Compare commits
1 Commits
ed7410e439
...
19a085132a
Author | SHA1 | Date |
---|---|---|
anonymix007 | 19a085132a |
|
@ -114,10 +114,10 @@
|
||||||
invoked, for example from the system service manager or via a PAM module.</para>
|
invoked, for example from the system service manager or via a PAM module.</para>
|
||||||
|
|
||||||
<para>Specifically, for ssh logins, the
|
<para>Specifically, for ssh logins, the
|
||||||
<citerefentry project='man-pages'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
<citerefentry project='die-net'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||||
service builds an environment that is a combination of variables forwarded from the remote system and
|
service builds an environment that is a combination of variables forwarded from the remote system and
|
||||||
defined by <command>sshd</command>, see the discussion in
|
defined by <command>sshd</command>, see the discussion in
|
||||||
<citerefentry project='man-pages'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
<citerefentry project='die-net'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
||||||
A graphical display session will have an analogous mechanism to define the environment. Note that some
|
A graphical display session will have an analogous mechanism to define the environment. Note that some
|
||||||
managers query the systemd user instance for the exported environment and inject this configuration into
|
managers query the systemd user instance for the exported environment and inject this configuration into
|
||||||
programs they start, using <command>systemctl show-environment</command> or the underlying D-Bus call.
|
programs they start, using <command>systemctl show-environment</command> or the underlying D-Bus call.
|
||||||
|
|
|
@ -215,8 +215,8 @@
|
||||||
below this directory is subject to specifications that ensure interoperability.</para>
|
below this directory is subject to specifications that ensure interoperability.</para>
|
||||||
|
|
||||||
<para>Note that resources placed in this directory typically are under shared ownership,
|
<para>Note that resources placed in this directory typically are under shared ownership,
|
||||||
i.e. multiple different packages have provided and consumed these resources, on equal footing, without
|
i.e. multiple different packages have provide and consume these resources, on equal footing, without
|
||||||
any obvious primary owner. This makes things systematically different from
|
any obvious primary owner. This makes makes things systematically different from
|
||||||
<filename>/usr/lib/</filename>, where ownership is generally not shared.</para></listitem>
|
<filename>/usr/lib/</filename>, where ownership is generally not shared.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
|
|
@ -378,7 +378,7 @@
|
||||||
|
|
||||||
<listitem><para>Takes a comma- or colon-separated list of languages preferred by the user, ordered
|
<listitem><para>Takes a comma- or colon-separated list of languages preferred by the user, ordered
|
||||||
by descending priority. The <varname>$LANG</varname> and <varname>$LANGUAGE</varname> environment
|
by descending priority. The <varname>$LANG</varname> and <varname>$LANGUAGE</varname> environment
|
||||||
variables are initialized from this value on login, and thus values suitable for these environment
|
variables are initialized from this value on login, and thus values suitible for these environment
|
||||||
variables are accepted here, for example <option>--language=de_DE.UTF-8</option>. This option may
|
variables are accepted here, for example <option>--language=de_DE.UTF-8</option>. This option may
|
||||||
be used more than once, in which case the language lists are concatenated.</para>
|
be used more than once, in which case the language lists are concatenated.</para>
|
||||||
|
|
||||||
|
|
|
@ -40,7 +40,7 @@
|
||||||
<citerefentry><refentrytitle>systemd-importd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
<citerefentry><refentrytitle>systemd-importd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
||||||
|
|
||||||
<para><command>importctl</command> operates both on block-level disk images (such as DDIs) as well as
|
<para><command>importctl</command> operates both on block-level disk images (such as DDIs) as well as
|
||||||
file-system-level images (tarballs). It supports disk images in one of the four following
|
file-system-level images (tarballs). It supports disk images are one of the four following
|
||||||
classes:</para>
|
classes:</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
|
@ -50,7 +50,7 @@
|
||||||
managed via
|
managed via
|
||||||
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
|
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
|
||||||
|
|
||||||
<listitem><para>Portable service images, that may be attached and managed via
|
<listitem><para>Portable service images, that may be attached an managed via
|
||||||
<citerefentry><refentrytitle>portablectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
|
<citerefentry><refentrytitle>portablectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
|
||||||
|
|
||||||
<listitem><para>System extension (sysext) images, that may be activated via
|
<listitem><para>System extension (sysext) images, that may be activated via
|
||||||
|
@ -133,7 +133,7 @@
|
||||||
multiple downloads are not necessary. In order to create only the read-only image, and avoid creating
|
multiple downloads are not necessary. In order to create only the read-only image, and avoid creating
|
||||||
its writable snapshot, specify <literal>-</literal> as local name.</para>
|
its writable snapshot, specify <literal>-</literal> as local name.</para>
|
||||||
|
|
||||||
<para>Note that pressing Control-c during execution of this command will not abort the download. Use
|
<para>Note that pressing C-c during execution of this command will not abort the download. Use
|
||||||
<command>cancel-transfer</command>, described below.</para>
|
<command>cancel-transfer</command>, described below.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||||
|
@ -145,14 +145,14 @@
|
||||||
<listitem><para>Downloads a <filename>.raw</filename> disk image from the specified URL, and makes it
|
<listitem><para>Downloads a <filename>.raw</filename> disk image from the specified URL, and makes it
|
||||||
available under the specified local name in the image directory for the selected
|
available under the specified local name in the image directory for the selected
|
||||||
<option>--class=</option>. The URL must be of type <literal>http://</literal> or
|
<option>--class=</option>. The URL must be of type <literal>http://</literal> or
|
||||||
<literal>https://</literal>. The image must either be a qcow2 or raw disk
|
<literal>https://</literal>. The image must either be a <filename>.qcow2</filename> or raw disk
|
||||||
image, optionally compressed as <filename>.gz</filename>, <filename>.xz</filename>, or
|
image, optionally compressed as <filename>.gz</filename>, <filename>.xz</filename>, or
|
||||||
<filename>.bz2</filename>. If the local name is omitted, it is automatically derived from the last
|
<filename>.bz2</filename>. If the local name is omitted, it is automatically derived from the last
|
||||||
component of the URL, with its suffix removed.</para>
|
component of the URL, with its suffix removed.</para>
|
||||||
|
|
||||||
<para>Image verification is identical for raw and tar images (see above).</para>
|
<para>Image verification is identical for raw and tar images (see above).</para>
|
||||||
|
|
||||||
<para>If the downloaded image is in qcow2 format it is converted into a raw
|
<para>If the downloaded image is in <filename>.qcow2</filename> format it is converted into a raw
|
||||||
image file before it is made available.</para>
|
image file before it is made available.</para>
|
||||||
|
|
||||||
<para>If <option>-keep-download=yes</option> is specified the image will be downloaded and stored in
|
<para>If <option>-keep-download=yes</option> is specified the image will be downloaded and stored in
|
||||||
|
@ -162,7 +162,7 @@
|
||||||
necessary. In order to create only the read-only image, and avoid creating its writable copy,
|
necessary. In order to create only the read-only image, and avoid creating its writable copy,
|
||||||
specify <literal>-</literal> as local name.</para>
|
specify <literal>-</literal> as local name.</para>
|
||||||
|
|
||||||
<para>Note that pressing Control-c during execution of this command will not abort the download. Use
|
<para>Note that pressing C-c during execution of this command will not abort the download. Use
|
||||||
<command>cancel-transfer</command>, described below.</para>
|
<command>cancel-transfer</command>, described below.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||||
|
@ -174,14 +174,8 @@
|
||||||
|
|
||||||
<listitem><para>Imports a TAR or RAW image, and places it under the specified name in the image
|
<listitem><para>Imports a TAR or RAW image, and places it under the specified name in the image
|
||||||
directory for the image class selected via <option>--class=</option>. When
|
directory for the image class selected via <option>--class=</option>. When
|
||||||
<command>import-tar</command> is used, the file specified as the first argument should be a
|
<command>import-tar</command> is used, the file specified as the first argument should be a tar
|
||||||
<citerefentry project='die-net'><refentrytitle>tar</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
archive, possibly compressed with xz, gzip or bzip2. It will then be unpacked into its own
|
||||||
archive, possibly compressed with
|
|
||||||
<citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
||||||
<citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
||||||
or
|
|
||||||
<citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
|
||||||
It will then be unpacked into its own
|
|
||||||
subvolume/directory. When <command>import-raw</command> is used, the file should be a qcow2 or raw
|
subvolume/directory. When <command>import-raw</command> is used, the file should be a qcow2 or raw
|
||||||
disk image, possibly compressed with xz, gzip or bzip2. If the second argument (the resulting image
|
disk image, possibly compressed with xz, gzip or bzip2. If the second argument (the resulting image
|
||||||
name) is not specified, it is automatically derived from the file name. If the filename is passed as
|
name) is not specified, it is automatically derived from the file name. If the filename is passed as
|
||||||
|
@ -202,9 +196,7 @@
|
||||||
<listitem><para>Imports an image stored in a local directory into the image directory for the image
|
<listitem><para>Imports an image stored in a local directory into the image directory for the image
|
||||||
class selected via <option>--class=</option> and operates similarly to <command>import-tar</command>
|
class selected via <option>--class=</option> and operates similarly to <command>import-tar</command>
|
||||||
or <command>import-raw</command>, but the first argument is the source directory. If supported, this
|
or <command>import-raw</command>, but the first argument is the source directory. If supported, this
|
||||||
command will create a
|
command will create a btrfs snapshot or subvolume for the new image.</para>
|
||||||
<citerefentry project="url"><refentrytitle url="https://btrfs.readthedocs.io/en/latest/btrfs.html">btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
||||||
snapshot or subvolume for the new image.</para>
|
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -215,13 +207,9 @@
|
||||||
|
|
||||||
<listitem><para>Exports a TAR or RAW image and stores it in the specified file. The first parameter
|
<listitem><para>Exports a TAR or RAW image and stores it in the specified file. The first parameter
|
||||||
should be an image name. The second parameter should be a file path the TAR or RAW
|
should be an image name. The second parameter should be a file path the TAR or RAW
|
||||||
image is written to. If the path ends in <literal>.gz</literal>, the file is compressed with
|
image is written to. If the path ends in <literal>.gz</literal>, the file is compressed with gzip, if
|
||||||
<citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
it ends in <literal>.xz</literal>, with xz, and if it ends in <literal>.bz2</literal>, with bzip2. If
|
||||||
if it ends in <literal>.xz</literal>, with
|
the path ends in neither, the file is left uncompressed. If the second argument is missing, the image
|
||||||
<citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
||||||
and if it ends in <literal>.bz2</literal>, with
|
|
||||||
<citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
|
||||||
If the path ends in neither, the file is left uncompressed. If the second argument is missing, the image
|
|
||||||
is written to standard output. The compression may also be explicitly selected with the
|
is written to standard output. The compression may also be explicitly selected with the
|
||||||
<option>--format=</option> switch. This is in particular useful if the second parameter is left
|
<option>--format=</option> switch. This is in particular useful if the second parameter is left
|
||||||
unspecified.</para>
|
unspecified.</para>
|
||||||
|
|
|
@ -113,11 +113,11 @@
|
||||||
</row>
|
</row>
|
||||||
<row>
|
<row>
|
||||||
<entry><constant>user-early</constant></entry>
|
<entry><constant>user-early</constant></entry>
|
||||||
<entry>Similar to <literal>user</literal> but sessions of this class are not ordered after <citerefentry><refentrytitle>systemd-user-sessions.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, i.e. may be started before regular sessions are allowed to be established. This session class is the default for sessions of the root user that would otherwise qualify for the <constant>user</constant> class, see above. (Added in v256.)</entry>
|
<entry>Similar to <literal>user</literal> but sessions of this class are not ordered after <filename>systemd-user-sessions.service</filename>, i.e. may be started before regular sessions are allowed to be established. This session class is the default for sessions of the root user that would otherwise qualify for the <constant>user</constant> class, see above. (Added in v256.)</entry>
|
||||||
</row>
|
</row>
|
||||||
<row>
|
<row>
|
||||||
<entry><constant>user-incomplete</constant></entry>
|
<entry><constant>user-incomplete</constant></entry>
|
||||||
<entry>Similar to <literal>user</literal> but for sessions which are not fully set up yet, i.e. have no home directory mounted or similar. This is used by <citerefentry><refentrytitle>systemd-homed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> to allow users to log in via <citerefentry project='man-pages'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry> before their home directory is mounted, delaying the mount until the user provided the unlock password. Sessions of this class are upgraded to the regular <constant>user</constant> class once the home directory is activated.</entry>
|
<entry>Similar to <literal>user</literal> but for sessions which are not fully set up yet, i.e. have no home directory mounted or similar. This is used by <citerefentry><refentrytitle>systemd-homed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> to allow users to log in via <command>ssh</command> before their home directory is mounted, delaying the mount until the user provided the unlock password. Sessions of this class are upgraded to the regular <constant>user</constant> class once the home directory is activated.</entry>
|
||||||
</row>
|
</row>
|
||||||
<row>
|
<row>
|
||||||
<entry><constant>greeter</constant></entry>
|
<entry><constant>greeter</constant></entry>
|
||||||
|
@ -129,15 +129,15 @@
|
||||||
</row>
|
</row>
|
||||||
<row>
|
<row>
|
||||||
<entry><constant>background</constant></entry>
|
<entry><constant>background</constant></entry>
|
||||||
<entry>Used for background sessions, such as those invoked by <citerefentry project='die-net'><refentrytitle>cron</refentrytitle><manvolnum>8</manvolnum></citerefentry> and similar tools. This is the default class for sessions for which no TTY or X display is known at session registration time.</entry>
|
<entry>Used for background sessions, such as those invoked by <command>cron</command> and similar tools. This is the default class for sessions for which no TTY or X display is known at session registration time.</entry>
|
||||||
</row>
|
</row>
|
||||||
<row>
|
<row>
|
||||||
<entry><constant>background-light</constant></entry>
|
<entry><constant>background-light</constant></entry>
|
||||||
<entry>Similar to <constant>background</constant>, but sessions of this class will not pull in the <citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> of the user, and thus possibly have no services of the user running. (Added in v256.)</entry>
|
<entry>Similar to <constant>background</constant>, but sessions of this class will not pull in the <filename>user@.service</filename> of the user, and thus possibly have no services of the user running. (Added in v256.)</entry>
|
||||||
</row>
|
</row>
|
||||||
<row>
|
<row>
|
||||||
<entry><constant>manager</constant></entry>
|
<entry><constant>manager</constant></entry>
|
||||||
<entry>The <citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> service of the user is registered under this session class. (Added in v256.)</entry>
|
<entry>The <filename>user@.service</filename> service of the user is registered under this session class. (Added in v256.)</entry>
|
||||||
</row>
|
</row>
|
||||||
<row>
|
<row>
|
||||||
<entry><constant>manager-early</constant></entry>
|
<entry><constant>manager-early</constant></entry>
|
||||||
|
@ -445,8 +445,6 @@ session required pam_unix.so</programlisting>
|
||||||
<title>See Also</title>
|
<title>See Also</title>
|
||||||
<para><simplelist type="inline">
|
<para><simplelist type="inline">
|
||||||
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||||
<member><citerefentry><refentrytitle>systemd-user-sessions.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
|
||||||
<member><citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
|
||||||
<member><citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||||
<member><citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||||
<member><citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||||
|
|
|
@ -112,8 +112,7 @@
|
||||||
during boot.</para>
|
during boot.</para>
|
||||||
|
|
||||||
<para>You need to set the password of your Gnome Keyring/KWallet to the same as your LUKS passphrase.
|
<para>You need to set the password of your Gnome Keyring/KWallet to the same as your LUKS passphrase.
|
||||||
Then add the following lines to your display manager's PAM config under <filename>/etc/pam.d/</filename> (e.g.
|
Then add the following lines to your display manager's PAM config under <filename>/etc/pam.d/</filename> (e.g. <filename>sddm-autologin</filename>):</para>
|
||||||
<filename>sddm-autologin</filename>):</para>
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
-auth optional pam_systemd_loadkey.so
|
-auth optional pam_systemd_loadkey.so
|
||||||
|
@ -132,9 +131,8 @@ KeyringMode=inherit
|
||||||
<para>In this setup, early during the boot process,
|
<para>In this setup, early during the boot process,
|
||||||
<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||||
will ask for the passphrase and store it in the kernel keyring with the keyname <literal>cryptsetup</literal>.
|
will ask for the passphrase and store it in the kernel keyring with the keyname <literal>cryptsetup</literal>.
|
||||||
Then when the display manager does the autologin, <command>pam_systemd_loadkey</command> will read the passphrase
|
Then when the display manager does the autologin, pam_systemd_loadkey will read the passphrase from the kernel keyring,
|
||||||
from the kernel keyring, set it as the PAM authtok, and then <command>pam_gnome_keyring</command> and
|
set it as the PAM authtok, and then pam_gnome_keyring and pam_kwallet5 will unlock with the same passphrase.</para>
|
||||||
<command>pam_kwallet5</command> will unlock with the same passphrase.</para>
|
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
</refentry>
|
</refentry>
|
||||||
|
|
|
@ -48,7 +48,7 @@
|
||||||
and transfer them as a whole between systems. When these images are attached to the local system, the contained units
|
and transfer them as a whole between systems. When these images are attached to the local system, the contained units
|
||||||
may run in most ways like regular system-provided units, either with full privileges or inside strict sandboxing,
|
may run in most ways like regular system-provided units, either with full privileges or inside strict sandboxing,
|
||||||
depending on the selected configuration. For more details, see
|
depending on the selected configuration. For more details, see
|
||||||
<ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services</ulink>.</para>
|
<ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services Documentation</ulink>.</para>
|
||||||
|
|
||||||
<para>Portable service images may be of the following kinds:</para>
|
<para>Portable service images may be of the following kinds:</para>
|
||||||
|
|
||||||
|
@ -417,7 +417,7 @@
|
||||||
<citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
<citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||||
Images can be block images, btrfs subvolumes or directories. For more information on portable
|
Images can be block images, btrfs subvolumes or directories. For more information on portable
|
||||||
services with extensions, see the <literal>Extension Images</literal> paragraph on
|
services with extensions, see the <literal>Extension Images</literal> paragraph on
|
||||||
<ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services</ulink>.
|
<ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services Documentation</ulink>.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>Note that the same extensions have to be specified, in the same order, when attaching
|
<para>Note that the same extensions have to be specified, in the same order, when attaching
|
||||||
|
|
|
@ -606,8 +606,7 @@
|
||||||
<varname>Subvolumes=</varname>.</para>
|
<varname>Subvolumes=</varname>.</para>
|
||||||
|
|
||||||
<para>Note that this option only takes effect if the target filesystem supports subvolumes, such as
|
<para>Note that this option only takes effect if the target filesystem supports subvolumes, such as
|
||||||
<citerefentry project="url"><refentrytitle url="https://btrfs.readthedocs.io/en/latest/btrfs.html">btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
<literal>btrfs</literal>.</para>
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>Note that this option is only supported in combination with <option>--offline=yes</option>
|
<para>Note that this option is only supported in combination with <option>--offline=yes</option>
|
||||||
since btrfs-progs 6.11 or newer.</para>
|
since btrfs-progs 6.11 or newer.</para>
|
||||||
|
@ -687,7 +686,7 @@
|
||||||
|
|
||||||
<listitem><para>Configures the data block size of the generated verity hash partition. Must be between 512 and
|
<listitem><para>Configures the data block size of the generated verity hash partition. Must be between 512 and
|
||||||
4096 bytes and must be a power of 2. Defaults to the sector size if configured explicitly, or the underlying
|
4096 bytes and must be a power of 2. Defaults to the sector size if configured explicitly, or the underlying
|
||||||
block device sector size, or 4K if <command>systemd-repart</command> is not operating on a block device.
|
block device sector size, or 4K if systemd-repart is not operating on a block device.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
||||||
|
@ -698,7 +697,7 @@
|
||||||
|
|
||||||
<listitem><para>Configures the hash block size of the generated verity hash partition. Must be between 512 and
|
<listitem><para>Configures the hash block size of the generated verity hash partition. Must be between 512 and
|
||||||
4096 bytes and must be a power of 2. Defaults to the sector size if configured explicitly, or the underlying
|
4096 bytes and must be a power of 2. Defaults to the sector size if configured explicitly, or the underlying
|
||||||
block device sector size, or 4K if <command>systemd-repart</command> is not operating on a block device.
|
block device sector size, or 4K if systemd-repart is not operating on a block device.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
||||||
|
@ -808,9 +807,7 @@
|
||||||
mount options. These fields correspond to the second and fourth column of the
|
mount options. These fields correspond to the second and fourth column of the
|
||||||
<citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
<citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||||
format. This setting may be specified multiple times to mount the partition multiple times. This can
|
format. This setting may be specified multiple times to mount the partition multiple times. This can
|
||||||
be used to add mounts for different
|
be used to add mounts for different btrfs subvolumes located on the same btrfs partition.</para>
|
||||||
<citerefentry project="url"><refentrytitle url="https://btrfs.readthedocs.io/en/latest/btrfs.html">btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
||||||
subvolumes located on the same btrfs partition.</para>
|
|
||||||
|
|
||||||
<para>Note that this setting is only taken into account when <option>--generate-fstab=</option> is
|
<para>Note that this setting is only taken into account when <option>--generate-fstab=</option> is
|
||||||
specified on the <command>systemd-repart</command> command line.</para>
|
specified on the <command>systemd-repart</command> command line.</para>
|
||||||
|
@ -821,7 +818,7 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>EncryptedVolume=</varname></term>
|
<term><varname>EncryptedVolume=</varname></term>
|
||||||
|
|
||||||
<listitem><para>Specifies how the encrypted partition should be set up. Takes at least one and at most
|
<listitem><para>Specify how the encrypted partition should be set up. Takes at least one and at most
|
||||||
three fields separated with a colon (<literal>:</literal>). The first field specifies the encrypted
|
three fields separated with a colon (<literal>:</literal>). The first field specifies the encrypted
|
||||||
volume name under <filename>/dev/mapper/</filename>. If not specified, <literal>luks-UUID</literal>
|
volume name under <filename>/dev/mapper/</filename>. If not specified, <literal>luks-UUID</literal>
|
||||||
will be used where <literal>UUID</literal> is the LUKS UUID. The second field specifies the keyfile
|
will be used where <literal>UUID</literal> is the LUKS UUID. The second field specifies the keyfile
|
||||||
|
@ -840,14 +837,13 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>Compression=</varname></term>
|
<term><varname>Compression=</varname></term>
|
||||||
|
|
||||||
<listitem><para>Specifies the compression algorithm to use for the filesystem configured with
|
<listitem><para>Specify the compression algorithm to use for the filesystem configured with
|
||||||
<varname>Format=</varname>. Takes a single argument specifying the compression algorithm.</para>
|
<varname>Format=</varname>. Takes a single argument specifying the compression algorithm.</para>
|
||||||
|
|
||||||
<para>Note that this setting is only taken into account when the filesystem configured with
|
<para>Note that this setting is only taken into account when the filesystem configured with
|
||||||
<varname>Format=</varname> supports compression (
|
<varname>Format=</varname> supports compression (btrfs, squashfs, erofs). Here's an incomplete list
|
||||||
<citerefentry project="url"><refentrytitle url="https://btrfs.readthedocs.io/en/latest/btrfs.html">btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
of compression algorithms supported by the filesystems known to
|
||||||
squashfs, erofs). Here's an incomplete list of compression algorithms supported by the filesystems
|
<command>systemd-repart</command>:</para>
|
||||||
known to <command>systemd-repart</command>:</para>
|
|
||||||
|
|
||||||
<table>
|
<table>
|
||||||
<title>File System Compression Algorithms</title>
|
<title>File System Compression Algorithms</title>
|
||||||
|
@ -887,7 +883,7 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>CompressionLevel=</varname></term>
|
<term><varname>CompressionLevel=</varname></term>
|
||||||
|
|
||||||
<listitem><para>Specifies the compression level to use for the filesystem configured with
|
<listitem><para>Specify the compression level to use for the filesystem configured with
|
||||||
<varname>Format=</varname>. Takes a single argument specifying the compression level to use for the
|
<varname>Format=</varname>. Takes a single argument specifying the compression level to use for the
|
||||||
configured compression algorithm. The possible compression levels and their meaning are filesystem
|
configured compression algorithm. The possible compression levels and their meaning are filesystem
|
||||||
specific (refer to the filesystem's documentation for the exact meaning of a particular compression
|
specific (refer to the filesystem's documentation for the exact meaning of a particular compression
|
||||||
|
|
|
@ -485,7 +485,7 @@
|
||||||
|
|
||||||
<listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If
|
<listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If
|
||||||
true, rules regarding routing of single-label names are relaxed. Defaults to false. By default,
|
true, rules regarding routing of single-label names are relaxed. Defaults to false. By default,
|
||||||
lookups of single-label names are assumed to refer to local hosts to be resolved via local resolution
|
lookups of single label names are assumed to refer to local hosts to be resolved via local resolution
|
||||||
such as LLMNR or via search domain qualification and are not routed to upstream servers as is. If
|
such as LLMNR or via search domain qualification and are not routed to upstream servers as is. If
|
||||||
this option is enabled these rules are disabled and the queries are routed upstream anyway. Also see
|
this option is enabled these rules are disabled and the queries are routed upstream anyway. Also see
|
||||||
the <varname>ResolveUnicastSingleLabel=</varname> option in
|
the <varname>ResolveUnicastSingleLabel=</varname> option in
|
||||||
|
|
|
@ -81,7 +81,7 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--property=</option></term>
|
<term><option>--property=</option></term>
|
||||||
|
|
||||||
<listitem><para>Sets a property of the service unit that is created. This option takes an assignment
|
<listitem><para>Sets a property on the service unit that is created. This option takes an assignment
|
||||||
in the same format as
|
in the same format as
|
||||||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
|
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
|
||||||
<command>set-property</command> command.</para>
|
<command>set-property</command> command.</para>
|
||||||
|
@ -225,7 +225,7 @@
|
||||||
<term><option>--machine=</option></term>
|
<term><option>--machine=</option></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Execute operation in a local container. Specify a container name to connect to.</para>
|
<para>Execute operation on a local container. Specify a container name to connect to.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/>
|
<xi:include href="version-info.xml" xpointer="v256"/>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
|
@ -1397,7 +1397,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
|
||||||
<para>Note that this shows the <emphasis>effective</emphasis> block, i.e. the combination of
|
<para>Note that this shows the <emphasis>effective</emphasis> block, i.e. the combination of
|
||||||
environment variables configured via configuration files, environment generators and via IPC
|
environment variables configured via configuration files, environment generators and via IPC
|
||||||
(i.e. via the <command>set-environment</command> described below). At the moment a unit process
|
(i.e. via the <command>set-environment</command> described below). At the moment a unit process
|
||||||
is forked off, this combined environment block will be further combined with per-unit environment
|
is forked off this combined environment block will be further combined with per-unit environment
|
||||||
variables, which are not visible in this command.</para>
|
variables, which are not visible in this command.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
|
@ -54,7 +54,7 @@
|
||||||
|
|
||||||
<listitem><para>The EFI Shell binary, if installed.</para></listitem>
|
<listitem><para>The EFI Shell binary, if installed.</para></listitem>
|
||||||
|
|
||||||
<listitem><para>A <literal>Reboot Into Firmware Interface</literal> option, if supported by the UEFI
|
<listitem><para>A <literal>Reboot Into Firmware Interface option</literal>, if supported by the UEFI
|
||||||
firmware.</para></listitem>
|
firmware.</para></listitem>
|
||||||
|
|
||||||
<listitem><para>Secure Boot variables enrollment if the UEFI firmware is in setup-mode and files are provided
|
<listitem><para>Secure Boot variables enrollment if the UEFI firmware is in setup-mode and files are provided
|
||||||
|
|
|
@ -299,7 +299,7 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--unlock-tpm2-device=<replaceable>PATH</replaceable></option></term>
|
<term><option>--unlock-tpm2-device=<replaceable>PATH</replaceable></option></term>
|
||||||
|
|
||||||
<listitem><para>Use a TPM2 device instead of a password/passphrase read from stdin to unlock the
|
<listitem><para>Use a TPM2 device instead of a password/passhprase read from stdin to unlock the
|
||||||
volume. Expects a device node path referring to the TPM2 chip (e.g. <filename>/dev/tpmrm0</filename>).
|
volume. Expects a device node path referring to the TPM2 chip (e.g. <filename>/dev/tpmrm0</filename>).
|
||||||
Alternatively the special value <literal>auto</literal> may be specified, in order to automatically
|
Alternatively the special value <literal>auto</literal> may be specified, in order to automatically
|
||||||
determine the device node of a currently discovered TPM2 device (of which there must be exactly one).
|
determine the device node of a currently discovered TPM2 device (of which there must be exactly one).
|
||||||
|
|
|
@ -32,7 +32,7 @@
|
||||||
<arg choice="plain">VOLUME</arg>
|
<arg choice="plain">VOLUME</arg>
|
||||||
<arg choice="plain">SOURCE-DEVICE</arg>
|
<arg choice="plain">SOURCE-DEVICE</arg>
|
||||||
<arg choice="opt">KEY-FILE</arg>
|
<arg choice="opt">KEY-FILE</arg>
|
||||||
<arg choice="opt">CRYPTTAB-OPTIONS</arg>
|
<arg choice="opt">CONFIG</arg>
|
||||||
</cmdsynopsis>
|
</cmdsynopsis>
|
||||||
|
|
||||||
<cmdsynopsis>
|
<cmdsynopsis>
|
||||||
|
@ -150,7 +150,7 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>cryptsetup.luks2-pin</varname></term>
|
<term><varname>cryptsetup.luks2-pin</varname></term>
|
||||||
|
|
||||||
<listitem><para>This credential specifies the pin requested by generic LUKS2 token modules.</para>
|
<listitem><para>This credential specifies the PIN requested by generic LUKS2 token modules.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
|
@ -57,9 +57,7 @@
|
||||||
last check, number of mounts, unclean unmount, etc.</para>
|
last check, number of mounts, unclean unmount, etc.</para>
|
||||||
|
|
||||||
<para><filename>systemd-fsck-root.service</filename> and <filename>systemd-fsck-usr.service</filename>
|
<para><filename>systemd-fsck-root.service</filename> and <filename>systemd-fsck-usr.service</filename>
|
||||||
will activate <filename>reboot.target</filename> if
|
will activate <filename>reboot.target</filename> if <command>fsck</command> returns the "System
|
||||||
<citerefentry project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
||||||
returns the "System
|
|
||||||
should reboot" condition, or <filename>emergency.target</filename> if <command>fsck</command>
|
should reboot" condition, or <filename>emergency.target</filename> if <command>fsck</command>
|
||||||
returns the "Filesystem errors left uncorrected" condition.</para>
|
returns the "Filesystem errors left uncorrected" condition.</para>
|
||||||
|
|
||||||
|
|
|
@ -164,10 +164,9 @@ systemd-tmpfiles --create --prefix /var/log/journal</programlisting>
|
||||||
used to view the log stream of a specific namespace. If the switch is not used the log stream of the
|
used to view the log stream of a specific namespace. If the switch is not used the log stream of the
|
||||||
default namespace is shown, i.e. log data from other namespaces is not visible.</para>
|
default namespace is shown, i.e. log data from other namespaces is not visible.</para>
|
||||||
|
|
||||||
<para>Services associated with a specific log namespace may log via
|
<para>Services associated with a specific log namespace may log via syslog, the native logging protocol
|
||||||
<citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
of the journal and via stdout/stderr; the logging from all three transports is associated with the
|
||||||
the native logging protocol of the journal and via stdout/stderr; the logging from all three transports
|
namespace.</para>
|
||||||
is associated with the namespace.</para>
|
|
||||||
|
|
||||||
<para>By default only the default namespace will collect kernel and audit log messages.</para>
|
<para>By default only the default namespace will collect kernel and audit log messages.</para>
|
||||||
|
|
||||||
|
@ -289,11 +288,8 @@ systemd-tmpfiles --create --prefix /var/log/journal</programlisting>
|
||||||
<term><varname>systemd.journald.max_level_socket=</varname></term>
|
<term><varname>systemd.journald.max_level_socket=</varname></term>
|
||||||
|
|
||||||
<listitem><para>Controls the maximum log level of messages that are stored in the journal, forwarded
|
<listitem><para>Controls the maximum log level of messages that are stored in the journal, forwarded
|
||||||
to
|
to syslog, kmsg, the console, the wall, or a socket. This kernel command line options override the
|
||||||
<citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
settings of the same names in the
|
||||||
kmsg, the console,
|
|
||||||
<citerefentry project='man-pages'><refentrytitle>wall</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
||||||
or a socket. This kernel command line options override the settings of the same names in the
|
|
||||||
<citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
<citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||||
file.</para>
|
file.</para>
|
||||||
|
|
||||||
|
|
|
@ -136,7 +136,6 @@
|
||||||
<member><citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||||
<member><citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
|
||||||
<member><citerefentry><refentrytitle>org.freedesktop.machine1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>org.freedesktop.machine1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||||
<member><citerefentry project='man-pages'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
|
||||||
</simplelist></para>
|
</simplelist></para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
|
|
|
@ -57,9 +57,7 @@
|
||||||
<para>The returned mounts are automatically allowlisted in the per-user-namespace allowlist maintained by
|
<para>The returned mounts are automatically allowlisted in the per-user-namespace allowlist maintained by
|
||||||
<citerefentry><refentrytitle>systemd-nsresourced.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
<citerefentry><refentrytitle>systemd-nsresourced.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
||||||
|
|
||||||
<para>The file systems are automatically
|
<para>The file systems are automatically fsck'ed before mounting.</para>
|
||||||
<citerefentry project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>'ed
|
|
||||||
before mounting.</para>
|
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
|
|
|
@ -140,7 +140,7 @@
|
||||||
<para>When running in unprivileged mode, some needed functionality is provided via
|
<para>When running in unprivileged mode, some needed functionality is provided via
|
||||||
<citerefentry><refentrytitle>systemd-mountfsd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
<citerefentry><refentrytitle>systemd-mountfsd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||||
and
|
and
|
||||||
<citerefentry><refentrytitle>systemd-nsresourced.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
<citerefentry><refentrytitle>systemd-nsresourced.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
|
|
|
@ -106,7 +106,7 @@
|
||||||
|
|
||||||
<listitem><para>This reads the combined TPM2 event log and writes it to STDOUT in <ulink
|
<listitem><para>This reads the combined TPM2 event log and writes it to STDOUT in <ulink
|
||||||
url="https://trustedcomputinggroup.org/resource/canonical-event-log-format/">TCG Canonical Event Log
|
url="https://trustedcomputinggroup.org/resource/canonical-event-log-format/">TCG Canonical Event Log
|
||||||
Format (CEL-JSON)</ulink>.</para>
|
Format (CEL-JSON)</ulink> format.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -387,10 +387,8 @@
|
||||||
|
|
||||||
<listitem><para>Generates/removes a <filename>.pcrlock</filename> file based on a kernel initrd cpio
|
<listitem><para>Generates/removes a <filename>.pcrlock</filename> file based on a kernel initrd cpio
|
||||||
archive. This is useful for predicting measurements the Linux kernel makes to PCR 9
|
archive. This is useful for predicting measurements the Linux kernel makes to PCR 9
|
||||||
("kernel-initrd"). Do not use for
|
("kernel-initrd"). Do not use for <command>systemd-stub</command> UKIs, as the initrd is combined
|
||||||
<citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
dynamically from various sources and hence does not take a single input, like this command.</para>
|
||||||
UKIs, as the initrd is combined dynamically from various sources and hence does not take a single
|
|
||||||
input, like this command.</para>
|
|
||||||
|
|
||||||
<para>This writes/removes the file
|
<para>This writes/removes the file
|
||||||
<filename>/var/lib/pcrlock.d/720-kernel-initrd.pcrlock/generated.pcrlock</filename>.</para>
|
<filename>/var/lib/pcrlock.d/720-kernel-initrd.pcrlock/generated.pcrlock</filename>.</para>
|
||||||
|
@ -523,7 +521,7 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--pcrlock=</option></term>
|
<term><option>--pcrlock=</option></term>
|
||||||
|
|
||||||
<listitem><para>Takes a file system path as argument. If specified, configures where to write the
|
<listitem><para>Takes a file system path as argument. If specified overrides where to write the
|
||||||
generated pcrlock data to. Honoured by the various <command>lock-*</command> commands. If not
|
generated pcrlock data to. Honoured by the various <command>lock-*</command> commands. If not
|
||||||
specified, a default path is generally used, as documented above.</para>
|
specified, a default path is generally used, as documented above.</para>
|
||||||
|
|
||||||
|
@ -533,7 +531,7 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--policy=</option></term>
|
<term><option>--policy=</option></term>
|
||||||
|
|
||||||
<listitem><para>Takes a file system path as argument. If specified, configures where to write pcrlock
|
<listitem><para>Takes a file system path as argument. If specified overrides where to write pcrlock
|
||||||
policy metadata to. If not specified defaults to
|
policy metadata to. If not specified defaults to
|
||||||
<filename>/var/lib/systemd/pcrlock.json</filename>.</para>
|
<filename>/var/lib/systemd/pcrlock.json</filename>.</para>
|
||||||
|
|
||||||
|
|
|
@ -53,7 +53,7 @@
|
||||||
might be broken — the running PID 1 could still depend on libraries which are not available any more,
|
might be broken — the running PID 1 could still depend on libraries which are not available any more,
|
||||||
thus keeping the file system busy, which then cannot be re-mounted read-only.</para>
|
thus keeping the file system busy, which then cannot be re-mounted read-only.</para>
|
||||||
|
|
||||||
<para>Shortly before executing the actual system power-off/halt/reboot/kexec,
|
<para>Shortly before executing the actual system power-off/halt/reboot/kexec
|
||||||
<filename>systemd-shutdown</filename> will run all executables in
|
<filename>systemd-shutdown</filename> will run all executables in
|
||||||
<filename>/usr/lib/systemd/system-shutdown/</filename> and pass one arguments to them: either
|
<filename>/usr/lib/systemd/system-shutdown/</filename> and pass one arguments to them: either
|
||||||
<literal>poweroff</literal>, <literal>halt</literal>, <literal>reboot</literal>, or
|
<literal>poweroff</literal>, <literal>halt</literal>, <literal>reboot</literal>, or
|
||||||
|
|
|
@ -569,7 +569,7 @@
|
||||||
(sysext, see
|
(sysext, see
|
||||||
<citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
<citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||||
for details), configuration extension (confext) or <ulink
|
for details), configuration extension (confext) or <ulink
|
||||||
url="https://systemd.io/PORTABLE_SERVICES">Portable Services</ulink>. The generated image will consist
|
url="https://systemd.io/PORTABLE_SERVICES">portable service</ulink>. The generated image will consist
|
||||||
of a signed Verity <literal>erofs</literal> file system as root partition. In this mode of operation
|
of a signed Verity <literal>erofs</literal> file system as root partition. In this mode of operation
|
||||||
the partition definitions in <filename>/usr/lib/repart.d/*.conf</filename> and related directories
|
the partition definitions in <filename>/usr/lib/repart.d/*.conf</filename> and related directories
|
||||||
are not read, and <option>--definitions=</option> is not supported, as appropriate definitions for
|
are not read, and <option>--definitions=</option> is not supported, as appropriate definitions for
|
||||||
|
@ -605,11 +605,10 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--generate-fstab=<replaceable>PATH</replaceable></option></term>
|
<term><option>--generate-fstab=<replaceable>PATH</replaceable></option></term>
|
||||||
|
|
||||||
<listitem><para>Specifies a path where to write
|
<listitem><para>Specifies a path where to write fstab entries for the mountpoints configured with
|
||||||
<citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
<option>MountPoint=</option> in the root directory specified with <option>--copy-source=</option> or
|
||||||
entries for the mountpoints configured with <option>MountPoint=</option> in the root directory
|
<option>--root=</option> or in the host's root directory if neither is specified. Disabled by
|
||||||
specified with <option>--copy-source=</option> or <option>--root=</option> or in the host's root
|
default.</para>
|
||||||
directory if neither is specified. Disabled by default.</para>
|
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -681,7 +680,7 @@ systemd-confext refresh</programlisting>
|
||||||
<title>Generate a system extension image and sign it via PKCS11</title>
|
<title>Generate a system extension image and sign it via PKCS11</title>
|
||||||
|
|
||||||
<para>The following creates a system extension DDI (sysext) for an
|
<para>The following creates a system extension DDI (sysext) for an
|
||||||
<filename>/usr/foo</filename> update and signs it with a hardware token via PKCS11:</para>
|
<filename>/usr/foo</filename> update and signs it with a hardware token via PKCS11.</para>
|
||||||
|
|
||||||
<programlisting>mkdir -p tree/usr/lib/extension-release.d
|
<programlisting>mkdir -p tree/usr/lib/extension-release.d
|
||||||
echo "Hello World" >tree/usr/foo
|
echo "Hello World" >tree/usr/foo
|
||||||
|
|
|
@ -343,10 +343,10 @@ search foobar.com barbar.com
|
||||||
<listitem><para><command>systemd-resolved</command> maintains the
|
<listitem><para><command>systemd-resolved</command> maintains the
|
||||||
<filename>/run/systemd/resolve/stub-resolv.conf</filename> file for compatibility with traditional
|
<filename>/run/systemd/resolve/stub-resolv.conf</filename> file for compatibility with traditional
|
||||||
Linux programs. This file lists the 127.0.0.53 DNS stub (see above) as the only DNS server. It also
|
Linux programs. This file lists the 127.0.0.53 DNS stub (see above) as the only DNS server. It also
|
||||||
contains a list of search domains that are in use by <command>systemd-resolved</command>. The list of
|
contains a list of search domains that are in use by systemd-resolved. The list of search domains is
|
||||||
search domains is always kept up-to-date. Note that
|
always kept up-to-date. Note that <filename>/run/systemd/resolve/stub-resolv.conf</filename> should not
|
||||||
<filename>/run/systemd/resolve/stub-resolv.conf</filename> should not be used directly by applications,
|
be used directly by applications, but only through a symlink from
|
||||||
but only through a symlink from <filename>/etc/resolv.conf</filename>. This file may be symlinked from
|
<filename>/etc/resolv.conf</filename>. This file may be symlinked from
|
||||||
<filename>/etc/resolv.conf</filename> in order to connect all local clients that bypass local DNS APIs
|
<filename>/etc/resolv.conf</filename> in order to connect all local clients that bypass local DNS APIs
|
||||||
to <command>systemd-resolved</command> with correct search domains settings. This mode of operation is
|
to <command>systemd-resolved</command> with correct search domains settings. This mode of operation is
|
||||||
recommended.</para></listitem>
|
recommended.</para></listitem>
|
||||||
|
|
|
@ -139,8 +139,7 @@ DefaultDependencies=no</programlisting>
|
||||||
<varname>Conflicts=umount.target</varname>)</para></listitem>
|
<varname>Conflicts=umount.target</varname>)</para></listitem>
|
||||||
|
|
||||||
<listitem><para>If the unit publishes a service over D-Bus, the connection needs to be re-established
|
<listitem><para>If the unit publishes a service over D-Bus, the connection needs to be re-established
|
||||||
after soft-reboot as the D-Bus broker will be stopped and then started again. When using the
|
after soft-reboot as the D-Bus broker will be stopped and then started again. When using the sd-bus
|
||||||
<citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
|
||||||
library this can be achieved by adapting the following example.
|
library this can be achieved by adapting the following example.
|
||||||
<programlisting><xi:include href="sd_bus_service_reconnect.c" parse="text"/></programlisting>
|
<programlisting><xi:include href="sd_bus_service_reconnect.c" parse="text"/></programlisting>
|
||||||
</para></listitem>
|
</para></listitem>
|
||||||
|
|
|
@ -34,9 +34,9 @@
|
||||||
|
|
||||||
<para><command>systemd-ssh-generator</command> binds a socket-activated SSH server to local
|
<para><command>systemd-ssh-generator</command> binds a socket-activated SSH server to local
|
||||||
<constant>AF_VSOCK</constant> and <constant>AF_UNIX</constant> sockets under certain conditions. It only
|
<constant>AF_VSOCK</constant> and <constant>AF_UNIX</constant> sockets under certain conditions. It only
|
||||||
has an effect if the
|
has an effect if the <citerefentry
|
||||||
<citerefentry project="man-pages"><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
project="man-pages"><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> binary is
|
||||||
binary is installed. Specifically, it does the following:</para>
|
installed. Specifically, it does the following:</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem><para>If invoked in a VM with <constant>AF_VSOCK</constant> support, a socket-activated SSH
|
<listitem><para>If invoked in a VM with <constant>AF_VSOCK</constant> support, a socket-activated SSH
|
||||||
|
@ -71,14 +71,14 @@
|
||||||
<para>The generator will use a packaged <filename>sshd@.service</filename> service template file if one
|
<para>The generator will use a packaged <filename>sshd@.service</filename> service template file if one
|
||||||
exists, and otherwise generate a suitable service template file.</para>
|
exists, and otherwise generate a suitable service template file.</para>
|
||||||
|
|
||||||
<para><command>systemd-ssh-generator</command> implements
|
<para><filename>systemd-ssh-generator</filename> implements
|
||||||
<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
|
<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Kernel Command Line</title>
|
<title>Kernel Command Line</title>
|
||||||
|
|
||||||
<para><command>systemd-ssh-generator</command> understands the following
|
<para><filename>systemd-ssh-generator</filename> understands the following
|
||||||
<citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
<citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||||
parameters:</para>
|
parameters:</para>
|
||||||
|
|
||||||
|
@ -102,9 +102,8 @@
|
||||||
times to bind multiple sockets. The syntax should follow the one of <varname>ListenStream=</varname>,
|
times to bind multiple sockets. The syntax should follow the one of <varname>ListenStream=</varname>,
|
||||||
see
|
see
|
||||||
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||||
for details. This functionality supports all socket families
|
for details. This functionality supports all socket families systemd supports, including
|
||||||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> supports,
|
<constant>AF_INET</constant> and <constant>AF_INET6</constant>.</para>
|
||||||
including <constant>AF_INET</constant> and <constant>AF_INET6</constant>.</para>
|
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
|
@ -77,7 +77,7 @@ Host .host
|
||||||
<para>This tool is supposed to be used together with
|
<para>This tool is supposed to be used together with
|
||||||
<citerefentry><refentrytitle>systemd-ssh-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
<citerefentry><refentrytitle>systemd-ssh-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||||
which when run inside a VM or container will bind SSH to suitable
|
which when run inside a VM or container will bind SSH to suitable
|
||||||
addresses. <command>systemd-ssh-generator</command> is supposed to run in the container or VM guest, and
|
addresses. <command>systemd-ssh-generator</command> is supposed to run in the container of VM guest, and
|
||||||
<command>systemd-ssh-proxy</command> is run on the host, in order to connect to the container or VM
|
<command>systemd-ssh-proxy</command> is run on the host, in order to connect to the container or VM
|
||||||
guest.</para>
|
guest.</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
|
@ -43,7 +43,7 @@
|
||||||
|
|
||||||
<para><citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry> uses
|
<para><citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry> uses
|
||||||
<command>systemd-stdio-bridge</command> to forward D-Bus connections over
|
<command>systemd-stdio-bridge</command> to forward D-Bus connections over
|
||||||
<citerefentry project='man-pages'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
<citerefentry project='die-net'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||||
or to connect to the bus of a different user, see
|
or to connect to the bus of a different user, see
|
||||||
<citerefentry><refentrytitle>sd_bus_set_address</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
|
<citerefentry><refentrytitle>sd_bus_set_address</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
|
||||||
</para>
|
</para>
|
||||||
|
|
|
@ -209,7 +209,7 @@
|
||||||
images to the initrd. See
|
images to the initrd. See
|
||||||
<citerefentry><refentrytitle>systemd-confext</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
|
<citerefentry><refentrytitle>systemd-confext</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
|
||||||
details on configuration extension images. The generated <command>cpio</command> archive containing
|
details on configuration extension images. The generated <command>cpio</command> archive containing
|
||||||
these configuration extension images is measured into TPM PCR 12 (if a TPM is present).</para></listitem>
|
these system extension images is measured into TPM PCR 12 (if a TPM is present).</para></listitem>
|
||||||
|
|
||||||
<listitem><para>Similarly, files
|
<listitem><para>Similarly, files
|
||||||
<filename><replaceable>foo</replaceable>.efi.extra.d/*.addon.efi</filename> are loaded and verified as
|
<filename><replaceable>foo</replaceable>.efi.extra.d/*.addon.efi</filename> are loaded and verified as
|
||||||
|
|
|
@ -141,7 +141,7 @@
|
||||||
but the used architecture identifiers are the same as for <varname>ConditionArchitecture=</varname>
|
but the used architecture identifiers are the same as for <varname>ConditionArchitecture=</varname>
|
||||||
described in <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
described in <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||||
<varname>EXTENSION_RELOAD_MANAGER=</varname> can be set to 1 if the extension requires a service manager reload after application
|
<varname>EXTENSION_RELOAD_MANAGER=</varname> can be set to 1 if the extension requires a service manager reload after application
|
||||||
of the extension. Note that for the reasons mentioned earlier,
|
of the extension. Note that for the reasons mentioned earlier:
|
||||||
<ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services</ulink> remain
|
<ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services</ulink> remain
|
||||||
the recommended way to ship system services.
|
the recommended way to ship system services.
|
||||||
|
|
||||||
|
@ -206,13 +206,13 @@
|
||||||
the underlying host <filename>/usr/</filename> is managed as immutable disk image or is a traditional
|
the underlying host <filename>/usr/</filename> is managed as immutable disk image or is a traditional
|
||||||
package manager controlled (i.e. writable) tree.</para>
|
package manager controlled (i.e. writable) tree.</para>
|
||||||
|
|
||||||
<para>With <command>systemd-confext</command> one can perform runtime reconfiguration of OS services.
|
<para>With systemd-confext one can perform runtime reconfiguration of OS services.
|
||||||
Sometimes, there is a need to swap certain configuration parameter values or restart only a specific
|
Sometimes, there is a need to swap certain configuration parameter values or restart only a specific
|
||||||
service without deployment of new code or a complete OS deployment. In other words, we want to be able
|
service without deployment of new code or a complete OS deployment. In other words, we want to be able
|
||||||
to tie the most frequently configured options to runtime updateable flags that can be changed without a
|
to tie the most frequently configured options to runtime updateable flags that can be changed without a
|
||||||
system reboot. This will help reduce servicing times when there is a need for changing the OS configuration.
|
system reboot. This will help reduce servicing times when there is a need for changing the OS configuration.
|
||||||
It also provides a reliable tool for managing configuration because all old configuration files disappear when
|
It also provides a reliable tool for managing configuration because all old configuration files disappear when
|
||||||
the <command>systemd-confext</command> image is removed.</para></refsect1>
|
the systemd-confext image is removed.</para></refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Mutability</title>
|
<title>Mutability</title>
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Description</title>
|
<title>Description</title>
|
||||||
|
|
||||||
<para><command>systemd-tpm2-generator</command> is a generator that adds a <varname>Wants=</varname>
|
<para><filename>systemd-tpm2-generator</filename> is a generator that adds a <varname>Wants=</varname>
|
||||||
dependency from <filename>sysinit.target</filename> to <filename>tpm2.target</filename> when it detects
|
dependency from <filename>sysinit.target</filename> to <filename>tpm2.target</filename> when it detects
|
||||||
that the firmware discovered a TPM2 device but the OS kernel so far did
|
that the firmware discovered a TPM2 device but the OS kernel so far did
|
||||||
not. <filename>tpm2.target</filename> is supposed to act as synchronization point for all services that
|
not. <filename>tpm2.target</filename> is supposed to act as synchronization point for all services that
|
||||||
|
@ -45,7 +45,7 @@
|
||||||
for it yet. The latter might be useful in environments where a suitable TPM2 driver for the available
|
for it yet. The latter might be useful in environments where a suitable TPM2 driver for the available
|
||||||
hardware is not available.</para>
|
hardware is not available.</para>
|
||||||
|
|
||||||
<para><command>systemd-tpm2-generator</command> implements
|
<para><filename>systemd-tpm2-generator</filename> implements
|
||||||
<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
|
<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
|
|
|
@ -45,7 +45,7 @@
|
||||||
file descriptors must be passed with the names <literal>kvm</literal> and <literal>vhost-vsock</literal>
|
file descriptors must be passed with the names <literal>kvm</literal> and <literal>vhost-vsock</literal>
|
||||||
respectively.</para>
|
respectively.</para>
|
||||||
|
|
||||||
<para>Note: on Ubuntu/Debian derivatives <command>systemd-vmspawn</command> requires the user to be in the
|
<para>Note: on Ubuntu/Debian derivatives systemd-vmspawn requires the user to be in the
|
||||||
<literal>kvm</literal> group to use the VSOCK options.</para>
|
<literal>kvm</literal> group to use the VSOCK options.</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
|
@ -420,8 +420,7 @@
|
||||||
for more information.</para>
|
for more information.</para>
|
||||||
|
|
||||||
<para>By default <literal>ed25519</literal> keys are generated, however <literal>rsa</literal> keys
|
<para>By default <literal>ed25519</literal> keys are generated, however <literal>rsa</literal> keys
|
||||||
may also be useful if the VM has a particularly old version of
|
may also be useful if the VM has a particularly old version of <command>sshd</command>.</para>
|
||||||
<citerefentry project='man-pages'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/>
|
<xi:include href="version-info.xml" xpointer="v256"/>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
|
@ -46,7 +46,7 @@
|
||||||
|
|
||||||
<para>If the specified path does not reference a <literal>.v/</literal> path (i.e. neither the final
|
<para>If the specified path does not reference a <literal>.v/</literal> path (i.e. neither the final
|
||||||
component ends in <literal>.v</literal>, nor the penultimate does or the final one does contain a triple
|
component ends in <literal>.v</literal>, nor the penultimate does or the final one does contain a triple
|
||||||
underscore) its specified path is written unmodified to standard output.</para>
|
underscore) it specified path is written unmodified to standard output.</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
|
|
|
@ -378,7 +378,7 @@
|
||||||
|
|
||||||
<para>This setting is useful to configure the <literal>ID_NET_MANAGED_BY=</literal> property which
|
<para>This setting is useful to configure the <literal>ID_NET_MANAGED_BY=</literal> property which
|
||||||
declares which network management service shall manage the interface, which is respected by
|
declares which network management service shall manage the interface, which is respected by
|
||||||
<command>systemd-networkd</command> and others. Use
|
systemd-networkd and others. Use
|
||||||
<programlisting>Property=ID_NET_MANAGED_BY=io.systemd.Network</programlisting>
|
<programlisting>Property=ID_NET_MANAGED_BY=io.systemd.Network</programlisting>
|
||||||
to declare explicitly that <command>systemd-networkd</command> shall manage the interface, or set
|
to declare explicitly that <command>systemd-networkd</command> shall manage the interface, or set
|
||||||
the property to something else to declare explicitly it shall not do so. See
|
the property to something else to declare explicitly it shall not do so. See
|
||||||
|
@ -974,10 +974,10 @@
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Configures Receive Packet Steering (RPS) list of CPUs to which RPS may forward traffic.
|
<para>Configures Receive Packet Steering (RPS) list of CPUs to which RPS may forward traffic.
|
||||||
Takes a list of CPU indices or ranges separated by either whitespace or commas. Alternatively,
|
Takes a list of CPU indices or ranges separated by either whitespace or commas. Alternatively,
|
||||||
takes the special value <literal>all</literal>, which will include all available CPUs in the mask.
|
takes the special value <literal>all</literal> in which will include all available CPUs in the mask.
|
||||||
CPU ranges are specified by the lower and upper CPU indices separated by a dash (e.g. <literal>2-6</literal>).
|
CPU ranges are specified by the lower and upper CPU indices separated by a dash (e.g. <literal>2-6</literal>).
|
||||||
This option may be specified more than once, in which case the specified list of CPU ranges are merged.
|
This option may be specified more than once, in which case the specified CPU affinity masks are merged.
|
||||||
If an empty string is assigned, the list is reset, all assignments prior to this will have no effect.
|
If an empty string is assigned, the mask is reset, all assignments prior to this will have no effect.
|
||||||
Defaults to unset and RPS CPU list is unchanged. To disable RPS when it was previously enabled, use the
|
Defaults to unset and RPS CPU list is unchanged. To disable RPS when it was previously enabled, use the
|
||||||
special value <literal>disable</literal>.</para>
|
special value <literal>disable</literal>.</para>
|
||||||
|
|
||||||
|
|
|
@ -293,7 +293,7 @@
|
||||||
comes from unit fragments, i.e. generated from <filename>/etc/fstab</filename> by <citerefentry>
|
comes from unit fragments, i.e. generated from <filename>/etc/fstab</filename> by <citerefentry>
|
||||||
<refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> or loaded from
|
<refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> or loaded from
|
||||||
a manually configured mount unit, a combination of <varname>Requires=</varname> and <varname>StopPropagatedFrom=</varname>
|
a manually configured mount unit, a combination of <varname>Requires=</varname> and <varname>StopPropagatedFrom=</varname>
|
||||||
dependencies is set on the backing device, otherwise only <varname>Requires=</varname> is used.</para>
|
dependencies is set on the backing device. If doesn't, only <varname>Requires=</varname> is used.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v233"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v233"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -556,7 +556,7 @@
|
||||||
for details. This setting is optional.</para>
|
for details. This setting is optional.</para>
|
||||||
|
|
||||||
<para>If the type is <literal>overlay</literal>, and <literal>upperdir=</literal> or
|
<para>If the type is <literal>overlay</literal>, and <literal>upperdir=</literal> or
|
||||||
<literal>workdir=</literal> are specified as options and the directories don't exist, they will be created.
|
<literal>workdir=</literal> are specified as options and they don't exist, they will be created.
|
||||||
</para></listitem>
|
</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
|
|
@ -27,19 +27,18 @@
|
||||||
attributes and the use of this information is configured. This page describes interface naming, i.e. what
|
attributes and the use of this information is configured. This page describes interface naming, i.e. what
|
||||||
possible names may be generated. Those names are generated by the
|
possible names may be generated. Those names are generated by the
|
||||||
<citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
<citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||||
builtin <command>net_id</command> and exported as
|
builtin <command>net_id</command> and exported as udev properties
|
||||||
<citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
(<varname>ID_NET_NAME_ONBOARD=</varname>, <varname>ID_NET_LABEL_ONBOARD=</varname>,
|
||||||
properties (<varname>ID_NET_NAME_ONBOARD=</varname>, <varname>ID_NET_LABEL_ONBOARD=</varname>,
|
|
||||||
<varname>ID_NET_NAME_PATH=</varname>, <varname>ID_NET_NAME_SLOT=</varname>).</para>
|
<varname>ID_NET_NAME_PATH=</varname>, <varname>ID_NET_NAME_SLOT=</varname>).</para>
|
||||||
|
|
||||||
<para>Names and MAC addresses are derived from various stable device metadata attributes. Newer versions
|
<para>Names and MAC addresses are derived from various stable device metadata attributes. Newer versions
|
||||||
of <command>systemd-udevd</command> take more of these attributes into account, improving (and thus
|
of udev take more of these attributes into account, improving (and thus possibly changing) the names and
|
||||||
possibly changing) the names and addresses used for the same devices. Different versions of those
|
addresses used for the same devices. Different versions of those generation rules are called "naming
|
||||||
generation rules are called "naming schemes". The default naming scheme is chosen at compilation time.
|
schemes". The default naming scheme is chosen at compilation time. Usually this will be the latest
|
||||||
Usually this will be the latest implemented version, but it is also possible to set one of the older
|
implemented version, but it is also possible to set one of the older versions to preserve
|
||||||
versions to preserve compatibility. This may be useful for example for distributions, which may introduce
|
compatibility. This may be useful for example for distributions, which may introduce new versions of
|
||||||
new versions of systemd in stable releases without changing the naming scheme. The naming scheme may also
|
systemd in stable releases without changing the naming scheme. The naming scheme may also be overridden
|
||||||
be overridden using the <varname>net.naming_scheme=</varname> kernel command line switch, see
|
using the <varname>net.naming_scheme=</varname> kernel command line switch, see
|
||||||
<citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
<citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
||||||
Available naming schemes are described below.</para>
|
Available naming schemes are described below.</para>
|
||||||
|
|
||||||
|
@ -522,8 +521,7 @@
|
||||||
change introduced in <constant>v254</constant> by default.</para>
|
change introduced in <constant>v254</constant> by default.</para>
|
||||||
|
|
||||||
<para>If we detect that a PCI device associated with a slot is a PCI bridge, we no longer set
|
<para>If we detect that a PCI device associated with a slot is a PCI bridge, we no longer set
|
||||||
<varname>ID_NET_NAME_SLOT</varname>, reverting a change that was introduced in
|
<varname>ID_NET_NAME_SLOT</varname>, reverting a change that was introduced in v251.</para>
|
||||||
<constant>v251</constant>.</para>
|
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v255"/>
|
<xi:include href="version-info.xml" xpointer="v255"/>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -710,7 +708,6 @@ net:naming:drvirtio_net:*
|
||||||
<para><simplelist type="inline">
|
<para><simplelist type="inline">
|
||||||
<member><citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
|
||||||
<member><citerefentry><refentrytitle>udevadm</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>udevadm</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||||
<member><citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
|
||||||
<member><ulink url="https://systemd.io/PREDICTABLE_INTERFACE_NAMES">Predictable Network Interface Names</ulink></member>
|
<member><ulink url="https://systemd.io/PREDICTABLE_INTERFACE_NAMES">Predictable Network Interface Names</ulink></member>
|
||||||
<member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||||
</simplelist></para>
|
</simplelist></para>
|
||||||
|
|
|
@ -34,16 +34,10 @@
|
||||||
for a general description of the syntax.</para>
|
for a general description of the syntax.</para>
|
||||||
|
|
||||||
<para>The main Virtual Network Device file must have the extension <filename>.netdev</filename>;
|
<para>The main Virtual Network Device file must have the extension <filename>.netdev</filename>;
|
||||||
other extensions are ignored. Virtual network devices are created as soon as
|
other extensions are ignored. Virtual network devices are created as soon as networkd is
|
||||||
<command>systemd-networkd</command> is started if possible. If a netdev with the specified name already
|
started. If a netdev with the specified name already exists, networkd will use that as-is rather
|
||||||
exists, <command>systemd-networkd</command> will try to update the config if the kind of the existing
|
than create its own. Note that the settings of the pre-existing netdev will not be changed by
|
||||||
netdev is equivalent to the requested one, otherwise (e.g. when bridge device <filename>foo</filename>
|
networkd.</para>
|
||||||
exists but bonding device with the same name is configured in a .netdev file) use the existing netdev
|
|
||||||
as-is rather than replacing with the requested netdev. Note, several settings (e.g. vlan ID) cannot be
|
|
||||||
changed after the netdev is created. To change such settings, it is necessary to first remove the
|
|
||||||
existing netdev, and then run <command>networkctl reload</command> command or restart
|
|
||||||
<command>systemd-networkd</command>. See also
|
|
||||||
<citerefentry><refentrytitle>networkctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
|
|
||||||
|
|
||||||
<para>The <filename>.netdev</filename> files are read from the files located in the system network
|
<para>The <filename>.netdev</filename> files are read from the files located in the system network
|
||||||
directory <filename>/usr/lib/systemd/network</filename> and
|
directory <filename>/usr/lib/systemd/network</filename> and
|
||||||
|
@ -594,7 +588,7 @@
|
||||||
<para>Controls the threshold for broadcast queueing of the macvlan device. Takes the special value
|
<para>Controls the threshold for broadcast queueing of the macvlan device. Takes the special value
|
||||||
<literal>no</literal>, or an integer in the range 0…2147483647. When <literal>no</literal> is
|
<literal>no</literal>, or an integer in the range 0…2147483647. When <literal>no</literal> is
|
||||||
specified, the broadcast queueing is disabled altogether. When an integer is specified, a multicast
|
specified, the broadcast queueing is disabled altogether. When an integer is specified, a multicast
|
||||||
address will be queued as broadcast if the number of devices using the macvlan is greater than the given
|
address will be queued as broadcast if the number of devices using it is greater than the given
|
||||||
value. Defaults to unset, and the kernel default will be used.</para>
|
value. Defaults to unset, and the kernel default will be used.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/>
|
<xi:include href="version-info.xml" xpointer="v256"/>
|
||||||
|
@ -1935,8 +1929,7 @@
|
||||||
the <command>wg genkey</command> command
|
the <command>wg genkey</command> command
|
||||||
(see <citerefentry project='man-pages'><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>).
|
(see <citerefentry project='man-pages'><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>).
|
||||||
Specially, if the specified key is prefixed with <literal>@</literal>, it is interpreted as
|
Specially, if the specified key is prefixed with <literal>@</literal>, it is interpreted as
|
||||||
the name of the credential from which the actual key shall be read.
|
the name of the credential from which the actual key shall be read. <command>systemd-networkd.service</command>
|
||||||
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
||||||
automatically imports credentials matching <literal>network.wireguard.*</literal>. For more details
|
automatically imports credentials matching <literal>network.wireguard.*</literal>. For more details
|
||||||
on credentials, refer to
|
on credentials, refer to
|
||||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||||
|
@ -2090,7 +2083,7 @@
|
||||||
i.e. the packets that pass through the tunnel itself. To cause packets to be sent via the tunnel in
|
i.e. the packets that pass through the tunnel itself. To cause packets to be sent via the tunnel in
|
||||||
the first place, an appropriate route needs to be added as well — either in the
|
the first place, an appropriate route needs to be added as well — either in the
|
||||||
<literal>[Routes]</literal> section on the <literal>.network</literal> matching the wireguard
|
<literal>[Routes]</literal> section on the <literal>.network</literal> matching the wireguard
|
||||||
interface, or externally to <command>systemd-networkd</command>.</para>
|
interface, or externally to <filename>systemd-networkd</filename>.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v237"/>
|
<xi:include href="version-info.xml" xpointer="v237"/>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -2977,7 +2970,7 @@ Independent=yes</programlisting>
|
||||||
<title>See Also</title>
|
<title>See Also</title>
|
||||||
<para><simplelist type="inline">
|
<para><simplelist type="inline">
|
||||||
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||||
<member><citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||||
<member><citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||||
<member><citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||||
<member><citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
<member><citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||||
|
|
|
@ -887,7 +887,7 @@ DuplicateAddressDetection=none</programlisting></para>
|
||||||
from the network interface will be appear as coming from the local host. Typically, this should be
|
from the network interface will be appear as coming from the local host. Typically, this should be
|
||||||
enabled on the downstream interface of routers. Takes one of <literal>ipv4</literal>,
|
enabled on the downstream interface of routers. Takes one of <literal>ipv4</literal>,
|
||||||
<literal>ipv6</literal>, <literal>both</literal>, or <literal>no</literal>. Defaults to
|
<literal>ipv6</literal>, <literal>both</literal>, or <literal>no</literal>. Defaults to
|
||||||
<literal>no</literal>. Note that any positive boolean values such as <literal>yes</literal> or
|
<literal>no</literal>. Note. Any positive boolean values such as <literal>yes</literal> or
|
||||||
<literal>true</literal> are now deprecated. Please use one of the values above. Specifying
|
<literal>true</literal> are now deprecated. Please use one of the values above. Specifying
|
||||||
<literal>ipv4</literal> or <literal>both</literal> implies <varname>IPv4Forwarding=</varname>
|
<literal>ipv4</literal> or <literal>both</literal> implies <varname>IPv4Forwarding=</varname>
|
||||||
settings in both .network file for this interface and the global
|
settings in both .network file for this interface and the global
|
||||||
|
@ -928,8 +928,8 @@ DuplicateAddressDetection=none</programlisting></para>
|
||||||
<para>Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support for the interface.
|
<para>Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support for the interface.
|
||||||
If true, RAs are accepted; if false, RAs are ignored. When RAs are accepted, they may trigger the
|
If true, RAs are accepted; if false, RAs are ignored. When RAs are accepted, they may trigger the
|
||||||
start of the DHCPv6 client if the relevant flags are set in the RA data, or if no routers are found
|
start of the DHCPv6 client if the relevant flags are set in the RA data, or if no routers are found
|
||||||
on the link. Defaults to false for bridge devices, when <varname>IPv6Forwarding=</varname>,
|
on the link. Defaults to false for bridge devices, when IP forwarding is enabled,
|
||||||
<varname>IPv6SendRA=</varname>, or <varname>KeepMaster=</varname> is enabled. Otherwise, enabled by
|
<varname>IPv6SendRA=</varname> or <varname>KeepMaster=</varname> is enabled. Otherwise, enabled by
|
||||||
default. Cannot be enabled on devices aggregated in a bond device or when link-local addressing is
|
default. Cannot be enabled on devices aggregated in a bond device or when link-local addressing is
|
||||||
disabled.</para>
|
disabled.</para>
|
||||||
|
|
||||||
|
@ -993,9 +993,9 @@ DuplicateAddressDetection=none</programlisting></para>
|
||||||
whether the <emphasis>source</emphasis> of the packet would be routed through the interface it came in. If there is no
|
whether the <emphasis>source</emphasis> of the packet would be routed through the interface it came in. If there is no
|
||||||
route to the source on that interface, the machine will drop the packet. Takes one of
|
route to the source on that interface, the machine will drop the packet. Takes one of
|
||||||
<literal>no</literal>, <literal>strict</literal>, or <literal>loose</literal>. When <literal>no</literal>,
|
<literal>no</literal>, <literal>strict</literal>, or <literal>loose</literal>. When <literal>no</literal>,
|
||||||
no source validation will be done. When <literal>strict</literal>, each incoming packet is tested against the FIB and
|
no source validation will be done. When <literal>strict</literal>, mode each incoming packet is tested against the FIB and
|
||||||
if the incoming interface is not the best reverse path, the packet check will fail. By default failed packets are discarded.
|
if the incoming interface is not the best reverse path, the packet check will fail. By default failed packets are discarded.
|
||||||
When <literal>loose</literal>, each incoming packet's source address is tested against the FIB. The packet is dropped
|
When <literal>loose</literal>, mode each incoming packet's source address is tested against the FIB. The packet is dropped
|
||||||
only if the source address is not reachable via any interface on that router.
|
only if the source address is not reachable via any interface on that router.
|
||||||
See <ulink url="https://tools.ietf.org/html/rfc1027">RFC 3704</ulink>.
|
See <ulink url="https://tools.ietf.org/html/rfc1027">RFC 3704</ulink>.
|
||||||
When unset, the kernel's default will be used.</para>
|
When unset, the kernel's default will be used.</para>
|
||||||
|
@ -1084,10 +1084,9 @@ DuplicateAddressDetection=none</programlisting></para>
|
||||||
Advertisement messages intended for another machine by offering its own MAC address as
|
Advertisement messages intended for another machine by offering its own MAC address as
|
||||||
destination. Unlike proxy ARP for IPv4, it is not enabled globally, but will only send
|
destination. Unlike proxy ARP for IPv4, it is not enabled globally, but will only send
|
||||||
Neighbour Advertisement messages for addresses in the IPv6 neighbor proxy table, which can
|
Neighbour Advertisement messages for addresses in the IPv6 neighbor proxy table, which can
|
||||||
also be shown by <command>ip -6 neighbour show proxy</command>.
|
also be shown by <command>ip -6 neighbour show proxy</command>. systemd-networkd will control
|
||||||
<command>systemd-networkd</command> will control the per-interface `proxy_ndp` switch for each
|
the per-interface `proxy_ndp` switch for each configured interface depending on this option.
|
||||||
configured interface depending on this option. When unset, the kernel's default will be used.
|
When unset, the kernel's default will be used.</para>
|
||||||
</para>
|
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v234"/>
|
<xi:include href="version-info.xml" xpointer="v234"/>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -1097,7 +1096,7 @@ DuplicateAddressDetection=none</programlisting></para>
|
||||||
<term><varname>IPv6ProxyNDPAddress=</varname></term>
|
<term><varname>IPv6ProxyNDPAddress=</varname></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>An IPv6 address, for which Neighbour Advertisement messages will be proxied. This
|
<para>An IPv6 address, for which Neighbour Advertisement messages will be proxied. This
|
||||||
option may be specified more than once. <command>systemd-networkd</command> will add the
|
option may be specified more than once. systemd-networkd will add the
|
||||||
<varname>IPv6ProxyNDPAddress=</varname> entries to the kernel's IPv6 neighbor proxy table.
|
<varname>IPv6ProxyNDPAddress=</varname> entries to the kernel's IPv6 neighbor proxy table.
|
||||||
This setting implies <varname>IPv6ProxyNDP=yes</varname> but has no effect if
|
This setting implies <varname>IPv6ProxyNDP=yes</varname> but has no effect if
|
||||||
<varname>IPv6ProxyNDP=</varname> has been set to false. When unset, the kernel's default will
|
<varname>IPv6ProxyNDP=</varname> has been set to false. When unset, the kernel's default will
|
||||||
|
@ -1226,9 +1225,9 @@ DuplicateAddressDetection=none</programlisting></para>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>ConfigureWithoutCarrier=</varname></term>
|
<term><varname>ConfigureWithoutCarrier=</varname></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Takes a boolean. Allows <command>systemd-networkd</command> to configure a specific link even
|
<para>Takes a boolean. Allows networkd to configure a specific link even if it has no
|
||||||
if it has no carrier. Defaults to false. If enabled, and the <varname>IgnoreCarrierLoss=</varname>
|
carrier. Defaults to false. If enabled, and the <varname>IgnoreCarrierLoss=</varname> setting
|
||||||
setting is not explicitly set, then it is enabled as well.</para>
|
is not explicitly set, then it is enabled as well.</para>
|
||||||
|
|
||||||
<para>With this enabled, to make the interface enter the <literal>configured</literal> state,
|
<para>With this enabled, to make the interface enter the <literal>configured</literal> state,
|
||||||
which is required to make <command>systemd-networkd-wait-online</command> work properly for the
|
which is required to make <command>systemd-networkd-wait-online</command> work properly for the
|
||||||
|
@ -1456,11 +1455,11 @@ DuplicateAddressDetection=none</programlisting></para>
|
||||||
<command>ip maddr</command> command would not work if we have an Ethernet switch that does
|
<command>ip maddr</command> command would not work if we have an Ethernet switch that does
|
||||||
IGMP snooping since the switch would not replicate multicast packets on ports that did not
|
IGMP snooping since the switch would not replicate multicast packets on ports that did not
|
||||||
have IGMP reports for the multicast addresses. Linux vxlan interfaces created via
|
have IGMP reports for the multicast addresses. Linux vxlan interfaces created via
|
||||||
<command>ip link add vxlan</command> or <command>systemd-networkd</command>'s netdev kind vxlan
|
<command>ip link add vxlan</command> or networkd's netdev kind vxlan have the group option
|
||||||
have the group option that enables them to do the required join. By extending
|
that enables them to do the required join. By extending <command>ip address</command> command
|
||||||
<command>ip address</command> command with option <literal>autojoin</literal> we can get similar
|
with option <literal>autojoin</literal> we can get similar functionality for openvswitch (OVS)
|
||||||
functionality for openvswitch (OVS) vxlan interfaces as well as other tunneling mechanisms that
|
vxlan interfaces as well as other tunneling mechanisms that need to receive multicast traffic.
|
||||||
need to receive multicast traffic. Defaults to <literal>no</literal>.</para>
|
Defaults to <literal>no</literal>.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v232"/>
|
<xi:include href="version-info.xml" xpointer="v232"/>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -1786,7 +1785,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>L3MasterDevice=</varname></term>
|
<term><varname>L3MasterDevice=</varname></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Takes a boolean. Specifies whether the rule is to direct lookups to the tables associated with
|
<para>A boolean. Specifies whether the rule is to direct lookups to the tables associated with
|
||||||
level 3 master devices (also known as Virtual Routing and Forwarding or VRF devices).
|
level 3 master devices (also known as Virtual Routing and Forwarding or VRF devices).
|
||||||
For further details see <ulink url="https://docs.kernel.org/networking/vrf.html">
|
For further details see <ulink url="https://docs.kernel.org/networking/vrf.html">
|
||||||
Virtual Routing and Forwarding (VRF)</ulink>. Defaults to false.</para>
|
Virtual Routing and Forwarding (VRF)</ulink>. Defaults to false.</para>
|
||||||
|
@ -2904,7 +2903,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
|
||||||
Note that if <varname>AllowList=</varname> is configured then <varname>DenyList=</varname> is
|
Note that if <varname>AllowList=</varname> is configured then <varname>DenyList=</varname> is
|
||||||
ignored.</para>
|
ignored.</para>
|
||||||
<para>Note that this filters only DHCP offers, so the filtering might not work when
|
<para>Note that this filters only DHCP offers, so the filtering might not work when
|
||||||
<varname>RapidCommit=</varname> is enabled. See also <varname>RapidCommit=</varname> above.
|
<varname>RapidCommit=</varname> is enabled. See also <varname>RapidCommit=</varname> in the above.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v246"/>
|
<xi:include href="version-info.xml" xpointer="v246"/>
|
||||||
|
@ -3340,7 +3339,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
|
||||||
<term><varname>UseRedirect=</varname></term>
|
<term><varname>UseRedirect=</varname></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>When true (the default), Redirect message sent by the current first-hop router will be
|
<para>When true (the default), Redirect message sent by the current first-hop router will be
|
||||||
accepted, and routes to redirected nodes will be configured.</para>
|
accepted, and configures routes to redirected nodes will be configured.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/>
|
<xi:include href="version-info.xml" xpointer="v256"/>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -4077,8 +4076,7 @@ ServerAddress=192.168.0.1/24</programlisting>
|
||||||
<para>Takes a boolean. When true, the DHCP server will load and save leases in the persistent
|
<para>Takes a boolean. When true, the DHCP server will load and save leases in the persistent
|
||||||
storage. When false, the DHCP server will neither load nor save leases in the persistent storage.
|
storage. When false, the DHCP server will neither load nor save leases in the persistent storage.
|
||||||
Hence, bound leases will be lost when the interface is reconfigured e.g. by
|
Hence, bound leases will be lost when the interface is reconfigured e.g. by
|
||||||
<command>networkctl reconfigure</command>, or
|
<command>networkctl reconfigure</command>, or <filename>systemd-networkd.service</filename>
|
||||||
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
||||||
is restarted. That may cause address conflict on the network. So, please take an extra care when
|
is restarted. That may cause address conflict on the network. So, please take an extra care when
|
||||||
disable this setting. When unspecified, the value specified in the same setting in
|
disable this setting. When unspecified, the value specified in the same setting in
|
||||||
<citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
<citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||||
|
@ -4262,7 +4260,7 @@ ServerAddress=192.168.0.1/24</programlisting>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>HomeAgent=</varname></term>
|
<term><varname>HomeAgent=</varname></term>
|
||||||
|
|
||||||
<listitem><para>Takes a boolean. Specifies that IPv6 router advertisements indicate to hosts that
|
<listitem><para>Takes a boolean. Specifies that IPv6 router advertisements which indicate to hosts that
|
||||||
the router acts as a Home Agent and includes a Home Agent option. Defaults to false. See
|
the router acts as a Home Agent and includes a Home Agent option. Defaults to false. See
|
||||||
<ulink url="https://tools.ietf.org/html/rfc6275">RFC 6275</ulink> for further details.</para>
|
<ulink url="https://tools.ietf.org/html/rfc6275">RFC 6275</ulink> for further details.</para>
|
||||||
|
|
||||||
|
@ -4586,9 +4584,10 @@ ServerAddress=192.168.0.1/24</programlisting>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>Priority=</varname></term>
|
<term><varname>Priority=</varname></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Sets the "priority" of sending packets on this interface. Each port in a bridge may have a
|
<para>Sets the "priority" of sending packets on this interface.
|
||||||
different priority which is used to decide which link to use. Lower value means higher priority.
|
Each port in a bridge may have a different priority which is used
|
||||||
It is an integer value between 0 to 63. <command>systemd-networkd</command> does not set any
|
to decide which link to use. Lower value means higher priority.
|
||||||
|
It is an integer value between 0 to 63. Networkd does not set any
|
||||||
default, meaning the kernel default value of 32 is used.</para>
|
default, meaning the kernel default value of 32 is used.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v234"/>
|
<xi:include href="version-info.xml" xpointer="v234"/>
|
||||||
|
|
|
@ -896,7 +896,7 @@ CPUWeight=20 DisableControllers=cpu / \
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Configures restrictions on the ability of unit processes to invoke <citerefentry
|
<para>Configures restrictions on the ability of unit processes to invoke <citerefentry
|
||||||
project='man-pages'><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry> on a
|
project='man-pages'><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry> on a
|
||||||
socket. Both allow and deny rules to be defined that restrict which addresses a socket may be bound
|
socket. Both allow and deny rules may defined that restrict which addresses a socket may be bound
|
||||||
to.</para>
|
to.</para>
|
||||||
|
|
||||||
<para><replaceable>bind-rule</replaceable> describes socket properties such as <replaceable>address-family</replaceable>,
|
<para><replaceable>bind-rule</replaceable> describes socket properties such as <replaceable>address-family</replaceable>,
|
||||||
|
@ -1673,8 +1673,7 @@ DeviceAllow=/dev/loop-control
|
||||||
<para>When <command>systemd-coredump</command> is handling a coredump for a process from a container,
|
<para>When <command>systemd-coredump</command> is handling a coredump for a process from a container,
|
||||||
if the container's leader process is a descendant of a cgroup with <varname>CoredumpReceive=yes</varname>
|
if the container's leader process is a descendant of a cgroup with <varname>CoredumpReceive=yes</varname>
|
||||||
and <varname>Delegate=yes</varname>, then <command>systemd-coredump</command> will attempt to forward
|
and <varname>Delegate=yes</varname>, then <command>systemd-coredump</command> will attempt to forward
|
||||||
the coredump to <command>systemd-coredump</command> within the container. See also
|
the coredump to <command>systemd-coredump</command> within the container.</para>
|
||||||
<citerefentry><refentrytitle>systemd-coredump</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
|
@ -1437,7 +1437,7 @@
|
||||||
<para>The command line accepts <literal>%</literal> specifiers as described in
|
<para>The command line accepts <literal>%</literal> specifiers as described in
|
||||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||||
|
|
||||||
<para>An argument solely consisting of <literal>;</literal> must be escaped, i.e. specified as <literal>\;</literal>.</para>
|
<para>An argument solely consisting of <literal>;</literal> must be escaped, i.e. specified as <literal>\;</literal></para>
|
||||||
|
|
||||||
<para>Basic environment variable substitution is supported. Use
|
<para>Basic environment variable substitution is supported. Use
|
||||||
<literal>${FOO}</literal> as part of a word, or as a word of its
|
<literal>${FOO}</literal> as part of a word, or as a word of its
|
||||||
|
|
|
@ -120,8 +120,9 @@
|
||||||
<para>The timezone defaults to the current timezone if not specified explicitly.
|
<para>The timezone defaults to the current timezone if not specified explicitly.
|
||||||
It may be given after a space, like above, in which case it can be:
|
It may be given after a space, like above, in which case it can be:
|
||||||
<literal>UTC</literal>,
|
<literal>UTC</literal>,
|
||||||
an entry in the installed IANA timezone database (e.g. <literal>CET</literal>, <literal>Asia/Tokyo</literal>,
|
an entry in the installed IANA timezone database (<literal>CET</literal>, <literal>Asia/Tokyo</literal>, &c.;
|
||||||
where the complete list can be obtained with <command>timedatectl list-timezones</command> (see
|
complete list obtainable with <literal>timedatectl
|
||||||
|
list-timezones</literal> (see
|
||||||
<citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>)),
|
<citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>)),
|
||||||
or <literal>±<replaceable>05</replaceable></literal>,
|
or <literal>±<replaceable>05</replaceable></literal>,
|
||||||
<literal>±<replaceable>05</replaceable><replaceable>30</replaceable></literal>,
|
<literal>±<replaceable>05</replaceable><replaceable>30</replaceable></literal>,
|
||||||
|
|
|
@ -1238,9 +1238,9 @@
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
<para>Signals sent to PID 1 before this message is sent might not be handled correctly yet. A consumer
|
<para>Signals sent to PID 1 before this message is sent might not be handled correctly yet. A consumer
|
||||||
of these messages should parse the value as an unsigned integer that indicates the level of support.
|
of these messages should parse the value as an unsigned integer indication the level of support. For
|
||||||
For now only the mentioned level 2 is defined, but later on additional levels might be defined with
|
now only the mentioned level 2 is defined, but later on additional levels might be defined with higher
|
||||||
higher integers, that will implement a superset of the currently defined behaviour.</para>
|
integers, that will implement a superset of the currently defined behaviour.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||||
|
|
||||||
|
@ -1389,8 +1389,8 @@
|
||||||
<term><option>--crash-action=</option></term>
|
<term><option>--crash-action=</option></term>
|
||||||
|
|
||||||
<listitem><para>Specify what to do when the system manager (PID 1) crashes. This switch has no
|
<listitem><para>Specify what to do when the system manager (PID 1) crashes. This switch has no
|
||||||
effect when <command>systemd</command> is running as user instance. See
|
effect when systemd is running as user instance. See <varname>systemd.crash_action=</varname>
|
||||||
<varname>systemd.crash_action=</varname> above.</para>
|
above.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
|
@ -222,8 +222,7 @@
|
||||||
<para>For the <command>inspect</command> verb, the second syntax is used.
|
<para>For the <command>inspect</command> verb, the second syntax is used.
|
||||||
The section <replaceable>NAME</replaceable> will be inspected (if found).
|
The section <replaceable>NAME</replaceable> will be inspected (if found).
|
||||||
If the second argument is <literal>text</literal>, the contents will be printed.
|
If the second argument is <literal>text</literal>, the contents will be printed.
|
||||||
If the third argument is given, the contents will be saved to the file named
|
If the third argument is given, the contents will be saved to file <replaceable>PATH</replaceable>.
|
||||||
<replaceable>PATH</replaceable>.
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>Note that the name is used as-is, and if the section name should start with a dot, it must be
|
<para>Note that the name is used as-is, and if the section name should start with a dot, it must be
|
||||||
|
|
|
@ -52,7 +52,7 @@
|
||||||
<para>User processes may be started by the <filename>user@.service</filename> instance, in which
|
<para>User processes may be started by the <filename>user@.service</filename> instance, in which
|
||||||
case they will be part of that unit in the system hierarchy. They may also be started elsewhere,
|
case they will be part of that unit in the system hierarchy. They may also be started elsewhere,
|
||||||
for example by
|
for example by
|
||||||
<citerefentry project='man-pages'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a
|
<citerefentry project='die-net'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a
|
||||||
display manager like <command>gdm</command>, in which case they form a .scope unit (see
|
display manager like <command>gdm</command>, in which case they form a .scope unit (see
|
||||||
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
|
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
|
||||||
Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are
|
Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are
|
||||||
|
@ -145,7 +145,7 @@ Control group /:
|
||||||
…</programlisting>
|
…</programlisting>
|
||||||
<para>User with UID 1000 is logged in using <command>gdm</command> (<filename
|
<para>User with UID 1000 is logged in using <command>gdm</command> (<filename
|
||||||
index="false">session-4.scope</filename>) and
|
index="false">session-4.scope</filename>) and
|
||||||
<citerefentry project='man-pages'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
<citerefentry project='die-net'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||||
(<filename index="false">session-19.scope</filename>), and also has a user manager instance
|
(<filename index="false">session-19.scope</filename>), and also has a user manager instance
|
||||||
running (<filename index="false">user@1000.service</filename>). User with UID 1001 is logged
|
running (<filename index="false">user@1000.service</filename>). User with UID 1001 is logged
|
||||||
in using <command>ssh</command> (<filename index="false">session-20.scope</filename>) and
|
in using <command>ssh</command> (<filename index="false">session-20.scope</filename>) and
|
||||||
|
|
|
@ -416,7 +416,7 @@
|
||||||
<para>The <command>userdbctl</command> tool may be used to make the list of SSH authorized keys possibly
|
<para>The <command>userdbctl</command> tool may be used to make the list of SSH authorized keys possibly
|
||||||
contained in a user record available to the SSH daemon for authentication. For that configure the
|
contained in a user record available to the SSH daemon for authentication. For that configure the
|
||||||
following in <citerefentry
|
following in <citerefentry
|
||||||
project='man-pages'><refentrytitle>sshd_config</refentrytitle><manvolnum>5</manvolnum></citerefentry>:</para>
|
project='die-net'><refentrytitle>sshd_config</refentrytitle><manvolnum>5</manvolnum></citerefentry>:</para>
|
||||||
|
|
||||||
<programlisting>…
|
<programlisting>…
|
||||||
AuthorizedKeysCommand /usr/bin/userdbctl ssh-authorized-keys %u
|
AuthorizedKeysCommand /usr/bin/userdbctl ssh-authorized-keys %u
|
||||||
|
|
|
@ -38,8 +38,9 @@ SignExpectedPcr=yes
|
||||||
|
|
||||||
[Content]
|
[Content]
|
||||||
ExtraTrees=
|
ExtraTrees=
|
||||||
mkosi.extra.common
|
|
||||||
mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
|
mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
|
||||||
|
mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
|
||||||
|
mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
|
||||||
%O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
|
%O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
|
||||||
%O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
|
%O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
|
||||||
%O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
|
%O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
|
||||||
|
|
|
@ -6,7 +6,9 @@ Include=
|
||||||
%D/mkosi.sanitizers
|
%D/mkosi.sanitizers
|
||||||
|
|
||||||
[Content]
|
[Content]
|
||||||
ExtraTrees=%D/mkosi.extra.common
|
ExtraTrees=
|
||||||
|
%D/mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
|
||||||
|
%D/mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
|
||||||
|
|
||||||
Packages=
|
Packages=
|
||||||
findutils
|
findutils
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
|
||||||
#pragma once
|
|
||||||
|
|
||||||
/* Root namespace inode numbers, as per include/linux/proc_ns.h in the kernel source tree, since v3.8:
|
|
||||||
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=98f842e675f96ffac96e6c50315790912b2812be */
|
|
||||||
|
|
||||||
#define PROC_IPC_INIT_INO ((ino_t) UINT32_C(0xEFFFFFFF))
|
|
||||||
#define PROC_UTS_INIT_INO ((ino_t) UINT32_C(0xEFFFFFFE))
|
|
||||||
#define PROC_USER_INIT_INO ((ino_t) UINT32_C(0xEFFFFFFD))
|
|
||||||
#define PROC_PID_INIT_INO ((ino_t) UINT32_C(0xEFFFFFFC))
|
|
||||||
#define PROC_CGROUP_INIT_INO ((ino_t) UINT32_C(0xEFFFFFFB))
|
|
||||||
#define PROC_TIME_INIT_INO ((ino_t) UINT32_C(0xEFFFFFFA))
|
|
|
@ -12,7 +12,6 @@
|
||||||
#include "fileio.h"
|
#include "fileio.h"
|
||||||
#include "missing_fs.h"
|
#include "missing_fs.h"
|
||||||
#include "missing_magic.h"
|
#include "missing_magic.h"
|
||||||
#include "missing_namespace.h"
|
|
||||||
#include "missing_sched.h"
|
#include "missing_sched.h"
|
||||||
#include "missing_syscall.h"
|
#include "missing_syscall.h"
|
||||||
#include "mountpoint-util.h"
|
#include "mountpoint-util.h"
|
||||||
|
@ -24,17 +23,17 @@
|
||||||
#include "user-util.h"
|
#include "user-util.h"
|
||||||
|
|
||||||
const struct namespace_info namespace_info[_NAMESPACE_TYPE_MAX + 1] = {
|
const struct namespace_info namespace_info[_NAMESPACE_TYPE_MAX + 1] = {
|
||||||
[NAMESPACE_CGROUP] = { "cgroup", "ns/cgroup", CLONE_NEWCGROUP, PROC_CGROUP_INIT_INO },
|
[NAMESPACE_CGROUP] = { "cgroup", "ns/cgroup", CLONE_NEWCGROUP, },
|
||||||
[NAMESPACE_IPC] = { "ipc", "ns/ipc", CLONE_NEWIPC, PROC_IPC_INIT_INO },
|
[NAMESPACE_IPC] = { "ipc", "ns/ipc", CLONE_NEWIPC, },
|
||||||
[NAMESPACE_NET] = { "net", "ns/net", CLONE_NEWNET, 0 },
|
[NAMESPACE_NET] = { "net", "ns/net", CLONE_NEWNET, },
|
||||||
/* So, the mount namespace flag is called CLONE_NEWNS for historical
|
/* So, the mount namespace flag is called CLONE_NEWNS for historical
|
||||||
* reasons. Let's expose it here under a more explanatory name: "mnt".
|
* reasons. Let's expose it here under a more explanatory name: "mnt".
|
||||||
* This is in-line with how the kernel exposes namespaces in /proc/$PID/ns. */
|
* This is in-line with how the kernel exposes namespaces in /proc/$PID/ns. */
|
||||||
[NAMESPACE_MOUNT] = { "mnt", "ns/mnt", CLONE_NEWNS, 0 },
|
[NAMESPACE_MOUNT] = { "mnt", "ns/mnt", CLONE_NEWNS, },
|
||||||
[NAMESPACE_PID] = { "pid", "ns/pid", CLONE_NEWPID, PROC_PID_INIT_INO },
|
[NAMESPACE_PID] = { "pid", "ns/pid", CLONE_NEWPID, },
|
||||||
[NAMESPACE_USER] = { "user", "ns/user", CLONE_NEWUSER, PROC_USER_INIT_INO },
|
[NAMESPACE_USER] = { "user", "ns/user", CLONE_NEWUSER, },
|
||||||
[NAMESPACE_UTS] = { "uts", "ns/uts", CLONE_NEWUTS, PROC_UTS_INIT_INO },
|
[NAMESPACE_UTS] = { "uts", "ns/uts", CLONE_NEWUTS, },
|
||||||
[NAMESPACE_TIME] = { "time", "ns/time", CLONE_NEWTIME, PROC_TIME_INIT_INO },
|
[NAMESPACE_TIME] = { "time", "ns/time", CLONE_NEWTIME, },
|
||||||
{ /* Allow callers to iterate over the array without using _NAMESPACE_TYPE_MAX. */ },
|
{ /* Allow callers to iterate over the array without using _NAMESPACE_TYPE_MAX. */ },
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -480,28 +479,6 @@ int namespace_open_by_type(NamespaceType type) {
|
||||||
return fd;
|
return fd;
|
||||||
}
|
}
|
||||||
|
|
||||||
int namespace_is_init(NamespaceType type) {
|
|
||||||
int r;
|
|
||||||
|
|
||||||
assert(type >= 0);
|
|
||||||
assert(type <= _NAMESPACE_TYPE_MAX);
|
|
||||||
|
|
||||||
if (namespace_info[type].root_inode == 0)
|
|
||||||
return -EBADR; /* Cannot answer this question */
|
|
||||||
|
|
||||||
const char *p = pid_namespace_path(0, type);
|
|
||||||
|
|
||||||
struct stat st;
|
|
||||||
r = RET_NERRNO(stat(p, &st));
|
|
||||||
if (r == -ENOENT)
|
|
||||||
/* If the /proc/ns/<type> API is not around in /proc/ then ns is off in the kernel and we are in the init ns */
|
|
||||||
return proc_mounted() == 0 ? -ENOSYS : true;
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
|
|
||||||
return st.st_ino == namespace_info[type].root_inode;
|
|
||||||
}
|
|
||||||
|
|
||||||
int is_our_namespace(int fd, NamespaceType request_type) {
|
int is_our_namespace(int fd, NamespaceType request_type) {
|
||||||
int clone_flag;
|
int clone_flag;
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,6 @@ extern const struct namespace_info {
|
||||||
const char *proc_name;
|
const char *proc_name;
|
||||||
const char *proc_path;
|
const char *proc_path;
|
||||||
unsigned int clone_flag;
|
unsigned int clone_flag;
|
||||||
ino_t root_inode;
|
|
||||||
} namespace_info[_NAMESPACE_TYPE_MAX + 1];
|
} namespace_info[_NAMESPACE_TYPE_MAX + 1];
|
||||||
|
|
||||||
int pidref_namespace_open(
|
int pidref_namespace_open(
|
||||||
|
@ -75,8 +74,6 @@ int parse_userns_uid_range(const char *s, uid_t *ret_uid_shift, uid_t *ret_uid_r
|
||||||
|
|
||||||
int namespace_open_by_type(NamespaceType type);
|
int namespace_open_by_type(NamespaceType type);
|
||||||
|
|
||||||
int namespace_is_init(NamespaceType type);
|
|
||||||
|
|
||||||
int is_our_namespace(int fd, NamespaceType type);
|
int is_our_namespace(int fd, NamespaceType type);
|
||||||
|
|
||||||
int is_idmapping_supported(const char *path);
|
int is_idmapping_supported(const char *path);
|
||||||
|
|
|
@ -585,14 +585,6 @@ static int running_in_cgroupns(void) {
|
||||||
if (!cg_ns_supported())
|
if (!cg_ns_supported())
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
r = namespace_is_init(NAMESPACE_CGROUP);
|
|
||||||
if (r < 0)
|
|
||||||
log_debug_errno(r, "Failed to test if in root cgroup namespace, ignoring: %m");
|
|
||||||
else if (r > 0)
|
|
||||||
return false;
|
|
||||||
|
|
||||||
// FIXME: We really should drop the heuristics below.
|
|
||||||
|
|
||||||
r = cg_all_unified();
|
r = cg_all_unified();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
@ -653,16 +645,6 @@ static int running_in_cgroupns(void) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static int running_in_pidns(void) {
|
|
||||||
int r;
|
|
||||||
|
|
||||||
r = namespace_is_init(NAMESPACE_PID);
|
|
||||||
if (r < 0)
|
|
||||||
return log_debug_errno(r, "Failed to test if in root PID namespace, ignoring: %m");
|
|
||||||
|
|
||||||
return !r;
|
|
||||||
}
|
|
||||||
|
|
||||||
static Virtualization detect_container_files(void) {
|
static Virtualization detect_container_files(void) {
|
||||||
static const struct {
|
static const struct {
|
||||||
const char *file_path;
|
const char *file_path;
|
||||||
|
@ -808,21 +790,12 @@ check_files:
|
||||||
|
|
||||||
r = running_in_cgroupns();
|
r = running_in_cgroupns();
|
||||||
if (r > 0) {
|
if (r > 0) {
|
||||||
log_debug("Running in a cgroup namespace, assuming unknown container manager.");
|
|
||||||
v = VIRTUALIZATION_CONTAINER_OTHER;
|
v = VIRTUALIZATION_CONTAINER_OTHER;
|
||||||
goto finish;
|
goto finish;
|
||||||
}
|
}
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_debug_errno(r, "Failed to detect cgroup namespace: %m");
|
log_debug_errno(r, "Failed to detect cgroup namespace: %m");
|
||||||
|
|
||||||
/* Finally, the root pid namespace has an hardcoded inode number of 0xEFFFFFFC since kernel 3.8, so
|
|
||||||
* if all else fails we can check the inode number of our pid namespace and compare it. */
|
|
||||||
if (running_in_pidns() > 0) {
|
|
||||||
log_debug("Running in a pid namespace, assuming unknown container manager.");
|
|
||||||
v = VIRTUALIZATION_CONTAINER_OTHER;
|
|
||||||
goto finish;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* If none of that worked, give up, assume no container manager. */
|
/* If none of that worked, give up, assume no container manager. */
|
||||||
v = VIRTUALIZATION_NONE;
|
v = VIRTUALIZATION_NONE;
|
||||||
goto finish;
|
goto finish;
|
||||||
|
@ -890,14 +863,6 @@ int running_in_userns(void) {
|
||||||
_cleanup_free_ char *line = NULL;
|
_cleanup_free_ char *line = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
r = namespace_is_init(NAMESPACE_USER);
|
|
||||||
if (r < 0)
|
|
||||||
log_debug_errno(r, "Failed to test if in root user namespace, ignoring: %m");
|
|
||||||
else if (r > 0)
|
|
||||||
return false;
|
|
||||||
|
|
||||||
// FIXME: We really should drop the heuristics below.
|
|
||||||
|
|
||||||
r = userns_has_mapping("/proc/self/uid_map");
|
r = userns_has_mapping("/proc/self/uid_map");
|
||||||
if (r != 0)
|
if (r != 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
|
@ -1048,6 +1048,9 @@ static void device_enumerate(Manager *m) {
|
||||||
_cleanup_set_free_ Set *ready_units = NULL, *not_ready_units = NULL;
|
_cleanup_set_free_ Set *ready_units = NULL, *not_ready_units = NULL;
|
||||||
Device *d;
|
Device *d;
|
||||||
|
|
||||||
|
if (device_is_processed(dev) <= 0)
|
||||||
|
continue;
|
||||||
|
|
||||||
if (device_setup_units(m, dev, &ready_units, ¬_ready_units) < 0)
|
if (device_setup_units(m, dev, &ready_units, ¬_ready_units) < 0)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
|
|
@ -213,23 +213,9 @@ TEST(idmapping_supported) {
|
||||||
assert_se(is_idmapping_supported("/etc") >= 0);
|
assert_se(is_idmapping_supported("/etc") >= 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST(namespace_is_init) {
|
|
||||||
int r;
|
|
||||||
|
|
||||||
for (NamespaceType t = 0; t < _NAMESPACE_TYPE_MAX; t++) {
|
|
||||||
r = namespace_is_init(t);
|
|
||||||
if (r == -EBADR)
|
|
||||||
log_info_errno(r, "In root namespace of type '%s': don't know", namespace_info[t].proc_name);
|
|
||||||
else {
|
|
||||||
ASSERT_OK(r);
|
|
||||||
log_info("In root namespace of type '%s': %s", namespace_info[t].proc_name, yes_no(r));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static int intro(void) {
|
static int intro(void) {
|
||||||
if (!have_namespaces())
|
if (!have_namespaces())
|
||||||
return log_tests_skipped("Don't have namespace support or lacking privileges");
|
return log_tests_skipped("Don't have namespace support");
|
||||||
|
|
||||||
return EXIT_SUCCESS;
|
return EXIT_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
|
@ -52,14 +52,14 @@ directory (`OutputDirectory=`) to point to the other directory using `mkosi.loca
|
||||||
After the image has been built, the integration tests can be run with:
|
After the image has been built, the integration tests can be run with:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild --suite integration-tests --num-processes "$(($(nproc) / 4))"
|
$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild --suite integration-tests --num-processes "$(($(nproc) / 4))"
|
||||||
```
|
```
|
||||||
|
|
||||||
As usual, specific tests can be run in meson by appending the name of the test
|
As usual, specific tests can be run in meson by appending the name of the test
|
||||||
which is usually the name of the directory e.g.
|
which is usually the name of the directory e.g.
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC
|
$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC
|
||||||
```
|
```
|
||||||
|
|
||||||
See `meson introspect build --tests` for a list of tests.
|
See `meson introspect build --tests` for a list of tests.
|
||||||
|
@ -69,7 +69,7 @@ To interactively debug a failing integration test, the `--interactive` option
|
||||||
newer:
|
newer:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -i TEST-01-BASIC
|
$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -i TEST-01-BASIC
|
||||||
```
|
```
|
||||||
|
|
||||||
Due to limitations in meson, the integration tests do not yet depend on the
|
Due to limitations in meson, the integration tests do not yet depend on the
|
||||||
|
@ -78,7 +78,7 @@ running the integration tests. To rebuild the image and rerun a test, the
|
||||||
following command can be used:
|
following command can be used:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
$ meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC
|
$ meson compile -C build mkosi && SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC
|
||||||
```
|
```
|
||||||
|
|
||||||
The integration tests use the same mkosi configuration that's used when you run
|
The integration tests use the same mkosi configuration that's used when you run
|
||||||
|
@ -92,7 +92,7 @@ To iterate on an integration test, let's first get a shell in the integration te
|
||||||
the following:
|
the following:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
$ meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 TEST_SHELL=1 meson test -C build --no-rebuild -i TEST-01-BASIC
|
$ meson compile -C build mkosi && SYSTEMD_INTEGRATION_TESTS=1 TEST_SHELL=1 meson test -C build --no-rebuild -i TEST-01-BASIC
|
||||||
```
|
```
|
||||||
|
|
||||||
This will get us a shell in the integration test environment after booting the machine without running the
|
This will get us a shell in the integration test environment after booting the machine without running the
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
integration_tests += [
|
integration_tests += [
|
||||||
integration_test_template + {
|
integration_test_template + {
|
||||||
'name' : fs.name(meson.current_source_dir()),
|
'name' : fs.name(meson.current_source_dir()),
|
||||||
'coredump-exclude-regex' : '/(bash|python3.[0-9]+|systemd-executor)$',
|
|
||||||
'cmdline' : integration_test_template['cmdline'] + [
|
'cmdline' : integration_test_template['cmdline'] + [
|
||||||
'''
|
'''
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,6 @@ integration_tests += [
|
||||||
integration_test_template + {
|
integration_test_template + {
|
||||||
'name' : fs.name(meson.current_source_dir()),
|
'name' : fs.name(meson.current_source_dir()),
|
||||||
'unit' : files('TEST-16-EXTEND-TIMEOUT.service'),
|
'unit' : files('TEST-16-EXTEND-TIMEOUT.service'),
|
||||||
'coredump-exclude-regex' : '/(bash|sleep)$',
|
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,5 @@ integration_tests += [
|
||||||
integration_test_template + {
|
integration_test_template + {
|
||||||
'name' : fs.name(meson.current_source_dir()),
|
'name' : fs.name(meson.current_source_dir()),
|
||||||
'vm' : true,
|
'vm' : true,
|
||||||
'coredump-exclude-regex' : '/(sleep|udevadm)$',
|
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
|
@ -3,6 +3,5 @@
|
||||||
integration_tests += [
|
integration_tests += [
|
||||||
integration_test_template + {
|
integration_test_template + {
|
||||||
'name' : fs.name(meson.current_source_dir()),
|
'name' : fs.name(meson.current_source_dir()),
|
||||||
'coredump-exclude-regex' : '/(sleep|bash|systemd-notify)$',
|
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
|
@ -4,7 +4,5 @@ integration_tests += [
|
||||||
integration_test_template + {
|
integration_test_template + {
|
||||||
'name' : fs.name(meson.current_source_dir()),
|
'name' : fs.name(meson.current_source_dir()),
|
||||||
'priority' : 10,
|
'priority' : 10,
|
||||||
# TODO: Remove when https://github.com/systemd/systemd/issues/35335 is fixed.
|
|
||||||
'coredump-exclude-regex' : '/systemd-localed',
|
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
|
@ -5,7 +5,6 @@ integration_tests += [
|
||||||
'name' : fs.name(meson.current_source_dir()),
|
'name' : fs.name(meson.current_source_dir()),
|
||||||
'storage': 'persistent',
|
'storage': 'persistent',
|
||||||
'vm' : true,
|
'vm' : true,
|
||||||
'coredump-exclude-regex' : '/(test-usr-dump|test-dump|bash)$',
|
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,6 @@
|
||||||
import argparse
|
import argparse
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
import re
|
|
||||||
import shlex
|
import shlex
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
|
@ -33,59 +32,6 @@ ExecStart=false
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
||||||
def process_coredumps(args: argparse.Namespace, journal_file: Path) -> bool:
|
|
||||||
# Collect executable paths of all coredumps and filter out the expected ones.
|
|
||||||
|
|
||||||
if args.coredump_exclude_regex:
|
|
||||||
exclude_regex = re.compile(args.coredump_exclude_regex)
|
|
||||||
else:
|
|
||||||
exclude_regex = None
|
|
||||||
|
|
||||||
result = subprocess.run(
|
|
||||||
[
|
|
||||||
args.mkosi,
|
|
||||||
'--directory', os.fspath(args.meson_source_dir),
|
|
||||||
'--extra-search-path', os.fspath(args.meson_build_dir),
|
|
||||||
'sandbox',
|
|
||||||
'coredumpctl',
|
|
||||||
'--file', journal_file,
|
|
||||||
'--json=short',
|
|
||||||
],
|
|
||||||
stdout=subprocess.PIPE,
|
|
||||||
text=True,
|
|
||||||
) # fmt: skip
|
|
||||||
|
|
||||||
# coredumpctl returns a non-zero exit status if there are no coredumps.
|
|
||||||
if result.returncode != 0:
|
|
||||||
return False
|
|
||||||
|
|
||||||
coredumps = json.loads(result.stdout)
|
|
||||||
|
|
||||||
coredumps = [
|
|
||||||
coredump for coredump in coredumps if not exclude_regex or not exclude_regex.search(coredump['exe'])
|
|
||||||
]
|
|
||||||
|
|
||||||
if not coredumps:
|
|
||||||
return False
|
|
||||||
|
|
||||||
subprocess.run(
|
|
||||||
[
|
|
||||||
args.mkosi,
|
|
||||||
'--directory', os.fspath(args.meson_source_dir),
|
|
||||||
'--extra-search-path', os.fspath(args.meson_build_dir),
|
|
||||||
'sandbox',
|
|
||||||
'coredumpctl',
|
|
||||||
'--file', journal_file,
|
|
||||||
'--no-pager',
|
|
||||||
'info',
|
|
||||||
*(coredump['exe'] for coredump in coredumps),
|
|
||||||
],
|
|
||||||
check=True,
|
|
||||||
) # fmt: skip
|
|
||||||
|
|
||||||
return True
|
|
||||||
|
|
||||||
|
|
||||||
def main() -> None:
|
def main() -> None:
|
||||||
parser = argparse.ArgumentParser(description=__doc__)
|
parser = argparse.ArgumentParser(description=__doc__)
|
||||||
parser.add_argument('--mkosi', required=True)
|
parser.add_argument('--mkosi', required=True)
|
||||||
|
@ -98,7 +44,6 @@ def main() -> None:
|
||||||
parser.add_argument('--slow', action=argparse.BooleanOptionalAction)
|
parser.add_argument('--slow', action=argparse.BooleanOptionalAction)
|
||||||
parser.add_argument('--vm', action=argparse.BooleanOptionalAction)
|
parser.add_argument('--vm', action=argparse.BooleanOptionalAction)
|
||||||
parser.add_argument('--exit-code', required=True, type=int)
|
parser.add_argument('--exit-code', required=True, type=int)
|
||||||
parser.add_argument('--coredump-exclude-regex', required=True)
|
|
||||||
parser.add_argument('mkosi_args', nargs='*')
|
parser.add_argument('mkosi_args', nargs='*')
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
@ -169,9 +114,7 @@ def main() -> None:
|
||||||
"""
|
"""
|
||||||
)
|
)
|
||||||
|
|
||||||
journal_file = (args.meson_build_dir / (f'test/journal/{name}.journal')).absolute()
|
journal_file = None
|
||||||
journal_file.unlink(missing_ok=True)
|
|
||||||
|
|
||||||
if not sys.stderr.isatty():
|
if not sys.stderr.isatty():
|
||||||
dropin += textwrap.dedent(
|
dropin += textwrap.dedent(
|
||||||
"""
|
"""
|
||||||
|
@ -179,6 +122,9 @@ def main() -> None:
|
||||||
FailureAction=exit
|
FailureAction=exit
|
||||||
"""
|
"""
|
||||||
)
|
)
|
||||||
|
|
||||||
|
journal_file = (args.meson_build_dir / (f'test/journal/{name}.journal')).absolute()
|
||||||
|
journal_file.unlink(missing_ok=True)
|
||||||
elif not shell:
|
elif not shell:
|
||||||
dropin += textwrap.dedent(
|
dropin += textwrap.dedent(
|
||||||
"""
|
"""
|
||||||
|
@ -248,16 +194,15 @@ def main() -> None:
|
||||||
)
|
)
|
||||||
exit(77)
|
exit(77)
|
||||||
|
|
||||||
coredumps = process_coredumps(args, journal_file)
|
if journal_file and (
|
||||||
|
keep_journal == '0' or (result.returncode in (args.exit_code, 77) and keep_journal == 'fail')
|
||||||
if keep_journal == '0' or (
|
|
||||||
keep_journal == 'fail' and result.returncode in (args.exit_code, 77) and not coredumps
|
|
||||||
):
|
):
|
||||||
journal_file.unlink(missing_ok=True)
|
journal_file.unlink(missing_ok=True)
|
||||||
|
|
||||||
if shell or (result.returncode in (args.exit_code, 77) and not coredumps):
|
if shell or result.returncode in (args.exit_code, 77):
|
||||||
exit(0 if shell or result.returncode == args.exit_code else 77)
|
exit(0 if shell or result.returncode == args.exit_code else 77)
|
||||||
|
|
||||||
|
if journal_file:
|
||||||
ops = []
|
ops = []
|
||||||
|
|
||||||
if os.getenv('GITHUB_ACTIONS'):
|
if os.getenv('GITHUB_ACTIONS'):
|
||||||
|
@ -283,7 +228,10 @@ def main() -> None:
|
||||||
|
|
||||||
ops += [f'journalctl --file {journal_file} --no-hostname -o short-monotonic -u {args.unit} -p info']
|
ops += [f'journalctl --file {journal_file} --no-hostname -o short-monotonic -u {args.unit} -p info']
|
||||||
|
|
||||||
print("Test failed, relevant logs can be viewed with: \n\n" f"{(' && '.join(ops))}\n", file=sys.stderr)
|
print(
|
||||||
|
"Test failed, relevant logs can be viewed with: \n\n" f"{(' && '.join(ops))}\n",
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
|
|
||||||
# 0 also means we failed so translate that to a non-zero exit code to mark the test as failed.
|
# 0 also means we failed so translate that to a non-zero exit code to mark the test as failed.
|
||||||
exit(result.returncode or 1)
|
exit(result.returncode or 1)
|
||||||
|
|
|
@ -297,7 +297,6 @@ integration_test_template = {
|
||||||
'qemu-args' : [],
|
'qemu-args' : [],
|
||||||
'exit-code' : 123,
|
'exit-code' : 123,
|
||||||
'vm' : false,
|
'vm' : false,
|
||||||
'coredump-exclude-regex' : '',
|
|
||||||
}
|
}
|
||||||
testdata_subdirs = [
|
testdata_subdirs = [
|
||||||
'auxv',
|
'auxv',
|
||||||
|
@ -392,7 +391,6 @@ foreach integration_test : integration_tests
|
||||||
'--storage', integration_test['storage'],
|
'--storage', integration_test['storage'],
|
||||||
'--firmware', integration_test['firmware'],
|
'--firmware', integration_test['firmware'],
|
||||||
'--exit-code', integration_test['exit-code'].to_string(),
|
'--exit-code', integration_test['exit-code'].to_string(),
|
||||||
'--coredump-exclude-regex', integration_test['coredump-exclude-regex'],
|
|
||||||
]
|
]
|
||||||
|
|
||||||
if 'unit' in integration_test
|
if 'unit' in integration_test
|
||||||
|
|
|
@ -248,7 +248,6 @@ Bridge=mybridge
|
||||||
[Match]
|
[Match]
|
||||||
Name=mybridge
|
Name=mybridge
|
||||||
[Network]
|
[Network]
|
||||||
IPv6AcceptRA=no
|
|
||||||
DNS=192.168.250.1
|
DNS=192.168.250.1
|
||||||
Address=192.168.250.33/24
|
Address=192.168.250.33/24
|
||||||
Gateway=192.168.250.1
|
Gateway=192.168.250.1
|
||||||
|
@ -541,7 +540,6 @@ MACAddress=12:34:56:78:9a:bc
|
||||||
[Match]
|
[Match]
|
||||||
Name=dummy0
|
Name=dummy0
|
||||||
[Network]
|
[Network]
|
||||||
IPv6AcceptRA=no
|
|
||||||
Address=192.168.42.100/24
|
Address=192.168.42.100/24
|
||||||
DNS=192.168.42.1
|
DNS=192.168.42.1
|
||||||
Domains= ~company
|
Domains= ~company
|
||||||
|
@ -575,7 +573,6 @@ MACAddress=12:34:56:78:9a:bc
|
||||||
self.write_network('50-myvpn.network', '''[Match]
|
self.write_network('50-myvpn.network', '''[Match]
|
||||||
Name=dummy0
|
Name=dummy0
|
||||||
[Network]
|
[Network]
|
||||||
IPv6AcceptRA=no
|
|
||||||
Address=192.168.42.100/24
|
Address=192.168.42.100/24
|
||||||
DNS=192.168.42.1
|
DNS=192.168.42.1
|
||||||
Domains= ~company ~.
|
Domains= ~company ~.
|
||||||
|
@ -930,7 +927,6 @@ cat <<EOF >/run/systemd/network/50-test.network
|
||||||
Name={ifr}
|
Name={ifr}
|
||||||
|
|
||||||
[Network]
|
[Network]
|
||||||
IPv6AcceptRA=no
|
|
||||||
Address=192.168.5.1/24
|
Address=192.168.5.1/24
|
||||||
{addr6}
|
{addr6}
|
||||||
DHCPServer=yes
|
DHCPServer=yes
|
||||||
|
@ -1010,7 +1006,6 @@ MACAddress=12:34:56:78:9a:bc
|
||||||
[Match]
|
[Match]
|
||||||
Name=dummy0
|
Name=dummy0
|
||||||
[Network]
|
[Network]
|
||||||
IPv6AcceptRA=no
|
|
||||||
Address=192.168.42.100/24
|
Address=192.168.42.100/24
|
||||||
DNS=192.168.42.1
|
DNS=192.168.42.1
|
||||||
Domains= one two three four five six seven eight nine ten
|
Domains= one two three four five six seven eight nine ten
|
||||||
|
@ -1040,7 +1035,6 @@ MACAddress=12:34:56:78:9a:bc
|
||||||
[Match]
|
[Match]
|
||||||
Name=dummy0
|
Name=dummy0
|
||||||
[Network]
|
[Network]
|
||||||
IPv6AcceptRA=no
|
|
||||||
Address=192.168.42.100/24
|
Address=192.168.42.100/24
|
||||||
DNS=192.168.42.1
|
DNS=192.168.42.1
|
||||||
''')
|
''')
|
||||||
|
@ -1113,12 +1107,7 @@ class MatchClientTest(unittest.TestCase, NetworkdTestingUtilities):
|
||||||
def test_basic_matching(self):
|
def test_basic_matching(self):
|
||||||
"""Verify the Name= line works throughout this class."""
|
"""Verify the Name= line works throughout this class."""
|
||||||
self.add_veth_pair('test_if1', 'fake_if2')
|
self.add_veth_pair('test_if1', 'fake_if2')
|
||||||
self.write_network('50-test.network', '''\
|
self.write_network('50-test.network', "[Match]\nName=test_*\n[Network]")
|
||||||
[Match]
|
|
||||||
Name=test_*
|
|
||||||
[Network]
|
|
||||||
IPv6AcceptRA=no
|
|
||||||
''')
|
|
||||||
subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
|
subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
|
||||||
self.assert_link_states(test_if1='managed', fake_if2='unmanaged')
|
self.assert_link_states(test_if1='managed', fake_if2='unmanaged')
|
||||||
|
|
||||||
|
@ -1129,13 +1118,11 @@ IPv6AcceptRA=no
|
||||||
mac = '00:01:02:03:98:99'
|
mac = '00:01:02:03:98:99'
|
||||||
self.add_veth_pair('test_veth', 'test_peer',
|
self.add_veth_pair('test_veth', 'test_peer',
|
||||||
['addr', mac], ['addr', mac])
|
['addr', mac], ['addr', mac])
|
||||||
self.write_network('50-no-veth.network', '''\
|
self.write_network('50-no-veth.network', """\
|
||||||
[Match]
|
[Match]
|
||||||
MACAddress={}
|
MACAddress={}
|
||||||
Name=!nonexistent *peer*
|
Name=!nonexistent *peer*
|
||||||
[Network]
|
[Network]""".format(mac))
|
||||||
IPv6AcceptRA=no
|
|
||||||
'''.format(mac))
|
|
||||||
subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
|
subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
|
||||||
self.assert_link_states(test_veth='managed', test_peer='unmanaged')
|
self.assert_link_states(test_veth='managed', test_peer='unmanaged')
|
||||||
|
|
||||||
|
|
|
@ -1,71 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
||||||
# shellcheck disable=SC2317
|
|
||||||
set -ex
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
# This is a reproducer of issue #35329,
|
|
||||||
# which is a regression caused by 405be62f05d76f1845f347737b5972158c79dd3e.
|
|
||||||
|
|
||||||
IFNAME=udevtestnetif
|
|
||||||
|
|
||||||
at_exit() {
|
|
||||||
set +e
|
|
||||||
|
|
||||||
systemctl stop testsleep.service
|
|
||||||
rm -f /run/udev/udev.conf.d/timeout.conf
|
|
||||||
rm -f /run/udev/rules.d/99-testsuite.rules
|
|
||||||
# Forcibly kills sleep command invoked by the udev rule before restarting,
|
|
||||||
# otherwise systemctl restart below will takes longer.
|
|
||||||
killall -KILL sleep
|
|
||||||
systemctl restart systemd-udevd.service
|
|
||||||
ip link del "$IFNAME"
|
|
||||||
}
|
|
||||||
|
|
||||||
trap at_exit EXIT
|
|
||||||
|
|
||||||
udevadm settle
|
|
||||||
|
|
||||||
mkdir -p /run/udev/udev.conf.d/
|
|
||||||
cat >/run/udev/udev.conf.d/timeout.conf <<EOF
|
|
||||||
event_timeout=1h
|
|
||||||
EOF
|
|
||||||
|
|
||||||
mkdir -p /run/udev/rules.d/
|
|
||||||
cat >/run/udev/rules.d/99-testsuite.rules <<EOF
|
|
||||||
SUBSYSTEM=="net", ACTION=="change", KERNEL=="${IFNAME}", OPTIONS="log_level=debug", RUN+="/usr/bin/sleep 1000"
|
|
||||||
EOF
|
|
||||||
|
|
||||||
systemctl restart systemd-udevd.service
|
|
||||||
|
|
||||||
ip link add "$IFNAME" type dummy
|
|
||||||
IFINDEX=$(ip -json link show "$IFNAME" | jq '.[].ifindex')
|
|
||||||
udevadm wait --timeout 10 "/sys/class/net/${IFNAME}"
|
|
||||||
# Check if the database file is created.
|
|
||||||
[[ -e "/run/udev/data/n${IFINDEX}" ]]
|
|
||||||
|
|
||||||
systemd-run \
|
|
||||||
-p After="sys-subsystem-net-devices-${IFNAME}.device" \
|
|
||||||
-p BindsTo="sys-subsystem-net-devices-${IFNAME}.device" \
|
|
||||||
-u testsleep.service \
|
|
||||||
sleep 1h
|
|
||||||
|
|
||||||
timeout 10 bash -c 'until systemctl is-active testsleep.service; do sleep .5; done'
|
|
||||||
|
|
||||||
udevadm trigger "/sys/class/net/${IFNAME}"
|
|
||||||
timeout 30 bash -c "until grep -F 'ID_PROCESSING=1' /run/udev/data/n${IFINDEX}; do sleep .5; done"
|
|
||||||
|
|
||||||
for _ in {1..3}; do
|
|
||||||
systemctl daemon-reexec
|
|
||||||
systemctl is-active testsleep.service
|
|
||||||
done
|
|
||||||
|
|
||||||
for _ in {1..3}; do
|
|
||||||
systemctl daemon-reload
|
|
||||||
systemctl is-active testsleep.service
|
|
||||||
done
|
|
||||||
|
|
||||||
# Check if the reexec and reload have finished during processing the event.
|
|
||||||
grep -F 'ID_PROCESSING=1' "/run/udev/data/n${IFINDEX}"
|
|
||||||
|
|
||||||
exit 0
|
|
|
@ -6,14 +6,6 @@ set -o pipefail
|
||||||
# shellcheck source=test/units/test-control.sh
|
# shellcheck source=test/units/test-control.sh
|
||||||
. "$(dirname "$0")"/test-control.sh
|
. "$(dirname "$0")"/test-control.sh
|
||||||
|
|
||||||
if systemd-detect-virt --quiet --container; then
|
|
||||||
# This comes from the selinux package and tries to write
|
|
||||||
# some files under sysfs, which will be read-only in a container,
|
|
||||||
# so mask it. It's not our tmpfiles.d file anyway.
|
|
||||||
mkdir -p /run/tmpfiles.d/
|
|
||||||
ln -s /dev/null /run/tmpfiles.d/selinux-policy.conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
run_subtests
|
run_subtests
|
||||||
|
|
||||||
touch /testok
|
touch /testok
|
||||||
|
|
|
@ -5,7 +5,3 @@ set -o pipefail
|
||||||
|
|
||||||
SYSTEMD_IN_CHROOT=1 systemd-detect-virt --chroot
|
SYSTEMD_IN_CHROOT=1 systemd-detect-virt --chroot
|
||||||
(! SYSTEMD_IN_CHROOT=0 systemd-detect-virt --chroot)
|
(! SYSTEMD_IN_CHROOT=0 systemd-detect-virt --chroot)
|
||||||
|
|
||||||
if ! systemd-detect-virt -c; then
|
|
||||||
unshare --mount-proc --fork --user --pid systemd-detect-virt --container
|
|
||||||
fi
|
|
||||||
|
|
Loading…
Reference in New Issue