_with_members(&n, gshadow);
|
||||
|
|
|
|||
|
|
@ -102,6 +102,7 @@ units = [
|
|||
['systemd-firstboot.service', 'ENABLE_FIRSTBOOT',
|
||||
'sysinit.target.wants/'],
|
||||
['systemd-halt.service', ''],
|
||||
['systemd-homed-activate.service', 'ENABLE_HOMED'],
|
||||
['systemd-initctl.socket', 'HAVE_SYSV_COMPAT',
|
||||
'sockets.target.wants/'],
|
||||
['systemd-journal-catalog-update.service', '',
|
||||
|
|
|
|||
|
|
@ -0,0 +1,23 @@
|
|||
# SPDX-License-Identifier: LGPL-2.1+
|
||||
#
|
||||
# This file is part of systemd.
|
||||
#
|
||||
# systemd is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Lesser General Public License as published by
|
||||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
[Unit]
|
||||
Description=Home Area Activation
|
||||
Documentation=man:systemd-homed.service(8)
|
||||
After=home.mount systemd-homed.service
|
||||
Before=systemd-user-sessions.service
|
||||
|
||||
[Service]
|
||||
ExecStop=homectl deactivate-all
|
||||
RemainAfterExit=true
|
||||
Type=oneshot
|
||||
|
||||
[Install]
|
||||
WantedBy=systemd-homed.service
|
||||
Also=systemd-homed.service
|
||||
|
|
@ -10,6 +10,8 @@
|
|||
[Unit]
|
||||
Description=Home Area Manager
|
||||
Documentation=man:systemd-homed.service(8)
|
||||
Documentation=man:org.freedesktop.home1(5)
|
||||
|
||||
After=home.mount
|
||||
|
||||
[Service]
|
||||
|
|
@ -37,4 +39,4 @@ SystemCallFilter=@system-service @mount
|
|||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=dbus-org.freedesktop.home1.service
|
||||
Also=systemd-userdbd.service
|
||||
Also=systemd-homed-activate.service systemd-userdbd.service
|
||||
|
|
|
|||
|
|
@ -9,8 +9,10 @@
|
|||
|
||||
[Unit]
|
||||
Description=Hostname Service
|
||||
Documentation=man:systemd-hostnamed.service(8) man:hostname(5) man:machine-info(5)
|
||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/hostnamed
|
||||
Documentation=man:systemd-hostnamed.service(8)
|
||||
Documentation=man:hostname(5)
|
||||
Documentation=man:machine-info(5)
|
||||
Documentation=man:org.freedesktop.resolve1(5)
|
||||
|
||||
[Service]
|
||||
BusName=org.freedesktop.hostname1
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
[Unit]
|
||||
Description=Virtual Machine and Container Download Service
|
||||
Documentation=man:systemd-importd.service(8)
|
||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/importd
|
||||
Documentation=man:org.freedesktop.import1(5)
|
||||
|
||||
[Service]
|
||||
ExecStart=@rootlibexecdir@/systemd-importd
|
||||
|
|
|
|||
|
|
@ -9,8 +9,10 @@
|
|||
|
||||
[Unit]
|
||||
Description=Locale Service
|
||||
Documentation=man:systemd-localed.service(8) man:locale.conf(5) man:vconsole.conf(5)
|
||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/localed
|
||||
Documentation=man:systemd-localed.service(8)
|
||||
Documentation=man:locale.conf(5)
|
||||
Documentation=man:vconsole.conf(5)
|
||||
Documentation=man:org.freedesktop.locale1(5)
|
||||
|
||||
[Service]
|
||||
BusName=org.freedesktop.locale1
|
||||
|
|
|
|||
|
|
@ -9,9 +9,11 @@
|
|||
|
||||
[Unit]
|
||||
Description=User Login Management
|
||||
Documentation=man:systemd-logind.service(8) man:logind.conf(5)
|
||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/logind
|
||||
Documentation=man:systemd-logind.service(8)
|
||||
Documentation=man:logind.conf(5)
|
||||
Documentation=man:org.freedesktop.login1(5)
|
||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/multiseat
|
||||
|
||||
Wants=user.slice modprobe@drm.service
|
||||
After=nss-user-lookup.target user.slice modprobe@drm.service
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,8 @@
|
|||
[Unit]
|
||||
Description=Virtual Machine and Container Registration Service
|
||||
Documentation=man:systemd-machined.service(8)
|
||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/machined
|
||||
Documentation=man:org.freedesktop.machine1(5)
|
||||
|
||||
Wants=machine.slice
|
||||
After=machine.slice
|
||||
RequiresMountsFor=/var/lib/machines
|
||||
|
|
|
|||
|
|
@ -10,9 +10,10 @@
|
|||
[Unit]
|
||||
Description=Network Name Resolution
|
||||
Documentation=man:systemd-resolved.service(8)
|
||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved
|
||||
Documentation=man:org.freedesktop.resolve1(5)
|
||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
|
||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
|
||||
|
||||
DefaultDependencies=no
|
||||
After=systemd-sysusers.service systemd-networkd.service
|
||||
Before=network.target nss-lookup.target shutdown.target
|
||||
|
|
|
|||
|
|
@ -9,8 +9,9 @@
|
|||
|
||||
[Unit]
|
||||
Description=Time & Date Service
|
||||
Documentation=man:systemd-timedated.service(8) man:localtime(5)
|
||||
Documentation=https://www.freedesktop.org/wiki/Software/systemd/timedated
|
||||
Documentation=man:systemd-timedated.service(8)
|
||||
Documentation=man:localtime(5)
|
||||
Documentation=man:org.freedesktop.timedate1(5)
|
||||
|
||||
[Service]
|
||||
BusName=org.freedesktop.timedate1
|
||||
|
|
|
|||
Loading…
Reference in New Issue