mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
tree-wide: fixes for assorted grammar and spelling issues
Fixes #16363. Also includes some changes where I generalized the pattern.
This commit is contained in:
parent
3da49ad55a
commit
e9dd698407
@ -52,8 +52,8 @@
|
||||
matching specified characteristics. If no command is
|
||||
specified, this is the implied default.</para>
|
||||
|
||||
<para>The output is designed to be human readable and contains list contains
|
||||
a table with the following columns:</para>
|
||||
<para>The output is designed to be human readable and contains a table with the following
|
||||
columns:</para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>TIME</term>
|
||||
|
@ -255,6 +255,7 @@
|
||||
|
||||
<listitem><para>Perform encryption using the same cpu that IO was submitted on. The default is to use
|
||||
an unbound workqueue so that encryption work is automatically balanced between available CPUs.</para>
|
||||
|
||||
<para>This requires kernel 4.0 or newer.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -263,9 +264,10 @@
|
||||
<term><option>submit-from-crypt-cpus</option></term>
|
||||
|
||||
<listitem><para>Disable offloading writes to a separate thread after encryption. There are some
|
||||
situations where offloading write bios from the encryption threads to a single thread degrades
|
||||
performance significantly. The default is to offload write bios to the same thread because it benefits
|
||||
CFQ to have writes submitted using the same context.</para>
|
||||
situations where offloading write requests from the encryption threads to a dedicated thread degrades
|
||||
performance significantly. The default is to offload write requests to a dedicated thread because it
|
||||
benefits the CFQ scheduler to have writes submitted using the same context.</para>
|
||||
|
||||
<para>This requires kernel 4.0 or newer.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -512,7 +514,8 @@ external /dev/sda3 keyfile:LABEL=keydev keyfile-timeout=10s</programlist
|
||||
|
||||
<para>The PKCS#11 logic allows hooking up any compatible security token that is capable of storing RSA
|
||||
decryption keys. Here's an example how to set up a Yubikey security token for this purpose, using
|
||||
<command>ykman</command> from the yubikey-manager project:</para>
|
||||
<citerefentry project='debian'><refentrytitle>ykmap</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
from the yubikey-manager project:</para>
|
||||
|
||||
<programlisting><xi:include href="yubikey-crypttab.sh" parse="text" /></programlisting>
|
||||
|
||||
|
@ -648,7 +648,7 @@
|
||||
<filename>/usr/share/</filename> hierarchy to the locations
|
||||
defined by the various relevant specifications.</para>
|
||||
|
||||
<para>During runtime, and for local configuration and state,
|
||||
<para>During runtime, and for local configuration and runtime state,
|
||||
additional directories are defined:</para>
|
||||
|
||||
<table>
|
||||
|
@ -119,9 +119,9 @@
|
||||
<term><option>--identity=</option><replaceable>FILE</replaceable></term>
|
||||
|
||||
<listitem><para>Read the user's JSON record from the specified file. If passed as
|
||||
<literal>-</literal> reads the user record from standard input. The supplied JSON object must follow
|
||||
the structure documented on <ulink url="https://systemd.io/USER_RECORDS">JSON User
|
||||
Records</ulink>. This option may be used in conjunction with the <command>create</command> and
|
||||
<literal>-</literal> read the user record from standard input. The supplied JSON object must follow
|
||||
the structure documented on <ulink url="https://systemd.io/USER_RECORD">JSON User Records</ulink>.
|
||||
This option may be used in conjunction with the <command>create</command> and
|
||||
<command>update</command> commands (see below), where it allows configuring the user record in JSON
|
||||
as-is, instead of setting the individual user record properties (see below).</para></listitem>
|
||||
</varlistentry>
|
||||
@ -247,10 +247,9 @@
|
||||
different system and the configured UID is taken by another user there, then
|
||||
<command>systemd-homed</command> may assign the user a different UID on that system. The specified
|
||||
UID must be outside of the system user range. It is recommended to use the 60001…60513 UID range for
|
||||
this purpose. If not specified the UID is automatically picked. When logging in and the home
|
||||
directory is found to be owned by a UID not matching the user's assigned one the home directory and
|
||||
all files and directories inside it will have their ownership changed automatically before login
|
||||
completes.</para>
|
||||
this purpose. If not specified, the UID is automatically picked. If the home directory is found to be
|
||||
owned by a different UID when logging in, the home directory and everything underneath it will have
|
||||
its ownership changed automatically before login completes.</para>
|
||||
|
||||
<para>Note that users managed by <command>systemd-homed</command> always have a matching group
|
||||
associated with the same name as well as a GID matching the UID of the user. Thus, configuring the
|
||||
@ -266,19 +265,19 @@
|
||||
privileges. Note that <command>systemd-homed</command> does not manage any groups besides a group
|
||||
matching the user in name and numeric UID/GID. Thus any groups listed here must be registered
|
||||
independently, for example with <citerefentry
|
||||
project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. If
|
||||
non-existent groups that are listed there are ignored. This option may be used more than once, in
|
||||
which case all specified group lists are combined. If the user is currently a member of a group
|
||||
which is not listed, the user will be removed from the group.</para></listitem>
|
||||
project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
||||
Any non-existent groups are ignored. This option may be used more than once, in which case all
|
||||
specified group lists are combined. If the user is currently a member of a group which is not listed,
|
||||
the user will be removed from the group.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--skel=</option><replaceable>PATH</replaceable></term>
|
||||
|
||||
<listitem><para>Takes a file system path to a directory. Specifies the skeleton directory to
|
||||
initialize the home directory with. All files and directories in the specified are copied into any
|
||||
newly create home directory. If not specified defaults to
|
||||
<filename>/etc/skel/</filename>.</para></listitem>
|
||||
initialize the home directory with. All files and directories in the specified path are copied into
|
||||
any newly create home directory. If not specified defaults to <filename>/etc/skel/</filename>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -313,7 +312,7 @@
|
||||
<listitem><para>Takes a specifier indicating the preferred language of the user. The
|
||||
<varname>$LANG</varname> environment variable is initialized from this value on login, and thus a
|
||||
value suitable for this environment variable is accepted here, for example
|
||||
<option>--language=de_DE.UTF8</option></para></listitem>
|
||||
<option>--language=de_DE.UTF8</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -331,8 +330,8 @@
|
||||
security token with exactly one pair of X.509 certificate and private key. A random secret key is
|
||||
then generated, encrypted with the public key of the X.509 certificate, and stored as part of the
|
||||
user record. At login time it is decrypted with the PKCS#11 module and then used to unlock the
|
||||
account and associated resources. See below for an example how to set up authentication with security
|
||||
token.</para>
|
||||
account and associated resources. See below for an example how to set up authentication with a
|
||||
security token.</para>
|
||||
|
||||
<para>Instead of a valid PKCS#11 URI, the special strings <literal>list</literal> and
|
||||
<literal>auto</literal> may be specified. If <literal>list</literal> is passed, a brief table of
|
||||
@ -439,19 +438,19 @@
|
||||
<listitem><para>Each of these options takes a time span specification as argument (in the syntax
|
||||
documented in
|
||||
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and
|
||||
configure various aspects of the user's password expiration policy. Specifically,
|
||||
configures various aspects of the user's password expiration policy. Specifically,
|
||||
<option>--password-change-min=</option> configures how much time has to pass after changing the
|
||||
password of the user until the password may be changed again. If the user tries to change their
|
||||
password before this time passes the attempt is refused. <option>--password-change-max=</option>
|
||||
configures how much time has to pass after the password is changed until the password expires and
|
||||
needs to be changed again. After this time passes any attempts to log in may only proceed after the
|
||||
password is changed. <option>--password-change-warn=</option> specifies how much earlier than then
|
||||
the time configured with <option>--password-change-max=</option> the user is warned at login to
|
||||
change their password as it will expire soon. Finally <option>--password-change-inactive=</option>
|
||||
configures the time which has to pass after the password as expired until the user is not permitted
|
||||
to log in or change the password anymore. Note that these options only apply to password
|
||||
authentication, and do not apply to other forms of authentication, for example PKCS#11-based security
|
||||
token authentication.</para></listitem>
|
||||
configures how soon after it has been changed the password expires and needs to be changed again.
|
||||
After this time passes logging in may only proceed after the password is changed.
|
||||
<option>--password-change-warn=</option> specifies how much earlier than then the time configured
|
||||
with <option>--password-change-max=</option> the user is warned at login to change their password as
|
||||
it will expire soon. Finally <option>--password-change-inactive=</option> configures the time which
|
||||
has to pass after the password as expired until the user is not permitted to log in or change the
|
||||
password anymore. Note that these options only apply to password authentication, and do not apply to
|
||||
other forms of authentication, for example PKCS#11-based security token
|
||||
authentication.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -695,8 +694,8 @@
|
||||
<para>Activation of a home directory involves various operations that depend on the selected storage
|
||||
mechanism. If the LUKS2 mechanism is used, this generally involves: inquiring the user for a
|
||||
password, setting up a loopback device, validating and activating the LUKS2 volume, checking the file
|
||||
system, mounting the file system, and potentiatlly changing the ownership of all included files to
|
||||
the correct UID/GID.</para></listitem>
|
||||
system, mounting the file system, and potentially changing the ownership of all included files to the
|
||||
correct UID/GID.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -555,7 +555,7 @@
|
||||
is also added for <literal>_SYSTEMD_SLICE=<replaceable>UNIT</replaceable></literal>,
|
||||
such that if the provided <replaceable>UNIT</replaceable> is a
|
||||
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
unit, all logs of the children of the slice will be logged.
|
||||
unit, all logs of children of the slice will be shown.
|
||||
</para>
|
||||
|
||||
<para>This parameter can be specified multiple times.</para>
|
||||
@ -574,7 +574,7 @@
|
||||
is also added for <literal>_SYSTEMD_USER_SLICE=<replaceable>UNIT</replaceable></literal>,
|
||||
such that if the provided <replaceable>UNIT</replaceable> is a
|
||||
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
unit, all logs of the children of the unit will be logged.</para>
|
||||
unit, all logs of children of the unit will be shown.</para>
|
||||
|
||||
<para>This parameter can be specified multiple times.</para>
|
||||
</listitem>
|
||||
@ -761,8 +761,8 @@
|
||||
underneath the specified directory instead of the root
|
||||
directory (e.g. <option>--update-catalog</option> will create
|
||||
<filename><replaceable>ROOT</replaceable>/var/lib/systemd/catalog/database</filename>,
|
||||
and journal files under <filename><replaceable>ROOT</replaceable>/run/journal</filename>
|
||||
or <filename><replaceable>ROOT</replaceable>/var/log/journal</filename> will be displayed).
|
||||
and journal files under <filename><replaceable>ROOT</replaceable>/run/journal/</filename>
|
||||
or <filename><replaceable>ROOT</replaceable>/var/log/journal/</filename> will be displayed).
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -929,10 +929,10 @@
|
||||
<filename>/run/log/journal/</filename> into <filename>/var/log/journal/</filename>, if persistent
|
||||
storage is enabled. This call does not return until the operation is complete. Note that this call is
|
||||
idempotent: the data is only flushed from <filename>/run/log/journal/</filename> into
|
||||
<filename>/var/log/journal</filename> once during system runtime (but see
|
||||
<filename>/var/log/journal/</filename> once during system runtime (but see
|
||||
<option>--relinquish-var</option> below), and this command exits cleanly without executing any
|
||||
operation if this has already happened. This command effectively guarantees that all data is flushed
|
||||
to <filename>/var/log/journal</filename> at the time it returns.</para></listitem>
|
||||
to <filename>/var/log/journal/</filename> at the time it returns.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -36,7 +36,7 @@
|
||||
<title>Description</title>
|
||||
<para><command>kernel-install</command> is used to install and remove kernel and initramfs images to and
|
||||
from the boot loader partition, referred to as <varname>$BOOT</varname> here. It will usually be one of
|
||||
<filename>/boot</filename>, <filename>/efi</filename>, or <filename>/boot/efi</filename>, see below.
|
||||
<filename>/boot/</filename>, <filename>/efi/</filename>, or <filename>/boot/efi/</filename>, see below.
|
||||
</para>
|
||||
|
||||
<para><command>kernel-install</command> will execute the files
|
||||
@ -137,7 +137,7 @@
|
||||
<para>The partition where the kernels and <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot
|
||||
Loader Specification</ulink> snippets are located is called <varname>$BOOT</varname>.
|
||||
<command>kernel-install</command> determines the location of this partition by checking
|
||||
<filename>/efi/</filename>, <filename>/boot/</filename>, and <filename>/boot/efi</filename>
|
||||
<filename>/efi/</filename>, <filename>/boot/</filename>, and <filename>/boot/efi/</filename>
|
||||
in turn. The first location where <filename>$BOOT/loader/entries/</filename> or
|
||||
<filename>$BOOT/$MACHINE_ID/</filename> exists is used.</para>
|
||||
</refsect1>
|
||||
|
@ -277,7 +277,7 @@
|
||||
<varlistentry>
|
||||
<term><varname>HoldoffTimeoutSec=</varname></term>
|
||||
|
||||
<listitem><para>Specifies the timeout after system startup or
|
||||
<listitem><para>Specifies a period of time after system startup or
|
||||
system resume in which systemd will hold off on reacting to
|
||||
lid events. This is required for the system to properly
|
||||
detect any hotplugged devices so systemd can ignore lid events
|
||||
|
@ -39,7 +39,7 @@
|
||||
|
||||
<para>The machine ID may be set, for example when network booting, with the
|
||||
<varname>systemd.machine_id=</varname> kernel command line parameter or by passing the
|
||||
option <option>--machine-id=</option> to systemd. An ID is specified in this manner
|
||||
option <option>--machine-id=</option> to systemd. An ID specified in this manner
|
||||
has higher priority and will be used instead of the ID stored in
|
||||
<filename>/etc/machine-id</filename>.</para>
|
||||
|
||||
|
@ -320,7 +320,7 @@
|
||||
|
||||
<listitem><para>Copies files or directories from a container
|
||||
into the host system. Takes a container name, followed by the
|
||||
source path in the container the destination path on the host.
|
||||
source path in the container and the destination path on the host.
|
||||
If the destination path is omitted, the same as the source path
|
||||
is used.</para>
|
||||
|
||||
|
@ -18,8 +18,7 @@
|
||||
<refnamediv>
|
||||
<refname>nss-myhostname</refname>
|
||||
<refname>libnss_myhostname.so.2</refname>
|
||||
<refpurpose>Provide hostname resolution for the locally
|
||||
configured system hostname.</refpurpose>
|
||||
<refpurpose>Hostname resolution for the locally configured system hostname</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -18,8 +18,7 @@
|
||||
<refnamediv>
|
||||
<refname>nss-mymachines</refname>
|
||||
<refname>libnss_mymachines.so.2</refname>
|
||||
<refpurpose>Provide hostname resolution for local
|
||||
container instances.</refpurpose>
|
||||
<refpurpose>Hostname resolution for local container instances</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -18,7 +18,7 @@
|
||||
<refnamediv>
|
||||
<refname>nss-resolve</refname>
|
||||
<refname>libnss_resolve.so.2</refname>
|
||||
<refpurpose>Provide hostname resolution via <filename>systemd-resolved.service</filename></refpurpose>
|
||||
<refpurpose>Hostname resolution via <filename>systemd-resolved.service</filename></refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -18,7 +18,7 @@
|
||||
<refnamediv>
|
||||
<refname>nss-systemd</refname>
|
||||
<refname>libnss_systemd.so.2</refname>
|
||||
<refpurpose>Provide UNIX user and group name resolution for user/group lookup via Varlink</refpurpose>
|
||||
<refpurpose>UNIX user and group name resolution for user/group lookup via Varlink</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -153,7 +153,7 @@
|
||||
hence be used to uniquely label files or other resources of this session. Combine this ID with the boot
|
||||
identifier, as returned by
|
||||
<citerefentry><refentrytitle>sd_id128_get_boot</refentrytitle><manvolnum>3</manvolnum></citerefentry>, for a
|
||||
globally unique identifier for the current session.</para></listitem>
|
||||
globally unique identifier.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -118,7 +118,7 @@
|
||||
|
||||
<para>By default all unit files whose names start with a prefix generated from the image's file name are copied
|
||||
out. Specifically, the prefix is determined from the image file name with any suffix such as
|
||||
<filename>.raw</filename> removed, truncated at the first occurrence of and underscore character
|
||||
<filename>.raw</filename> removed, truncated at the first occurrence of an underscore character
|
||||
(<literal>_</literal>), if there is one. The underscore logic is supposed to be used to versioning so that the
|
||||
an image file <filename>foobar_47.11.raw</filename> will result in a unit file matching prefix of
|
||||
<filename>foobar</filename>. This prefix is then compared with all unit files names contained in the image in
|
||||
@ -403,7 +403,7 @@
|
||||
</tgroup>
|
||||
</table>
|
||||
|
||||
<para>For details on this profiles, and their effects please have a look at their precise definitions,
|
||||
<para>For details on these profiles and their effects see their precise definitions,
|
||||
e.g. <filename>/usr/lib/systemd/portable/profile/default/service.conf</filename> and similar.</para>
|
||||
</refsect1>
|
||||
|
||||
|
@ -82,7 +82,7 @@
|
||||
<refsect1>
|
||||
<title>See Also</title>
|
||||
<para>
|
||||
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
@ -19,7 +19,7 @@
|
||||
<refnamediv>
|
||||
<refname>sd_bus_enqueue_for_read</refname>
|
||||
|
||||
<refpurpose>Re-enqueue a bus message on a bus connection, for reading.</refpurpose>
|
||||
<refpurpose>Re-enqueue a bus message on a bus connection, for reading</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -20,7 +20,7 @@
|
||||
<refname>sd_bus_is_open</refname>
|
||||
<refname>sd_bus_is_ready</refname>
|
||||
|
||||
<refpurpose>Check whether the a bus connection is open or ready.</refpurpose>
|
||||
<refpurpose>Check whether the bus connection is open or ready</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -22,7 +22,7 @@
|
||||
<refname>sd_bus_message_new_method_errno</refname>
|
||||
<refname>sd_bus_message_new_method_errnof</refname>
|
||||
|
||||
<refpurpose>Create a an error reply for a method call</refpurpose>
|
||||
<refpurpose>Create an error reply for a method call</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -20,7 +20,7 @@
|
||||
<refname>sd_bus_set_connected_signal</refname>
|
||||
<refname>sd_bus_get_connected_signal</refname>
|
||||
|
||||
<refpurpose>Control emmission of local connection establishment signal on bus connections</refpurpose>
|
||||
<refpurpose>Control emission of local connection establishment signal on bus connections</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -23,7 +23,7 @@
|
||||
<refname>sd_bus_track_get_destroy_callback</refname>
|
||||
<refname>sd_bus_destroy_t</refname>
|
||||
|
||||
<refpurpose>Define the callback function for resource cleanup.</refpurpose>
|
||||
<refpurpose>Define the callback function for resource cleanup</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -19,7 +19,7 @@
|
||||
<refname>sd_bus_slot_set_floating</refname>
|
||||
<refname>sd_bus_slot_get_floating</refname>
|
||||
|
||||
<refpurpose>Control whether a bus slot object is "floating".</refpurpose>
|
||||
<refpurpose>Control whether a bus slot object is "floating"</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -21,7 +21,7 @@
|
||||
<refname>sd_event_source_get_destroy_callback</refname>
|
||||
<refname>sd_event_destroy_t</refname>
|
||||
|
||||
<refpurpose>Define the callback function for resource cleanup.</refpurpose>
|
||||
<refpurpose>Define the callback function for resource cleanup</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -21,7 +21,7 @@
|
||||
<refnamediv>
|
||||
<refname>sd_journal_has_runtime_files</refname>
|
||||
<refname>sd_journal_has_persistent_files</refname>
|
||||
<refpurpose>Query availability of runtime or persistent journal files.</refpurpose>
|
||||
<refpurpose>Query availability of runtime or persistent journal files</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -19,7 +19,7 @@
|
||||
<refname>sd_machine_get_class</refname>
|
||||
<refname>sd_machine_get_ifindices</refname>
|
||||
<refpurpose>Determine the class and network interface indices of a
|
||||
locally running virtual machine or container.</refpurpose>
|
||||
locally running virtual machine or container</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -35,7 +35,7 @@
|
||||
<refname>sd_peer_get_cgroup</refname>
|
||||
<refpurpose>Determine the owner uid of the user unit or session,
|
||||
or the session, user unit, system unit, container/VM or slice that
|
||||
a specific PID or socket peer belongs to.</refpurpose>
|
||||
a specific PID or socket peer belongs to</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -70,11 +70,11 @@ key.pattern.overridden.with.glob = custom
|
||||
followed by <literal>=</literal>, see SYNOPSIS.</para>
|
||||
|
||||
<para>Any access permission errors and attempts to write variables not present on the local system are
|
||||
logged, but do not cause the service to fail. Debug log level is used, which means that the message will
|
||||
not show up at all by default. Moreover, if a variable assignment is prefixed with a single
|
||||
<literal>-</literal> character, any failure to set the variable will be logged at debug level, but will
|
||||
not cause the service to fail. All other errors when setting variables are logged with higher priority
|
||||
and cause the service to return failure at the end (other variables are still processed).</para>
|
||||
logged at debug level and do not cause the service to fail. Moreover, if a variable assignment is
|
||||
prefixed with a single <literal>-</literal> character, failure to set the variable for other reasons will
|
||||
be logged at debug level and will not cause the service to fail. In other cases, errors when setting
|
||||
variables are logged with higher priority and cause the service to return failure at the end (after
|
||||
processing other variables).</para>
|
||||
|
||||
<para>The settings configured with <filename>sysctl.d</filename> files will be applied early on boot. The
|
||||
network interface-specific options will also be applied individually for each network interface as it
|
||||
|
@ -412,7 +412,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
|
||||
|
||||
<para>The "Loaded:" line in the output will show <literal>loaded</literal> if the unit has been loaded into
|
||||
memory. Other possible values for "Loaded:" include: <literal>error</literal> if there was a problem
|
||||
loading it, <literal>not-found</literal> if not unit file was found for this unit,
|
||||
loading it, <literal>not-found</literal> if no unit file was found for this unit,
|
||||
<literal>bad-setting</literal> if an essential unit file setting could not be parsed and
|
||||
<literal>masked</literal> if the unit file has been masked. Along with showing the path to the unit file,
|
||||
this line will also show the enablement state. Enabled commands start at boot. See the full table of
|
||||
@ -773,7 +773,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
|
||||
</row>
|
||||
<row>
|
||||
<entry><literal>indirect</literal></entry>
|
||||
<entry>The unit file itself is not enabled, but it has a non-empty <varname>Also=</varname> setting in the <literal>[Install]</literal> unit file section, listing other unit files that might be enabled, or it has an alias under a different name through a symlink that is not specified in <varname>Also=</varname>. For template unit file, an instance different than the one specified in <varname>DefaultInstance=</varname> is enabled.</entry>
|
||||
<entry>The unit file itself is not enabled, but it has a non-empty <varname>Also=</varname> setting in the <literal>[Install]</literal> unit file section, listing other unit files that might be enabled, or it has an alias under a different name through a symlink that is not specified in <varname>Also=</varname>. For template unit files, an instance different than the one specified in <varname>DefaultInstance=</varname> is enabled.</entry>
|
||||
<entry>0</entry>
|
||||
</row>
|
||||
<row>
|
||||
|
@ -509,9 +509,9 @@ NAutoVTs=8
|
||||
<para>This command will load unit files and print warnings if any errors are detected. Files specified
|
||||
on the command line will be loaded, but also any other units referenced by them. The full unit search
|
||||
path is formed by combining the directories for all command line arguments, and the usual unit load
|
||||
paths (variable <varname>$SYSTEMD_UNIT_PATH</varname> is supported, and may be used to replace or
|
||||
paths. The variable <varname>$SYSTEMD_UNIT_PATH</varname> is supported, and may be used to replace or
|
||||
augment the compiled in set of unit load paths; see
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>). All
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. All
|
||||
units files present in the directories containing the command line arguments will be used in preference
|
||||
to the other paths.</para>
|
||||
|
||||
@ -700,9 +700,9 @@ Service b@0.service not loaded, b.socket cannot be started.
|
||||
<varlistentry>
|
||||
<term><option>--man=no</option></term>
|
||||
|
||||
<listitem><para>Do not invoke man to verify the existence of
|
||||
man pages listed in <varname>Documentation=</varname>.
|
||||
</para></listitem>
|
||||
<listitem><para>Do not invoke
|
||||
<citerefentry project='man-pages'><refentrytitle>man</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
to verify the existence of man pages listed in <varname>Documentation=</varname>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
<refnamediv>
|
||||
<refname>systemd-bless-boot-generator</refname>
|
||||
<refpurpose>Pull <filename>systemd-bless-boot.service</filename> into the initial boot transaction when boot counting is in effect.</refpurpose>
|
||||
<refpurpose>Pull <filename>systemd-bless-boot.service</filename> into the initial boot transaction when boot counting is in effect</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -91,7 +91,7 @@
|
||||
|
||||
<listitem><para>The boot manager optionally reads a random seed from the ESP partition, combines it
|
||||
with a 'system token' stored in a persistent EFI variable and derives a random seed to use by the OS as
|
||||
entropy pool initializaton, providing a full entropy pool during early boot.</para></listitem>
|
||||
entropy pool initialization, providing a full entropy pool during early boot.</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
@ -313,7 +313,7 @@
|
||||
is maintained persistently, while <varname>LoaderConfigTimeoutOneShot</varname> is a one-time override which is
|
||||
read once (in which case it takes precedence over <varname>LoaderConfigTimeout</varname>) and then
|
||||
removed. <varname>LoaderConfigTimeout</varname> may be manipulated with the
|
||||
<keycap>t</keycap>/<keycap>T</keycap> keys, see above.)</para></listitem>
|
||||
<keycap>t</keycap>/<keycap>T</keycap> keys, see above.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -422,9 +422,9 @@
|
||||
<varlistentry>
|
||||
<term><varname>LoaderSystemToken</varname></term>
|
||||
|
||||
<listitem><para>A binary random data field, that is used for generating the random see to pass to the
|
||||
OS (see above). Note that this random data is generally only generated once, during OS installation,
|
||||
and is then never updated again.</para></listitem>
|
||||
<listitem><para>A binary random data field, that is used for generating the random seed to pass to
|
||||
the OS (see above). Note that this random data is generally only generated once, during OS
|
||||
installation, and is then never updated again.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
|
@ -19,7 +19,7 @@
|
||||
<refname>systemd-gpt-auto-generator</refname>
|
||||
<refpurpose>Generator for automatically discovering and mounting root, <filename>/home/</filename>,
|
||||
<filename>/srv/</filename>, <filename>/var/</filename> and <filename>/var/tmp/</filename> partitions, as
|
||||
well as discovering and enabling swap partitions, based on GPT partition type GUIDs.</refpurpose>
|
||||
well as discovering and enabling swap partitions, based on GPT partition type GUIDs</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -217,9 +217,9 @@
|
||||
</para>
|
||||
|
||||
<para>where
|
||||
<option>cursor</option> is a cursor string,
|
||||
<option>num_skip</option> is an integer,
|
||||
<option>num_entries</option> is an unsigned integer.
|
||||
<replaceable>cursor</replaceable> is a cursor string,
|
||||
<replaceable>num_skip</replaceable> is an integer,
|
||||
<replaceable>num_entries</replaceable> is an unsigned integer.
|
||||
</para>
|
||||
|
||||
<para>Range defaults to all available events.</para>
|
||||
|
@ -267,7 +267,7 @@ openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
|
||||
those files can be specified using
|
||||
<varname>TrustedCertificateFile=</varname>,
|
||||
<varname>ServerCertificateFile=</varname>,
|
||||
<varname>ServerKeyFile=</varname>, in
|
||||
and <varname>ServerKeyFile=</varname> in
|
||||
<filename>/etc/systemd/journal-remote.conf</filename> and
|
||||
<filename>/etc/systemd/journal-upload.conf</filename>,
|
||||
respectively. The default locations can be queried by using
|
||||
|
@ -103,7 +103,7 @@
|
||||
<citerefentry><refentrytitle>systemd-user-sessions.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>sd-login</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
@ -50,10 +50,11 @@
|
||||
<replaceable>WHERE</replaceable>.</para>
|
||||
|
||||
<para>In many ways, <command>systemd-mount</command> is similar to the lower-level
|
||||
<citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> command, however instead
|
||||
of executing the mount operation directly and immediately, <command>systemd-mount</command> schedules it through
|
||||
the service manager job queue, so that it may pull in further dependencies (such as parent mounts, or a file system
|
||||
checker to execute a priori), and may make use of the auto-mounting logic.</para>
|
||||
<citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
command, however instead of executing the mount operation directly and immediately,
|
||||
<command>systemd-mount</command> schedules it through the service manager job queue, so that it may pull
|
||||
in further dependencies (such as parent mounts, or a file system checker to execute a priori), and may
|
||||
make use of the auto-mounting logic.</para>
|
||||
|
||||
<para>The command takes either one or two arguments. If only one argument is specified it should refer to
|
||||
a block device or regular file containing a file system (e.g. <literal>/dev/sdb1</literal> or
|
||||
@ -61,15 +62,15 @@
|
||||
label and other metadata, and is mounted to a directory below <filename>/run/media/system/</filename>
|
||||
whose name is generated from the file system label. In this mode the block device or image file must
|
||||
exist at the time of invocation of the command, so that it may be probed. If the device is found to be a
|
||||
removable block device (e.g. a USB stick) an automount point instead of a regular mount point is created
|
||||
removable block device (e.g. a USB stick), an automount point is created instead of a regular mount point
|
||||
(i.e. the <option>--automount=</option> option is implied, see below).</para>
|
||||
|
||||
<para>If two arguments are specified the first indicates the mount source (the <replaceable>WHAT</replaceable>) and
|
||||
the second indicates the path to mount it on (the <replaceable>WHERE</replaceable>). In this mode no probing of the
|
||||
source is attempted, and a backing device node doesn't have to exist yet. However, if this mode is combined with
|
||||
<option>--discover</option>, device node probing for additional metadata is enabled, and – much like in the
|
||||
single-argument case discussed above – the specified device has to exist at the time of invocation of the
|
||||
command.</para>
|
||||
<para>If two arguments are specified, the first indicates the mount source (the
|
||||
<replaceable>WHAT</replaceable>) and the second indicates the path to mount it on (the
|
||||
<replaceable>WHERE</replaceable>). In this mode no probing of the source is attempted, and a backing
|
||||
device node doesn't have to exist. However, if this mode is combined with <option>--discover</option>,
|
||||
device node probing for additional metadata is enabled, and – much like in the single-argument case
|
||||
discussed above – the specified device has to exist at the time of invocation of the command.</para>
|
||||
|
||||
<para>Use the <option>--list</option> command to show a terse table of all local, known block devices with file
|
||||
systems that may be mounted with this command.</para>
|
||||
|
@ -531,11 +531,9 @@
|
||||
<term><option>-u</option></term>
|
||||
<term><option>--user=</option></term>
|
||||
|
||||
<listitem><para>After transitioning into the container, change
|
||||
to the specified user-defined in the container's user
|
||||
database. Like all other systemd-nspawn features, this is not
|
||||
a security feature and provides protection against accidental
|
||||
destructive operations only.</para></listitem>
|
||||
<listitem><para>After transitioning into the container, change to the specified user defined in the
|
||||
container's user database. Like all other systemd-nspawn features, this is not a security feature and
|
||||
provides protection against accidental destructive operations only.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -1167,10 +1165,9 @@
|
||||
|
||||
<para>Finally, if set to <literal>auto</literal> the file is left as it is if private networking is
|
||||
turned on (see <option>--private-network</option>). Otherwise, if
|
||||
<filename>systemd-resolved.service</filename> is connectible its stub
|
||||
<filename>resolv.conf</filename> file is used, and if not the host's
|
||||
<filename>/etc/resolv.conf</filename> file is used. In the latter cases the file is copied if the
|
||||
image is writable, and bind mounted otherwise.</para>
|
||||
<filename>systemd-resolved.service</filename> is running its stub <filename>resolv.conf</filename>
|
||||
file is used, and if not the host's <filename>/etc/resolv.conf</filename> file. In the latter cases
|
||||
the file is copied if the image is writable, and bind mounted otherwise.</para>
|
||||
|
||||
<para>It's recommended to use <literal>copy-…</literal> or <literal>replace-…</literal> if the
|
||||
container shall be able to make changes to the DNS configuration on its own, deviating from the
|
||||
@ -1186,19 +1183,20 @@
|
||||
<varlistentry>
|
||||
<term><option>--timezone=</option></term>
|
||||
|
||||
<listitem><para>Configures how <filename>/etc/localtime</filename> inside of the container (i.e. local timezone
|
||||
synchronization from host to container) shall be handled. Takes one of <literal>off</literal>,
|
||||
<literal>copy</literal>, <literal>bind</literal>, <literal>symlink</literal>, <literal>delete</literal> or
|
||||
<literal>auto</literal>. If set to <literal>off</literal> the <filename>/etc/localtime</filename> file in the
|
||||
container is left as it is included in the image, and neither modified nor bind mounted over. If set to
|
||||
<literal>copy</literal> the <filename>/etc/localtime</filename> file of the host is copied into the
|
||||
container. Similar, if <literal>bind</literal> is used, it is bind mounted from the host into the container. If
|
||||
set to <literal>symlink</literal> a symlink from <filename>/etc/localtime</filename> in the container is
|
||||
created pointing to the matching the timezone file of the container that matches the timezone setting on the
|
||||
host. If set to <literal>delete</literal> the file in the container is deleted, should it exist. If set to
|
||||
<literal>auto</literal> and the <filename>/etc/localtime</filename> file of the host is a symlink, then
|
||||
<literal>symlink</literal> mode is used, and <literal>copy</literal> otherwise, except if the image is
|
||||
read-only in which case <literal>bind</literal> is used instead. Defaults to
|
||||
<listitem><para>Configures how <filename>/etc/localtime</filename> inside of the container
|
||||
(i.e. local timezone synchronization from host to container) shall be handled. Takes one of
|
||||
<literal>off</literal>, <literal>copy</literal>, <literal>bind</literal>, <literal>symlink</literal>,
|
||||
<literal>delete</literal> or <literal>auto</literal>. If set to <literal>off</literal> the
|
||||
<filename>/etc/localtime</filename> file in the container is left as it is included in the image, and
|
||||
neither modified nor bind mounted over. If set to <literal>copy</literal> the
|
||||
<filename>/etc/localtime</filename> file of the host is copied into the container. Similarly, if
|
||||
<literal>bind</literal> is used, the file is bind mounted from the host into the container. If set to
|
||||
<literal>symlink</literal>, a symlink is created pointing from <filename>/etc/localtime</filename> in
|
||||
the container to the timezone file in the container that matches the timezone setting on the host. If
|
||||
set to <literal>delete</literal>, the file in the container is deleted, should it exist. If set to
|
||||
<literal>auto</literal> and the <filename>/etc/localtime</filename> file of the host is a symlink,
|
||||
then <literal>symlink</literal> mode is used, and <literal>copy</literal> otherwise, except if the
|
||||
image is read-only in which case <literal>bind</literal> is used instead. Defaults to
|
||||
<literal>auto</literal>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1441,7 +1439,7 @@
|
||||
|
||||
<para>This installs a minimal Fedora distribution into the
|
||||
directory <filename index="false">/var/lib/machines/f&fedora_latest_version;</filename>
|
||||
and then boots an OS in a namespace container in it. Because the installation
|
||||
and then boots that OS in a namespace container. Because the installation
|
||||
is located underneath the standard <filename>/var/lib/machines/</filename>
|
||||
directory, it is also possible to start the machine using
|
||||
<command>systemd-nspawn -M f&fedora_latest_version;</command>.</para>
|
||||
@ -1455,7 +1453,7 @@
|
||||
|
||||
<para>This installs a minimal Debian unstable distribution into
|
||||
the directory <filename>~/debian-tree/</filename> and then
|
||||
spawns a shell in a namespace container in it.</para>
|
||||
spawns a shell from this image in a namespace container.</para>
|
||||
|
||||
<para><command>debootstrap</command> supports
|
||||
<ulink url="https://www.debian.org">Debian</ulink>,
|
||||
|
@ -44,7 +44,7 @@
|
||||
<citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, with
|
||||
its <command>bootctl random-seed</command> functionality.</para>
|
||||
|
||||
<para>When loading the random seed from disk its file is immediately updated with a new seed retrieved
|
||||
<para>When loading the random seed from disk, the file is immediately updated with a new seed retrieved
|
||||
from the kernel, in order to ensure no two boots operate with the same random seed. This new seed is
|
||||
retrieved synchronously from the kernel, which means the service will not complete start-up until the
|
||||
random pool is fully initialized. On entropy-starved systems this may take a while. This functionality is
|
||||
|
@ -57,9 +57,10 @@
|
||||
available but not yet used. Specifically the following use cases are among those covered:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>The root partition may be grown to cover the whole available disk space</para></listitem>
|
||||
<listitem><para>A <filename>/home/</filename>, swap or <filename>/srv/</filename> partition can be added in</para></listitem>
|
||||
<listitem><para>A second (or third, …) root partition may be added in, to cover A/B style setups
|
||||
<listitem><para>The root partition may be grown to cover the whole available disk space.</para></listitem>
|
||||
<listitem><para>A <filename>/home/</filename>, swap or <filename>/srv/</filename> partition can be
|
||||
added.</para></listitem>
|
||||
<listitem><para>A second (or third, …) root partition may be added, to cover A/B style setups
|
||||
where a second version of the root file system is alternatingly used for implementing update
|
||||
schemes. The deployed image would carry only a single partition ("A") but on first boot a second
|
||||
partition ("B") for this purpose is automatically created.</para></listitem>
|
||||
@ -69,7 +70,7 @@
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>The <filename>repart.d/*.conf</filename> configuration files are loaded and parsed,
|
||||
and ordered by filename (without the directory suffix). </para></listitem>
|
||||
and ordered by filename (without the directory prefix).</para></listitem>
|
||||
|
||||
<listitem><para>The partition table already existing on the block device is loaded and
|
||||
parsed.</para></listitem>
|
||||
@ -119,13 +120,13 @@
|
||||
</orderedlist>
|
||||
|
||||
<para>As exception to the normally strictly incremental operation, when called in a special "factory
|
||||
reset" mode <command>systemd-repart</command> may also be used to erase select existing partitions to
|
||||
reset" mode, <command>systemd-repart</command> may also be used to erase existing partitions to
|
||||
reset an installation back to vendor defaults. This mode of operation is used when either the
|
||||
<option>--factory-reset=yes</option> switch is passed on the tool's command line, or the
|
||||
<option>systemd.factory_reset=yes</option> option specified on the kernel command line, or the
|
||||
<varname>FactoryReset</varname> EFI variable (vendor UUID
|
||||
<constant>8cf2644b-4b0b-428f-9387-6d876050dc67</constant>) is set to "yes". It alters the algorithm above
|
||||
slightly: between the 3rd and the 4th step above the any partition marked explicitly via the
|
||||
slightly: between the 3rd and the 4th step above any partition marked explicitly via the
|
||||
<varname>FactoryReset=</varname> boolean is deleted, and the algorithm restarted, thus immediately
|
||||
re-creating these partitions anew empty.</para>
|
||||
|
||||
@ -267,9 +268,9 @@
|
||||
<varlistentry>
|
||||
<term><option>--definitions=</option></term>
|
||||
|
||||
<listitem><para>Takes a file system path. If specified the <filename>*.conf</filename> are directly
|
||||
read from the specified directory instead of searching in
|
||||
<filename>/usr/lib/repart.d/*.conf</filename>, <filename>/etc/repart.d/*.conf</filename>,
|
||||
<listitem><para>Takes a file system path. If specified the <filename>*.conf</filename> files are read
|
||||
from the specified directory instead of searching in <filename>/usr/lib/repart.d/*.conf</filename>,
|
||||
<filename>/etc/repart.d/*.conf</filename>,
|
||||
<filename>/run/repart.d/*.conf</filename>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
||||
</refmeta>
|
||||
<refnamediv>
|
||||
<refname>systemd-socket-proxyd</refname>
|
||||
<refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose>
|
||||
<refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket</refpurpose>
|
||||
</refnamediv>
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
|
@ -71,14 +71,11 @@
|
||||
url="https://www.freedesktop.org/wiki/Software/systemd/inhibit">Inhibitor
|
||||
interface</ulink>.</para>
|
||||
|
||||
<para>Note that
|
||||
<filename>systemd-suspend.service</filename>,
|
||||
<filename>systemd-hibernate.service</filename>, and
|
||||
<filename>systemd-hybrid-sleep.service</filename>
|
||||
<filename>systemd-suspend-then-hibernate.service</filename>
|
||||
should never be executed directly. Instead, trigger system sleep
|
||||
states with a command such as <literal>systemctl suspend</literal>
|
||||
or similar.</para>
|
||||
<para>Note that <filename>systemd-suspend.service</filename>,
|
||||
<filename>systemd-hibernate.service</filename>, <filename>systemd-hybrid-sleep.service</filename>, and
|
||||
<filename>systemd-suspend-then-hibernate.service</filename> should never be executed directly. Instead,
|
||||
trigger system sleep with a command such as <command>systemctl suspend</command> or <command>systemctl
|
||||
hibernate</command>.</para>
|
||||
|
||||
<para>Internally, this service will echo a string like
|
||||
<literal>mem</literal> into <filename>/sys/power/state</filename>,
|
||||
|
@ -387,9 +387,9 @@
|
||||
units. See
|
||||
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
|
||||
details. These settings may be overridden in individual units using the corresponding
|
||||
<varname>LimitXXX=</varname> directives, see
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, for
|
||||
details, and they accept the same parameter syntax. Note that these resource limits are only defaults
|
||||
<varname>LimitXXX=</varname> directives and they accept the same parameter syntax,
|
||||
see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for details. Note that these resource limits are only defaults
|
||||
for units, they are not applied to the service manager process (i.e. PID 1) itself.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -18,7 +18,7 @@
|
||||
<refnamediv>
|
||||
<refname>systemd-time-wait-sync.service</refname>
|
||||
<refname>systemd-time-wait-sync</refname>
|
||||
<refpurpose>Wait Until Kernel Time Synchronized</refpurpose>
|
||||
<refpurpose>Wait until kernel time is synchronized</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
|
@ -60,7 +60,7 @@
|
||||
<para>Device units will be reloaded by systemd whenever the
|
||||
corresponding device generates a <literal>changed</literal> event.
|
||||
Other units can use <varname>ReloadPropagatedFrom=</varname> to react
|
||||
to that event</para>
|
||||
to that event.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
@ -511,10 +511,11 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
|
||||
<varlistentry>
|
||||
<term><varname>AppArmorProfile=</varname></term>
|
||||
|
||||
<listitem><para>Takes a profile name as argument. The process executed by the unit will switch to this profile
|
||||
when started. Profiles must already be loaded in the kernel, or the unit will fail. This result in a non
|
||||
operation if AppArmor is not enabled. If prefixed by <literal>-</literal>, all errors will be ignored. This
|
||||
does not affect commands prefixed with <literal>+</literal>.</para></listitem>
|
||||
<listitem><para>Takes a profile name as argument. The process executed by the unit will switch to
|
||||
this profile when started. Profiles must already be loaded in the kernel, or the unit will fail. If
|
||||
prefixed by <literal>-</literal>, all errors will be ignored. This setting has no effect if AppArmor
|
||||
is not enabled. This setting not affect commands prefixed with <literal>+</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -880,7 +881,7 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
|
||||
in <varname>NUMAMask=</varname>. For more details on each policy please see,
|
||||
<citerefentry><refentrytitle>set_mempolicy</refentrytitle><manvolnum>2</manvolnum></citerefentry>. For overall
|
||||
overview of NUMA support in Linux see,
|
||||
<citerefentry project='man-pages'><refentrytitle>numa</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
<citerefentry project='man-pages'><refentrytitle>numa</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1067,14 +1068,16 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
|
||||
<varname>RootDirectory=</varname> or <varname>RootImage=</varname> these paths always reside on the host and
|
||||
are mounted from there into the unit's file system namespace.</para>
|
||||
|
||||
<para>If <varname>DynamicUser=</varname> is used in conjunction with <varname>StateDirectory=</varname>,
|
||||
<varname>CacheDirectory=</varname> and <varname>LogsDirectory=</varname> is slightly altered: the directories
|
||||
are created below <filename>/var/lib/private</filename>, <filename>/var/cache/private</filename> and
|
||||
<para>If <varname>DynamicUser=</varname> is used in conjunction with
|
||||
<varname>StateDirectory=</varname>, the logic for <varname>CacheDirectory=</varname> and
|
||||
<varname>LogsDirectory=</varname> is slightly altered: the directories are created below
|
||||
<filename>/var/lib/private</filename>, <filename>/var/cache/private</filename> and
|
||||
<filename>/var/log/private</filename>, respectively, which are host directories made inaccessible to
|
||||
unprivileged users, which ensures that access to these directories cannot be gained through dynamic user ID
|
||||
recycling. Symbolic links are created to hide this difference in behaviour. Both from perspective of the host
|
||||
and from inside the unit, the relevant directories hence always appear directly below
|
||||
<filename>/var/lib</filename>, <filename>/var/cache</filename> and <filename>/var/log</filename>.</para>
|
||||
unprivileged users, which ensures that access to these directories cannot be gained through dynamic
|
||||
user ID recycling. Symbolic links are created to hide this difference in behaviour. Both from
|
||||
perspective of the host and from inside the unit, the relevant directories hence always appear
|
||||
directly below <filename>/var/lib</filename>, <filename>/var/cache</filename> and
|
||||
<filename>/var/log</filename>.</para>
|
||||
|
||||
<para>Use <varname>RuntimeDirectory=</varname> to manage one or more runtime directories for the unit and bind
|
||||
their lifetime to the daemon runtime. This is particularly useful for unprivileged daemons that cannot create
|
||||
@ -1238,8 +1241,8 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
|
||||
<term><varname>PrivateTmp=</varname></term>
|
||||
|
||||
<listitem><para>Takes a boolean argument. If true, sets up a new file system namespace for the executed
|
||||
processes and mounts private <filename>/tmp</filename> and <filename>/var/tmp</filename> directories inside it
|
||||
that is not shared by processes outside of the namespace. This is useful to secure access to temporary files of
|
||||
processes and mounts private <filename>/tmp/</filename> and <filename>/var/tmp/</filename> directories inside it
|
||||
that are not shared by processes outside of the namespace. This is useful to secure access to temporary files of
|
||||
the process, but makes sharing between processes via <filename>/tmp</filename> or <filename>/var/tmp</filename>
|
||||
impossible. If this is enabled, all temporary files created by a service in these directories will be removed
|
||||
after the service is stopped. Defaults to false. It is possible to run two or more units within the same
|
||||
@ -1399,7 +1402,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
|
||||
this option removes <constant>CAP_SYS_TIME</constant> and <constant>CAP_WAKE_ALARM</constant> from the
|
||||
capability bounding set for this unit, installs a system call filter to block calls that can set the
|
||||
clock, and <varname>DeviceAllow=char-rtc r</varname> is implied. This ensures <filename>/dev/rtc0</filename>,
|
||||
<filename>/dev/rtc1</filename>, etc are made read only to the service. See
|
||||
<filename>/dev/rtc1</filename>, etc. are made read-only to the service. See
|
||||
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for the details about <varname>DeviceAllow=</varname>.</para>
|
||||
|
||||
@ -1495,7 +1498,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
|
||||
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
|
||||
are unaffected. Also, sockets created with <function>socketpair()</function> (which creates connected
|
||||
AF_UNIX sockets only) are unaffected. Note that this option has no effect on 32-bit x86, s390, s390x,
|
||||
mips, mips-le, ppc, ppc-le, pcc64, ppc64-le and is ignored (but works correctly on other ABIs,
|
||||
mips, mips-le, ppc, ppc-le, ppc64, ppc64-le and is ignored (but works correctly on other ABIs,
|
||||
including x86-64). Note that on systems supporting multiple ABIs (such as x86/x86-64) it is
|
||||
recommended to turn off alternative ABIs for services, so that they cannot be used to circumvent the
|
||||
restrictions of this option. Specifically, it is recommended to combine this option with
|
||||
@ -1803,7 +1806,7 @@ RestrictNamespaces=~cgroup net</programlisting>
|
||||
</row>
|
||||
<row>
|
||||
<entry>@file-system</entry>
|
||||
<entry>File system operations: opening, creating files and directories for read and write, renaming and removing them, reading file properties, or creating hard and symbolic links.</entry>
|
||||
<entry>File system operations: opening, creating files and directories for read and write, renaming and removing them, reading file properties, or creating hard and symbolic links</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>@io-event</entry>
|
||||
@ -1819,7 +1822,7 @@ RestrictNamespaces=~cgroup net</programlisting>
|
||||
</row>
|
||||
<row>
|
||||
<entry>@memlock</entry>
|
||||
<entry>Locking of memory into RAM (<citerefentry project='man-pages'><refentrytitle>mlock</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>mlockall</refentrytitle><manvolnum>2</manvolnum></citerefentry> and related calls)</entry>
|
||||
<entry>Locking of memory in RAM (<citerefentry project='man-pages'><refentrytitle>mlock</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>mlockall</refentrytitle><manvolnum>2</manvolnum></citerefentry> and related calls)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>@module</entry>
|
||||
@ -1843,7 +1846,7 @@ RestrictNamespaces=~cgroup net</programlisting>
|
||||
</row>
|
||||
<row>
|
||||
<entry>@process</entry>
|
||||
<entry>Process control, execution, namespaceing operations (<citerefentry project='man-pages'><refentrytitle>clone</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>kill</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>, …</entry>
|
||||
<entry>Process control, execution, namespaceing operations (<citerefentry project='man-pages'><refentrytitle>clone</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>kill</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>, …)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>@raw-io</entry>
|
||||
@ -1871,7 +1874,7 @@ RestrictNamespaces=~cgroup net</programlisting>
|
||||
</row>
|
||||
<row>
|
||||
<entry>@sync</entry>
|
||||
<entry>Synchronizing files and memory to disk: (<citerefentry project='man-pages'><refentrytitle>fsync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>msync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, and related calls)</entry>
|
||||
<entry>Synchronizing files and memory to disk (<citerefentry project='man-pages'><refentrytitle>fsync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>msync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, and related calls)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>@system-service</entry>
|
||||
@ -1949,7 +1952,7 @@ SystemCallErrorNumber=EPERM</programlisting>
|
||||
manager is compiled for). If running in user mode, or in system mode, but without the
|
||||
<constant>CAP_SYS_ADMIN</constant> capability (e.g. setting <varname>User=nobody</varname>),
|
||||
<varname>NoNewPrivileges=yes</varname> is implied. By default, this option is set to the empty list, i.e. no
|
||||
system call architecture filtering is applied.</para>
|
||||
filtering is applied.</para>
|
||||
|
||||
<para>If this setting is used, processes of this unit will only be permitted to call native system calls, and
|
||||
system calls of the specified architectures. For the purposes of this option, the x32 architecture is treated
|
||||
@ -2213,8 +2216,9 @@ SystemCallErrorNumber=EPERM</programlisting>
|
||||
<constant>AF_UNIX</constant> socket in the file system, as in that case only a
|
||||
single stream connection is created for both input and output.</para>
|
||||
|
||||
<para><option>append:<replaceable>path</replaceable></option> is similar to <option>file:<replaceable>path
|
||||
</replaceable></option> above, but it opens the file in append mode.</para>
|
||||
<para><option>append:<replaceable>path</replaceable></option> is similar to
|
||||
<option>file:<replaceable>path</replaceable></option> above, but it opens the file in append mode.
|
||||
</para>
|
||||
|
||||
<para><option>socket</option> connects standard output to a socket acquired via socket activation. The
|
||||
semantics are similar to the same option of <varname>StandardInput=</varname>, see above.</para>
|
||||
@ -2551,7 +2555,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
|
||||
<varname>UnsetEnvironment=</varname> are removed again from the compiled environment variable list, immediately
|
||||
before it is passed to the executed process.</para>
|
||||
|
||||
<para>The following select environment variables are set or propagated by the service manager for each invoked
|
||||
<para>The following environment variables are set or propagated by the service manager for each invoked
|
||||
process:</para>
|
||||
|
||||
<variablelist class='environment-variables'>
|
||||
@ -2622,7 +2626,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
|
||||
<term><varname>$LOGS_DIRECTORY</varname></term>
|
||||
<term><varname>$CONFIGURATION_DIRECTORY</varname></term>
|
||||
|
||||
<listitem><para>Contains and absolute paths to the directories defined with
|
||||
<listitem><para>Absolute paths to the directories defined with
|
||||
<varname>RuntimeDirectory=</varname>, <varname>StateDirectory=</varname>,
|
||||
<varname>CacheDirectory=</varname>, <varname>LogsDirectory=</varname>, and
|
||||
<varname>ConfigurationDirectory=</varname> when those settings are used.</para>
|
||||
@ -3228,7 +3232,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
|
||||
<row>
|
||||
<entry>242</entry>
|
||||
<entry><constant>EXIT_NUMA_POLICY</constant></entry>
|
||||
<entry>Failed to set up unit's NUMA memory policy. See <varname>NUMAPolicy=</varname> and <varname>NUMAMask=</varname>above.</entry>
|
||||
<entry>Failed to set up unit's NUMA memory policy. See <varname>NUMAPolicy=</varname> and <varname>NUMAMask=</varname> above.</entry>
|
||||
</row>
|
||||
|
||||
</tbody>
|
||||
|
@ -524,7 +524,8 @@
|
||||
structured log entries via calls such as
|
||||
<citerefentry><refentrytitle>sd_journal_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
|
||||
They may also not be used as matches for
|
||||
<citerefentry><refentrytitle>sd_journal_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry></para>
|
||||
<citerefentry><refentrytitle>sd_journal_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
|
||||
</para>
|
||||
|
||||
<variablelist class='journal-directives'>
|
||||
<varlistentry>
|
||||
|
@ -151,7 +151,7 @@
|
||||
terminate upon receiving the initial <constant>SIGTERM</constant>
|
||||
signal. This can be achieved by configuring <varname>LimitCORE=</varname>
|
||||
and setting <varname>FinalKillSignal=</varname> to either
|
||||
<constant>SIGQUIT</constant> or <constant>SIGABRT</constant>
|
||||
<constant>SIGQUIT</constant> or <constant>SIGABRT</constant>.
|
||||
Defaults to <constant>SIGKILL</constant>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
@ -357,7 +357,7 @@
|
||||
</variablelist>
|
||||
|
||||
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this
|
||||
particular version of systemd.</para>
|
||||
particular version of systemd).</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
@ -114,10 +114,10 @@
|
||||
<entry>An IPv4 over IPv4 tunnel.</entry></row>
|
||||
|
||||
<row><entry><varname>ipvlan</varname></entry>
|
||||
<entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
|
||||
<entry>An IPVLAN device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
|
||||
|
||||
<row><entry><varname>ipvtap</varname></entry>
|
||||
<entry>An ipvtap device is a stacked device which receives packets from its underlying device based on IP address filtering and can be accessed using the tap user space interface.</entry></row>
|
||||
<entry>An IPVTAP device is a stacked device which receives packets from its underlying device based on IP address filtering and can be accessed using the tap user space interface.</entry></row>
|
||||
|
||||
<row><entry><varname>macvlan</varname></entry>
|
||||
<entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
|
||||
@ -273,13 +273,13 @@
|
||||
<term><varname>Name=</varname></term>
|
||||
<listitem>
|
||||
<para>The interface name used when creating the netdev.
|
||||
This option is compulsory.</para>
|
||||
This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>Kind=</varname></term>
|
||||
<listitem>
|
||||
<para>The netdev kind. This option is compulsory. See the
|
||||
<para>The netdev kind. This setting is compulsory. See the
|
||||
<literal>Supported netdev kinds</literal> section for the
|
||||
valid keys.</para>
|
||||
</listitem>
|
||||
@ -287,7 +287,7 @@
|
||||
<varlistentry>
|
||||
<term><varname>MTUBytes=</varname></term>
|
||||
<listitem>
|
||||
<para>The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G,
|
||||
<para>The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G
|
||||
are supported and are understood to the base of 1024. For <literal>tun</literal> or
|
||||
<literal>tap</literal> devices, <varname>MTUBytes=</varname> setting is not currently supported in
|
||||
<literal>[NetDev]</literal> section. Please specify it in <literal>[Link]</literal> section of
|
||||
@ -445,7 +445,7 @@
|
||||
<term><varname>Id=</varname></term>
|
||||
<listitem>
|
||||
<para>The VLAN ID to use. An integer in the range 0–4094.
|
||||
This option is compulsory.</para>
|
||||
This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -478,8 +478,8 @@
|
||||
<varlistentry>
|
||||
<term><varname>ReorderHeader=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. The VLAN reorder header is set VLAN interfaces behave like physical interfaces.
|
||||
When unset, the kernel's default will be used.</para>
|
||||
<para>Takes a boolean. When enabled, the VLAN reorder header is used and VLAN interfaces behave
|
||||
like physical interfaces. When unset, the kernel's default will be used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
@ -579,7 +579,8 @@
|
||||
<varlistentry>
|
||||
<term><varname>Group=</varname></term>
|
||||
<listitem>
|
||||
<para>Configures VXLAN multicast group IP address. All members of a VXLAN must use the same multicast group address.</para>
|
||||
<para>Configures VXLAN multicast group IP address. All members of a VXLAN must use the same
|
||||
multicast group address.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -637,8 +638,7 @@
|
||||
<varlistentry>
|
||||
<term><varname>L3MissNotification=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. When true, enables netlink IP address miss
|
||||
notifications.</para>
|
||||
<para>Takes a boolean. When true, enables netlink IP address miss notifications.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -765,15 +765,16 @@
|
||||
<varlistentry>
|
||||
<term><varname>TTL=</varname></term>
|
||||
<listitem>
|
||||
<para>Accepts the same key in <literal>[VXLAN]</literal> section except when unset or
|
||||
set to 0, the kernel's default will be used meaning that packets TTL will be set from
|
||||
<para>Accepts the same values as in the <literal>[VXLAN]</literal> section, except that when unset
|
||||
or set to 0, the kernel's default will be used, meaning that packet TTL will be set from
|
||||
<filename>/proc/sys/net/ipv4/ip_default_ttl</filename>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>UDPChecksum=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para>
|
||||
<para>Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets
|
||||
over IPv4.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -821,21 +822,23 @@
|
||||
<varlistentry>
|
||||
<term><varname>TunnelId=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer.
|
||||
Ranges a number between 1 and 4294967295). This option is compulsory.</para>
|
||||
<para>Specifies the tunnel identifier. Takes an number in the range 1–4294967295. The value used
|
||||
must match the <literal>PeerTunnelId=</literal> value being used at the peer. This setting is
|
||||
compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>PeerTunnelId=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the peer tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer.
|
||||
Ranges a number between 1 and 4294967295). This option is compulsory.</para>
|
||||
<para>Specifies the peer tunnel id. Takes a number in the range 1—4294967295. The value used must
|
||||
match the <literal>PeerTunnelId=</literal> value being used at the peer. This setting is
|
||||
compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>Remote=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the IP address of the remote peer. This option is compulsory.</para>
|
||||
<para>Specifies the IP address of the remote peer. This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -852,27 +855,29 @@
|
||||
<varlistentry>
|
||||
<term><varname>EncapsulationType=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the encapsulation type of the tunnel. Takes one of <literal>udp</literal> or <literal>ip</literal>.</para>
|
||||
<para>Specifies the encapsulation type of the tunnel. Takes one of <literal>udp</literal> or
|
||||
<literal>ip</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>UDPSourcePort=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected it's mandotory. Ignored when ip
|
||||
encapsulation is selected.</para>
|
||||
<para>Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected
|
||||
it's mandatory. Ignored when IP encapsulation is selected.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>UDPDestinationPort=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies destination port. When UDP encapsulation is selected it's mandotory. Ignored when ip
|
||||
<para>Specifies destination port. When UDP encapsulation is selected it's mandatory. Ignored when IP
|
||||
encapsulation is selected.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>UDPChecksum=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para>
|
||||
<para>Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets
|
||||
over IPv4.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -900,21 +905,23 @@
|
||||
<varlistentry>
|
||||
<term><varname>Name=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the name of the session. This option is compulsory.</para>
|
||||
<para>Specifies the name of the session. This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>SessionId=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the session id. The value used must match the <literal>SessionId=</literal> value being used at the peer.
|
||||
Ranges a number between 1 and 4294967295). This option is compulsory.</para>
|
||||
<para>Specifies the session identifier. Takes an number in the range 1–4294967295. The value used
|
||||
must match the <literal>SessionId=</literal> value being used at the peer. This setting is
|
||||
compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>PeerSessionId=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the peer session id. The value used must match the <literal>PeerSessionId=</literal> value being used at the peer.
|
||||
Ranges a number between 1 and 4294967295). This option is compulsory.</para>
|
||||
<para>Specifies the peer session identifier. Takes an number in the range 1–4294967295.
|
||||
The value used must match the <literal>PeerSessionId=</literal> value being used at the peer.
|
||||
This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -968,7 +975,7 @@
|
||||
<term><varname>MACAddress=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the MAC address to be used for the MACsec receive channel. The MAC address
|
||||
used to make secure channel identifier (SCI). This option is compulsory, and is not set by
|
||||
used to make secure channel identifier (SCI). This setting is compulsory, and is not set by
|
||||
default.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1002,7 +1009,7 @@
|
||||
<term><varname>Key=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the encryption key used in the transmission channel. The same key must be
|
||||
configured on the peer’s matching receive channel. This option is compulsory, and is not set
|
||||
configured on the peer’s matching receive channel. This setting is compulsory, and is not set
|
||||
by default. Takes a 128-bit key encoded in a hexadecimal string, for example
|
||||
<literal>dffafc8d7b9a43d5b9a3dfbbf6a30c16</literal>.</para>
|
||||
</listitem>
|
||||
@ -1136,7 +1143,7 @@
|
||||
<para>A fixed Time To Live N on tunneled packets. N is a
|
||||
number in the range 1–255. 0 is a special value meaning that
|
||||
packets inherit the TTL value. The default value for IPv4
|
||||
tunnels is: inherit. The default value for IPv6 tunnels is
|
||||
tunnels is 0 (inherit). The default value for IPv6 tunnels is
|
||||
64.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1192,7 +1199,7 @@
|
||||
both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>).
|
||||
The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad.
|
||||
It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
|
||||
and control path) in ip xfrm (framework used to implement IPsec protocol).
|
||||
and control path) in IP XFRM (framework used to implement IPsec protocol).
|
||||
See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
|
||||
ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6,
|
||||
GRE, GRETAP, and ERSPAN tunnels.</para>
|
||||
@ -1322,29 +1329,32 @@
|
||||
<varlistentry>
|
||||
<term><varname>Encapsulation=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the encapsulation mechanism used to store networking packets of various protocols inside the UDP packets. Supports the following values:
|
||||
<para>Specifies the encapsulation mechanism used to store networking packets of various protocols
|
||||
inside the UDP packets. Supports the following values:
|
||||
|
||||
<literal>FooOverUDP</literal> provides the simplest no frills model of UDP encapsulation, it simply encapsulates
|
||||
packets directly in the UDP payload.
|
||||
<literal>GenericUDPEncapsulation</literal> is a generic and extensible encapsulation, it allows encapsulation of packets for any IP
|
||||
protocol and optional data as part of the encapsulation.
|
||||
For more detailed information see <ulink url="https://lwn.net/Articles/615044">Generic UDP Encapsulation</ulink>.
|
||||
Defaults to <literal>FooOverUDP</literal>.
|
||||
<literal>FooOverUDP</literal> provides the simplest no frills model of UDP encapsulation, it simply
|
||||
encapsulates packets directly in the UDP payload. <literal>GenericUDPEncapsulation</literal> is a
|
||||
generic and extensible encapsulation, it allows encapsulation of packets for any IP protocol and
|
||||
optional data as part of the encapsulation. For more detailed information see <ulink
|
||||
url="https://lwn.net/Articles/615044">Generic UDP Encapsulation</ulink>. Defaults to
|
||||
<literal>FooOverUDP</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>Port=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the port number, where the IP encapsulation packets will arrive. Please take note that the packets
|
||||
will arrive with the encapsulation will be removed. Then they will be manually fed back into the network stack, and sent ahead
|
||||
for delivery to the real destination. This option is mandatory.</para>
|
||||
<para>Specifies the port number, where the IP encapsulation packets will arrive. Please take note
|
||||
that the packets will arrive with the encapsulation will be removed. Then they will be manually fed
|
||||
back into the network stack, and sent ahead for delivery to the real destination. This option is
|
||||
mandatory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>PeerPort=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the peer port number. Defaults to unset. Note that when peer port is set <literal>Peer=</literal> address is mandotory.</para>
|
||||
<para>Specifies the peer port number. Defaults to unset. Note that when peer port is set
|
||||
<literal>Peer=</literal> address is mandatory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -1360,7 +1370,8 @@
|
||||
<varlistentry>
|
||||
<term><varname>Peer=</varname></term>
|
||||
<listitem>
|
||||
<para>Configures peer IP address. Note that when peer address is set <literal>PeerPort=</literal> is mandotory.</para>
|
||||
<para>Configures peer IP address. Note that when peer address is set <literal>PeerPort=</literal>
|
||||
is mandatory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -1384,7 +1395,7 @@
|
||||
<term><varname>Name=</varname></term>
|
||||
<listitem>
|
||||
<para>The interface name used when creating the netdev.
|
||||
This option is compulsory.</para>
|
||||
This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -1410,7 +1421,7 @@
|
||||
<term><varname>Peer=</varname></term>
|
||||
<listitem>
|
||||
<para>The peer interface name used when creating the netdev.
|
||||
This option is compulsory.</para>
|
||||
This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
@ -1702,14 +1713,15 @@
|
||||
<varlistentry>
|
||||
<term><varname>AdActorSystemPriority=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the 802.3ad actor system priority. Ranges [1-65535].</para>
|
||||
<para>Specifies the 802.3ad actor system priority. Takes a number in the range 1—65535.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>AdUserPortKey=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the 802.3ad user defined portion of the port key. Ranges [0-1023].</para>
|
||||
<para>Specifies the 802.3ad user defined portion of the port key. Takes a number in the range
|
||||
0–1023.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1902,8 +1914,7 @@
|
||||
</variablelist>
|
||||
|
||||
<para>For more detail information see
|
||||
<ulink url="https://lwn.net/Articles/757391">
|
||||
Virtual xfrm interfaces</ulink></para>
|
||||
<ulink url="https://lwn.net/Articles/757391">Virtual XFRM Interfaces</ulink>.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
@ -1916,7 +1927,7 @@
|
||||
<varlistentry>
|
||||
<term><varname>Table=</varname></term>
|
||||
<listitem>
|
||||
<para>The numeric routing table identifier. This option is compulsory.</para>
|
||||
<para>The numeric routing table identifier. This setting is compulsory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -132,9 +132,8 @@
|
||||
<listitem>
|
||||
<para>A whitespace-separated list of hardware address of the currently connected wireless
|
||||
LAN. Use full colon-, hyphen- or dot-delimited hexadecimal. See the example in
|
||||
<varname>MACAddress=</varname>. This option may appear more than one, in which case the
|
||||
lists are merged. If the empty string is assigned to this option, the list of BSSID defined
|
||||
prior to this is reset.</para>
|
||||
<varname>MACAddress=</varname>. This option may appear more than once, in which case the
|
||||
lists are merged. If the empty string is assigned to this option, the list is reset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -211,7 +210,7 @@
|
||||
<para>Link groups are similar to port ranges found in managed switches.
|
||||
When network interfaces are added to a numbered group, operations on
|
||||
all the interfaces from that group can be performed at once. An unsigned
|
||||
integer ranges 0 to 4294967294. Default to unset.</para>
|
||||
integer in the range 0—4294967294. Defaults to unset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -495,10 +494,8 @@
|
||||
<varlistentry>
|
||||
<term><varname>DNSSEC=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. or
|
||||
<literal>allow-downgrade</literal>. When true, enables
|
||||
<ulink
|
||||
url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink>
|
||||
<para>Takes a boolean or <literal>allow-downgrade</literal>. When true, enables
|
||||
<ulink url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink>
|
||||
DNS validation support on the link. When set to
|
||||
<literal>allow-downgrade</literal>, compatibility with
|
||||
non-DNSSEC capable networks is increased, by automatically
|
||||
@ -770,7 +767,7 @@
|
||||
<term><varname>IPv4ProxyARP=</varname></term>
|
||||
<listitem><para>Takes a boolean. Configures proxy ARP for IPv4. Proxy ARP is the technique in which one host,
|
||||
usually a router, answers ARP requests intended for another machine. By "faking" its identity,
|
||||
the router accepts responsibility for routing packets to the "real" destination. (see <ulink
|
||||
the router accepts responsibility for routing packets to the "real" destination. See <ulink
|
||||
url="https://tools.ietf.org/html/rfc1027">RFC 1027</ulink>.
|
||||
When unset, the kernel's default will be used.
|
||||
</para></listitem>
|
||||
@ -1031,7 +1028,7 @@
|
||||
<term><varname>Scope=</varname></term>
|
||||
<listitem>
|
||||
<para>The scope of the address, which can be <literal>global</literal>,
|
||||
<literal>link</literal> or <literal>host</literal> or an unsigned integer ranges 0 to 255.
|
||||
<literal>link</literal> or <literal>host</literal> or an unsigned integer in the range 0—255.
|
||||
Defaults to <literal>global</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1129,8 +1126,8 @@
|
||||
<varlistentry>
|
||||
<term><varname>Label=</varname></term>
|
||||
<listitem>
|
||||
<para> The label for the prefix (an unsigned integer) ranges 0 to 4294967294.
|
||||
0xffffffff is reserved. This key is mandatory.</para>
|
||||
<para>The label for the prefix, an unsigned integer in the range 0–4294967294.
|
||||
0xffffffff is reserved. This setting is mandatory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -1154,7 +1151,7 @@
|
||||
<varlistentry>
|
||||
<term><varname>TypeOfService=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the type of service to match a number between 0 to 255.</para>
|
||||
<para>Takes a number between 0 and 255 that specifies the type of service to match.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -1261,10 +1258,9 @@
|
||||
|
||||
<refsect1>
|
||||
<title>[NextHop] Section Options</title>
|
||||
<para>The <literal>[NextHop]</literal> section accepts the
|
||||
following keys. Specify several <literal>[NextHop]</literal>
|
||||
sections to configure several nexthop. Nexthop is used to manipulate entries in the kernel's nexthop
|
||||
tables.</para>
|
||||
<para>The [NextHop] section is used to manipulate entries in the kernel's "nexthop" tables. The
|
||||
[NextHop] section accepts the following keys. Specify several [NextHop] sections to configure several
|
||||
hops.</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
@ -1333,10 +1329,10 @@
|
||||
<term><varname>IPv6Preference=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the route preference as defined in <ulink
|
||||
url="https://tools.ietf.org/html/rfc4191">RFC4191</ulink> for Router Discovery messages.
|
||||
Which can be one of <literal>low</literal> the route has a lowest priority,
|
||||
<literal>medium</literal> the route has a default priority or
|
||||
<literal>high</literal> the route has a highest priority.</para>
|
||||
url="https://tools.ietf.org/html/rfc4191">RFC 4191</ulink> for Router Discovery messages. Which
|
||||
can be one of <literal>low</literal> the route has a lowest priority, <literal>medium</literal>
|
||||
the route has a default priority or <literal>high</literal> the route has a highest priority.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -1717,8 +1713,8 @@
|
||||
<para>The table identifier for DHCP routes (a number between 1 and 4294967295, or 0 to unset).
|
||||
The table can be retrieved using <command>ip route show table <replaceable>num</replaceable></command>.
|
||||
</para>
|
||||
<para>When used in combination with <varname>VRF=</varname> the
|
||||
VRF's routing table is used unless this parameter is specified.
|
||||
<para>When used in combination with <varname>VRF=</varname>, the
|
||||
VRF's routing table is used when this parameter is not specified.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -1757,11 +1753,12 @@
|
||||
<varlistentry>
|
||||
<term><varname>SendDecline=</varname></term>
|
||||
<listitem>
|
||||
<para>A boolean. When <literal>true</literal>, DHCPv4 clients receives IP address from DHCP server.
|
||||
After new IP is received, DHCPv4 performs IPv4 Duplicate Address Detection. If duplicate use of IP is detected
|
||||
the DHCPv4 client rejects the IP by sending a DHCPDECLINE packet DHCP clients try to obtain an IP address again.
|
||||
See <ulink url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>.
|
||||
Defaults to <literal>unset</literal>.</para>
|
||||
<para>A boolean. When <literal>true</literal>, the DHCPv4 client receives the IP address from the
|
||||
DHCP server. After a new IP is received, the DHCPv4 client performs IPv4 Duplicate Address
|
||||
Detection. If duplicate use is detected, the DHCPv4 client rejects the IP by sending a
|
||||
DHCPDECLINE packet and tries to obtain an IP address again. See <ulink
|
||||
url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>. Defaults to
|
||||
<literal>unset</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1839,7 +1836,7 @@
|
||||
<para>Takes a boolean. The DHCPv6 client can obtain configuration parameters from a DHCPv6 server through
|
||||
a rapid two-message exchange (solicit and reply). When the rapid commit option is enabled by both
|
||||
the DHCPv6 client and the DHCPv6 server, the two-message exchange is used, rather than the default
|
||||
four-method exchange (solicit, advertise, request, and reply). The two-message exchange provides
|
||||
four-message exchange (solicit, advertise, request, and reply). The two-message exchange provides
|
||||
faster client configuration and is beneficial in environments in which networks are under a heavy load.
|
||||
See <ulink url="https://tools.ietf.org/html/rfc3315#section-17.2.1">RFC 3315</ulink> for details.
|
||||
Defaults to true.</para>
|
||||
@ -1867,14 +1864,15 @@
|
||||
<varlistentry>
|
||||
<term><varname>SendVendorOption=</varname></term>
|
||||
<listitem>
|
||||
<para>Send an arbitrary vendor option in the DHCPv6 request. Takes an enterprise identifier, DHCP option number,
|
||||
data type, and data separated with a colon
|
||||
(<literal><replaceable>enterprise identifier</replaceable>:<replaceable>option</replaceable>:<replaceable>type</replaceable>:
|
||||
<replaceable>value</replaceable></literal>). Enterprise identifier is an unsigned integer ranges 1..4294967294.
|
||||
The option number must be an integer in the range 1..254. Data type takes one of <literal>uint8</literal>,
|
||||
<literal>uint16</literal>, <literal>uint32</literal>, <literal>ipv4address</literal>, <literal>ipv6address</literal>, or
|
||||
<literal>string</literal>. Special characters in the data string may be escaped using
|
||||
<ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
|
||||
<para>Send an arbitrary vendor option in the DHCPv6 request. Takes an enterprise identifier, DHCP
|
||||
option number, data type, and data separated with a colon (<literal><replaceable>enterprise
|
||||
identifier</replaceable>:<replaceable>option</replaceable>:<replaceable>type</replaceable>:
|
||||
<replaceable>value</replaceable></literal>). Enterprise identifier is an unsigned integer in the
|
||||
range 1–4294967294. The option number must be an integer in the range 1–254. Data type takes one
|
||||
of <literal>uint8</literal>, <literal>uint16</literal>, <literal>uint32</literal>,
|
||||
<literal>ipv4address</literal>, <literal>ipv6address</literal>, or
|
||||
<literal>string</literal>. Special characters in the data string may be escaped using <ulink
|
||||
url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
|
||||
escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
|
||||
then all options specified earlier are cleared. Defaults to unset.</para>
|
||||
</listitem>
|
||||
@ -1918,17 +1916,19 @@
|
||||
<varlistentry>
|
||||
<term><varname>PrefixDelegationHint=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes an IPv6 address with prefix length as <varname>Address=</varname> in
|
||||
the "[Network]" section. Specifies the DHCPv6 client for the requesting router to include
|
||||
a prefix-hint in the DHCPv6 solicitation. Prefix ranges 1..128. Defaults to unset.</para>
|
||||
<para>Takes an IPv6 address with prefix length in the same format as the
|
||||
<varname>Address=</varname> in the [Network] section. The DHCPv6 client will include a prefix
|
||||
hint in the DHCPv6 solicitation sent to the server. The prefix length must be in the range
|
||||
1–128. Defaults to unset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>WithoutRA=</varname></term>
|
||||
<listitem>
|
||||
<para>Allows DHCPv6 client to start without router advertisements's managed or other address configuration flag.
|
||||
Takes one of <literal>solicit</literal> or <literal>information-request</literal>. Defaults to unset.</para>
|
||||
<para>Allows DHCPv6 client to start without router advertisements's managed or other address
|
||||
configuration flag. Takes one of <literal>solicit</literal> or
|
||||
<literal>information-request</literal>. Defaults to unset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2275,10 +2275,9 @@
|
||||
|
||||
<refsect1>
|
||||
<title>[IPv6Prefix] Section Options</title>
|
||||
<para>One or more <literal>[IPv6Prefix]</literal> sections contain the IPv6
|
||||
prefixes that are announced via Router Advertisements. See
|
||||
<ulink url="https://tools.ietf.org/html/rfc4861">RFC 4861</ulink>
|
||||
for further details.</para>
|
||||
<para>One or more [IPv6Prefix] sections contain the IPv6 prefixes that are announced via Router
|
||||
Advertisements. See <ulink url="https://tools.ietf.org/html/rfc4861">RFC 4861</ulink> for further
|
||||
details.</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
|
||||
@ -2405,10 +2404,9 @@
|
||||
<varlistentry>
|
||||
<term><varname>HairPin=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. Configures whether traffic may be sent back
|
||||
out of the port on which it was received. When this flag is false, and the bridge
|
||||
will not forward traffic back out of the receiving port.
|
||||
When unset, the kernel's default will be used.</para>
|
||||
<para>Takes a boolean. Configures whether traffic may be sent back out of the port on which it
|
||||
was received. When this flag is false, then the bridge will not forward traffic back out of the
|
||||
receiving port. When unset, the kernel's default will be used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -2684,7 +2682,7 @@
|
||||
<term><varname>PacketLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the maximum number of packets the qdisc may hold queued at a time.
|
||||
An unsigned integer ranges 0 to 4294967294. Defaults to 1000.</para>
|
||||
An unsigned integer in the range 0–4294967294. Defaults to 1000.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2708,8 +2706,8 @@
|
||||
|
||||
<refsect1>
|
||||
<title>[TokenBucketFilter] Section Options</title>
|
||||
<para>The <literal>[TokenBucketFilter]</literal> section manages the queueing discipline (qdisc) of
|
||||
token bucket filter (tbf).</para>
|
||||
<para>The [TokenBucketFilter] section manages the queueing discipline (qdisc) of token bucket filter
|
||||
(tbf).</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<xi:include href="tc.xml" xpointer="qdisc-parent" />
|
||||
@ -2793,7 +2791,7 @@
|
||||
<term><varname>PacketLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
|
||||
dropped. An unsigned integer ranges 1 to 4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
dropped. An unsigned integer in the range 1–4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
@ -2811,8 +2809,9 @@
|
||||
<varlistentry>
|
||||
<term><varname>PacketLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
|
||||
dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
|
||||
incoming packets are dropped. An unsigned integer in the range 0–4294967294. Defaults to unset and
|
||||
kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
@ -2848,10 +2847,11 @@
|
||||
<varlistentry>
|
||||
<term><varname>LimitBytes=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the hard limit on the FIFO size in bytes. The size limit (a buffer size) to prevent it
|
||||
from overflowing in case it is unable to dequeue packets as quickly as it receives them. When this limit
|
||||
is reached, incoming packets are dropped. When suffixed with K, M, or G, the specified size is parsed as
|
||||
Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para>
|
||||
<para>Specifies the hard limit on the FIFO size in bytes. The size limit (a buffer size) to prevent
|
||||
it from overflowing in case it is unable to dequeue packets as quickly as it receives them. When
|
||||
this limit is reached, incoming packets are dropped. When suffixed with K, M, or G, the specified
|
||||
size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults
|
||||
to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
@ -2869,9 +2869,10 @@
|
||||
<varlistentry>
|
||||
<term><varname>PacketLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the hard limit on the FIFO size in number of packets. The size limit (a buffer size) to prevent it
|
||||
from overflowing in case it is unable to dequeue packets as quickly as it receives them. When this limit is reached,
|
||||
incoming packets are dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
<para>Specifies the hard limit on the FIFO size in number of packets. The size limit (a buffer
|
||||
size) to prevent it from overflowing in case it is unable to dequeue packets as quickly as it
|
||||
receives them. When this limit is reached, incoming packets are dropped. An unsigned integer in the
|
||||
range 0–4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
@ -2917,8 +2918,8 @@
|
||||
<varlistentry>
|
||||
<term><varname>OverheadBytes=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies that bytes to be addeded to the size of each packet. Bytes may be negative.
|
||||
Takes an integer ranges -64 to 256. Defaults to unset and kernel's default is used.</para>
|
||||
<para>Specifies that bytes to be addeded to the size of each packet. Bytes may be negative. Takes
|
||||
an integer in the range from -64 to 256. Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2945,8 +2946,9 @@
|
||||
<varlistentry>
|
||||
<term><varname>PacketLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
|
||||
dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
|
||||
incoming packets are dropped. An unsigned integer in the range 0–4294967294. Defaults to unset and
|
||||
kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -3029,18 +3031,17 @@
|
||||
<varlistentry>
|
||||
<term><varname>Bands=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the number of bands. An unsigned integer ranges 1 to 16. This value has to be
|
||||
at least large enough to cover the strict bands specified through the
|
||||
<varname>StrictBands=</varname> and bandwidth-sharing bands specified in
|
||||
<varname>QuantumBytes=</varname>.</para>
|
||||
<para>Specifies the number of bands. An unsigned integer in the range 1–16. This value has to be at
|
||||
least large enough to cover the strict bands specified through the <varname>StrictBands=</varname>
|
||||
and bandwidth-sharing bands specified in <varname>QuantumBytes=</varname>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>StrictBands=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the number of bands that should be created in strict mode. An unsigned integer
|
||||
ranges 1 to 16.</para>
|
||||
<para>Specifies the number of bands that should be created in strict mode. An unsigned integer in
|
||||
the range 1–16.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -3156,7 +3157,7 @@
|
||||
<varlistentry>
|
||||
<term><varname>QuantumBytes=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the number of bytes used as 'deficit' in the fair queuing algorithmtimespan.
|
||||
<para>Specifies the number of bytes used as the "deficit" in the fair queuing algorithm timespan.
|
||||
When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
|
||||
respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
@ -3411,8 +3412,9 @@
|
||||
<varlistentry>
|
||||
<term><varname>PacketLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
|
||||
dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
|
||||
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
|
||||
incoming packets are dropped. An unsigned integer in the range 0–4294967294. Defaults to unset and
|
||||
kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -405,7 +405,7 @@
|
||||
<varlistentry>
|
||||
<term><varname>Inaccessible=</varname></term>
|
||||
|
||||
<listitem><para>Masks the specified file or directly in the container, by over-mounting it with an empty file
|
||||
<listitem><para>Masks the specified file or directory in the container, by over-mounting it with an empty file
|
||||
node of the same type with the most restrictive access mode. Takes a file system path as argument. This option
|
||||
may be used multiple times to mask multiple files or directories. This option is equivalent to the command line
|
||||
switch <option>--inaccessible=</option>, see
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>The package manager prepares system updates by downloading all (RPM or DEB or
|
||||
<para>The package manager prepares system updates by downloading all (.rpm or .deb or
|
||||
whatever) packages to update off-line in a special directory
|
||||
<filename index="false">/var/lib/system-update</filename> (or
|
||||
another directory of the package/upgrade manager's choice).</para>
|
||||
@ -85,8 +85,8 @@
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>The upgrade scripts should exit only after the update is finished. It is expected
|
||||
that the service which performs the upgrade will cause the machine to reboot after it
|
||||
<para>The update scripts should exit only after the update is finished. It is expected
|
||||
that the service which performs the update will cause the machine to reboot after it
|
||||
is done. If the <filename>system-update.target</filename> is successfully reached, i.e.
|
||||
all update services have run, and the <filename>/system-update</filename> symlink still
|
||||
exists, it will be removed and the machine rebooted as a safety measure.</para>
|
||||
|
@ -896,7 +896,7 @@
|
||||
this option will have no effect.</para>
|
||||
|
||||
<example>
|
||||
<title>A service with with the <varname>SuccessExitStatus=</varname> setting</title>
|
||||
<title>A service with the <varname>SuccessExitStatus=</varname> setting</title>
|
||||
|
||||
<programlisting>SuccessExitStatus=TEMPFAIL 250 SIGUSR1</programlisting>
|
||||
|
||||
|
@ -117,10 +117,9 @@
|
||||
<listitem><para>Socket units automatically gain a <varname>Before=</varname>
|
||||
dependency on the service units they activate.</para></listitem>
|
||||
|
||||
<listitem><para>Socket units referring to file system paths (such as AF_UNIX
|
||||
sockets or FIFOs) implicitly gain <varname>Requires=</varname> and
|
||||
<varname>After=</varname> dependencies on all mount units
|
||||
necessary to access those paths.</para></listitem>
|
||||
<listitem><para>Socket units referring to file system paths (such as <constant>AF_UNIX</constant>
|
||||
sockets or FIFOs) implicitly gain <varname>Requires=</varname> and <varname>After=</varname>
|
||||
dependencies on all mount units necessary to access those paths.</para></listitem>
|
||||
|
||||
<listitem><para>Socket units using the <varname>BindToDevice=</varname>
|
||||
setting automatically gain a <varname>BindsTo=</varname> and
|
||||
@ -300,7 +299,7 @@
|
||||
url="https://www.kernel.org/doc/Documentation/usb/functionfs.txt">USB
|
||||
FunctionFS</ulink> endpoints location to listen on, for
|
||||
implementation of USB gadget functions. This expects an
|
||||
absolute file system path of functionfs mount point as the argument.
|
||||
absolute file system path of FunctionFS mount point as the argument.
|
||||
Behavior otherwise is very similar to the <varname>ListenFIFO=</varname>
|
||||
directive above. Use this to open the FunctionFS endpoint
|
||||
<filename>ep0</filename>. When using this option, the
|
||||
@ -313,9 +312,9 @@
|
||||
<varlistentry>
|
||||
<term><varname>SocketProtocol=</varname></term>
|
||||
<listitem><para>Takes one of <option>udplite</option>
|
||||
or <option>sctp</option>. Specifies a socket protocol
|
||||
(<constant>IPPROTO_UDPLITE</constant>) UDP-Lite
|
||||
(<constant>IPPROTO_SCTP</constant>) SCTP socket respectively. </para>
|
||||
or <option>sctp</option>. The socket will use the UDP-Lite
|
||||
(<constant>IPPROTO_UDPLITE</constant>) or SCTP
|
||||
(<constant>IPPROTO_SCTP</constant>) protocol, respectively.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -349,16 +348,14 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>BindToDevice=</varname></term>
|
||||
<listitem><para>Specifies a network interface name to bind
|
||||
this socket to. If set, traffic will only be accepted from the
|
||||
specified network interfaces. This controls the
|
||||
SO_BINDTODEVICE socket option (see <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
for details). If this option is used, an implicit dependency
|
||||
from this socket unit on the network interface device unit
|
||||
(<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
is created. Note that setting this parameter might result in
|
||||
additional dependencies to be added to the unit (see
|
||||
<listitem><para>Specifies a network interface name to bind this socket to. If set, traffic will only
|
||||
be accepted from the specified network interfaces. This controls the
|
||||
<constant>SO_BINDTODEVICE</constant> socket option (see <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
|
||||
details). If this option is used, an implicit dependency from this socket unit on the network
|
||||
interface device unit is created
|
||||
(see <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
|
||||
Note that setting this parameter might result in additional dependencies to be added to the unit (see
|
||||
above).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -366,12 +363,10 @@
|
||||
<term><varname>SocketUser=</varname></term>
|
||||
<term><varname>SocketGroup=</varname></term>
|
||||
|
||||
<listitem><para>Takes a UNIX user/group name. When specified,
|
||||
all AF_UNIX sockets and FIFO nodes in the file system are
|
||||
owned by the specified user and group. If unset (the default),
|
||||
the nodes are owned by the root user/group (if run in system
|
||||
context) or the invoking user/group (if run in user context).
|
||||
If only a user is specified but no group, then the group is
|
||||
<listitem><para>Takes a UNIX user/group name. When specified, all <constant>AF_UNIX</constant>
|
||||
sockets and FIFO nodes in the file system are owned by the specified user and group. If unset (the
|
||||
default), the nodes are owned by the root user/group (if run in system context) or the invoking
|
||||
user/group (if run in user context). If only a user is specified but no group, then the group is
|
||||
derived from the user's default group.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -420,10 +415,10 @@
|
||||
to work unmodified with systemd socket
|
||||
activation.</para>
|
||||
|
||||
<para>For IPv4 and IPv6 connections, the <varname>REMOTE_ADDR</varname>
|
||||
environment variable will contain the remote IP address, and <varname>REMOTE_PORT</varname>
|
||||
will contain the remote port. This is the same as the format used by CGI.
|
||||
For SOCK_RAW, the port is the IP protocol.</para></listitem>
|
||||
<para>For IPv4 and IPv6 connections, the <varname>REMOTE_ADDR</varname> environment variable will
|
||||
contain the remote IP address, and <varname>REMOTE_PORT</varname> will contain the remote port. This
|
||||
is the same as the format used by CGI. For <constant>SOCK_RAW</constant>, the port is the IP
|
||||
protocol.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -456,17 +451,13 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>KeepAlive=</varname></term>
|
||||
<listitem><para>Takes a boolean argument. If true, the TCP/IP
|
||||
stack will send a keep alive message after 2h (depending on
|
||||
the configuration of
|
||||
<filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>)
|
||||
for all TCP streams accepted on this socket. This controls the
|
||||
SO_KEEPALIVE socket option (see
|
||||
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
and the <ulink
|
||||
url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
|
||||
Keepalive HOWTO</ulink> for details.) Defaults to
|
||||
<option>false</option>.</para></listitem>
|
||||
<listitem><para>Takes a boolean argument. If true, the TCP/IP stack will send a keep alive message
|
||||
after 2h (depending on the configuration of
|
||||
<filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>) for all TCP streams accepted on this
|
||||
socket. This controls the <constant>SO_KEEPALIVE</constant> socket option (see <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> and
|
||||
the <ulink url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP Keepalive
|
||||
HOWTO</ulink> for details.) Defaults to <option>false</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -483,15 +474,12 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>KeepAliveIntervalSec=</varname></term>
|
||||
<listitem><para>Takes time (in seconds) as argument between
|
||||
individual keepalive probes, if the socket option SO_KEEPALIVE
|
||||
has been set on this socket. This controls
|
||||
the TCP_KEEPINTVL socket option (see
|
||||
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
and the <ulink
|
||||
url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
|
||||
Keepalive HOWTO</ulink> for details.) Defaults value is 75
|
||||
seconds.</para></listitem>
|
||||
<listitem><para>Takes time (in seconds) as argument between individual keepalive probes, if the
|
||||
socket option <constant>SO_KEEPALIVE</constant> has been set on this socket. This controls the
|
||||
<constant>TCP_KEEPINTVL</constant> socket option (see <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> and
|
||||
the <ulink url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP Keepalive
|
||||
HOWTO</ulink> for details.) Defaults value is 75 seconds.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -513,17 +501,16 @@
|
||||
algorithm works by combining a number of small outgoing
|
||||
messages, and sending them all at once. This controls the
|
||||
TCP_NODELAY socket option (see
|
||||
<citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
<citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
|
||||
Defaults to <option>false</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>Priority=</varname></term>
|
||||
<listitem><para>Takes an integer argument controlling the
|
||||
priority for all traffic sent from this socket. This controls
|
||||
the SO_PRIORITY socket option (see
|
||||
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
for details.).</para></listitem>
|
||||
<listitem><para>Takes an integer argument controlling the priority for all traffic sent from this
|
||||
socket. This controls the <constant>SO_PRIORITY</constant> socket option (see <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
|
||||
details.).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -559,12 +546,12 @@
|
||||
<varlistentry>
|
||||
<term><varname>ReceiveBuffer=</varname></term>
|
||||
<term><varname>SendBuffer=</varname></term>
|
||||
<listitem><para>Takes an integer argument controlling the
|
||||
receive or send buffer sizes of this socket, respectively.
|
||||
This controls the SO_RCVBUF and SO_SNDBUF socket options (see
|
||||
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
for details.). The usual suffixes K, M, G are supported and
|
||||
are understood to the base of 1024.</para></listitem>
|
||||
<listitem><para>Takes an integer argument controlling the receive or send buffer sizes of this
|
||||
socket, respectively. This controls the <constant>SO_RCVBUF</constant> and
|
||||
<constant>SO_SNDBUF</constant> socket options (see <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
|
||||
details.). The usual suffixes K, M, G are supported and are understood to the base of
|
||||
1024.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -593,23 +580,20 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>Mark=</varname></term>
|
||||
<listitem><para>Takes an integer value. Controls the firewall
|
||||
mark of packets generated by this socket. This can be used in
|
||||
the firewall logic to filter packets from this socket. This
|
||||
sets the SO_MARK socket option. See
|
||||
<citerefentry project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
for details.</para></listitem>
|
||||
<listitem><para>Takes an integer value. Controls the firewall mark of packets generated by this
|
||||
socket. This can be used in the firewall logic to filter packets from this socket. This sets the
|
||||
<constant>SO_MARK</constant> socket option. See <citerefentry
|
||||
project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
|
||||
details.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>ReusePort=</varname></term>
|
||||
<listitem><para>Takes a boolean value. If true, allows
|
||||
multiple
|
||||
<citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s
|
||||
to this TCP or UDP port. This controls the SO_REUSEPORT socket
|
||||
option. See
|
||||
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
for details.</para></listitem>
|
||||
<listitem><para>Takes a boolean value. If true, allows multiple
|
||||
<citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s to this TCP
|
||||
or UDP port. This controls the <constant>SO_REUSEPORT</constant> socket option. See <citerefentry
|
||||
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
|
||||
details.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -685,28 +669,23 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>Broadcast=</varname></term>
|
||||
<listitem><para>Takes a boolean value. This controls the
|
||||
SO_BROADCAST socket option, which allows broadcast datagrams
|
||||
to be sent from this socket. Defaults to
|
||||
<listitem><para>Takes a boolean value. This controls the <constant>SO_BROADCAST</constant> socket
|
||||
option, which allows broadcast datagrams to be sent from this socket. Defaults to
|
||||
<option>false</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>PassCredentials=</varname></term>
|
||||
<listitem><para>Takes a boolean value. This controls the
|
||||
SO_PASSCRED socket option, which allows
|
||||
<constant>AF_UNIX</constant> sockets to receive the
|
||||
credentials of the sending process in an ancillary message.
|
||||
Defaults to <option>false</option>.</para></listitem>
|
||||
<listitem><para>Takes a boolean value. This controls the <constant>SO_PASSCRED</constant> socket
|
||||
option, which allows <constant>AF_UNIX</constant> sockets to receive the credentials of the sending
|
||||
process in an ancillary message. Defaults to <option>false</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>PassSecurity=</varname></term>
|
||||
<listitem><para>Takes a boolean value. This controls the
|
||||
SO_PASSSEC socket option, which allows
|
||||
<constant>AF_UNIX</constant> sockets to receive the security
|
||||
context of the sending process in an ancillary message.
|
||||
Defaults to <option>false</option>.</para></listitem>
|
||||
<listitem><para>Takes a boolean value. This controls the <constant>SO_PASSSEC</constant> socket
|
||||
option, which allows <constant>AF_UNIX</constant> sockets to receive the security context of the
|
||||
sending process in an ancillary message. Defaults to <option>false</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -720,11 +699,10 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>TCPCongestion=</varname></term>
|
||||
<listitem><para>Takes a string value. Controls the TCP
|
||||
congestion algorithm used by this socket. Should be one of
|
||||
"westwood", "veno", "cubic", "lp" or any other available
|
||||
algorithm supported by the IP stack. This setting applies only
|
||||
to stream sockets.</para></listitem>
|
||||
<listitem><para>Takes a string value. Controls the TCP congestion algorithm used by this
|
||||
socket. Should be one of <literal>westwood</literal>, <literal>veno</literal>,
|
||||
<literal>cubic</literal>, <literal>lp</literal> or any other available algorithm supported by the IP
|
||||
stack. This setting applies only to stream sockets.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -788,15 +766,12 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>RemoveOnStop=</varname></term>
|
||||
<listitem><para>Takes a boolean argument. If enabled, any file
|
||||
nodes created by this socket unit are removed when it is
|
||||
stopped. This applies to AF_UNIX sockets in the file system,
|
||||
POSIX message queues, FIFOs, as well as any symlinks to them
|
||||
configured with <varname>Symlinks=</varname>. Normally, it
|
||||
should not be necessary to use this option, and is not
|
||||
recommended as services might continue to run after the socket
|
||||
unit has been terminated and it should still be possible to
|
||||
communicate with them via their file system node. Defaults to
|
||||
<listitem><para>Takes a boolean argument. If enabled, any file nodes created by this socket unit are
|
||||
removed when it is stopped. This applies to <constant>AF_UNIX</constant> sockets in the file system,
|
||||
POSIX message queues, FIFOs, as well as any symlinks to them configured with
|
||||
<varname>Symlinks=</varname>. Normally, it should not be necessary to use this option, and is not
|
||||
recommended as services might continue to run after the socket unit has been terminated and it should
|
||||
still be possible to communicate with them via their file system node. Defaults to
|
||||
off.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -1043,7 +1043,7 @@
|
||||
<para>By default, all user processes and services started on
|
||||
behalf of the user, including the per-user systemd instance
|
||||
are found in this slice. This is pulled in by
|
||||
<filename>systemd-logind.service</filename></para>
|
||||
<filename>systemd-logind.service</filename>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1052,8 +1052,8 @@
|
||||
<listitem>
|
||||
<para>By default, all virtual machines and containers
|
||||
registered with <command>systemd-machined</command> are
|
||||
found in this slice. This is pulled in by
|
||||
<filename>systemd-machined.service</filename></para>
|
||||
found in this slice. This is pulled in by
|
||||
<filename>systemd-machined.service</filename>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -166,7 +166,7 @@
|
||||
<refsect1>
|
||||
<title>Options</title>
|
||||
|
||||
<para>Swap files must include a [Swap] section, which carries
|
||||
<para>Swap unit files must include a [Swap] section, which carries
|
||||
information about the swap device it supervises. A number of
|
||||
options that may be used in this section are shared with other
|
||||
unit types. These options are documented in
|
||||
|
@ -98,10 +98,10 @@ KeyTwo=value 2 \
|
||||
value 2 continued
|
||||
|
||||
[Section C]
|
||||
KeyThree=value 2\
|
||||
KeyThree=value 3\
|
||||
# this line is ignored
|
||||
; this line is ignored too
|
||||
value 2 continued
|
||||
value 3 continued
|
||||
</programlisting></example>
|
||||
|
||||
<para>Boolean arguments used in configuration files can be written in
|
||||
|
@ -98,18 +98,20 @@
|
||||
<refsect1>
|
||||
<title>Parsing Timestamps</title>
|
||||
|
||||
<para>When parsing, systemd will accept a similar syntax, but expects no timezone specification, unless it is given
|
||||
as the literal string <literal>UTC</literal> (for the UTC timezone), or is specified to be the locally configured
|
||||
timezone, or the timezone name in the IANA timezone database format. The complete list of timezones
|
||||
supported on your system can be obtained using the <literal>timedatectl list-timezones</literal>
|
||||
(see <citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
|
||||
Using IANA format is recommended over local timezone names, as less prone to errors (eg: with local timezone it's possible to
|
||||
specify daylight saving time in winter, while it's incorrect). The weekday specification is optional, but when
|
||||
the weekday is specified, it must either be in the abbreviated (<literal>Wed</literal>) or non-abbreviated
|
||||
(<literal>Wednesday</literal>) English language form (case does not matter), and is not subject to the locale
|
||||
choice of the user. Either the date, or the time part may be omitted, in which case the current date or 00:00:00,
|
||||
respectively, is assumed. The seconds component of the time may also be omitted, in which case ":00" is
|
||||
assumed. Year numbers may be specified in full or may be abbreviated (omitting the century).</para>
|
||||
<para>When parsing, systemd will accept a similar syntax, but expects no timezone specification, unless
|
||||
it is given as the literal string <literal>UTC</literal> (for the UTC timezone), or is specified to be
|
||||
the locally configured timezone, or the timezone name in the IANA timezone database format. The complete
|
||||
list of timezones supported on your system can be obtained using the <literal>timedatectl
|
||||
list-timezones</literal> (see
|
||||
<citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>). Using
|
||||
IANA format is recommended over local timezone names, as less prone to errors (e.g. with local timezone
|
||||
it's possible to specify daylight saving time in winter, even though that is not correct). The weekday
|
||||
specification is optional, but when the weekday is specified, it must either be in the abbreviated
|
||||
(<literal>Wed</literal>) or non-abbreviated (<literal>Wednesday</literal>) English language form (case
|
||||
does not matter), and is not subject to the locale choice of the user. Either the date, or the time part
|
||||
may be omitted, in which case the current date or 00:00:00, respectively, is assumed. The seconds
|
||||
component of the time may also be omitted, in which case ":00" is assumed. Year numbers may be specified
|
||||
in full or may be abbreviated (omitting the century).</para>
|
||||
|
||||
<para>A timestamp is considered invalid if a weekday is specified and the date does not match the specified day of
|
||||
the week.</para>
|
||||
@ -282,7 +284,7 @@ Wed..Sat,Tue 12-10-15 1:2:3 → Tue..Sat 2012-10-15 01:02:03
|
||||
<para>Use the <command>calendar</command> command of
|
||||
<citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry> to validate
|
||||
and normalize calendar time specifications for testing purposes. The tool also calculates when a specified
|
||||
calendar event would elapse next.</para>
|
||||
calendar event would occur next.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
@ -737,7 +737,7 @@
|
||||
that the listed unit is fully started up before the configured unit is started.</para>
|
||||
|
||||
<para>When two units with an ordering dependency between them are shut down, the inverse of the
|
||||
start-up order is applied. i.e. if a unit is configured with <varname>After=</varname> on another
|
||||
start-up order is applied. I.e. if a unit is configured with <varname>After=</varname> on another
|
||||
unit, the former is stopped before the latter if both are shut down. Given two units with any
|
||||
ordering dependency between them, if one unit is shut down and the other is started up, the shutdown
|
||||
is ordered before the start-up. It doesn't matter if the ordering dependency is
|
||||
@ -833,7 +833,7 @@
|
||||
<option>--job-mode=</option> option for details on the
|
||||
possible values. If this is set to <literal>isolate</literal>,
|
||||
only a single unit may be listed in
|
||||
<varname>OnFailure=</varname>..</para></listitem>
|
||||
<varname>OnFailure=</varname>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -1027,9 +1027,9 @@
|
||||
<term><varname>StartLimitAction=</varname></term>
|
||||
|
||||
<listitem><para>Configure an additional action to take if the rate limit configured with
|
||||
<varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same
|
||||
values as the setting <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings and executes
|
||||
the same actions. If <option>none</option> is set, hitting the rate limit will trigger no action besides that
|
||||
<varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same
|
||||
values as the <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings. If
|
||||
<option>none</option> is set, hitting the rate limit will trigger no action except that
|
||||
the start will not be permitted. Defaults to <option>none</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -760,13 +760,11 @@
|
||||
<varlistentry>
|
||||
<term><varname>systemd.crash_chvt</varname></term>
|
||||
|
||||
<listitem><para>Takes a positive integer, or a boolean argument. Can be also
|
||||
specified without an argument, with the same effect as a positive boolean. If
|
||||
a positive integer (in the range 1–63) is specified, the system manager (PID
|
||||
1) will activate the specified virtual terminal (VT) when it
|
||||
crashes. Defaults to disabled, meaning that no such switch is attempted. If
|
||||
set to enabled, the VT the kernel messages are written to is selected.
|
||||
</para></listitem>
|
||||
<listitem><para>Takes a positive integer, or a boolean argument. Can be also specified without an
|
||||
argument, with the same effect as a positive boolean. If a positive integer (in the range 1–63) is
|
||||
specified, the system manager (PID 1) will activate the specified virtual terminal when it crashes.
|
||||
Defaults to disabled, meaning that no such switch is attempted. If set to enabled, the virtual
|
||||
terminal the kernel messages are written to is used instead.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -1089,14 +1087,15 @@
|
||||
this context, because they are properly namespaced. When an option is specified both on the kernel
|
||||
command line, and as a normal command line argument, the latter has higher precedence.</para>
|
||||
|
||||
<para>When <command>systemd</command> is used a user manager, the kernel command line is ignored and
|
||||
<para>When <command>systemd</command> is used as a user manager, the kernel command line is ignored and
|
||||
the options described are understood. Nevertheless, <command>systemd</command> is usually started in
|
||||
this mode through the
|
||||
<citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
service, which is shared between all users, and it may be more convenient to use configuration files to
|
||||
modify settings, see
|
||||
<citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
or a drop-in that specifies one of the environment variables listed above in "Environment, see
|
||||
or a drop-in that specifies one of the environment variables listed above in the Environment section,
|
||||
see
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
|
||||
<variablelist>
|
||||
@ -1146,8 +1145,8 @@
|
||||
<varlistentry>
|
||||
<term><option>--show-status</option></term>
|
||||
|
||||
<listitem><para>Show terse unit status information is shown on the console during boot-up and
|
||||
shutdown. See <varname>systemd.show_status</varname> above.</para></listitem>
|
||||
<listitem><para>Show terse unit status information on the console during boot-up and shutdown. See
|
||||
<varname>systemd.show_status</varname> above.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
24
man/tc.xml
24
man/tc.xml
@ -10,27 +10,28 @@
|
||||
<varlistentry id='qdisc-parent'>
|
||||
<term><varname>Parent=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>,
|
||||
<literal>clsact</literal>, <literal>ingress</literal> or a class id. The class id takes the
|
||||
major and minor number in hexadecimal ranges 1 to ffff separated with a colon
|
||||
(<literal>major:minor</literal>). Defaults to <literal>root</literal>.</para>
|
||||
<para>Configures the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>,
|
||||
<literal>clsact</literal>, <literal>ingress</literal> or a class identifier. The class identifier is
|
||||
specified as the major and minor numbers in hexadecimal in the range 0x1–Oxffff separated with a
|
||||
colon (<literal>major:minor</literal>). Defaults to <literal>root</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry id='qdisc-handle'>
|
||||
<term><varname>Handle=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the major number of unique identifier of the qdisc, known as the handle.
|
||||
Takes a number in hexadecimal ranges 1 to ffff. Defaults to unset.</para>
|
||||
<para>Configures the major number of unique identifier of the qdisc, known as the handle.
|
||||
Takes a hexadecimal number in the range 0x1–0xffff. Defaults to unset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry id='tclass-parent'>
|
||||
<term><varname>Parent=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>,
|
||||
or a qdisc id. The qdisc id takes the major and minor number in hexadecimal ranges 1 to ffff
|
||||
separated with a colon (<literal>major:minor</literal>). Defaults to <literal>root</literal>.
|
||||
<para>Configures the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>, or a
|
||||
qdisc identifier. The qdisc identifier is specified as the major and minor numbers in hexadecimal in
|
||||
the range 0x1–Oxffff separated with a colon (<literal>major:minor</literal>). Defaults to
|
||||
<literal>root</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -38,8 +39,9 @@
|
||||
<varlistentry id='tclass-classid'>
|
||||
<term><varname>ClassId=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the major and minur number of unique identifier of the class, known as the
|
||||
class ID. Each number is in hexadecimal ranges 1 to ffff. Defaults to unset.</para>
|
||||
<para>Configues the unique identifier of the class. It is specified as the major and minor numbers in
|
||||
hexadecimal in the range 0x1–Oxffff separated with a colon (<literal>major:minor</literal>).
|
||||
Defaults to unset.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -163,11 +163,10 @@
|
||||
<title>Well-Known Services</title>
|
||||
|
||||
<para>The <command>userdbctl services</command> command will list all currently running services that
|
||||
provide user or group definitions to the system. The following are well-known services are shown among
|
||||
this list.</para>
|
||||
provide user or group definitions to the system. The following well-known services are shown among
|
||||
this list:</para>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term><constant>io.systemd.DynamicUser</constant></term>
|
||||
|
||||
|
@ -777,7 +777,7 @@ bool valid_user_group_name(const char *u, ValidUserFlags flags) {
|
||||
return false;
|
||||
|
||||
if (in_charset(u, "0123456789")) /* Don't allow fully numeric strings, they might be confused
|
||||
* with with UIDs (note that this test is more broad than
|
||||
* with UIDs (note that this test is more broad than
|
||||
* the parse_uid() test above, as it will cover more than
|
||||
* the 32bit range, and it will detect 65535 (which is in
|
||||
* invalid UID, even though in the unsigned 32 bit range) */
|
||||
|
@ -625,7 +625,7 @@ int journal_file_fstat(JournalFile *f) {
|
||||
|
||||
f->last_stat_usec = now(CLOCK_MONOTONIC);
|
||||
|
||||
/* Refuse dealing with with files that aren't regular */
|
||||
/* Refuse dealing with files that aren't regular */
|
||||
r = stat_verify_regular(&f->last_stat);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -43,7 +43,7 @@ struct match_callback {
|
||||
|
||||
unsigned last_iteration;
|
||||
|
||||
/* Don't dispatch this slot with with messages that arrived in any iteration before or at the this
|
||||
/* Don't dispatch this slot with messages that arrived in any iteration before or at the this
|
||||
* one. We use this to ensure that matches don't apply "retroactively" and thus can confuse the
|
||||
* caller: matches will only match incoming messages from the moment on the match was installed. */
|
||||
uint64_t after;
|
||||
|
Loading…
Reference in New Issue
Block a user