diff options
Diffstat (limited to 'man')
| -rw-r--r-- | man/bootup.xml | 7 | ||||
| -rw-r--r-- | man/logind.conf.xml | 16 | ||||
| -rw-r--r-- | man/systemd-nspawn.xml | 67 | ||||
| -rw-r--r-- | man/systemd.exec.xml | 5 | ||||
| -rw-r--r-- | man/systemd.mount.xml | 5 | ||||
| -rw-r--r-- | man/systemd.netdev.xml | 9 | ||||
| -rw-r--r-- | man/systemd.network.xml | 58 | ||||
| -rw-r--r-- | man/systemd.nspawn.xml | 10 | ||||
| -rw-r--r-- | man/systemd.socket.xml | 13 | ||||
| -rw-r--r-- | man/systemd.special.xml | 13 | ||||
| -rw-r--r-- | man/systemd.timer.xml | 2 | ||||
| -rw-r--r-- | man/systemd.unit.xml | 2 |
12 files changed, 156 insertions, 51 deletions
diff --git a/man/bootup.xml b/man/bootup.xml index b92057af29..986996398c 100644 --- a/man/bootup.xml +++ b/man/bootup.xml @@ -179,6 +179,8 @@ identical to the system manager bootup (see above) until it reaches <filename>basic.target</filename>. From there, systemd approaches the special target <filename>initrd.target</filename>. + When the root device becomes available, + <filename>initd-root-device.target</filename> is reached. If the root device can be mounted at <filename>/sysroot</filename>, the <filename>sysroot.mount</filename> unit becomes active and @@ -204,7 +206,10 @@ | emergency.service ______________________/| | / | v - | sysroot.mount <emphasis>emergency.target</emphasis> + | initrd-root-device.target <emphasis>emergency.target</emphasis> + | | + | v + | sysroot.mount | | | v | initrd-root-fs.target diff --git a/man/logind.conf.xml b/man/logind.conf.xml index 6ba35414be..fe92277a1f 100644 --- a/man/logind.conf.xml +++ b/man/logind.conf.xml @@ -297,6 +297,22 @@ </varlistentry> <varlistentry> + <term><varname>InhibitorsMax=</varname></term> + + <listitem><para>Controls the maximum number of concurrent inhibitors to permit. Defaults to 8192 + (8K).</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>SessionsMax=</varname></term> + + <listitem><para>Controls the maximum number of concurrent user sessions to manage. Defaults to 8192 + (8K). Depending on how the <filename>pam_systemd.so</filename> module is included in the PAM stack + configuration, further login sessions will either be refused, or permitted but not tracked by + <filename>systemd-logind</filename>.</para></listitem> + </varlistentry> + + <varlistentry> <term><varname>UserTasksMax=</varname></term> <listitem><para>Sets the maximum number of OS tasks each user diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index bd688a0ee1..0c8c699201 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -524,15 +524,23 @@ <term><option>-n</option></term> <term><option>--network-veth</option></term> - <listitem><para>Create a virtual Ethernet link - (<literal>veth</literal>) between host and container. The host - side of the Ethernet link will be available as a network - interface named after the container's name (as specified with - <option>--machine=</option>), prefixed with - <literal>ve-</literal>. The container side of the Ethernet - link will be named <literal>host0</literal>. Note that - <option>--network-veth</option> implies - <option>--private-network</option>.</para></listitem> + <listitem><para>Create a virtual Ethernet link (<literal>veth</literal>) between host and container. The host + side of the Ethernet link will be available as a network interface named after the container's name (as + specified with <option>--machine=</option>), prefixed with <literal>ve-</literal>. The container side of the + Ethernet link will be named <literal>host0</literal>. The <option>--network-veth</option> option implies + <option>--private-network</option>.</para> + + <para>Note that + <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> + includes by default a network file <filename>/usr/lib/systemd/network/80-container-ve.network</filename> + matching the host-side interfaces created this way, which contains settings to enable automatic address + provisioning on the created virtual link via DHCP, as well as automatic IP routing onto the host's external + network interfaces. It also contains <filename>/usr/lib/systemd/network/80-container-host0.network</filename> + matching the container-side interface created this way, containing settings to enable client side address + assignment via DHCP. In case <filename>systemd-networkd</filename> is running on both the host and inside the + container, automatic IP communication from the container to the host is thus available, with further + connectivity to the external network.</para> + </listitem> </varlistentry> <varlistentry> @@ -553,16 +561,43 @@ <varlistentry> <term><option>--network-bridge=</option></term> - <listitem><para>Adds the host side of the Ethernet link - created with <option>--network-veth</option> to the specified - bridge. Note that <option>--network-bridge=</option> implies - <option>--network-veth</option>. If this option is used, the - host side of the Ethernet link will use the - <literal>vb-</literal> prefix instead of + <listitem><para>Adds the host side of the Ethernet link created with <option>--network-veth</option> to the + specified Ethernet bridge interface. Expects a valid network interface name of a bridge device as + argument. Note that <option>--network-bridge=</option> implies <option>--network-veth</option>. If this option + is used, the host side of the Ethernet link will use the <literal>vb-</literal> prefix instead of <literal>ve-</literal>.</para></listitem> </varlistentry> <varlistentry> + <term><option>--network-zone=</option></term> + + <listitem><para>Creates a virtual Ethernet link (<literal>veth</literal>) to the container and adds it to an + automatically managed Ethernet bridge interface. The bridge interface is named after the passed argument, + prefixed with <literal>vz-</literal>. The bridge interface is automatically created when the first container + configured for its name is started, and is automatically removed when the last container configured for its + name exits. Hence, each bridge interface configured this way exists only as long as there's at least one + container referencing it running. This option is very similar to <option>--network-bridge=</option>, besides + this automatic creation/removal of the bridge device.</para> + + <para>This setting makes it easy to place multiple related containers on a common, virtual Ethernet-based + broadcast domain, here called a "zone". Each container may only be part of one zone, but each zone may contain + any number of containers. Each zone is referenced by its name. Names may be chosen freely (as long as they form + valid network interface names when prefixed with <literal>vz-</literal>), and it is sufficient to pass the same + name to the <option>--network-zones=</option> switch of the various concurrently running containers to join + them in one zone.</para> + + <para>Note that + <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> + includes by default a network file <filename>/usr/lib/systemd/network/80-container-vz.network</filename> + matching the bridge interfaces created this way, which contains settings to enable automatic address + provisioning on the created virtual network via DHCP, as well as automatic IP routing onto the host's external + network interfaces. Using <option>--network-zone=</option> is hence in most cases fully automatic and + sufficient to connect multiple local containers in a joined broadcast domain to the host, with further + connectivity to the external network.</para> + </listitem> + </varlistentry> + + <varlistentry> <term><option>-p</option></term> <term><option>--port=</option></term> @@ -577,7 +612,7 @@ port number and its colon may be omitted, in which case the same port as the host port is implied. This option is only supported if private networking is used, such as with - <option>--network-veth</option> or + <option>--network-veth</option>, <option>--network-zone=</option> <option>--network-bridge=</option>.</para></listitem> </varlistentry> diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 2a93760428..3cf6de8256 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -933,7 +933,10 @@ (propagation in the opposite direction continues to work). This means that this setting may not be used for services which shall be able to install mount points in the main mount - namespace.</para></listitem> + namespace. The /dev namespace will be mounted read-only and 'noexec'. + The latter may break old programs which try to set up executable + memory by using <citerefentry><refentrytitle>mmap</refentrytitle><manvolnum>2</manvolnum></citerefentry> + of <filename>/dev/zero</filename> instead of using <constant>MAP_ANON</constant>.</para></listitem> </varlistentry> <varlistentry> diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml index bf56a49e58..66cddd72e0 100644 --- a/man/systemd.mount.xml +++ b/man/systemd.mount.xml @@ -159,6 +159,11 @@ <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> for details about the conversion.</para> + <para>The NFS mount option <option>bg</option> for NFS background mounts + as documented in <citerefentry><refentrytitle>nfs</refentrytitle><manvolnum>5</manvolnum></citerefentry> + is not supported in <filename>/etc/fstab</filename> entries. The systemd mount option <option>nofail</option> + provides similar functionality and should be used instead.</para> + <para>When reading <filename>/etc/fstab</filename> a few special mount options are understood by systemd which influence how dependencies are created for mount points. systemd will create a diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 48c283c8df..8d12c305d2 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -321,6 +321,15 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term><varname>MulticastSnooping=</varname></term> + <listitem> + <para>A boolean. This setting controls the IFLA_BR_MCAST_SNOOPING option in the kernel. + If enabled, IGMP snooping monitors the Internet Group Management Protocol (IGMP) traffic + between hosts and multicast routers. When unset, the kernel's default setting applies. + </para> + </listitem> + </varlistentry> </variablelist> </refsect1> diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 3ee80a64a0..70e3804746 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -79,6 +79,11 @@ needed. As a special case, an empty file (file size 0) or symlink with the same name pointing to <filename>/dev/null</filename> disables the configuration file entirely (it is "masked").</para> + + <para>Note that an interface without any static IPv6 addresses configured, and neither DHCPv6 nor IPv6LL enabled, + shall be considered to have no IPv6 support. IPv6 will be automatically disabled for that interface by writing "1" + to <filename>/proc/sys/net/ipv6/conf/<replaceable>ifname</replaceable>/disable_ipv6</filename>. + </para> </refsect1> <refsect1> @@ -206,21 +211,6 @@ below 1280 (the minimum MTU for IPv6) it will automatically be increased to this value.</para> </listitem> </varlistentry> - <varlistentry> - <term><varname>IAID=</varname></term> - <listitem> - <para>Identity Association Identifier for the interface, a 32-bit unsigned integer.</para> - </listitem> - </varlistentry> - <varlistentry> - <listitem> - <para>Note that an interface without any static IPv6 addresses configured, and neither - DHCPv6 nor IPv6LL enabled, shall be considered to have no IPv6 support. IPv6 will be - automatically disabled for that interface by writing "1" to - <filename>/proc/sys/net/ipv6/conf/<replaceable>ifname</replaceable>/disable_ipv6</filename>. - </para> - </listitem> - </varlistentry> </variablelist> </refsect1> @@ -254,6 +244,9 @@ <para>Furthermore, note that by default the domain name specified through DHCP is not used for name resolution. See option <option>UseDomains=</option> below.</para> + + <para>See the <literal>[DHCP]</literal> section below for further configuration options for the DHCP client + support.</para> </listitem> </varlistentry> <varlistentry> @@ -370,18 +363,26 @@ <varlistentry> <term><varname>EmitLLDP=</varname></term> <listitem> - <para>Controls support for Ethernet LLDP packet emission. Accepts a boolean parameter and defaults to - false. If enabled a short LLDP packet with information about the local system is sent out in regular - intervals on the link. The LLDP packet will contain information about the local host name, the local - machine ID (as stored in - <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and the + <para>Controls support for Ethernet LLDP packet emission. Accepts a boolean parameter or the special values + <literal>nearest-bridge</literal>, <literal>non-tpmr-bridge</literal> and + <literal>customer-bridge</literal>. Defaults to false, which turns off LLDP packet emission. If not false, + a short LLDP packet with information about the local system is sent out in regular intervals on the + link. The LLDP packet will contain information about the local host name, the local machine ID (as stored + in <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and the local interface name, as well as the pretty hostname of the system (as set in <citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>5</manvolnum></citerefentry>). LLDP - emission is only available on Ethernet links. Note that this setting passed data suitable for - identification of host to the network and should thus not be used on untrusted networks, where such - identification data should not be made available. Use this option to enable other systems to identify on - which interface they are connected to this system. See <varname>LLDP=</varname> above for an option to - enable LLDP reception.</para> + emission is only available on Ethernet links. Note that this setting passes data suitable for + identification of host to the network and should thus not be enabled on untrusted networks, where such + identification data should not be made available. Use this option to permit other systems to identify on + which interfaces they are connected to this system. The three special values control propagation of the + LLDP packets. The <literal>nearest-bridge</literal> setting permits propagation only to the nearest + connected bridge, <literal>non-tpmr-bridge</literal> permits propagation across Two-Port MAC Relays, but + not any other bridges, and <literal>customer-bridge</literal> permits propagation until a customer bridge + is reached. For details about these concepts, see <ulink + url="http://standards.ieee.org/getieee802/download/802.1AB-2009.pdf">IEEE 802.1AB-2009</ulink>. Note that + configuring this setting to true is equivalent to <literal>nearest-bridge</literal>, the recommended and + most restricted level of propagation. See <varname>LLDP=</varname> above for an option to enable LLDP + reception.</para> </listitem> </varlistentry> <varlistentry> @@ -868,6 +869,13 @@ </varlistentry> <varlistentry> + <term><varname>IAID=</varname></term> + <listitem> + <para>The DHCP Identity Association Identifier (IAID) for the interface, a 32-bit unsigned integer.</para> + </listitem> + </varlistentry> + + <varlistentry> <term><varname>RequestBroadcast=</varname></term> <listitem> <para>Request the server to use broadcast messages before diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml index 15360078ef..3683412c14 100644 --- a/man/systemd.nspawn.xml +++ b/man/systemd.nspawn.xml @@ -420,6 +420,16 @@ </varlistentry> <varlistentry> + <term><varname>Zone=</varname></term> + + <listitem><para>Takes a network zone name. This setting implies <varname>VirtualEthernet=yes</varname> and + <varname>Private=yes</varname> and has the effect that the host side of the created virtual Ethernet link is + connected to an automatically managed bridge interface named after the passed argument, prefixed with + <literal>vz-</literal>. This option corresponds to the <option>--network-zone=</option> command line + switch. This option is privileged (see above).</para></listitem> + </varlistentry> + + <varlistentry> <term><varname>Port=</varname></term> <listitem><para>Exposes a TCP or UDP port of the container on diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index 735268c79d..5bf54d8ef3 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -814,13 +814,14 @@ <listitem><para>Configures a limit on how often this socket unit my be activated within a specific time interval. The <varname>TriggerLimitIntervalSec=</varname> may be used to configure the length of the time interval in the usual time units <literal>us</literal>, <literal>ms</literal>, <literal>s</literal>, - <literal>min</literal>, <literal>h</literal>, … and defaults to 5s (See + <literal>min</literal>, <literal>h</literal>, … and defaults to 2s (See <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details on - the various time units available). The <varname>TriggerLimitBurst=</varname> setting takes an integer value and - specifies the numer of permitted activations per time interval, and defaults to 2500 (thus by default - permitting 2500 activations per 5s). Set either to 0 to disable any form of trigger rate limiting. If the limit - is hit, the socket unit is placed into a failure mode, and will not be connectible anymore until - restarted. Note that this limit is enforced before the service activation is enqueued.</para></listitem> + the various time units understood). The <varname>TriggerLimitBurst=</varname> setting takes a positive integer + value and specifies the number of permitted activations per time interval, and defaults to 200 for + <varname>Accept=yes</varname> sockets (thus by default permitting 200 activations per 2s), and 20 otherwise (20 + activations per 2s). Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the + socket unit is placed into a failure mode, and will not be connectible anymore until restarted. Note that this + limit is enforced before the service activation is enqueued.</para></listitem> </varlistentry> </variablelist> diff --git a/man/systemd.special.xml b/man/systemd.special.xml index 14998b9647..26974ed73f 100644 --- a/man/systemd.special.xml +++ b/man/systemd.special.xml @@ -83,6 +83,7 @@ <filename>remote-fs.target</filename>, <filename>remote-fs-pre.target</filename>, <filename>rescue.target</filename>, + <filename>initrd-root-device.target</filename>, <filename>initrd-root-fs.target</filename>, <filename>rpcbind.target</filename>, <filename>runlevel2.target</filename>, @@ -465,6 +466,18 @@ </listitem> </varlistentry> <varlistentry> + <term><filename>initrd-root-device.target</filename></term> + <listitem> + <para>A special initrd target unit that is reached when the root filesystem device is available, but before + it has been mounted. + <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>3</manvolnum></citerefentry> + and + <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>3</manvolnum></citerefentry> + automatically setup the appropiate dependencies to make this happen. + </para> + </listitem> + </varlistentry> + <varlistentry> <term><filename>initrd-root-fs.target</filename></term> <listitem> <para><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>3</manvolnum></citerefentry> diff --git a/man/systemd.timer.xml b/man/systemd.timer.xml index 0d0cccf152..0fa95e97a8 100644 --- a/man/systemd.timer.xml +++ b/man/systemd.timer.xml @@ -288,7 +288,7 @@ starting a timer unit that only elapses once: if <varname>RemainAfterElapse=</varname> is on, it will not be started again, and is guaranteed to elapse only once. However, - if <varname>RemainAfterLeapse=</varname> is off, it might be + if <varname>RemainAfterElapse=</varname> is off, it might be started again if it is already elapsed, and thus be triggered multiple times. Defaults to <varname>yes</varname>.</para></listitem> diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 90a1ec6b9c..341789cd47 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -603,7 +603,7 @@ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details). If a unit that has this setting set is started, its processes will see the same <filename>/tmp</filename>, - <filename>/tmp/var</filename> and network namespace as one + <filename>/var/tmp</filename> and network namespace as one listed unit that is started. If multiple listed units are already started, it is not defined which namespace is joined. Note that this setting only has an effect if |