mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
man: document the new concepts
This commit is contained in:
parent
00431b2b66
commit
e8fd555471
@ -449,6 +449,7 @@
|
||||
<xi:include href="user-system-options.xml" xpointer="system" />
|
||||
<xi:include href="user-system-options.xml" xpointer="host" />
|
||||
<xi:include href="user-system-options.xml" xpointer="machine" />
|
||||
<xi:include href="user-system-options.xml" xpointer="capsule" />
|
||||
|
||||
<varlistentry>
|
||||
<term><option>-l</option></term>
|
||||
|
118
man/capsule@.service.xml
Normal file
118
man/capsule@.service.xml
Normal file
@ -0,0 +1,118 @@
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||||
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
|
||||
|
||||
<refentry id="capsule_.service">
|
||||
<refentryinfo>
|
||||
<title>capsule@.service</title>
|
||||
<productname>systemd</productname>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>capsule@.service</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>capsule@.service</refname>
|
||||
<refpurpose>System unit for the capsule service manager</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<para><filename>capsule@<replaceable>NAME</replaceable>.service</filename></para>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
|
||||
<para>Service managers for capsules run in
|
||||
<filename>capsule@<replaceable>NAME</replaceable>.service</filename> system units, with the capsule name as the
|
||||
instance identifier. Capsules are way to run additional instances of the service manager, under dynamic
|
||||
user IDs, i.e. UIDs that are allocated when the capsule service manager is started, and released when it
|
||||
is stopped.</para>
|
||||
|
||||
<para>In many ways <filename>capsule@.service</filename> is similar to the per-user
|
||||
<filename>user@.service</filename> service manager, but there are a few important distinctions:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>The capsule service manager utilizes <varname>DynamicUser=</varname> (see
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>) to
|
||||
allocate a new UID dynamically on invocation. The user name is automatically generated from the capsule
|
||||
name, by prefixng <literal>p_</literal>. The UID is released when the service is terminated. The user
|
||||
service manager on the other hand operates under a statically allocated user ID that must be
|
||||
pre-existing, before the user service manager is invoked.</para></listitem>
|
||||
|
||||
<listitem><para>User service managers register themselves with <citerefentry
|
||||
project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, capsule
|
||||
service managers do not.</para></listitem>
|
||||
|
||||
<listitem><para>User service managers typically read their configuration from a
|
||||
<varname>$HOME</varname> directory below <filename>/home/</filename>, capsule service managers from a
|
||||
<varname>$HOME</varname> directory below <filename>/var/lib/capsules/</filename>.</para></listitem>
|
||||
|
||||
<listitem><para>User service managers are collectively contained in the <filename>user.slice</filename>
|
||||
unit, capsule service managers in <filename>capsule.slice</filename>. Also see
|
||||
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para></listitem>
|
||||
|
||||
<listitem><para>User service managers start the user unit <filename>default.target</filename>
|
||||
initially. Capsule service managers invoke the user unit <filename>capsule@.target</filename>
|
||||
instead.</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>The capsule service manager and the capsule's bus broker can be reached via the
|
||||
<option>--capsule=</option> switch to
|
||||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry> and
|
||||
<citerefentry><refentrytitle>busctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
|
||||
|
||||
<para>New capsules can be started via a simple <command>systemctl start
|
||||
capsule@<replaceable>NAME</replaceable>.service</command> command, and stopped via <command>systemctl
|
||||
stop capsule@<replaceable>NAME</replaceable>.service</command>. Starting a capsule will implicitly create
|
||||
a home directory <filename>/var/lib/capsules/<replaceable>NAME</replaceable>/</filename>, if missing. A
|
||||
runtime directory is created as <filename>/run/capsules/<replaceable>NAME</replaceable>/</filename>. To
|
||||
remove these resources use <command>systemctl clean capsule@<replaceable>NAME</replaceable>.service</command>,
|
||||
for example with the <option>--what=all</option> switch.</para>
|
||||
|
||||
<para>The <filename>capsule@.service</filename> unit invokes a <command>systemd --user</command>
|
||||
service manager process. This means unit files are looked for according to the sames rules as for regular user
|
||||
service managers, for example in
|
||||
<filename>/var/lib/capsules/<replaceable>NAME</replaceable>/.config/systemd/user/</filename>.</para>
|
||||
|
||||
<para>Capsule names may be chosen freely by the user, however, they must be suitable as UNIX filenames
|
||||
(i.e. 255 characters max, and contain no <literal>/</literal>), and when prefixed with
|
||||
<literal>p-</literal> be suitable as a user name matching strict POSIX rules, see <ulink
|
||||
url="https://systemd.io/USER_NAMES">User/Group Name Syntax</ulink> for details.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Examples</title>
|
||||
<example>
|
||||
<title>Create a new capsule, invoke two programs in it (one interactively), terminate it, and clean everything up</title>
|
||||
|
||||
<programlisting># systemctl start capsule@tatze.service
|
||||
# systemd-run --capsule=tatze --unit=sleeptest.service sleep 999
|
||||
# systemctl --capsule=tatze status sleeptest.service
|
||||
# systemd-run -t --capsule=tatze bash
|
||||
# systemctl --capsule=tatze stop sleeptest.service
|
||||
# systemctl stop capsule@tatze.service
|
||||
# systemctl clean --all capsule@tatze.service</programlisting>
|
||||
</example>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>See Also</title>
|
||||
<para>
|
||||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>busctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
</refentry>
|
@ -8,6 +8,7 @@ manpages = [
|
||||
['bootctl', '1', [], ''],
|
||||
['bootup', '7', [], ''],
|
||||
['busctl', '1', [], ''],
|
||||
['capsule@.service', '5', [], ''],
|
||||
['coredump.conf', '5', ['coredump.conf.d'], 'ENABLE_COREDUMP'],
|
||||
['coredumpctl', '1', [], 'ENABLE_COREDUMP'],
|
||||
['crypttab', '5', [], 'HAVE_LIBCRYPTSETUP'],
|
||||
|
@ -2813,6 +2813,7 @@ EOF
|
||||
|
||||
<xi:include href="user-system-options.xml" xpointer="host" />
|
||||
<xi:include href="user-system-options.xml" xpointer="machine" />
|
||||
<xi:include href="user-system-options.xml" xpointer="capsule" />
|
||||
|
||||
<xi:include href="standard-options.xml" xpointer="no-pager" />
|
||||
<xi:include href="standard-options.xml" xpointer="legend" />
|
||||
|
@ -517,6 +517,7 @@
|
||||
<xi:include href="user-system-options.xml" xpointer="system" />
|
||||
<xi:include href="user-system-options.xml" xpointer="host" />
|
||||
<xi:include href="user-system-options.xml" xpointer="machine" />
|
||||
<xi:include href="user-system-options.xml" xpointer="capsule" />
|
||||
|
||||
<xi:include href="standard-options.xml" xpointer="help" />
|
||||
<xi:include href="standard-options.xml" xpointer="version" />
|
||||
|
@ -96,9 +96,10 @@
|
||||
<filename>umount.target</filename>,
|
||||
<filename>usb-gadget.target</filename>,
|
||||
<!-- slices --><filename>-.slice</filename>,
|
||||
<filename>capsule.slice</filename>,
|
||||
<filename>machine.slice</filename>,
|
||||
<filename>system.slice</filename>,
|
||||
<filename>user.slice</filename>,
|
||||
<filename>machine.slice</filename>,
|
||||
<!-- the rest --><filename>-.mount</filename>,
|
||||
<filename>dbus.service</filename>,
|
||||
<filename>dbus.socket</filename>,
|
||||
@ -1291,18 +1292,39 @@
|
||||
<varlistentry>
|
||||
<term><filename>-.slice</filename></term>
|
||||
<listitem>
|
||||
<para>The root slice is the root of the slice hierarchy. It usually does not contain
|
||||
units directly, but may be used to set defaults for the whole tree.</para>
|
||||
<para>The root slice is the root of the slice hierarchy. It usually does not contain units
|
||||
directly, but may be used to set defaults for the whole tree.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v206"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>machine.slice</filename></term>
|
||||
<listitem>
|
||||
<para>By default, all virtual machines and containers registered with
|
||||
<command>systemd-machined</command> are found in this slice. This is pulled in by
|
||||
<filename>systemd-machined.service</filename>.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v206"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>capsule.slice</filename></term>
|
||||
<listitem>
|
||||
<para>By default, all capsules encapsulated in <filename>capsule@.service</filename> are found in
|
||||
this slice.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v255"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>system.slice</filename></term>
|
||||
<listitem>
|
||||
<para>By default, all system services started by
|
||||
<command>systemd</command> are found in this slice.</para>
|
||||
<para>By default, all system services started by <command>systemd</command> are found in this
|
||||
slice.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v206"/>
|
||||
</listitem>
|
||||
@ -1320,17 +1342,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>machine.slice</filename></term>
|
||||
<listitem>
|
||||
<para>By default, all virtual machines and containers
|
||||
registered with <command>systemd-machined</command> are
|
||||
found in this slice. This is pulled in by
|
||||
<filename>systemd-machined.service</filename>.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v206"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect2>
|
||||
</refsect1>
|
||||
@ -1348,16 +1359,31 @@
|
||||
<varlistentry>
|
||||
<term><filename>default.target</filename></term>
|
||||
<listitem>
|
||||
<para>This is the main target of the user session, started by default. Various services that
|
||||
compose the normal user session should be pulled into this target. In this regard,
|
||||
<filename>default.target</filename> is similar to <filename>multi-user.target</filename> in the
|
||||
system instance, but it is a real unit, not an alias.</para>
|
||||
<para>This is the main target of the user service manager, started by default when the service
|
||||
manager is invoked. Various services that compose the normal user session should be pulled into
|
||||
this target. In this regard, <filename>default.target</filename> is similar to
|
||||
<filename>multi-user.target</filename> in the system instance, but it is a real unit, not an
|
||||
alias.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v242"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><filename>capsule@.target</filename></term>
|
||||
<listitem>
|
||||
<para>This is the main target of capsule service managers, started by default, instantiated with
|
||||
the capsule name. This may be used to define different sets of units that are started for
|
||||
different capsules via generic unit definitions. For details about capsules see
|
||||
<citerefentry><refentrytitle>capsule@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v255"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para>In addition, the following units are available which have definitions similar to their
|
||||
system counterparts:
|
||||
<filename>exit.target</filename>,
|
||||
|
@ -55,4 +55,15 @@
|
||||
implied.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry id='capsule'>
|
||||
<term><option>-C</option></term>
|
||||
<term><option>--capsule=</option></term>
|
||||
|
||||
<listitem id='capsule-text'>
|
||||
<para>Execute operation on a capsule. Specify a capsule name to connect to. See
|
||||
<citerefentry><refentrytitle>capsule@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
|
||||
details about capsules.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -188,6 +188,7 @@ TasksMax=33%</programlisting>
|
||||
<member><citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>capsule@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||
<member><citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||
</simplelist></para>
|
||||
</refsect1>
|
||||
|
Loading…
Reference in New Issue
Block a user