Compare commits
8 Commits
fe4cb9b57e
...
f562b8f27a
Author | SHA1 | Date |
---|---|---|
Philip Meulengracht | f562b8f27a | |
Luca Boccassi | 321c202e7c | |
Daan De Meyer | e3b5a0c32d | |
Yu Watanabe | d07fbf22ed | |
Yu Watanabe | 4ebbb5bfe8 | |
Philip Meulengracht | 684f4d25c8 | |
Philip Meulengracht | edcbc020fb | |
Philip Meulengracht | ee1d8dc924 |
|
@ -114,10 +114,10 @@
|
|||
invoked, for example from the system service manager or via a PAM module.</para>
|
||||
|
||||
<para>Specifically, for ssh logins, the
|
||||
<citerefentry project='die-net'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
<citerefentry project='man-pages'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
service builds an environment that is a combination of variables forwarded from the remote system and
|
||||
defined by <command>sshd</command>, see the discussion in
|
||||
<citerefentry project='die-net'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
||||
<citerefentry project='man-pages'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
||||
A graphical display session will have an analogous mechanism to define the environment. Note that some
|
||||
managers query the systemd user instance for the exported environment and inject this configuration into
|
||||
programs they start, using <command>systemctl show-environment</command> or the underlying D-Bus call.
|
||||
|
|
|
@ -215,8 +215,8 @@
|
|||
below this directory is subject to specifications that ensure interoperability.</para>
|
||||
|
||||
<para>Note that resources placed in this directory typically are under shared ownership,
|
||||
i.e. multiple different packages have provide and consume these resources, on equal footing, without
|
||||
any obvious primary owner. This makes makes things systematically different from
|
||||
i.e. multiple different packages have provided and consumed these resources, on equal footing, without
|
||||
any obvious primary owner. This makes things systematically different from
|
||||
<filename>/usr/lib/</filename>, where ownership is generally not shared.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
|
@ -378,7 +378,7 @@
|
|||
|
||||
<listitem><para>Takes a comma- or colon-separated list of languages preferred by the user, ordered
|
||||
by descending priority. The <varname>$LANG</varname> and <varname>$LANGUAGE</varname> environment
|
||||
variables are initialized from this value on login, and thus values suitible for these environment
|
||||
variables are initialized from this value on login, and thus values suitable for these environment
|
||||
variables are accepted here, for example <option>--language=de_DE.UTF-8</option>. This option may
|
||||
be used more than once, in which case the language lists are concatenated.</para>
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
<citerefentry><refentrytitle>systemd-importd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
||||
|
||||
<para><command>importctl</command> operates both on block-level disk images (such as DDIs) as well as
|
||||
file-system-level images (tarballs). It supports disk images are one of the four following
|
||||
file-system-level images (tarballs). It supports disk images in one of the four following
|
||||
classes:</para>
|
||||
|
||||
<itemizedlist>
|
||||
|
@ -50,7 +50,7 @@
|
|||
managed via
|
||||
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
|
||||
|
||||
<listitem><para>Portable service images, that may be attached an managed via
|
||||
<listitem><para>Portable service images, that may be attached and managed via
|
||||
<citerefentry><refentrytitle>portablectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
|
||||
|
||||
<listitem><para>System extension (sysext) images, that may be activated via
|
||||
|
@ -133,7 +133,7 @@
|
|||
multiple downloads are not necessary. In order to create only the read-only image, and avoid creating
|
||||
its writable snapshot, specify <literal>-</literal> as local name.</para>
|
||||
|
||||
<para>Note that pressing C-c during execution of this command will not abort the download. Use
|
||||
<para>Note that pressing Control-c during execution of this command will not abort the download. Use
|
||||
<command>cancel-transfer</command>, described below.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||
|
@ -145,14 +145,14 @@
|
|||
<listitem><para>Downloads a <filename>.raw</filename> disk image from the specified URL, and makes it
|
||||
available under the specified local name in the image directory for the selected
|
||||
<option>--class=</option>. The URL must be of type <literal>http://</literal> or
|
||||
<literal>https://</literal>. The image must either be a <filename>.qcow2</filename> or raw disk
|
||||
<literal>https://</literal>. The image must either be a qcow2 or raw disk
|
||||
image, optionally compressed as <filename>.gz</filename>, <filename>.xz</filename>, or
|
||||
<filename>.bz2</filename>. If the local name is omitted, it is automatically derived from the last
|
||||
component of the URL, with its suffix removed.</para>
|
||||
|
||||
<para>Image verification is identical for raw and tar images (see above).</para>
|
||||
|
||||
<para>If the downloaded image is in <filename>.qcow2</filename> format it is converted into a raw
|
||||
<para>If the downloaded image is in qcow2 format it is converted into a raw
|
||||
image file before it is made available.</para>
|
||||
|
||||
<para>If <option>-keep-download=yes</option> is specified the image will be downloaded and stored in
|
||||
|
@ -162,7 +162,7 @@
|
|||
necessary. In order to create only the read-only image, and avoid creating its writable copy,
|
||||
specify <literal>-</literal> as local name.</para>
|
||||
|
||||
<para>Note that pressing C-c during execution of this command will not abort the download. Use
|
||||
<para>Note that pressing Control-c during execution of this command will not abort the download. Use
|
||||
<command>cancel-transfer</command>, described below.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||
|
@ -174,8 +174,14 @@
|
|||
|
||||
<listitem><para>Imports a TAR or RAW image, and places it under the specified name in the image
|
||||
directory for the image class selected via <option>--class=</option>. When
|
||||
<command>import-tar</command> is used, the file specified as the first argument should be a tar
|
||||
archive, possibly compressed with xz, gzip or bzip2. It will then be unpacked into its own
|
||||
<command>import-tar</command> is used, the file specified as the first argument should be a
|
||||
<citerefentry project='die-net'><refentrytitle>tar</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
archive, possibly compressed with
|
||||
<citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
or
|
||||
<citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
||||
It will then be unpacked into its own
|
||||
subvolume/directory. When <command>import-raw</command> is used, the file should be a qcow2 or raw
|
||||
disk image, possibly compressed with xz, gzip or bzip2. If the second argument (the resulting image
|
||||
name) is not specified, it is automatically derived from the file name. If the filename is passed as
|
||||
|
@ -196,7 +202,9 @@
|
|||
<listitem><para>Imports an image stored in a local directory into the image directory for the image
|
||||
class selected via <option>--class=</option> and operates similarly to <command>import-tar</command>
|
||||
or <command>import-raw</command>, but the first argument is the source directory. If supported, this
|
||||
command will create a btrfs snapshot or subvolume for the new image.</para>
|
||||
command will create a
|
||||
<citerefentry project="url"><refentrytitle url="https://btrfs.readthedocs.io/en/latest/btrfs.html">btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
snapshot or subvolume for the new image.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||
</varlistentry>
|
||||
|
@ -207,9 +215,13 @@
|
|||
|
||||
<listitem><para>Exports a TAR or RAW image and stores it in the specified file. The first parameter
|
||||
should be an image name. The second parameter should be a file path the TAR or RAW
|
||||
image is written to. If the path ends in <literal>.gz</literal>, the file is compressed with gzip, if
|
||||
it ends in <literal>.xz</literal>, with xz, and if it ends in <literal>.bz2</literal>, with bzip2. If
|
||||
the path ends in neither, the file is left uncompressed. If the second argument is missing, the image
|
||||
image is written to. If the path ends in <literal>.gz</literal>, the file is compressed with
|
||||
<citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
if it ends in <literal>.xz</literal>, with
|
||||
<citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
and if it ends in <literal>.bz2</literal>, with
|
||||
<citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
||||
If the path ends in neither, the file is left uncompressed. If the second argument is missing, the image
|
||||
is written to standard output. The compression may also be explicitly selected with the
|
||||
<option>--format=</option> switch. This is in particular useful if the second parameter is left
|
||||
unspecified.</para>
|
||||
|
|
|
@ -113,11 +113,11 @@
|
|||
</row>
|
||||
<row>
|
||||
<entry><constant>user-early</constant></entry>
|
||||
<entry>Similar to <literal>user</literal> but sessions of this class are not ordered after <filename>systemd-user-sessions.service</filename>, i.e. may be started before regular sessions are allowed to be established. This session class is the default for sessions of the root user that would otherwise qualify for the <constant>user</constant> class, see above. (Added in v256.)</entry>
|
||||
<entry>Similar to <literal>user</literal> but sessions of this class are not ordered after <citerefentry><refentrytitle>systemd-user-sessions.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, i.e. may be started before regular sessions are allowed to be established. This session class is the default for sessions of the root user that would otherwise qualify for the <constant>user</constant> class, see above. (Added in v256.)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><constant>user-incomplete</constant></entry>
|
||||
<entry>Similar to <literal>user</literal> but for sessions which are not fully set up yet, i.e. have no home directory mounted or similar. This is used by <citerefentry><refentrytitle>systemd-homed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> to allow users to log in via <command>ssh</command> before their home directory is mounted, delaying the mount until the user provided the unlock password. Sessions of this class are upgraded to the regular <constant>user</constant> class once the home directory is activated.</entry>
|
||||
<entry>Similar to <literal>user</literal> but for sessions which are not fully set up yet, i.e. have no home directory mounted or similar. This is used by <citerefentry><refentrytitle>systemd-homed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> to allow users to log in via <citerefentry project='man-pages'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry> before their home directory is mounted, delaying the mount until the user provided the unlock password. Sessions of this class are upgraded to the regular <constant>user</constant> class once the home directory is activated.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><constant>greeter</constant></entry>
|
||||
|
@ -129,15 +129,15 @@
|
|||
</row>
|
||||
<row>
|
||||
<entry><constant>background</constant></entry>
|
||||
<entry>Used for background sessions, such as those invoked by <command>cron</command> and similar tools. This is the default class for sessions for which no TTY or X display is known at session registration time.</entry>
|
||||
<entry>Used for background sessions, such as those invoked by <citerefentry project='die-net'><refentrytitle>cron</refentrytitle><manvolnum>8</manvolnum></citerefentry> and similar tools. This is the default class for sessions for which no TTY or X display is known at session registration time.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><constant>background-light</constant></entry>
|
||||
<entry>Similar to <constant>background</constant>, but sessions of this class will not pull in the <filename>user@.service</filename> of the user, and thus possibly have no services of the user running. (Added in v256.)</entry>
|
||||
<entry>Similar to <constant>background</constant>, but sessions of this class will not pull in the <citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> of the user, and thus possibly have no services of the user running. (Added in v256.)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><constant>manager</constant></entry>
|
||||
<entry>The <filename>user@.service</filename> service of the user is registered under this session class. (Added in v256.)</entry>
|
||||
<entry>The <citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> service of the user is registered under this session class. (Added in v256.)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><constant>manager-early</constant></entry>
|
||||
|
@ -445,6 +445,8 @@ session required pam_unix.so</programlisting>
|
|||
<title>See Also</title>
|
||||
<para><simplelist type="inline">
|
||||
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd-user-sessions.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||
|
|
|
@ -112,7 +112,8 @@
|
|||
during boot.</para>
|
||||
|
||||
<para>You need to set the password of your Gnome Keyring/KWallet to the same as your LUKS passphrase.
|
||||
Then add the following lines to your display manager's PAM config under <filename>/etc/pam.d/</filename> (e.g. <filename>sddm-autologin</filename>):</para>
|
||||
Then add the following lines to your display manager's PAM config under <filename>/etc/pam.d/</filename> (e.g.
|
||||
<filename>sddm-autologin</filename>):</para>
|
||||
|
||||
<programlisting>
|
||||
-auth optional pam_systemd_loadkey.so
|
||||
|
@ -131,8 +132,9 @@ KeyringMode=inherit
|
|||
<para>In this setup, early during the boot process,
|
||||
<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
will ask for the passphrase and store it in the kernel keyring with the keyname <literal>cryptsetup</literal>.
|
||||
Then when the display manager does the autologin, pam_systemd_loadkey will read the passphrase from the kernel keyring,
|
||||
set it as the PAM authtok, and then pam_gnome_keyring and pam_kwallet5 will unlock with the same passphrase.</para>
|
||||
Then when the display manager does the autologin, <command>pam_systemd_loadkey</command> will read the passphrase
|
||||
from the kernel keyring, set it as the PAM authtok, and then <command>pam_gnome_keyring</command> and
|
||||
<command>pam_kwallet5</command> will unlock with the same passphrase.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
||||
|
|
|
@ -48,7 +48,7 @@
|
|||
and transfer them as a whole between systems. When these images are attached to the local system, the contained units
|
||||
may run in most ways like regular system-provided units, either with full privileges or inside strict sandboxing,
|
||||
depending on the selected configuration. For more details, see
|
||||
<ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services Documentation</ulink>.</para>
|
||||
<ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services</ulink>.</para>
|
||||
|
||||
<para>Portable service images may be of the following kinds:</para>
|
||||
|
||||
|
@ -417,7 +417,7 @@
|
|||
<citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
Images can be block images, btrfs subvolumes or directories. For more information on portable
|
||||
services with extensions, see the <literal>Extension Images</literal> paragraph on
|
||||
<ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services Documentation</ulink>.
|
||||
<ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services</ulink>.
|
||||
</para>
|
||||
|
||||
<para>Note that the same extensions have to be specified, in the same order, when attaching
|
||||
|
|
|
@ -606,7 +606,8 @@
|
|||
<varname>Subvolumes=</varname>.</para>
|
||||
|
||||
<para>Note that this option only takes effect if the target filesystem supports subvolumes, such as
|
||||
<literal>btrfs</literal>.</para>
|
||||
<citerefentry project="url"><refentrytitle url="https://btrfs.readthedocs.io/en/latest/btrfs.html">btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
||||
</para>
|
||||
|
||||
<para>Note that this option is only supported in combination with <option>--offline=yes</option>
|
||||
since btrfs-progs 6.11 or newer.</para>
|
||||
|
@ -686,7 +687,7 @@
|
|||
|
||||
<listitem><para>Configures the data block size of the generated verity hash partition. Must be between 512 and
|
||||
4096 bytes and must be a power of 2. Defaults to the sector size if configured explicitly, or the underlying
|
||||
block device sector size, or 4K if systemd-repart is not operating on a block device.
|
||||
block device sector size, or 4K if <command>systemd-repart</command> is not operating on a block device.
|
||||
</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
||||
|
@ -697,7 +698,7 @@
|
|||
|
||||
<listitem><para>Configures the hash block size of the generated verity hash partition. Must be between 512 and
|
||||
4096 bytes and must be a power of 2. Defaults to the sector size if configured explicitly, or the underlying
|
||||
block device sector size, or 4K if systemd-repart is not operating on a block device.
|
||||
block device sector size, or 4K if <command>systemd-repart</command> is not operating on a block device.
|
||||
</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
||||
|
@ -807,7 +808,9 @@
|
|||
mount options. These fields correspond to the second and fourth column of the
|
||||
<citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
format. This setting may be specified multiple times to mount the partition multiple times. This can
|
||||
be used to add mounts for different btrfs subvolumes located on the same btrfs partition.</para>
|
||||
be used to add mounts for different
|
||||
<citerefentry project="url"><refentrytitle url="https://btrfs.readthedocs.io/en/latest/btrfs.html">btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
subvolumes located on the same btrfs partition.</para>
|
||||
|
||||
<para>Note that this setting is only taken into account when <option>--generate-fstab=</option> is
|
||||
specified on the <command>systemd-repart</command> command line.</para>
|
||||
|
@ -818,7 +821,7 @@
|
|||
<varlistentry>
|
||||
<term><varname>EncryptedVolume=</varname></term>
|
||||
|
||||
<listitem><para>Specify how the encrypted partition should be set up. Takes at least one and at most
|
||||
<listitem><para>Specifies how the encrypted partition should be set up. Takes at least one and at most
|
||||
three fields separated with a colon (<literal>:</literal>). The first field specifies the encrypted
|
||||
volume name under <filename>/dev/mapper/</filename>. If not specified, <literal>luks-UUID</literal>
|
||||
will be used where <literal>UUID</literal> is the LUKS UUID. The second field specifies the keyfile
|
||||
|
@ -837,13 +840,14 @@
|
|||
<varlistentry>
|
||||
<term><varname>Compression=</varname></term>
|
||||
|
||||
<listitem><para>Specify the compression algorithm to use for the filesystem configured with
|
||||
<listitem><para>Specifies the compression algorithm to use for the filesystem configured with
|
||||
<varname>Format=</varname>. Takes a single argument specifying the compression algorithm.</para>
|
||||
|
||||
<para>Note that this setting is only taken into account when the filesystem configured with
|
||||
<varname>Format=</varname> supports compression (btrfs, squashfs, erofs). Here's an incomplete list
|
||||
of compression algorithms supported by the filesystems known to
|
||||
<command>systemd-repart</command>:</para>
|
||||
<varname>Format=</varname> supports compression (
|
||||
<citerefentry project="url"><refentrytitle url="https://btrfs.readthedocs.io/en/latest/btrfs.html">btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
squashfs, erofs). Here's an incomplete list of compression algorithms supported by the filesystems
|
||||
known to <command>systemd-repart</command>:</para>
|
||||
|
||||
<table>
|
||||
<title>File System Compression Algorithms</title>
|
||||
|
@ -883,7 +887,7 @@
|
|||
<varlistentry>
|
||||
<term><varname>CompressionLevel=</varname></term>
|
||||
|
||||
<listitem><para>Specify the compression level to use for the filesystem configured with
|
||||
<listitem><para>Specifies the compression level to use for the filesystem configured with
|
||||
<varname>Format=</varname>. Takes a single argument specifying the compression level to use for the
|
||||
configured compression algorithm. The possible compression levels and their meaning are filesystem
|
||||
specific (refer to the filesystem's documentation for the exact meaning of a particular compression
|
||||
|
|
|
@ -485,7 +485,7 @@
|
|||
|
||||
<listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If
|
||||
true, rules regarding routing of single-label names are relaxed. Defaults to false. By default,
|
||||
lookups of single label names are assumed to refer to local hosts to be resolved via local resolution
|
||||
lookups of single-label names are assumed to refer to local hosts to be resolved via local resolution
|
||||
such as LLMNR or via search domain qualification and are not routed to upstream servers as is. If
|
||||
this option is enabled these rules are disabled and the queries are routed upstream anyway. Also see
|
||||
the <varname>ResolveUnicastSingleLabel=</varname> option in
|
||||
|
|
|
@ -81,7 +81,7 @@
|
|||
<varlistentry>
|
||||
<term><option>--property=</option></term>
|
||||
|
||||
<listitem><para>Sets a property on the service unit that is created. This option takes an assignment
|
||||
<listitem><para>Sets a property of the service unit that is created. This option takes an assignment
|
||||
in the same format as
|
||||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
|
||||
<command>set-property</command> command.</para>
|
||||
|
@ -225,7 +225,7 @@
|
|||
<term><option>--machine=</option></term>
|
||||
|
||||
<listitem>
|
||||
<para>Execute operation on a local container. Specify a container name to connect to.</para>
|
||||
<para>Execute operation in a local container. Specify a container name to connect to.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/>
|
||||
</listitem>
|
||||
|
|
|
@ -1397,7 +1397,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
|
|||
<para>Note that this shows the <emphasis>effective</emphasis> block, i.e. the combination of
|
||||
environment variables configured via configuration files, environment generators and via IPC
|
||||
(i.e. via the <command>set-environment</command> described below). At the moment a unit process
|
||||
is forked off this combined environment block will be further combined with per-unit environment
|
||||
is forked off, this combined environment block will be further combined with per-unit environment
|
||||
variables, which are not visible in this command.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -54,7 +54,7 @@
|
|||
|
||||
<listitem><para>The EFI Shell binary, if installed.</para></listitem>
|
||||
|
||||
<listitem><para>A <literal>Reboot Into Firmware Interface option</literal>, if supported by the UEFI
|
||||
<listitem><para>A <literal>Reboot Into Firmware Interface</literal> option, if supported by the UEFI
|
||||
firmware.</para></listitem>
|
||||
|
||||
<listitem><para>Secure Boot variables enrollment if the UEFI firmware is in setup-mode and files are provided
|
||||
|
|
|
@ -299,7 +299,7 @@
|
|||
<varlistentry>
|
||||
<term><option>--unlock-tpm2-device=<replaceable>PATH</replaceable></option></term>
|
||||
|
||||
<listitem><para>Use a TPM2 device instead of a password/passhprase read from stdin to unlock the
|
||||
<listitem><para>Use a TPM2 device instead of a password/passphrase read from stdin to unlock the
|
||||
volume. Expects a device node path referring to the TPM2 chip (e.g. <filename>/dev/tpmrm0</filename>).
|
||||
Alternatively the special value <literal>auto</literal> may be specified, in order to automatically
|
||||
determine the device node of a currently discovered TPM2 device (of which there must be exactly one).
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
<arg choice="plain">VOLUME</arg>
|
||||
<arg choice="plain">SOURCE-DEVICE</arg>
|
||||
<arg choice="opt">KEY-FILE</arg>
|
||||
<arg choice="opt">CONFIG</arg>
|
||||
<arg choice="opt">CRYPTTAB-OPTIONS</arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
|
@ -150,7 +150,7 @@
|
|||
<varlistentry>
|
||||
<term><varname>cryptsetup.luks2-pin</varname></term>
|
||||
|
||||
<listitem><para>This credential specifies the PIN requested by generic LUKS2 token modules.</para>
|
||||
<listitem><para>This credential specifies the pin requested by generic LUKS2 token modules.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -57,7 +57,9 @@
|
|||
last check, number of mounts, unclean unmount, etc.</para>
|
||||
|
||||
<para><filename>systemd-fsck-root.service</filename> and <filename>systemd-fsck-usr.service</filename>
|
||||
will activate <filename>reboot.target</filename> if <command>fsck</command> returns the "System
|
||||
will activate <filename>reboot.target</filename> if
|
||||
<citerefentry project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
returns the "System
|
||||
should reboot" condition, or <filename>emergency.target</filename> if <command>fsck</command>
|
||||
returns the "Filesystem errors left uncorrected" condition.</para>
|
||||
|
||||
|
|
|
@ -164,9 +164,10 @@ systemd-tmpfiles --create --prefix /var/log/journal</programlisting>
|
|||
used to view the log stream of a specific namespace. If the switch is not used the log stream of the
|
||||
default namespace is shown, i.e. log data from other namespaces is not visible.</para>
|
||||
|
||||
<para>Services associated with a specific log namespace may log via syslog, the native logging protocol
|
||||
of the journal and via stdout/stderr; the logging from all three transports is associated with the
|
||||
namespace.</para>
|
||||
<para>Services associated with a specific log namespace may log via
|
||||
<citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||
the native logging protocol of the journal and via stdout/stderr; the logging from all three transports
|
||||
is associated with the namespace.</para>
|
||||
|
||||
<para>By default only the default namespace will collect kernel and audit log messages.</para>
|
||||
|
||||
|
@ -288,8 +289,11 @@ systemd-tmpfiles --create --prefix /var/log/journal</programlisting>
|
|||
<term><varname>systemd.journald.max_level_socket=</varname></term>
|
||||
|
||||
<listitem><para>Controls the maximum log level of messages that are stored in the journal, forwarded
|
||||
to syslog, kmsg, the console, the wall, or a socket. This kernel command line options override the
|
||||
settings of the same names in the
|
||||
to
|
||||
<citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||
kmsg, the console,
|
||||
<citerefentry project='man-pages'><refentrytitle>wall</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
or a socket. This kernel command line options override the settings of the same names in the
|
||||
<citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
file.</para>
|
||||
|
||||
|
|
|
@ -136,6 +136,7 @@
|
|||
<member><citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>org.freedesktop.machine1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||
<member><citerefentry project='man-pages'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||
</simplelist></para>
|
||||
</refsect1>
|
||||
|
||||
|
|
|
@ -57,7 +57,9 @@
|
|||
<para>The returned mounts are automatically allowlisted in the per-user-namespace allowlist maintained by
|
||||
<citerefentry><refentrytitle>systemd-nsresourced.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
||||
|
||||
<para>The file systems are automatically fsck'ed before mounting.</para>
|
||||
<para>The file systems are automatically
|
||||
<citerefentry project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>'ed
|
||||
before mounting.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
|
@ -140,7 +140,7 @@
|
|||
<para>When running in unprivileged mode, some needed functionality is provided via
|
||||
<citerefentry><refentrytitle>systemd-mountfsd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
and
|
||||
<citerefentry><refentrytitle>systemd-nsresourced.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></para>
|
||||
<citerefentry><refentrytitle>systemd-nsresourced.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
|
@ -106,7 +106,7 @@
|
|||
|
||||
<listitem><para>This reads the combined TPM2 event log and writes it to STDOUT in <ulink
|
||||
url="https://trustedcomputinggroup.org/resource/canonical-event-log-format/">TCG Canonical Event Log
|
||||
Format (CEL-JSON)</ulink> format.</para>
|
||||
Format (CEL-JSON)</ulink>.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
||||
</varlistentry>
|
||||
|
@ -387,8 +387,10 @@
|
|||
|
||||
<listitem><para>Generates/removes a <filename>.pcrlock</filename> file based on a kernel initrd cpio
|
||||
archive. This is useful for predicting measurements the Linux kernel makes to PCR 9
|
||||
("kernel-initrd"). Do not use for <command>systemd-stub</command> UKIs, as the initrd is combined
|
||||
dynamically from various sources and hence does not take a single input, like this command.</para>
|
||||
("kernel-initrd"). Do not use for
|
||||
<citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
UKIs, as the initrd is combined dynamically from various sources and hence does not take a single
|
||||
input, like this command.</para>
|
||||
|
||||
<para>This writes/removes the file
|
||||
<filename>/var/lib/pcrlock.d/720-kernel-initrd.pcrlock/generated.pcrlock</filename>.</para>
|
||||
|
@ -521,7 +523,7 @@
|
|||
<varlistentry>
|
||||
<term><option>--pcrlock=</option></term>
|
||||
|
||||
<listitem><para>Takes a file system path as argument. If specified overrides where to write the
|
||||
<listitem><para>Takes a file system path as argument. If specified, configures where to write the
|
||||
generated pcrlock data to. Honoured by the various <command>lock-*</command> commands. If not
|
||||
specified, a default path is generally used, as documented above.</para>
|
||||
|
||||
|
@ -531,7 +533,7 @@
|
|||
<varlistentry>
|
||||
<term><option>--policy=</option></term>
|
||||
|
||||
<listitem><para>Takes a file system path as argument. If specified overrides where to write pcrlock
|
||||
<listitem><para>Takes a file system path as argument. If specified, configures where to write pcrlock
|
||||
policy metadata to. If not specified defaults to
|
||||
<filename>/var/lib/systemd/pcrlock.json</filename>.</para>
|
||||
|
||||
|
|
|
@ -53,7 +53,7 @@
|
|||
might be broken — the running PID 1 could still depend on libraries which are not available any more,
|
||||
thus keeping the file system busy, which then cannot be re-mounted read-only.</para>
|
||||
|
||||
<para>Shortly before executing the actual system power-off/halt/reboot/kexec
|
||||
<para>Shortly before executing the actual system power-off/halt/reboot/kexec,
|
||||
<filename>systemd-shutdown</filename> will run all executables in
|
||||
<filename>/usr/lib/systemd/system-shutdown/</filename> and pass one arguments to them: either
|
||||
<literal>poweroff</literal>, <literal>halt</literal>, <literal>reboot</literal>, or
|
||||
|
|
|
@ -569,7 +569,7 @@
|
|||
(sysext, see
|
||||
<citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
for details), configuration extension (confext) or <ulink
|
||||
url="https://systemd.io/PORTABLE_SERVICES">portable service</ulink>. The generated image will consist
|
||||
url="https://systemd.io/PORTABLE_SERVICES">Portable Services</ulink>. The generated image will consist
|
||||
of a signed Verity <literal>erofs</literal> file system as root partition. In this mode of operation
|
||||
the partition definitions in <filename>/usr/lib/repart.d/*.conf</filename> and related directories
|
||||
are not read, and <option>--definitions=</option> is not supported, as appropriate definitions for
|
||||
|
@ -605,10 +605,11 @@
|
|||
<varlistentry>
|
||||
<term><option>--generate-fstab=<replaceable>PATH</replaceable></option></term>
|
||||
|
||||
<listitem><para>Specifies a path where to write fstab entries for the mountpoints configured with
|
||||
<option>MountPoint=</option> in the root directory specified with <option>--copy-source=</option> or
|
||||
<option>--root=</option> or in the host's root directory if neither is specified. Disabled by
|
||||
default.</para>
|
||||
<listitem><para>Specifies a path where to write
|
||||
<citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
entries for the mountpoints configured with <option>MountPoint=</option> in the root directory
|
||||
specified with <option>--copy-source=</option> or <option>--root=</option> or in the host's root
|
||||
directory if neither is specified. Disabled by default.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||
</varlistentry>
|
||||
|
@ -680,7 +681,7 @@ systemd-confext refresh</programlisting>
|
|||
<title>Generate a system extension image and sign it via PKCS11</title>
|
||||
|
||||
<para>The following creates a system extension DDI (sysext) for an
|
||||
<filename>/usr/foo</filename> update and signs it with a hardware token via PKCS11.</para>
|
||||
<filename>/usr/foo</filename> update and signs it with a hardware token via PKCS11:</para>
|
||||
|
||||
<programlisting>mkdir -p tree/usr/lib/extension-release.d
|
||||
echo "Hello World" >tree/usr/foo
|
||||
|
|
|
@ -343,10 +343,10 @@ search foobar.com barbar.com
|
|||
<listitem><para><command>systemd-resolved</command> maintains the
|
||||
<filename>/run/systemd/resolve/stub-resolv.conf</filename> file for compatibility with traditional
|
||||
Linux programs. This file lists the 127.0.0.53 DNS stub (see above) as the only DNS server. It also
|
||||
contains a list of search domains that are in use by systemd-resolved. The list of search domains is
|
||||
always kept up-to-date. Note that <filename>/run/systemd/resolve/stub-resolv.conf</filename> should not
|
||||
be used directly by applications, but only through a symlink from
|
||||
<filename>/etc/resolv.conf</filename>. This file may be symlinked from
|
||||
contains a list of search domains that are in use by <command>systemd-resolved</command>. The list of
|
||||
search domains is always kept up-to-date. Note that
|
||||
<filename>/run/systemd/resolve/stub-resolv.conf</filename> should not be used directly by applications,
|
||||
but only through a symlink from <filename>/etc/resolv.conf</filename>. This file may be symlinked from
|
||||
<filename>/etc/resolv.conf</filename> in order to connect all local clients that bypass local DNS APIs
|
||||
to <command>systemd-resolved</command> with correct search domains settings. This mode of operation is
|
||||
recommended.</para></listitem>
|
||||
|
|
|
@ -139,7 +139,8 @@ DefaultDependencies=no</programlisting>
|
|||
<varname>Conflicts=umount.target</varname>)</para></listitem>
|
||||
|
||||
<listitem><para>If the unit publishes a service over D-Bus, the connection needs to be re-established
|
||||
after soft-reboot as the D-Bus broker will be stopped and then started again. When using the sd-bus
|
||||
after soft-reboot as the D-Bus broker will be stopped and then started again. When using the
|
||||
<citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||||
library this can be achieved by adapting the following example.
|
||||
<programlisting><xi:include href="sd_bus_service_reconnect.c" parse="text"/></programlisting>
|
||||
</para></listitem>
|
||||
|
|
|
@ -34,9 +34,9 @@
|
|||
|
||||
<para><command>systemd-ssh-generator</command> binds a socket-activated SSH server to local
|
||||
<constant>AF_VSOCK</constant> and <constant>AF_UNIX</constant> sockets under certain conditions. It only
|
||||
has an effect if the <citerefentry
|
||||
project="man-pages"><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> binary is
|
||||
installed. Specifically, it does the following:</para>
|
||||
has an effect if the
|
||||
<citerefentry project="man-pages"><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
binary is installed. Specifically, it does the following:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>If invoked in a VM with <constant>AF_VSOCK</constant> support, a socket-activated SSH
|
||||
|
@ -71,14 +71,14 @@
|
|||
<para>The generator will use a packaged <filename>sshd@.service</filename> service template file if one
|
||||
exists, and otherwise generate a suitable service template file.</para>
|
||||
|
||||
<para><filename>systemd-ssh-generator</filename> implements
|
||||
<para><command>systemd-ssh-generator</command> implements
|
||||
<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Kernel Command Line</title>
|
||||
|
||||
<para><filename>systemd-ssh-generator</filename> understands the following
|
||||
<para><command>systemd-ssh-generator</command> understands the following
|
||||
<citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
parameters:</para>
|
||||
|
||||
|
@ -102,8 +102,9 @@
|
|||
times to bind multiple sockets. The syntax should follow the one of <varname>ListenStream=</varname>,
|
||||
see
|
||||
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for details. This functionality supports all socket families systemd supports, including
|
||||
<constant>AF_INET</constant> and <constant>AF_INET6</constant>.</para>
|
||||
for details. This functionality supports all socket families
|
||||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> supports,
|
||||
including <constant>AF_INET</constant> and <constant>AF_INET6</constant>.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -77,7 +77,7 @@ Host .host
|
|||
<para>This tool is supposed to be used together with
|
||||
<citerefentry><refentrytitle>systemd-ssh-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
which when run inside a VM or container will bind SSH to suitable
|
||||
addresses. <command>systemd-ssh-generator</command> is supposed to run in the container of VM guest, and
|
||||
addresses. <command>systemd-ssh-generator</command> is supposed to run in the container or VM guest, and
|
||||
<command>systemd-ssh-proxy</command> is run on the host, in order to connect to the container or VM
|
||||
guest.</para>
|
||||
</refsect1>
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
|
||||
<para><citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry> uses
|
||||
<command>systemd-stdio-bridge</command> to forward D-Bus connections over
|
||||
<citerefentry project='die-net'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry project='man-pages'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
or to connect to the bus of a different user, see
|
||||
<citerefentry><refentrytitle>sd_bus_set_address</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
|
||||
</para>
|
||||
|
|
|
@ -209,7 +209,7 @@
|
|||
images to the initrd. See
|
||||
<citerefentry><refentrytitle>systemd-confext</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
|
||||
details on configuration extension images. The generated <command>cpio</command> archive containing
|
||||
these system extension images is measured into TPM PCR 12 (if a TPM is present).</para></listitem>
|
||||
these configuration extension images is measured into TPM PCR 12 (if a TPM is present).</para></listitem>
|
||||
|
||||
<listitem><para>Similarly, files
|
||||
<filename><replaceable>foo</replaceable>.efi.extra.d/*.addon.efi</filename> are loaded and verified as
|
||||
|
|
|
@ -141,7 +141,7 @@
|
|||
but the used architecture identifiers are the same as for <varname>ConditionArchitecture=</varname>
|
||||
described in <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
<varname>EXTENSION_RELOAD_MANAGER=</varname> can be set to 1 if the extension requires a service manager reload after application
|
||||
of the extension. Note that for the reasons mentioned earlier:
|
||||
of the extension. Note that for the reasons mentioned earlier,
|
||||
<ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services</ulink> remain
|
||||
the recommended way to ship system services.
|
||||
|
||||
|
@ -206,13 +206,13 @@
|
|||
the underlying host <filename>/usr/</filename> is managed as immutable disk image or is a traditional
|
||||
package manager controlled (i.e. writable) tree.</para>
|
||||
|
||||
<para>With systemd-confext one can perform runtime reconfiguration of OS services.
|
||||
<para>With <command>systemd-confext</command> one can perform runtime reconfiguration of OS services.
|
||||
Sometimes, there is a need to swap certain configuration parameter values or restart only a specific
|
||||
service without deployment of new code or a complete OS deployment. In other words, we want to be able
|
||||
to tie the most frequently configured options to runtime updateable flags that can be changed without a
|
||||
system reboot. This will help reduce servicing times when there is a need for changing the OS configuration.
|
||||
It also provides a reliable tool for managing configuration because all old configuration files disappear when
|
||||
the systemd-confext image is removed.</para></refsect1>
|
||||
the <command>systemd-confext</command> image is removed.</para></refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Mutability</title>
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
<refsect1>
|
||||
<title>Description</title>
|
||||
|
||||
<para><filename>systemd-tpm2-generator</filename> is a generator that adds a <varname>Wants=</varname>
|
||||
<para><command>systemd-tpm2-generator</command> is a generator that adds a <varname>Wants=</varname>
|
||||
dependency from <filename>sysinit.target</filename> to <filename>tpm2.target</filename> when it detects
|
||||
that the firmware discovered a TPM2 device but the OS kernel so far did
|
||||
not. <filename>tpm2.target</filename> is supposed to act as synchronization point for all services that
|
||||
|
@ -45,7 +45,7 @@
|
|||
for it yet. The latter might be useful in environments where a suitable TPM2 driver for the available
|
||||
hardware is not available.</para>
|
||||
|
||||
<para><filename>systemd-tpm2-generator</filename> implements
|
||||
<para><command>systemd-tpm2-generator</command> implements
|
||||
<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
|
||||
</refsect1>
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@
|
|||
file descriptors must be passed with the names <literal>kvm</literal> and <literal>vhost-vsock</literal>
|
||||
respectively.</para>
|
||||
|
||||
<para>Note: on Ubuntu/Debian derivatives systemd-vmspawn requires the user to be in the
|
||||
<para>Note: on Ubuntu/Debian derivatives <command>systemd-vmspawn</command> requires the user to be in the
|
||||
<literal>kvm</literal> group to use the VSOCK options.</para>
|
||||
</refsect1>
|
||||
|
||||
|
@ -420,7 +420,8 @@
|
|||
for more information.</para>
|
||||
|
||||
<para>By default <literal>ed25519</literal> keys are generated, however <literal>rsa</literal> keys
|
||||
may also be useful if the VM has a particularly old version of <command>sshd</command>.</para>
|
||||
may also be useful if the VM has a particularly old version of
|
||||
<citerefentry project='man-pages'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/>
|
||||
</listitem>
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
|
||||
<para>If the specified path does not reference a <literal>.v/</literal> path (i.e. neither the final
|
||||
component ends in <literal>.v</literal>, nor the penultimate does or the final one does contain a triple
|
||||
underscore) it specified path is written unmodified to standard output.</para>
|
||||
underscore) its specified path is written unmodified to standard output.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
|
@ -378,7 +378,7 @@
|
|||
|
||||
<para>This setting is useful to configure the <literal>ID_NET_MANAGED_BY=</literal> property which
|
||||
declares which network management service shall manage the interface, which is respected by
|
||||
systemd-networkd and others. Use
|
||||
<command>systemd-networkd</command> and others. Use
|
||||
<programlisting>Property=ID_NET_MANAGED_BY=io.systemd.Network</programlisting>
|
||||
to declare explicitly that <command>systemd-networkd</command> shall manage the interface, or set
|
||||
the property to something else to declare explicitly it shall not do so. See
|
||||
|
@ -974,10 +974,10 @@
|
|||
<listitem>
|
||||
<para>Configures Receive Packet Steering (RPS) list of CPUs to which RPS may forward traffic.
|
||||
Takes a list of CPU indices or ranges separated by either whitespace or commas. Alternatively,
|
||||
takes the special value <literal>all</literal> in which will include all available CPUs in the mask.
|
||||
takes the special value <literal>all</literal>, which will include all available CPUs in the mask.
|
||||
CPU ranges are specified by the lower and upper CPU indices separated by a dash (e.g. <literal>2-6</literal>).
|
||||
This option may be specified more than once, in which case the specified CPU affinity masks are merged.
|
||||
If an empty string is assigned, the mask is reset, all assignments prior to this will have no effect.
|
||||
This option may be specified more than once, in which case the specified list of CPU ranges are merged.
|
||||
If an empty string is assigned, the list is reset, all assignments prior to this will have no effect.
|
||||
Defaults to unset and RPS CPU list is unchanged. To disable RPS when it was previously enabled, use the
|
||||
special value <literal>disable</literal>.</para>
|
||||
|
||||
|
|
|
@ -293,7 +293,7 @@
|
|||
comes from unit fragments, i.e. generated from <filename>/etc/fstab</filename> by <citerefentry>
|
||||
<refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> or loaded from
|
||||
a manually configured mount unit, a combination of <varname>Requires=</varname> and <varname>StopPropagatedFrom=</varname>
|
||||
dependencies is set on the backing device. If doesn't, only <varname>Requires=</varname> is used.</para>
|
||||
dependencies is set on the backing device, otherwise only <varname>Requires=</varname> is used.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v233"/></listitem>
|
||||
</varlistentry>
|
||||
|
@ -556,7 +556,7 @@
|
|||
for details. This setting is optional.</para>
|
||||
|
||||
<para>If the type is <literal>overlay</literal>, and <literal>upperdir=</literal> or
|
||||
<literal>workdir=</literal> are specified as options and they don't exist, they will be created.
|
||||
<literal>workdir=</literal> are specified as options and the directories don't exist, they will be created.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
|
@ -27,18 +27,19 @@
|
|||
attributes and the use of this information is configured. This page describes interface naming, i.e. what
|
||||
possible names may be generated. Those names are generated by the
|
||||
<citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
builtin <command>net_id</command> and exported as udev properties
|
||||
(<varname>ID_NET_NAME_ONBOARD=</varname>, <varname>ID_NET_LABEL_ONBOARD=</varname>,
|
||||
builtin <command>net_id</command> and exported as
|
||||
<citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
properties (<varname>ID_NET_NAME_ONBOARD=</varname>, <varname>ID_NET_LABEL_ONBOARD=</varname>,
|
||||
<varname>ID_NET_NAME_PATH=</varname>, <varname>ID_NET_NAME_SLOT=</varname>).</para>
|
||||
|
||||
<para>Names and MAC addresses are derived from various stable device metadata attributes. Newer versions
|
||||
of udev take more of these attributes into account, improving (and thus possibly changing) the names and
|
||||
addresses used for the same devices. Different versions of those generation rules are called "naming
|
||||
schemes". The default naming scheme is chosen at compilation time. Usually this will be the latest
|
||||
implemented version, but it is also possible to set one of the older versions to preserve
|
||||
compatibility. This may be useful for example for distributions, which may introduce new versions of
|
||||
systemd in stable releases without changing the naming scheme. The naming scheme may also be overridden
|
||||
using the <varname>net.naming_scheme=</varname> kernel command line switch, see
|
||||
of <command>systemd-udevd</command> take more of these attributes into account, improving (and thus
|
||||
possibly changing) the names and addresses used for the same devices. Different versions of those
|
||||
generation rules are called "naming schemes". The default naming scheme is chosen at compilation time.
|
||||
Usually this will be the latest implemented version, but it is also possible to set one of the older
|
||||
versions to preserve compatibility. This may be useful for example for distributions, which may introduce
|
||||
new versions of systemd in stable releases without changing the naming scheme. The naming scheme may also
|
||||
be overridden using the <varname>net.naming_scheme=</varname> kernel command line switch, see
|
||||
<citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
||||
Available naming schemes are described below.</para>
|
||||
|
||||
|
@ -521,7 +522,8 @@
|
|||
change introduced in <constant>v254</constant> by default.</para>
|
||||
|
||||
<para>If we detect that a PCI device associated with a slot is a PCI bridge, we no longer set
|
||||
<varname>ID_NET_NAME_SLOT</varname>, reverting a change that was introduced in v251.</para>
|
||||
<varname>ID_NET_NAME_SLOT</varname>, reverting a change that was introduced in
|
||||
<constant>v251</constant>.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v255"/>
|
||||
</listitem>
|
||||
|
@ -708,6 +710,7 @@ net:naming:drvirtio_net:*
|
|||
<para><simplelist type="inline">
|
||||
<member><citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>udevadm</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||
<member><ulink url="https://systemd.io/PREDICTABLE_INTERFACE_NAMES">Predictable Network Interface Names</ulink></member>
|
||||
<member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||
</simplelist></para>
|
||||
|
|
|
@ -34,10 +34,16 @@
|
|||
for a general description of the syntax.</para>
|
||||
|
||||
<para>The main Virtual Network Device file must have the extension <filename>.netdev</filename>;
|
||||
other extensions are ignored. Virtual network devices are created as soon as networkd is
|
||||
started. If a netdev with the specified name already exists, networkd will use that as-is rather
|
||||
than create its own. Note that the settings of the pre-existing netdev will not be changed by
|
||||
networkd.</para>
|
||||
other extensions are ignored. Virtual network devices are created as soon as
|
||||
<command>systemd-networkd</command> is started if possible. If a netdev with the specified name already
|
||||
exists, <command>systemd-networkd</command> will try to update the config if the kind of the existing
|
||||
netdev is equivalent to the requested one, otherwise (e.g. when bridge device <filename>foo</filename>
|
||||
exists but bonding device with the same name is configured in a .netdev file) use the existing netdev
|
||||
as-is rather than replacing with the requested netdev. Note, several settings (e.g. vlan ID) cannot be
|
||||
changed after the netdev is created. To change such settings, it is necessary to first remove the
|
||||
existing netdev, and then run <command>networkctl reload</command> command or restart
|
||||
<command>systemd-networkd</command>. See also
|
||||
<citerefentry><refentrytitle>networkctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
|
||||
|
||||
<para>The <filename>.netdev</filename> files are read from the files located in the system network
|
||||
directory <filename>/usr/lib/systemd/network</filename> and
|
||||
|
@ -588,7 +594,7 @@
|
|||
<para>Controls the threshold for broadcast queueing of the macvlan device. Takes the special value
|
||||
<literal>no</literal>, or an integer in the range 0…2147483647. When <literal>no</literal> is
|
||||
specified, the broadcast queueing is disabled altogether. When an integer is specified, a multicast
|
||||
address will be queued as broadcast if the number of devices using it is greater than the given
|
||||
address will be queued as broadcast if the number of devices using the macvlan is greater than the given
|
||||
value. Defaults to unset, and the kernel default will be used.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/>
|
||||
|
@ -1929,7 +1935,8 @@
|
|||
the <command>wg genkey</command> command
|
||||
(see <citerefentry project='man-pages'><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>).
|
||||
Specially, if the specified key is prefixed with <literal>@</literal>, it is interpreted as
|
||||
the name of the credential from which the actual key shall be read. <command>systemd-networkd.service</command>
|
||||
the name of the credential from which the actual key shall be read.
|
||||
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
automatically imports credentials matching <literal>network.wireguard.*</literal>. For more details
|
||||
on credentials, refer to
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
|
@ -2083,7 +2090,7 @@
|
|||
i.e. the packets that pass through the tunnel itself. To cause packets to be sent via the tunnel in
|
||||
the first place, an appropriate route needs to be added as well — either in the
|
||||
<literal>[Routes]</literal> section on the <literal>.network</literal> matching the wireguard
|
||||
interface, or externally to <filename>systemd-networkd</filename>.</para>
|
||||
interface, or externally to <command>systemd-networkd</command>.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v237"/>
|
||||
</listitem>
|
||||
|
@ -2970,7 +2977,7 @@ Independent=yes</programlisting>
|
|||
<title>See Also</title>
|
||||
<para><simplelist type="inline">
|
||||
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||
|
|
|
@ -887,7 +887,7 @@ DuplicateAddressDetection=none</programlisting></para>
|
|||
from the network interface will be appear as coming from the local host. Typically, this should be
|
||||
enabled on the downstream interface of routers. Takes one of <literal>ipv4</literal>,
|
||||
<literal>ipv6</literal>, <literal>both</literal>, or <literal>no</literal>. Defaults to
|
||||
<literal>no</literal>. Note. Any positive boolean values such as <literal>yes</literal> or
|
||||
<literal>no</literal>. Note that any positive boolean values such as <literal>yes</literal> or
|
||||
<literal>true</literal> are now deprecated. Please use one of the values above. Specifying
|
||||
<literal>ipv4</literal> or <literal>both</literal> implies <varname>IPv4Forwarding=</varname>
|
||||
settings in both .network file for this interface and the global
|
||||
|
@ -928,8 +928,8 @@ DuplicateAddressDetection=none</programlisting></para>
|
|||
<para>Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support for the interface.
|
||||
If true, RAs are accepted; if false, RAs are ignored. When RAs are accepted, they may trigger the
|
||||
start of the DHCPv6 client if the relevant flags are set in the RA data, or if no routers are found
|
||||
on the link. Defaults to false for bridge devices, when IP forwarding is enabled,
|
||||
<varname>IPv6SendRA=</varname> or <varname>KeepMaster=</varname> is enabled. Otherwise, enabled by
|
||||
on the link. Defaults to false for bridge devices, when <varname>IPv6Forwarding=</varname>,
|
||||
<varname>IPv6SendRA=</varname>, or <varname>KeepMaster=</varname> is enabled. Otherwise, enabled by
|
||||
default. Cannot be enabled on devices aggregated in a bond device or when link-local addressing is
|
||||
disabled.</para>
|
||||
|
||||
|
@ -993,9 +993,9 @@ DuplicateAddressDetection=none</programlisting></para>
|
|||
whether the <emphasis>source</emphasis> of the packet would be routed through the interface it came in. If there is no
|
||||
route to the source on that interface, the machine will drop the packet. Takes one of
|
||||
<literal>no</literal>, <literal>strict</literal>, or <literal>loose</literal>. When <literal>no</literal>,
|
||||
no source validation will be done. When <literal>strict</literal>, mode each incoming packet is tested against the FIB and
|
||||
no source validation will be done. When <literal>strict</literal>, each incoming packet is tested against the FIB and
|
||||
if the incoming interface is not the best reverse path, the packet check will fail. By default failed packets are discarded.
|
||||
When <literal>loose</literal>, mode each incoming packet's source address is tested against the FIB. The packet is dropped
|
||||
When <literal>loose</literal>, each incoming packet's source address is tested against the FIB. The packet is dropped
|
||||
only if the source address is not reachable via any interface on that router.
|
||||
See <ulink url="https://tools.ietf.org/html/rfc1027">RFC 3704</ulink>.
|
||||
When unset, the kernel's default will be used.</para>
|
||||
|
@ -1084,9 +1084,10 @@ DuplicateAddressDetection=none</programlisting></para>
|
|||
Advertisement messages intended for another machine by offering its own MAC address as
|
||||
destination. Unlike proxy ARP for IPv4, it is not enabled globally, but will only send
|
||||
Neighbour Advertisement messages for addresses in the IPv6 neighbor proxy table, which can
|
||||
also be shown by <command>ip -6 neighbour show proxy</command>. systemd-networkd will control
|
||||
the per-interface `proxy_ndp` switch for each configured interface depending on this option.
|
||||
When unset, the kernel's default will be used.</para>
|
||||
also be shown by <command>ip -6 neighbour show proxy</command>.
|
||||
<command>systemd-networkd</command> will control the per-interface `proxy_ndp` switch for each
|
||||
configured interface depending on this option. When unset, the kernel's default will be used.
|
||||
</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v234"/>
|
||||
</listitem>
|
||||
|
@ -1096,7 +1097,7 @@ DuplicateAddressDetection=none</programlisting></para>
|
|||
<term><varname>IPv6ProxyNDPAddress=</varname></term>
|
||||
<listitem>
|
||||
<para>An IPv6 address, for which Neighbour Advertisement messages will be proxied. This
|
||||
option may be specified more than once. systemd-networkd will add the
|
||||
option may be specified more than once. <command>systemd-networkd</command> will add the
|
||||
<varname>IPv6ProxyNDPAddress=</varname> entries to the kernel's IPv6 neighbor proxy table.
|
||||
This setting implies <varname>IPv6ProxyNDP=yes</varname> but has no effect if
|
||||
<varname>IPv6ProxyNDP=</varname> has been set to false. When unset, the kernel's default will
|
||||
|
@ -1225,9 +1226,9 @@ DuplicateAddressDetection=none</programlisting></para>
|
|||
<varlistentry>
|
||||
<term><varname>ConfigureWithoutCarrier=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. Allows networkd to configure a specific link even if it has no
|
||||
carrier. Defaults to false. If enabled, and the <varname>IgnoreCarrierLoss=</varname> setting
|
||||
is not explicitly set, then it is enabled as well.</para>
|
||||
<para>Takes a boolean. Allows <command>systemd-networkd</command> to configure a specific link even
|
||||
if it has no carrier. Defaults to false. If enabled, and the <varname>IgnoreCarrierLoss=</varname>
|
||||
setting is not explicitly set, then it is enabled as well.</para>
|
||||
|
||||
<para>With this enabled, to make the interface enter the <literal>configured</literal> state,
|
||||
which is required to make <command>systemd-networkd-wait-online</command> work properly for the
|
||||
|
@ -1455,11 +1456,11 @@ DuplicateAddressDetection=none</programlisting></para>
|
|||
<command>ip maddr</command> command would not work if we have an Ethernet switch that does
|
||||
IGMP snooping since the switch would not replicate multicast packets on ports that did not
|
||||
have IGMP reports for the multicast addresses. Linux vxlan interfaces created via
|
||||
<command>ip link add vxlan</command> or networkd's netdev kind vxlan have the group option
|
||||
that enables them to do the required join. By extending <command>ip address</command> command
|
||||
with option <literal>autojoin</literal> we can get similar functionality for openvswitch (OVS)
|
||||
vxlan interfaces as well as other tunneling mechanisms that need to receive multicast traffic.
|
||||
Defaults to <literal>no</literal>.</para>
|
||||
<command>ip link add vxlan</command> or <command>systemd-networkd</command>'s netdev kind vxlan
|
||||
have the group option that enables them to do the required join. By extending
|
||||
<command>ip address</command> command with option <literal>autojoin</literal> we can get similar
|
||||
functionality for openvswitch (OVS) vxlan interfaces as well as other tunneling mechanisms that
|
||||
need to receive multicast traffic. Defaults to <literal>no</literal>.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v232"/>
|
||||
</listitem>
|
||||
|
@ -1785,7 +1786,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
|
|||
<varlistentry>
|
||||
<term><varname>L3MasterDevice=</varname></term>
|
||||
<listitem>
|
||||
<para>A boolean. Specifies whether the rule is to direct lookups to the tables associated with
|
||||
<para>Takes a boolean. Specifies whether the rule is to direct lookups to the tables associated with
|
||||
level 3 master devices (also known as Virtual Routing and Forwarding or VRF devices).
|
||||
For further details see <ulink url="https://docs.kernel.org/networking/vrf.html">
|
||||
Virtual Routing and Forwarding (VRF)</ulink>. Defaults to false.</para>
|
||||
|
@ -2903,7 +2904,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
|
|||
Note that if <varname>AllowList=</varname> is configured then <varname>DenyList=</varname> is
|
||||
ignored.</para>
|
||||
<para>Note that this filters only DHCP offers, so the filtering might not work when
|
||||
<varname>RapidCommit=</varname> is enabled. See also <varname>RapidCommit=</varname> in the above.
|
||||
<varname>RapidCommit=</varname> is enabled. See also <varname>RapidCommit=</varname> above.
|
||||
</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v246"/>
|
||||
|
@ -3339,7 +3340,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
|
|||
<term><varname>UseRedirect=</varname></term>
|
||||
<listitem>
|
||||
<para>When true (the default), Redirect message sent by the current first-hop router will be
|
||||
accepted, and configures routes to redirected nodes will be configured.</para>
|
||||
accepted, and routes to redirected nodes will be configured.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/>
|
||||
</listitem>
|
||||
|
@ -4076,7 +4077,8 @@ ServerAddress=192.168.0.1/24</programlisting>
|
|||
<para>Takes a boolean. When true, the DHCP server will load and save leases in the persistent
|
||||
storage. When false, the DHCP server will neither load nor save leases in the persistent storage.
|
||||
Hence, bound leases will be lost when the interface is reconfigured e.g. by
|
||||
<command>networkctl reconfigure</command>, or <filename>systemd-networkd.service</filename>
|
||||
<command>networkctl reconfigure</command>, or
|
||||
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
is restarted. That may cause address conflict on the network. So, please take an extra care when
|
||||
disable this setting. When unspecified, the value specified in the same setting in
|
||||
<citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
|
@ -4260,7 +4262,7 @@ ServerAddress=192.168.0.1/24</programlisting>
|
|||
<varlistentry>
|
||||
<term><varname>HomeAgent=</varname></term>
|
||||
|
||||
<listitem><para>Takes a boolean. Specifies that IPv6 router advertisements which indicate to hosts that
|
||||
<listitem><para>Takes a boolean. Specifies that IPv6 router advertisements indicate to hosts that
|
||||
the router acts as a Home Agent and includes a Home Agent option. Defaults to false. See
|
||||
<ulink url="https://tools.ietf.org/html/rfc6275">RFC 6275</ulink> for further details.</para>
|
||||
|
||||
|
@ -4584,10 +4586,9 @@ ServerAddress=192.168.0.1/24</programlisting>
|
|||
<varlistentry>
|
||||
<term><varname>Priority=</varname></term>
|
||||
<listitem>
|
||||
<para>Sets the "priority" of sending packets on this interface.
|
||||
Each port in a bridge may have a different priority which is used
|
||||
to decide which link to use. Lower value means higher priority.
|
||||
It is an integer value between 0 to 63. Networkd does not set any
|
||||
<para>Sets the "priority" of sending packets on this interface. Each port in a bridge may have a
|
||||
different priority which is used to decide which link to use. Lower value means higher priority.
|
||||
It is an integer value between 0 to 63. <command>systemd-networkd</command> does not set any
|
||||
default, meaning the kernel default value of 32 is used.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v234"/>
|
||||
|
|
|
@ -896,7 +896,7 @@ CPUWeight=20 DisableControllers=cpu / \
|
|||
<listitem>
|
||||
<para>Configures restrictions on the ability of unit processes to invoke <citerefentry
|
||||
project='man-pages'><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry> on a
|
||||
socket. Both allow and deny rules may defined that restrict which addresses a socket may be bound
|
||||
socket. Both allow and deny rules to be defined that restrict which addresses a socket may be bound
|
||||
to.</para>
|
||||
|
||||
<para><replaceable>bind-rule</replaceable> describes socket properties such as <replaceable>address-family</replaceable>,
|
||||
|
@ -1673,7 +1673,8 @@ DeviceAllow=/dev/loop-control
|
|||
<para>When <command>systemd-coredump</command> is handling a coredump for a process from a container,
|
||||
if the container's leader process is a descendant of a cgroup with <varname>CoredumpReceive=yes</varname>
|
||||
and <varname>Delegate=yes</varname>, then <command>systemd-coredump</command> will attempt to forward
|
||||
the coredump to <command>systemd-coredump</command> within the container.</para>
|
||||
the coredump to <command>systemd-coredump</command> within the container. See also
|
||||
<citerefentry><refentrytitle>systemd-coredump</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -1437,7 +1437,7 @@
|
|||
<para>The command line accepts <literal>%</literal> specifiers as described in
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
|
||||
<para>An argument solely consisting of <literal>;</literal> must be escaped, i.e. specified as <literal>\;</literal></para>
|
||||
<para>An argument solely consisting of <literal>;</literal> must be escaped, i.e. specified as <literal>\;</literal>.</para>
|
||||
|
||||
<para>Basic environment variable substitution is supported. Use
|
||||
<literal>${FOO}</literal> as part of a word, or as a word of its
|
||||
|
|
|
@ -120,9 +120,8 @@
|
|||
<para>The timezone defaults to the current timezone if not specified explicitly.
|
||||
It may be given after a space, like above, in which case it can be:
|
||||
<literal>UTC</literal>,
|
||||
an entry in the installed IANA timezone database (<literal>CET</literal>, <literal>Asia/Tokyo</literal>, &c.;
|
||||
complete list obtainable with <literal>timedatectl
|
||||
list-timezones</literal> (see
|
||||
an entry in the installed IANA timezone database (e.g. <literal>CET</literal>, <literal>Asia/Tokyo</literal>,
|
||||
where the complete list can be obtained with <command>timedatectl list-timezones</command> (see
|
||||
<citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>)),
|
||||
or <literal>±<replaceable>05</replaceable></literal>,
|
||||
<literal>±<replaceable>05</replaceable><replaceable>30</replaceable></literal>,
|
||||
|
|
|
@ -1238,9 +1238,9 @@
|
|||
</itemizedlist>
|
||||
|
||||
<para>Signals sent to PID 1 before this message is sent might not be handled correctly yet. A consumer
|
||||
of these messages should parse the value as an unsigned integer indication the level of support. For
|
||||
now only the mentioned level 2 is defined, but later on additional levels might be defined with higher
|
||||
integers, that will implement a superset of the currently defined behaviour.</para>
|
||||
of these messages should parse the value as an unsigned integer that indicates the level of support.
|
||||
For now only the mentioned level 2 is defined, but later on additional levels might be defined with
|
||||
higher integers, that will implement a superset of the currently defined behaviour.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||
|
||||
|
@ -1389,8 +1389,8 @@
|
|||
<term><option>--crash-action=</option></term>
|
||||
|
||||
<listitem><para>Specify what to do when the system manager (PID 1) crashes. This switch has no
|
||||
effect when systemd is running as user instance. See <varname>systemd.crash_action=</varname>
|
||||
above.</para>
|
||||
effect when <command>systemd</command> is running as user instance. See
|
||||
<varname>systemd.crash_action=</varname> above.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -220,7 +220,8 @@
|
|||
<para>For the <command>inspect</command> verb, the second syntax is used.
|
||||
The section <replaceable>NAME</replaceable> will be inspected (if found).
|
||||
If the second argument is <literal>text</literal>, the contents will be printed.
|
||||
If the third argument is given, the contents will be saved to file <replaceable>PATH</replaceable>.
|
||||
If the third argument is given, the contents will be saved to the file named
|
||||
<replaceable>PATH</replaceable>.
|
||||
</para>
|
||||
|
||||
<para>Note that the name is used as-is, and if the section name should start with a dot, it must be
|
||||
|
|
|
@ -52,7 +52,7 @@
|
|||
<para>User processes may be started by the <filename>user@.service</filename> instance, in which
|
||||
case they will be part of that unit in the system hierarchy. They may also be started elsewhere,
|
||||
for example by
|
||||
<citerefentry project='die-net'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a
|
||||
<citerefentry project='man-pages'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a
|
||||
display manager like <command>gdm</command>, in which case they form a .scope unit (see
|
||||
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
|
||||
Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are
|
||||
|
@ -145,7 +145,7 @@ Control group /:
|
|||
…</programlisting>
|
||||
<para>User with UID 1000 is logged in using <command>gdm</command> (<filename
|
||||
index="false">session-4.scope</filename>) and
|
||||
<citerefentry project='die-net'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
<citerefentry project='man-pages'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
(<filename index="false">session-19.scope</filename>), and also has a user manager instance
|
||||
running (<filename index="false">user@1000.service</filename>). User with UID 1001 is logged
|
||||
in using <command>ssh</command> (<filename index="false">session-20.scope</filename>) and
|
||||
|
|
|
@ -416,7 +416,7 @@
|
|||
<para>The <command>userdbctl</command> tool may be used to make the list of SSH authorized keys possibly
|
||||
contained in a user record available to the SSH daemon for authentication. For that configure the
|
||||
following in <citerefentry
|
||||
project='die-net'><refentrytitle>sshd_config</refentrytitle><manvolnum>5</manvolnum></citerefentry>:</para>
|
||||
project='man-pages'><refentrytitle>sshd_config</refentrytitle><manvolnum>5</manvolnum></citerefentry>:</para>
|
||||
|
||||
<programlisting>…
|
||||
AuthorizedKeysCommand /usr/bin/userdbctl ssh-authorized-keys %u
|
||||
|
|
|
@ -1320,9 +1320,6 @@ int server_flush_to_var(Server *s, bool require_flag_file) {
|
|||
if (!IN_SET(s->storage, STORAGE_AUTO, STORAGE_PERSISTENT))
|
||||
return 0;
|
||||
|
||||
if (s->namespace) /* Flushing concept does not exist for namespace instances */
|
||||
return 0;
|
||||
|
||||
if (!s->runtime_journal) /* Nothing to flush? */
|
||||
return 0;
|
||||
|
||||
|
|
|
@ -52,14 +52,14 @@ directory (`OutputDirectory=`) to point to the other directory using `mkosi.loca
|
|||
After the image has been built, the integration tests can be run with:
|
||||
|
||||
```shell
|
||||
$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild --suite integration-tests --num-processes "$(($(nproc) / 4))"
|
||||
$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild --suite integration-tests --num-processes "$(($(nproc) / 4))"
|
||||
```
|
||||
|
||||
As usual, specific tests can be run in meson by appending the name of the test
|
||||
which is usually the name of the directory e.g.
|
||||
|
||||
```shell
|
||||
$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC
|
||||
$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC
|
||||
```
|
||||
|
||||
See `meson introspect build --tests` for a list of tests.
|
||||
|
@ -69,7 +69,7 @@ To interactively debug a failing integration test, the `--interactive` option
|
|||
newer:
|
||||
|
||||
```shell
|
||||
$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -i TEST-01-BASIC
|
||||
$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -i TEST-01-BASIC
|
||||
```
|
||||
|
||||
Due to limitations in meson, the integration tests do not yet depend on the
|
||||
|
@ -78,7 +78,7 @@ running the integration tests. To rebuild the image and rerun a test, the
|
|||
following command can be used:
|
||||
|
||||
```shell
|
||||
$ meson compile -C build mkosi && SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC
|
||||
$ meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC
|
||||
```
|
||||
|
||||
The integration tests use the same mkosi configuration that's used when you run
|
||||
|
@ -92,7 +92,7 @@ To iterate on an integration test, let's first get a shell in the integration te
|
|||
the following:
|
||||
|
||||
```shell
|
||||
$ meson compile -C build mkosi && SYSTEMD_INTEGRATION_TESTS=1 TEST_SHELL=1 meson test -C build --no-rebuild -i TEST-01-BASIC
|
||||
$ meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 TEST_SHELL=1 meson test -C build --no-rebuild -i TEST-01-BASIC
|
||||
```
|
||||
|
||||
This will get us a shell in the integration test environment after booting the machine without running the
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
../TEST-01-BASIC/Makefile
|
|
@ -0,0 +1,10 @@
|
|||
#!/usr/bin/env bash
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
set -e
|
||||
|
||||
TEST_DESCRIPTION="test flushing log namespaces"
|
||||
|
||||
# shellcheck source=test/test-functions
|
||||
. "${TEST_BASE_DIR:?}/test-functions"
|
||||
|
||||
do_test "$@"
|
|
@ -0,0 +1,13 @@
|
|||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
[Unit]
|
||||
Description=TESTSUITE-77-FLUSH-LOG-NAMESPACES
|
||||
Before=getty-pre.target
|
||||
Wants=getty-pre.target
|
||||
Wants=systemd-journald@foobar.socket systemd-journald-varlink@foobar.socket
|
||||
After=systemd-journald@foobar.socket systemd-journald-varlink@foobar.socket
|
||||
|
||||
[Service]
|
||||
ExecStartPre=rm -f /failed /testok
|
||||
ExecStart=/usr/lib/systemd/tests/testdata/units/%N.sh
|
||||
Type=oneshot
|
||||
LogTarget=foobar
|
|
@ -0,0 +1,56 @@
|
|||
#!/usr/bin/env bash
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
set -eux
|
||||
|
||||
# first test is to make sure that /var/log/journal is not created
|
||||
# by starting a new journal namespace if the journald config has
|
||||
# Storage=auto
|
||||
cat << EOF > /etc/systemd/journald@foobar.conf
|
||||
[Journal]
|
||||
Storage=auto
|
||||
EOF
|
||||
|
||||
# for the above to work, we need to use a service drop-in to override
|
||||
# the default LogsDirectory, otherwise Storage=auto will not work.
|
||||
mkdir -p /etc/systemd/system/systemd-journald@foobar.service.d
|
||||
cat << EOF > /etc/systemd/system/systemd-journald@foobar.service.d/00-test.conf
|
||||
[Service]
|
||||
LogsDirectory=
|
||||
EOF
|
||||
|
||||
# reload systemd to detect the new drop-in
|
||||
systemctl daemon-reload
|
||||
|
||||
# ensure /var/log/journal does not exist
|
||||
rm -rf /var/log/journal
|
||||
|
||||
systemd-run --wait -p LogNamespace=foobar echo "hello world"
|
||||
if [[ -d /var/log/journal ]]; then
|
||||
echo "/var/log/journal was created with Storage=auto" >/failed
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# now the runtime journal should exist, and when we create the
|
||||
# persistent journal path /var/log/journal, the runtime journal
|
||||
# should be flushed and moved out of /run
|
||||
# expect /var/log/journal/%m.foobar
|
||||
mkdir -p /var/log/journal
|
||||
MACHINE_ID=$(cat /etc/machine-id)
|
||||
|
||||
# allow a few seconds for the flush to occur due to machine speeds
|
||||
WAS_FLUSHED=false
|
||||
# shellcheck disable=SC2034,SC2015
|
||||
for i in {1..5}; do [ -d "/var/log/journal/$MACHINE_ID.foobar" ] && WAS_FLUSHED=true && break || sleep 1; done
|
||||
if ! $WAS_FLUSHED; then
|
||||
echo "/var/log/journal/$MACHINE_ID.foobar did not get created" >/failed
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# after the flush of the runtime journal it should have been cleaned up
|
||||
if [[ -d "/run/log/journal/$MACHINE_ID.foobar" ]]; then
|
||||
echo "/run/log/journal/$MACHINE_ID.foobar was not flushed" >/failed
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo OK >/testok
|
||||
exit 0
|
Loading…
Reference in New Issue