systemd/man/systemd-mountfsd.service.xml

<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->

<refentry id="systemd-mountfsd.service" conditional='ENABLE_MOUNTFSD'>

  <refentryinfo>
    <title>systemd-mountfsd.service</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-mountfsd.service</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-mountfsd.service</refname>
    <refname>systemd-mountfsd</refname>
    <refpurpose>Disk Image File System Mount Service</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>systemd-mountfsd.service</filename></para>
    <para><filename>/usr/lib/systemd/systemd-mountfsd</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>systemd-mountfsd</command> is a system service that dissects disk images, and returns mount
    file descriptors for the file systems contained therein to clients, via a Varlink IPC API.</para>

    <para>The disk images provided must contain a raw file system image or must follow the <ulink
    url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification/">Discoverable
    Partitions Specification</ulink>. Before mounting any file systems authenticity of the disk image is
    established in one or a combination of the following ways:</para>

    <orderedlist>
      <listitem><para>If the disk image is located in a regular file in one of the directories
      <filename>/var/lib/machines/</filename>, <filename>/var/lib/portables/</filename>,
      <filename>/var/lib/extensions/</filename>, <filename>/var/lib/confexts/</filename> or their
      counterparts in the <filename>/etc/</filename>, <filename>/run/</filename>,
      <filename>/usr/lib/</filename> it is assumed to be trusted.</para></listitem>

      <listitem><para>If the disk image contains a Verity enabled disk image, along with a signature
      partition with a key in the kernel keyring or in <filename>/etc/verity.d/</filename> (and related
      directories) the disk image is considered trusted.</para></listitem>
    </orderedlist>

    <para>This service provides one <ulink url="https://varlink.org/">Varlink</ulink> service:
    <constant>io.systemd.MountFileSystem</constant> which accepts a file descriptor to a regular file or
    block device, and returns a number of file descriptors referring to an <function>fsmount()</function>
    file descriptor the client may then attach to a path of their choice.</para>

    <para>The returned mounts are automatically allowlisted in the per-user-namespace allowlist maintained by
    <citerefentry><refentrytitle>systemd-nsresourced.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>

    <para>The file systems are automatically
    <citerefentry project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>'ed
    before mounting.</para>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para><simplelist type="inline">
      <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>systemd-nsresourced.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
    </simplelist></para>
  </refsect1>
</refentry>
mountfsd: add new systemd-mountfsd component 2023-03-09 14:27:29 +03:00			`<?xml version='1.0'?> <!---nxml--->`
			`<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"`
			`"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">`
			`<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->`

			`<refentry id="systemd-mountfsd.service" conditional='ENABLE_MOUNTFSD'>`

			`<refentryinfo>`
			`<title>systemd-mountfsd.service</title>`
			`<productname>systemd</productname>`
			`</refentryinfo>`

			`<refmeta>`
			`<refentrytitle>systemd-mountfsd.service</refentrytitle>`
			`<manvolnum>8</manvolnum>`
			`</refmeta>`

			`<refnamediv>`
			`<refname>systemd-mountfsd.service</refname>`
			`<refname>systemd-mountfsd</refname>`
			`<refpurpose>Disk Image File System Mount Service</refpurpose>`
			`</refnamediv>`

			`<refsynopsisdiv>`
			`<para><filename>systemd-mountfsd.service</filename></para>`
			`<para><filename>/usr/lib/systemd/systemd-mountfsd</filename></para>`
			`</refsynopsisdiv>`

			`<refsect1>`
			`<title>Description</title>`

			`<para><command>systemd-mountfsd</command> is a system service that dissects disk images, and returns mount`
			`file descriptors for the file systems contained therein to clients, via a Varlink IPC API.</para>`

			`<para>The disk images provided must contain a raw file system image or must follow the <ulink`
			`url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification/">Discoverable`
			`Partitions Specification</ulink>. Before mounting any file systems authenticity of the disk image is`
			`established in one or a combination of the following ways:</para>`

			`<orderedlist>`
			`<listitem><para>If the disk image is located in a regular file in one of the directories`
			`<filename>/var/lib/machines/</filename>, <filename>/var/lib/portables/</filename>,`
			`<filename>/var/lib/extensions/</filename>, <filename>/var/lib/confexts/</filename> or their`
			`counterparts in the <filename>/etc/</filename>, <filename>/run/</filename>,`
			`<filename>/usr/lib/</filename> it is assumed to be trusted.</para></listitem>`

			`<listitem><para>If the disk image contains a Verity enabled disk image, along with a signature`
			`partition with a key in the kernel keyring or in <filename>/etc/verity.d/</filename> (and related`
			`directories) the disk image is considered trusted.</para></listitem>`
			`</orderedlist>`

			`<para>This service provides one <ulink url="https://varlink.org/">Varlink</ulink> service:`
			`<constant>io.systemd.MountFileSystem</constant> which accepts a file descriptor to a regular file or`
			`block device, and returns a number of file descriptors referring to an <function>fsmount()</function>`
			`file descriptor the client may then attach to a path of their choice.</para>`

			`<para>The returned mounts are automatically allowlisted in the per-user-namespace allowlist maintained by`
			`<citerefentry><refentrytitle>systemd-nsresourced.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>`

man: asorted fixes Closes #35307. (Changes to files with conflicts were dropped.) (cherry picked from commit 4ebbb5bfe88ac3d793c395472648660c33251546) 2024-11-23 16:07:56 +03:00			`<para>The file systems are automatically`
			`<citerefentry project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>'ed`
			`before mounting.</para>`
mountfsd: add new systemd-mountfsd component 2023-03-09 14:27:29 +03:00			`</refsect1>`

			`<refsect1>`
			`<title>See Also</title>`
man: convert multiple left-over "See Also" sections to <simplelist> These were forgotten during the initial conversion, probably because most of them consisted only of a single entry. Fix that. (cherry picked from commit df8f9b88bd41320653fe1c51ea515a2d03a349df) 2024-11-05 16:47:32 +03:00			`<para><simplelist type="inline">`
			`<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>`
			`<member><citerefentry><refentrytitle>systemd-nsresourced.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>`
			`</simplelist></para>`
mountfsd: add new systemd-mountfsd component 2023-03-09 14:27:29 +03:00			`</refsect1>`
			`</refentry>`