diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2016-11-02 11:58:18 -0400 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2016-11-03 09:35:35 -0400 |
| commit | 869feb33881ac0ee6f95fb3baa7eeb870c429c64 (patch) | |
| tree | 0a73dc5eb28e339ebf79ba205c25489b2c59f0d1 /man | |
| parent | 7fa6328cc447a4a834ebc8d68ae6c335f4c9c9d3 (diff) | |
analyze: add syscall-filter verb
This should make it easier for users to understand what each filter
means as the list of syscalls is updated in subsequent systemd versions.
Diffstat (limited to 'man')
| -rw-r--r-- | man/systemd-analyze.xml | 11 | ||||
| -rw-r--r-- | man/systemd.exec.xml | 10 |
2 files changed, 19 insertions, 2 deletions
diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index 8fa7cd3329..634e16b5f4 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -104,6 +104,12 @@ <cmdsynopsis> <command>systemd-analyze</command> <arg choice="opt" rep="repeat">OPTIONS</arg> + <arg choice="plain">syscall-filter</arg> + <arg choice="opt"><replaceable>SET</replaceable>...</arg> + </cmdsynopsis> + <cmdsynopsis> + <command>systemd-analyze</command> + <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="plain">verify</arg> <arg choice="opt" rep="repeat"><replaceable>FILES</replaceable></arg> </cmdsynopsis> @@ -181,6 +187,11 @@ <option>--log-target=</option>, described in <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>).</para> + <para><command>systemd-analyze syscall-filter <optional><replaceable>SET</replaceable>...</optional></command> + will list system calls contained in the specified system call set <replaceable>SET</replaceable>, + or all known sets if no sets are specified. Argument <replaceable>SET</replaceable> must include + the <literal>@</literal> prefix.</para> + <para><command>systemd-analyze verify</command> will load unit files and print warnings if any errors are detected. Files specified on the command line will be loaded, but also any other units referenced by them. The full unit search path is diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 3c350df11f..0de263cb07 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1373,8 +1373,13 @@ </tgroup> </table> - Note that as new system calls are added to the kernel, additional system calls might be added to the groups - above, so the contents of the sets may change between systemd versions.</para> + Note, that as new system calls are added to the kernel, additional system calls might be + added to the groups above. Contents of the sets may also change between systemd + versions. In addition, the list of system calls depends on the kernel version and + architecture for which systemd was compiled. Use + <command>systemd-analyze syscall-filter</command> to list the actual list of system calls in + each filter. + </para> <para>It is recommended to combine the file system namespacing related options with <varname>SystemCallFilter=~@mount</varname>, in order to prohibit the unit's processes to undo the @@ -1844,6 +1849,7 @@ <para> <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |