1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

171 Commits

Author SHA1 Message Date
anphir
78a529caa5 man: improve documentation about using resource-control options
According to the documentation in systemd.resource-control(5),
resource-control options may be used in mount, scope, service,
slice, socket and swap units.
While e.g. systemd.service(5) includes that information,
documentation for some other units does not.

The most problematic example is systemd.slice(5).
Its documentation states a slice unit may only contain [Install]
and [Unit] sections, while actually it may contain also a [Slice]
section with options from systemd.resource-control(5).
units/user/app.slice is an example of a slice unit having a [Slice]
section.
2024-05-03 11:36:56 +02:00
Mike Yuan
6b014a2ac4
man/systemd.socket: be explicit that MaxConnectionsPerSource=0 means disabled 2024-04-08 01:49:49 +08:00
Vito Caputo
a7d8cacce0 man: fix typo s/veno/reno/ 2024-04-06 07:12:33 +02:00
Jakub Sitnicki
97df75d7bd socket: pass socket FDs to all ExecXYZ= commands but ExecStartPre=
Today listen file descriptors created by socket unit don't get passed to
commands in Exec{Start,Stop}{Pre,Post}= socket options.

This prevents ExecXYZ= commands from accessing the created socket FDs to do
any kind of system setup which involves the socket but is not covered by
existing socket unit options.

One concrete example is to insert a socket FD into a BPF map capable of
holding socket references, such as BPF sockmap/sockhash [1] or
reuseport_sockarray [2]. Or, similarly, send the file descriptor with
SCM_RIGHTS to another process, which has access to a BPF map for storing
sockets.

To unblock this use case, pass ListenXYZ= file descriptors to ExecXYZ=
commands as listen FDs [4]. As an exception, ExecStartPre= command does not
inherit any file descriptors because it gets invoked before the listen FDs
are created.

This new behavior can potentially break existing configurations. Commands
invoked from ExecXYZ= might not expect to inherit file descriptors through
sd_listen_fds protocol.

To prevent breakage, add a new socket unit parameter,
PassFileDescriptorsToExec=, to control whether ExecXYZ= programs inherit
listen FDs.

[1] https://docs.kernel.org/bpf/map_sockmap.html
[2] https://lore.kernel.org/r/20180808075917.3009181-1-kafai@fb.com
[3] https://man.archlinux.org/man/socket.7#SO_INCOMING_CPU
[4] https://www.freedesktop.org/software/systemd/man/latest/sd_listen_fds.html
2024-03-27 01:41:26 +08:00
Daan De Meyer
db7374e156 Document new vsock literals
Fixes #31849
2024-03-19 12:31:36 +00:00
Lennart Poettering
48930a5ded pid1: make MaxConnectionsPerSource= also work for AF_UNIX sockets
The setting currently puts limits on connections per IP address and
AF_UNIX CID. Let's extend it to cover AF_UNIX too, where it puts a limit
on connections per UID.

This is particularly useful for the various Accept=yes Varlink services
we now have, as it means, the number of per-user instance services
cannot grow without bounds.
2024-02-12 11:57:16 +01:00
David Tardon
eea10b26f7 man: use same version in public and system ident. 2023-12-25 15:51:47 +01:00
David Tardon
13a69c120b man: use <simplelist> for 'See also' sections
This is just a slight markup improvement; there should be no difference
in rendering.
2023-12-23 08:28:57 +01:00
Zbigniew Jędrzejewski-Szmek
bf63dadbc6 man: more hyperlinks and other fixes
Closes https://github.com/systemd/systemd/issues/29814.
2023-11-06 20:16:34 +01:00
Lennart Poettering
9373fce68d man: document the new PollLimitIntervalSec=/PollLimitBurst= settings 2023-09-18 18:55:19 +02:00
Abderrahim Kitouni
ec07c3c80b man: add version info
This tries to add information about when each option was added. It goes
back to version 183.

The version info is included from a separate file to allow generating it,
which would allow more control on the formatting of the final output.
2023-08-29 14:07:24 +01:00
Erik Sjölund
6870daff03 man: fix typos 2023-07-27 09:54:43 +01:00
Zbigniew Jędrzejewski-Szmek
da89046643 tree-wide: "<n>bit" → "<n>-bit"
In some places, "<n> bits" is used when more appropriate.
2023-07-02 11:10:12 +01:00
Frantisek Sumsal
dc7e580e64 tree-wide: use https for the 0pointer.de doc links 2023-06-23 13:46:56 +01:00
Lennart Poettering
e503019bc7 tree-wide: when in doubt use greek small letter mu rather than micro symbol
Doesn't really matter since the two unicode symbols are supposedly
equivalent, but let's better follow the unicode recommendations to
prefer greek small letter mu, as per:

https://www.unicode.org/reports/tr25
2023-06-14 10:23:56 +02:00
Lennart Poettering
768fcd779f socket: bump listen() backlog to INT_MAX everywhere
This is a rework of #24764 by Cristian Rodríguez
<crodriguez@owncloud.com>, which stalled.

Instead of assigning -1 we'll use a macro defined to INT_MAX however.
2023-06-13 14:17:25 +02:00
Lennart Poettering
dbbf0618d0 man: reference naming of triggered services of timer unit
Fixes: #27116
2023-06-08 14:54:30 +02:00
nl6720
0e68582323 tree-wide: link to docs.kernel.org for kernel documentation
https://www.kernel.org/ links to https://docs.kernel.org/ for the documentation.
See https://git.kernel.org/pub/scm/docs/kernel/website.git/commit/?id=ebc1c372850f249dd143c6d942e66c88ec610520

These URLs are shorter and nicer looking.
2022-07-04 19:56:53 +02:00
Zbigniew Jędrzejewski-Szmek
2f8211c64a tree-wide: use html links for kernel docs
Instead of using "*.txt" as reference name, use the actual destination title.
2022-07-02 12:13:00 +02:00
Luca Boccassi
ef1aa10692 man: fix typo in systemd.socket.5 2021-12-18 17:23:53 +00:00
Lennart Poettering
c91d2b4352 man: suggest usage of CollectMode= in Accept=yes services 2021-11-25 00:11:31 +01:00
Zbigniew Jędrzejewski-Szmek
d8e1613ed2 man: mention pages with more settings at end of each option list
For some unit types we have hundreds of options, and the reader may easily miss
that more options are described in other pages. We already mentioned this in
the introduction and then at the top of the option list, but it can't hurt to
repeat the information.

Also, add an (almost empty) Options section for the unit types which don't have
any custom options. It is nicer to have the same page structure in all cases,
so people can jump between pages for different types more easily.
2021-09-27 09:19:02 +02:00
Michal Sekletar
49590d67c9 selinux: support infering SELinux label also from socket not connected to stdin
Fixes #19918
2021-07-02 09:26:22 +02:00
Yu Watanabe
3d62af7d23 tree-wide: fix "the the" and "a a" 2021-06-30 23:32:43 +09:00
Yu Watanabe
db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Lennart Poettering
95923d7e13 man: document the new Timestamping= option 2020-10-27 14:12:45 +01:00
Lennart Poettering
2d6d4136cd socket-util: make socket_set_recvpktinfo control PACKET_AUXDATA sockopt on AF_PACKET
Just for the sake of completness.
2020-10-27 14:12:10 +01:00
Lennart Poettering
c758bea722 man: add references to fifo(7) and mq_overview(7) man pages 2020-10-27 14:11:48 +01:00
Zbigniew Jędrzejewski-Szmek
3b1211574b man: use trailing slash on directories in more places 2020-10-05 18:44:05 +02:00
Zbigniew Jędrzejewski-Szmek
885a4e6ca7 man: assorted small fixes
This is almost all of #17177.
2020-09-30 10:31:21 +02:00
Renaud Métrich
1bdecfb8e7 socket: unified documentation for Accept to use 'yes/no' everywhere 2020-09-18 12:57:27 +02:00
Frantisek Sumsal
69e3234db7 tree-wide: fix typos found by codespell
Reported by Fossies.org
2020-09-14 15:32:37 +02:00
Lennart Poettering
c6a7924513 man: always document both the ipv4 and the ipv6 sockopt 2020-09-11 10:33:13 +02:00
Zbigniew Jędrzejewski-Szmek
a07ab56a49 Allow interface scopes to be specified in ListenStream=
Closes #12624.

The formatting in systemd.socket.xml is updated a bit.

Currently in_addr_port_ifindex_name_to_string() always prints the ifindex
numerically. This is not super useful since the interface numbers are
semi-random. Should we use interface names in preference?
2020-09-10 00:46:44 +02:00
Renaud Métrich
3e5f04bf64 socket: New option 'FlushPending' (boolean) to flush socket before entering listening state
Disabled by default. When Enabled, before listening on the socket, flush the content.
Applies when Accept=no only.
2020-09-01 17:20:23 +02:00
Lennart Poettering
df2f58176d doc: cross link sd_listen_fd() docs a bit
Let's make sure the sd_listen_fd() docs are really found from the
.socket file documentation as well as the FileDescriptorStoreMax=
documentation.

Let's also emphasize that that's where the order in which the fds are
passed are documented.

Fixes: #16647
2020-09-01 16:20:34 +02:00
Zbigniew Jędrzejewski-Szmek
bdac560801 tree-wide: drop quotes from around [section]
For users, the square brackets already serve as markup and clearly delineate
the section name from surrounding text. Putting additional markup around that
only adds clutter. Also, we were very inconsistent in using the quotes. Let's
just drop them altogether.
2020-07-06 11:29:05 +02:00
Zbigniew Jędrzejewski-Szmek
e9dd698407 tree-wide: fixes for assorted grammar and spelling issues
Fixes #16363. Also includes some changes where I generalized the pattern.
2020-07-06 11:29:05 +02:00
Lennart Poettering
a3d19f5d99 core: add new PassPacketInfo= socket unit property 2020-05-27 22:40:38 +02:00
Philip Withnall
f627573031 man: Add missing <literal> tags in various man pages
A minor formatting improvement brought to you by the wonders of `git
grep`.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2019-06-12 10:39:50 +01:00
Zbigniew Jędrzejewski-Szmek
847af199e5 man: reword systemd.socket(5) description to avoid "file" when talking about services
This text was written a long time ago, when we mostly talked about "service
files".  Strictly speaking, we don't need a "file", because the service might
be just an instance of a template, or an alias to another service. So let's use
the more modern parlance of "service units".

https://bugzilla.redhat.com/show_bug.cgi?id=1623781#c21
2019-05-22 16:28:02 +02:00
Zbigniew Jędrzejewski-Szmek
3a54a15760 man: use same header for all files
The "include" files had type "book" for some raeason. I don't think this
is meaningful. Let's just use the same everywhere.

$ perl -i -0pe 's^..DOCTYPE (book|refentry) PUBLIC "-//OASIS//DTD DocBook XML V4.[25]//EN"\s+"http^<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"\n  "http^gms' man/*.xml
2019-03-14 14:42:05 +01:00
Zbigniew Jędrzejewski-Szmek
0307f79171 man: standarize on one-line license header
No need to waste space, and uniformity is good.

$ perl -i -0pe 's|\n+<!--\s*SPDX-License-Identifier: LGPL-2.1..\s*-->|\n<!-- SPDX-License-Identifier: LGPL-2.1+ -->|gms' man/*.xml
2019-03-14 14:29:37 +01:00
Yu Watanabe
d1698b82e6 man: add referecne to systemd-system.conf 2019-02-01 12:31:51 +01:00
Lennart Poettering
48e6dd3763 man: document relationship of .socket units and network namespaces
Fixes: #10018
2018-10-30 15:30:18 +01:00
Lennart Poettering
964c4eda5b man: also use "yes"/"no" rather than "true"/"false" in man pages
We usually use yes/no in all our unit files, do the same in the man
pages.

Triggered by:

https://github.com/systemd/systemd/pull/9824#issuecomment-420729987
2018-10-13 12:59:29 +02:00
Steve Ramage
a7c64e14e7 man: Fixed grammatical error in systemd.socket.xml (#9916) 2018-08-23 13:14:17 +09:00
Zbigniew Jędrzejewski-Szmek
514094f933 man: drop mode line in file headers
This is already included in .dir-locals, so we don't need it
in the files themselves.
2018-07-03 01:32:25 +02:00
Zbigniew Jędrzejewski-Szmek
fdbbee37d5 man: drop unused <authorgroup> tags from man sources
Docbook styles required those to be present, even though the templates that we
use did not show those names anywhere. But something changed semi-recently (I
would suspect docbook templates, but there was only a minor version bump in
recent years, and the changelog does not suggest anything related), and builds
now work without those entries. Let's drop this dead weight.

Tested with F26-F29, debian unstable.

$ perl -i -0pe 's/\s*<authorgroup>.*<.authorgroup>//gms' man/*xml
2018-06-14 12:22:18 +02:00
Lennart Poettering
0c69794138 tree-wide: remove Lennart's copyright lines
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
2018-06-14 10:20:20 +02:00