1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

6953 Commits

Author SHA1 Message Date
Luca Boccassi
89f119b654
Merge pull request #23731 from bluca/bootctl_image
bootctl: add --root and --image
2022-07-08 21:59:16 +01:00
Luca Boccassi
02d06ba180 bootctl: add --install-source=auto|image|host
When using --root=/--image= the binaries to install/update will be
picked from the directory/image. Add an option to let the caller
choose.
By default (auto) the image is tried first, and if nothing is found
then the host. The other options allow to strictly try the image
or host and ignore the other.
2022-07-08 16:58:51 +01:00
Luca Boccassi
80a2381d5c bootctl: add --root and --image
Operate on image/directory, and also take files to install from it
2022-07-08 16:58:15 +01:00
Frank Dana
1f7eed4c35 resolvectl man page: Word correction 2022-07-07 13:02:06 +02:00
Zbigniew Jędrzejewski-Szmek
2615c1f17a os-release: define SUPPORT_END=
Fixes #21764.

I think is very simple, but flexible. The date may be set early, for distros
that have a fixed schedule, but it doesn't have to. So for example Debian could
push out an update that sets a few months before the release goes EOL. And
various tools, in particular graphical desktops, can start nagging people to
upgrade a few weeks before the date.

As discussed in the bug, we don't need granularity higher than a day. And this
means that we can use a simple human- and machine-readable format.
I was considering other names, e.g. something with "EOL", but I think that
"SUPPORT_END" is better because it doesn't imply that the machine will somehow
stop working. This is supposed to be an advisory, nothing more.
2022-07-07 07:35:17 +09:00
Zbigniew Jędrzejewski-Szmek
132b63bd31
Merge pull request #15205 from jlebon/pr/preset-all-firstboot
manager: optionally, do a full preset on first boot
2022-07-06 19:11:01 +02:00
Zbigniew Jędrzejewski-Szmek
91199185b1 kernel-install: allow overriding the path to config files
It's pretty hard to write tests without this. I started out by adding separate
variables for each of the files we read, but there's a bunch, and in practice
it's good enough to just override the directory.
2022-07-06 16:33:11 +02:00
Zbigniew Jędrzejewski-Szmek
f5f5047ff1 man: rework documentation of kernel-install config
Variables read by kernel-install and those exported by it were described
without any clear separation. So in particular it was pretty hard to answer
a question like "what variables can be set in install.conf". The in- and
out-variables are now split into two separate subsections.
2022-07-06 16:33:09 +02:00
Lennart Poettering
0c772b1cc1 man: "enabled commands are started at boot" is rubbish
it's enabled units, and they might be started by various forms of
activation, not just "at boot".

Fix that.
2022-07-06 15:56:53 +02:00
Yu Watanabe
917c6bb4b3
Merge pull request #23916 from keszybz/assorted-patches
Assorted patches
2022-07-06 14:15:50 +09:00
Lennart Poettering
e07ed99dd7 docs: normalize uppercasing of titles of network doc 2022-07-05 22:12:08 +02:00
Zbigniew Jędrzejewski-Szmek
6f52e1c63b man: fix link to glob(3) 2022-07-05 21:49:12 +02:00
nl6720
0e68582323 tree-wide: link to docs.kernel.org for kernel documentation
https://www.kernel.org/ links to https://docs.kernel.org/ for the documentation.
See https://git.kernel.org/pub/scm/docs/kernel/website.git/commit/?id=ebc1c372850f249dd143c6d942e66c88ec610520

These URLs are shorter and nicer looking.
2022-07-04 19:56:53 +02:00
Zbigniew Jędrzejewski-Szmek
f217f9a8b3 man/network: fix wording and syntax
Follow-up for 0bcc6557fb. Docbook doesn't
know <variable>.
2022-07-02 13:40:49 +02:00
Zbigniew Jędrzejewski-Szmek
2f8211c64a tree-wide: use html links for kernel docs
Instead of using "*.txt" as reference name, use the actual destination title.
2022-07-02 12:13:00 +02:00
Zbigniew Jędrzejewski-Szmek
628f7b1e70 sd-bus: use assert_return() in public function sd_bus_message_dump
Also, document that NULL is allowed.
2022-06-30 10:55:39 +02:00
Zbigniew Jędrzejewski-Szmek
7e922b0584 sd-event: let sd_event_source_set_enabled accept NULL
Same story as before: disabling a non-existent event source shouldn't
need to be guarded by an if. I retained the wrapper so that that we don't
have to say SD_EVENT_OFF in the many places where this is called.
2022-06-30 10:35:27 +02:00
Zbigniew Jędrzejewski-Szmek
71193c0b62 sd-event: allow sd_event_source_is_enabled() to return false for NULL
This is a natural use case, and instead of defining a wrapper to do this
for us, let's just make this part of the API. Calling with NULL was not
allowed, so this is not a breaking change to the interface.

(After sd_event_source_is_enabled was originally added, we introduced
sd_event_source_disable_unref() and other similar functions which accept
NULL. So not accepting NULL here is likely to confuse people. Let's just
make the API usable with minimal fuss.)
2022-06-30 10:35:27 +02:00
Zbigniew Jędrzejewski-Szmek
85f8afb706 man: document sd_bus_message_read_strv_extend() 2022-06-30 10:35:27 +02:00
Zbigniew Jędrzejewski-Szmek
944c124330 man: document sd_id128_string_equal() 2022-06-30 10:35:27 +02:00
Zbigniew Jędrzejewski-Szmek
d13f105165 man: rework the text in sd-id128
In places the text was overly formal, e.g. "an 128-bit ID" was repeated, even
though it is clear from the context that we're talking about this type of ID.
OTOH, in other places the text was informal, e.g. "You can use …".
Also, "you may use f() to frob" → "f() frobs". The text without all the
flourishes is easier to read.

sd_id128_in_set_sentinel() was described only in passing when taking about
sd_id128_in_set(), now it gets is own brief paragraph.

The synopsis was missing.
2022-06-30 10:35:27 +02:00
Zbigniew Jędrzejewski-Szmek
870c2aaf8c man: document sd_bus_error_setfv()
The description for sd_bus_error_set_errnof/sd_bus_error_set_errnofv are
adjusted to use the same pattern.
2022-06-30 10:35:27 +02:00
Zbigniew Jędrzejewski-Szmek
4e116dd4fc meson: update man-generation rules for sd_hwdb_new_from_path
Forgotten in 60f0ba7556.
2022-06-30 10:35:27 +02:00
Michael Biebl
e2285c5735 Use https for man7.org 2022-06-28 16:05:31 +02:00
Michael Biebl
41d6f3bf4d Use https for freedesktop.org
grep -l -r http:// | xargs sed -E -i s'#http://(.*).freedesktop.org#https://\1.freedesktop.org#'
2022-06-28 13:10:05 +02:00
David Tardon
4885d7490b logind-session-dbus: allow to set display name via dbus
Currently, the only way to set display name of a graphical session is to
pass it to CreateSession(). But modern display managers like gdm start
the display server as part of the user session, which means that the
display name isn't known yet when the session is being created. Hence,
let's make it possible to set it later.
2022-06-22 22:34:29 +02:00
Yu Watanabe
46355675f7
Merge pull request #23774 from yuwata/netlabel-nftset-follow-ups
network, core: revert NFTSet and NetLabel features
2022-06-23 01:33:19 +09:00
Zbigniew Jędrzejewski-Szmek
a7b2aa658f
Merge pull request #23806 from keszybz/udevadm-info-pager
Pager for udevadm info
2022-06-22 16:50:53 +02:00
Yu Watanabe
a32badc5a6 Revert "networkd: NetLabel integration"
This reverts PR #23269 and its follow-up commit. Especially,
2299b1cae3 (partially), and
3cf63830ac.

The PR was merged without final approval, and has several issues:
- The NetLabel for static addresses are not assigned, as labels are
  stored in the Address objects managed by Network, instead of Link.
- If NetLabel is specified for a static address, then the address
  section will be invalid and the address will not be configured,
- It should be implemented with Request object,
- There is no test about the feature.
2022-06-22 22:34:26 +09:00
Yu Watanabe
b48ed70c79 Revert NFTSet feature
This reverts PR #22587 and its follow-up commit. More specifically,
2299b1cae3 (partially),
e176f85527,
ceb46a31a0, and
51bb9076ab.

The PR was merged without final approval, and has several issues:
- OSS fuzz reported issues in the conf parser,
- It calls synchrnous netlink call, it should not be especially in PID1,
- The importance of NFTSet for CGroup and DynamicUser may be
  questionable, at least, there was no justification PID1 should support
  it.
- For networkd, it should be implemented with Request object,
- There is no test for the feature.

Fixes #23711.
Fixes #23717.
Fixes #23719.
Fixes #23720.
Fixes #23721.
Fixes #23759.
2022-06-22 22:23:58 +09:00
Zbigniew Jędrzejewski-Szmek
b6ec23a01a udevadm info: implement --no-pager 2022-06-22 14:31:42 +02:00
Foster Snowhill
1132f004b3 cryptenroll: fix typo in manpage 2022-06-18 10:42:13 +09:00
Yu Watanabe
172cbcdc8b tree-wide: fix typo 2022-06-15 14:50:34 +09:00
adrian5
b105d41304 man: Add some punctuation; remove double spaces. 2022-06-15 03:22:15 +09:00
Jan Janssen
23742af522 boot: Drop use of MetaiMatch
A future commit will add support for unicode collation protocol that
allows case folding and comparing strings with locale awareness. But it
only operates on whole strings, so fnmatch cannot use those without a
heavy cost. Instead we just case fold the patterns instead (the IDs we
try to match are already lower case).
2022-06-09 12:50:13 +02:00
Topi Miettinen
46c3b1ff88 core: firewall integration with DynamicUserNFTSet=
New directive `DynamicUserNFTSet=` provides a method for integrating
configuration of dynamic users into firewall rules with NFT sets.

Example:
```
table inet filter {
        set u {
                typeof meta skuid
        }

        chain service_output {
                meta skuid != @u drop
                accept
        }
}
```

```
/etc/systemd/system/dunft.service
[Service]
DynamicUser=yes
DynamicUserNFTSet=inet:filter:u
ExecStart=/bin/sleep 1000

[Install]
WantedBy=multi-user.target
```

```
$ sudo nft list set inet filter u
table inet filter {
        set u {
                typeof meta skuid
                elements = { 64864 }
        }
}
$ ps -n --format user,group,pid,command -p `pgrep sleep`
    USER    GROUP     PID COMMAND
   64864    64864   55158 /bin/sleep 1000
```
2022-06-08 16:12:25 +00:00
Topi Miettinen
c0548df0a2 core: firewall integration with ControlGroupNFTSet=
New directive `ControlGroupNFTSet=` provides a method for integrating services
into firewall rules with NFT sets.

Example:

```
table inet filter {
...
        set timesyncd {
                type cgroupsv2
        }

        chain ntp_output {
                socket cgroupv2 != @timesyncd counter drop
                accept
        }
...
}
```

/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
ControlGroupNFTSet=inet:filter:timesyncd
```

```
$ sudo nft list set inet filter timesyncd
table inet filter {
        set timesyncd {
                type cgroupsv2
                elements = { "system.slice/systemd-timesyncd.service" }
        }
}
```
2022-06-08 16:12:25 +00:00
Topi Miettinen
ab51fd9dbd network: firewall integration with NFT sets
New directives `NFTSet=`, `IPv4NFTSet=` and `IPv6NFTSet=` provide a method for
integrating configuration of dynamic networks into firewall rules with NFT
sets.

/etc/systemd/network/eth.network
```
[DHCPv4]
...
NFTSet=netdev:filter:eth_ipv4_address
```

```
table netdev filter {
        set eth_ipv4_address {
                type ipv4_addr
                flags interval
        }
        chain eth_ingress {
                type filter hook ingress device "eth0" priority filter; policy drop;
                ip saddr != @eth_ipv4_address drop
                accept
        }
}
```
```
sudo nft list set netdev filter eth_ipv4_address
table netdev filter {
        set eth_ipv4_address {
                type ipv4_addr
                flags interval
                elements = { 10.0.0.0/24 }
        }
}
```
2022-06-08 16:12:25 +00:00
Topi Miettinen
3cf63830ac networkd: NetLabel integration
New directive `NetLabel=` provides a method for integrating dynamic network
configuration into Linux NetLabel subsystem rules, used by Linux security
modules (LSMs) for network access control. The option expects a whitespace
separated list of NetLabel labels. The labels must conform to lexical
restrictions of LSM labels. When an interface is configured with IP addresses,
the addresses and subnetwork masks will be appended to the NetLabel Fallback
Peer Labeling rules. They will be removed when the interface is
deconfigured. Failures to manage the labels will be ignored.

Example:
```
[DHCP]
NetLabel=system_u:object_r:localnet_peer_t:s0
```

With the above rules for interface `eth0`, when the interface is configured with
an IPv4 address of 10.0.0.0/8, `systemd-networkd` performs the equivalent of
`netlabelctl` operation

```
$ sudo netlabelctl unlbl add interface eth0 address:10.0.0.0/8 label:system_u:object_r:localnet_peer_t:s0
```

Result:
```
$ sudo netlabelctl -p unlbl list
...
 interface: eth0
   address: 10.0.0.0/8
    label: "system_u:object_r:localnet_peer_t:s0"
...
```
2022-06-06 18:24:10 +00:00
Zbigniew Jędrzejewski-Szmek
6a9f3cef8c
Merge pull request #23576 from yuwata/network-erspan-version
network: support erspan version 0 and 2
2022-06-02 16:58:55 +02:00
Antonio Alvarez Feijoo
5ad0109cd8 man: add missing arguments to systemd-creds synopsis 2022-06-02 16:35:36 +02:00
Steve Ramage
39a742888b
Documents the AssertCPUFeature= flag (#23594)
Fixes #23593
2022-06-02 13:16:48 +09:00
Zbigniew Jędrzejewski-Szmek
14c811ff4a
Merge pull request #23575 from keszybz/logind-wall-message-cleanup
Cleanup wall messages emitted by logind and systemctl
2022-06-01 16:26:29 +02:00
Zbigniew Jędrzejewski-Szmek
5b69a7c540 man/systemctl: improve grammar in description of --check-inhibitors 2022-06-01 09:23:55 +02:00
Yu Watanabe
98406eda8a network/erspan: support erspan version 0 and 2
This also makes networkd accepts erspan index 0.

Closes #23570.
2022-06-01 04:02:48 +09:00
Benjamin Franzke
926f2a04fc man/nspawn: os-release is only checked for booted containers
/etc/os-release existence is only enforced in --boot mode,
therefore the term "starting" (which also applies to chroot-like mode)
is substituted with "booting" in this context.
2022-05-30 20:26:44 +02:00
Benjamin Franzke
3a9d9f2a23 man/nspawn: add a sentence-connecting adverb to machinectl note
The recommendation to use machinectl login/shell instead of
trying to combine two distinct container instances seemed a
litte bit out of context and is now combined via "rather".
2022-05-30 20:21:27 +02:00
Benjamin Franzke
b47013fd77 man/nspawn: fix boot-option related wording 2022-05-30 20:21:27 +02:00
Javkhlanbayar Khongorzul
01ae74c8c7 man: Fix minor typo 2022-05-28 18:38:47 +09:00
Nick Rosbrook
60f0ba7556 sd-hwdb: add sd_hwdb_new_from_path
The existing sd_hwdb_new function always initializes the hwdb from the
first successful hwdb.bin it finds from hwdb_bin_paths. This means there
is currently no way to initialize a hwdb from an explicit path, which
would be useful for systemd-hwdb query.

Add sd_hwdb_new_from_path to allow a sd_hwdb to be initialized from a
custom path outside of hwdb_bin_paths.
2022-05-27 09:40:54 -04:00
Luca Boccassi
d20110b459
Merge pull request #23521 from keszybz/some-docs
Some docs
2022-05-27 11:42:01 +01:00
Eduard Tolosa
815068d3a3 loader.conf: Clarify the default value of timeout. 2022-05-27 06:48:18 +09:00
Zbigniew Jędrzejewski-Szmek
b72308d344 man/homectl: adjust man page to match code
Fixes #22966. Since there are competing conventions, let's not
change our code, but make the docs match what is implemented.
2022-05-26 14:29:50 +02:00
Zbigniew Jędrzejewski-Szmek
8f24777156 man/sd-bus: discuss negative-return values and add example
Fixes #22816.
2022-05-26 14:29:50 +02:00
Zbigniew Jędrzejewski-Szmek
5ee38adea4 man/shutdown: explain -h more
Fixes #23401
2022-05-26 14:29:50 +02:00
Zbigniew Jędrzejewski-Szmek
223a359f21 man/automount: say that automounts should not be nested
Fixes #21832.
2022-05-26 14:29:50 +02:00
Zbigniew Jędrzejewski-Szmek
93dbc22a95 man/systemd.automount: move the main description up and clarify deps 2022-05-26 14:29:50 +02:00
Zbigniew Jędrzejewski-Szmek
19cb82799e man: do not say "additional symlinks" for mount/automount aliases
"additional" implies that the unit itself is a symlink, which it is not.
Also "link to the mount unit", not "link to the mount".
2022-05-26 14:23:47 +02:00
Zbigniew Jędrzejewski-Szmek
a6e334649d systemctl: make show/status honour --state and --type
This makes the interface more flexible, by allowing the same filtering
for show and status as is done for list-units.

Fixes #23207.
2022-05-26 10:37:35 +09:00
Rahil Bhimjiani
97e7d4945d [sd-boot] improve documentation of beep 2022-05-25 14:20:14 +02:00
Zbigniew Jędrzejewski-Szmek
2f9b7186e3
Merge pull request #23414 from keszybz/analyze-vercmp
systemd-analyze compare-versions
2022-05-23 09:14:51 +02:00
Luca Boccassi
ebd4571e31
Merge pull request #22550 from medhefgo/boot-mixed
boot: EFI mixed mode support
2022-05-21 22:38:56 +01:00
Jan Janssen
6e9165397f bootctl: Add EFI arch detection support 2022-05-21 15:11:13 +01:00
Benjamin Franzke
a8c03388f8 tree-wide: Update homepage to systemd.io 2022-05-21 14:33:24 +02:00
Benjamin Franzke
92897d768d tree-wide: replace obsolete wiki links with systemd.io/manpages
All wiki pages that contain a deprecation banner
pointing to systemd.io or manpages are updated to
point to their replacements directly.

Helpful command for identification of available links:
git grep freedesktop.org/wiki | \
    sed "s#.*\(https://www.freedesktop.org/wiki[^ $<'\\\")]*\)\(.*\)#\\1#" | \
    sort | uniq
2022-05-21 14:29:14 +02:00
Benjamin Franzke
a25d9395ad tree-wide: streamline wiki links
* Avoid traling slash as most links are defined without.
* Always use https:// protocol and www. subdomain

Allows for easier tree-wide linkvalidation
for our migration to systemd.io.
2022-05-21 14:28:03 +02:00
Zbigniew Jędrzejewski-Szmek
bc012a3e91 analyze: add compare-versions
The interface, output, and exit status convention are all taken directly from
rpmdev-vercmp and dpkg --compare-versions. The implementation is different
though. See test-string-util for a list of known cases where we compare
strings incompatibly.

The idea is that this string comparison function will be declared as "the"
method to use for boot entry ordering in the specification and similar
uses. Thus it's nice to allow users to compare strings.
2022-05-19 09:07:34 +02:00
Zbigniew Jędrzejewski-Szmek
f2f40edcb9 man: fix typo 2022-05-16 14:54:43 +02:00
Zbigniew Jędrzejewski-Szmek
7353de27b7 man,mkosi: fedora 36 has been released 2022-05-13 02:34:07 +09:00
Luca Boccassi
0cfb00d9da man: improve VtableExample
The methods published by the example have a reply in the signature, but
the code was not sending any, so the client gets stuck waiting for a
response that doesn't arrive. Echo back the input string.

Update the object path to follow what would be the canonical format.

Request a service name on the bus, so that the code can be dropped in a
service and it can be dbus-activatable. It also makes it easier to see
on busctl list.
2022-05-11 19:12:24 +01:00
Kazuo Moriwaka
4da5e566e7
man: mention to Age parameter in C Type 2022-05-11 15:08:34 +09:00
Kazuo Moriwaka
6f310287db
add missing cleanup-age to quickref 2022-05-10 17:41:21 +09:00
Frantisek Sumsal
624f685fe8 core: annotate Reexecute() as NoReply
So we're able to tell from the introspection data that the method
doesn't reply.
2022-05-10 14:16:11 +09:00
Yu Watanabe
3c60643848 man: fix typo 2022-05-07 15:17:56 +09:00
Yu Watanabe
87d3b4ef3b
Merge pull request #23292 from alexhenrie/dhcpv6
network: clarify relationship between RA flags and DHCPv6 modes
2022-05-07 11:42:45 +09:00
Alex Henrie
6e40d0e458 network: clarify the relationship between DHCP= and WithoutRA=
Just setting DHCP=ipv6 is not enough to get DHCPv6 working without RA.
The WithoutRA option must also be changed from its default of "no".
2022-05-06 14:01:53 -06:00
Alex Henrie
0bcc6557fb network: clarify the relationship between RA flags and DHCPv6 modes
In the documentation, using the term "managed" for both the RA flag and
the DHCPv6 mode is confusing because the mode is referred to as
"solicit" both in the official DHCPv6 documentation (see RFC 8415) and
in the WithoutRA option.

Furthermore, calling the other RA flag "other information" or "other
address configuration" is confusing because its official name is simply
"other configuration" (see RFC 4861 and RFC 5175) and it isn't used to
assign IP addresses.

Rewrite the documentation for DHCPv6Client and WithoutRA to make it
clear that getting the "managed" RA flag triggers the same kind of DHCP
request as WithoutRA=solicit, whereas getting the "other configuration"
RA flag triggers the same kind of DHCP request as
WithoutRA=information-request.
2022-05-06 14:01:53 -06:00
Yu Watanabe
af2ff171e0
Merge pull request #23272 from keszybz/logind-man-and-rules
Logind man and rules
2022-05-07 04:23:02 +09:00
Jakob Lell
14736ab6ff Amend documentation for LimitNPROC= 2022-05-05 18:04:54 +02:00
Zbigniew Jędrzejewski-Szmek
14e6e444dd bootctl: add --quiet
It's useful for installation scripts and suchlike.
Raised in https://bugzilla.redhat.com/show_bug.cgi?id=2079784#c9.
2022-05-05 12:30:06 +02:00
Zbigniew Jędrzejewski-Szmek
18eb56c3c0 bootctl: support --graceful in is-installed 2022-05-05 12:30:06 +02:00
Zbigniew Jędrzejewski-Szmek
e4239a34d7 man: deduplicate dbus versioning ref 2022-05-05 11:48:22 +02:00
Zbigniew Jędrzejewski-Szmek
01942823ae man: beef up o.fd.login1 page a bit and recommend busctl too
gdbus is an external program, so it makes sense to recommend busctl.
2022-05-05 11:48:22 +02:00
Jan Janssen
14056a52c6 meson: Use meson test suite feature
This makes it easier to only test a subset of tests without having
to specify them all on the command line:
    meson test -C build --suite headers
2022-05-04 16:11:34 +02:00
Yu Watanabe
c322cfafba man/networkctl: mention initialized state
Closes #23262.
2022-05-04 14:44:13 +01:00
Zbigniew Jędrzejewski-Szmek
c1e0dc9c88 systemctl: stop saying "vendor preset"
We have vendor presets, and local admin presets, and runtime presets
(under /usr/lib, /usr/local/lib and /etc, /run, respectively). When we
display preset state, it can be configured in any of those places, so
we shouldn't say anything about the origin.

(Another nice advantage is that it improves alignment:

[root@f36 ~]# systemctl list-unit-files multipathd.service
UNIT FILE          STATE   VENDOR PRESET
multipathd.service enabled enabled

^ this looks we have a "PRESET" column that is empty.)
2022-05-04 09:10:50 +02:00
Lennart Poettering
ba4b74cbc7 man: document that systemd-fstab-generator actually cares about roothash=/usrhash= on the kernel cmdline
It doesn't really care about the hash value passed (which is processed
by systemd-veritysetup-generator), but it does care about the fact that
it is set (and mounts the DM nodes /dev/mapper/usr + /dev/mapper/root in
that case).
2022-05-02 20:49:16 +01:00
Lennart Poettering
4791083bce man: correct a major missed opportunity
I don't know why this didn't occur to me earlier, but of course, it
*has* to be this data.

(This replaces some German prose about Berlin, that i guess only very
few people will get. With the new blob I think we have a much broader
chance of delivering smiles.)
2022-05-02 17:58:51 +02:00
Daan De Meyer
ef2c966acc docs: Clarify where options are read from
Let's merge the footnote with the overall explanation of where systemd
parses its options from and reword the section a bit to hopefully make
things a bit more clear.
2022-05-02 17:49:06 +02:00
Lennart Poettering
41be3b099f
Merge pull request #23170 from poettering/creds-copy
import system credentials from sd-stub + qemu fw_cfg + kernel cmdline explicitly in PID 1
2022-05-02 16:32:21 +02:00
Lennart Poettering
cfa7d57ba1
Merge pull request #23217 from keszybz/oomd-docs
More cross-references in bootctl/systemctl man pages
2022-04-28 22:30:50 +02:00
Lennart Poettering
fe672fe539 doc: add new markdown docs for credentials 2022-04-28 18:12:00 +02:00
Lennart Poettering
72267a55a1 man: document the new credentials features 2022-04-28 18:12:00 +02:00
Zbigniew Jędrzejewski-Szmek
6ef00eb846
Merge pull request #23200 from keszybz/oomd-docs
Extend the documentation for oomd a bit
2022-04-28 17:46:03 +02:00
Zbigniew Jędrzejewski-Szmek
76c068b77c man: cross-advertize bootctl and systemctl boot loader support 2022-04-28 16:44:40 +02:00
Zbigniew Jędrzejewski-Szmek
3b18f3017c man: direct users to systemd-oomd if they read about OOMPolicy
OOMPolicy remains valid, but let's push users for the userspace solution.
2022-04-28 15:46:44 +02:00
Zbigniew Jędrzejewski-Szmek
6f83ea60e9 man: beef up the description of systemd-oomd.service
The gist of the description is moved from systemd.resource-control
to systemd-oomd man page. Cross-references to OOMPolicy, memory.oom.group,
oomctl, ManagedOOMSwap and ManagedOOMMemoryPressure are added in all
places.

The descriptions are also more down-to-earth: instead of talking
about "taking action" let's just say "kill". We *might* add configuration
for different actions in the future, but we're not there yet, so let's
just describe what we do now.
2022-04-28 15:46:44 +02:00
Yu Watanabe
8ac6b05b7c tree-wide: Fix typo 2022-04-25 10:06:08 +09:00
MkfsSion
70e723c000 cryptenroll,homectl: Introduce --fido2-credential-algorithm option
* Some authenticators(like Yubikey) support credential algorithm other than ES256
* Introduce a new option so users can make use of it
2022-04-22 20:22:40 +02:00
Lennart Poettering
d43ea6c8ff man: make clear that encrypted credentials are also authenticated
We use authenticated encryption, and that deserves mention. This in
particular relevant as the fact they are authenticated makes the
credentials useful as initrd parameterization items.
2022-04-21 23:23:14 +02:00