diff options
Diffstat (limited to 'man')
| -rw-r--r-- | man/journald.conf.xml | 6 | ||||
| -rw-r--r-- | man/kernel-command-line.xml | 9 | ||||
| -rw-r--r-- | man/machinectl.xml | 12 | ||||
| -rw-r--r-- | man/sd_journal_open.xml | 81 | ||||
| -rw-r--r-- | man/sd_uid_get_state.xml | 13 | ||||
| -rw-r--r-- | man/sd_watchdog_enabled.xml | 12 | ||||
| -rw-r--r-- | man/systemd-nspawn.xml | 101 | ||||
| -rw-r--r-- | man/systemd-system.conf.xml | 6 | ||||
| -rw-r--r-- | man/systemd.automount.xml | 15 | ||||
| -rw-r--r-- | man/systemd.exec.xml | 50 | ||||
| -rw-r--r-- | man/systemd.mount.xml | 14 | ||||
| -rw-r--r-- | man/systemd.network.xml | 59 | ||||
| -rw-r--r-- | man/systemd.nspawn.xml | 18 | ||||
| -rw-r--r-- | man/systemd.slice.xml | 3 | ||||
| -rw-r--r-- | man/systemd.socket.xml | 16 | ||||
| -rw-r--r-- | man/systemd.swap.xml | 13 | ||||
| -rw-r--r-- | man/systemd.timer.xml | 6 | ||||
| -rw-r--r-- | man/systemd.unit.xml | 26 |
18 files changed, 247 insertions, 213 deletions
diff --git a/man/journald.conf.xml b/man/journald.conf.xml index a9690e8138..3964cd6bc5 100644 --- a/man/journald.conf.xml +++ b/man/journald.conf.xml @@ -148,12 +148,12 @@ </varlistentry> <varlistentry> - <term><varname>RateLimitInterval=</varname></term> + <term><varname>RateLimitIntervalSec=</varname></term> <term><varname>RateLimitBurst=</varname></term> <listitem><para>Configures the rate limiting that is applied to all messages generated on the system. If, in the time - interval defined by <varname>RateLimitInterval=</varname>, + interval defined by <varname>RateLimitIntervalSec=</varname>, more messages than specified in <varname>RateLimitBurst=</varname> are logged by a service, all further messages within the interval are dropped until the @@ -162,7 +162,7 @@ per-service, so that two services which log do not interfere with each other's limits. Defaults to 1000 messages in 30s. The time specification for - <varname>RateLimitInterval=</varname> may be specified in the + <varname>RateLimitIntervalSec=</varname> may be specified in the following units: <literal>s</literal>, <literal>min</literal>, <literal>h</literal>, <literal>ms</literal>, <literal>us</literal>. To turn off any kind of rate limiting, diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml index 42d5e006bb..9c04849f66 100644 --- a/man/kernel-command-line.xml +++ b/man/kernel-command-line.xml @@ -322,6 +322,15 @@ </varlistentry> <varlistentry> + <term><varname>systemd.default_timeout_start_sec=</varname></term> + + <listitem> + <para>Overwrites the default start job timeout <varname>DefaultTimeoutStartSec=</varname> at boot. For details, + see <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> + </listitem> + </varlistentry> + + <varlistentry> <term><varname>modules-load=</varname></term> <term><varname>rd.modules-load=</varname></term> diff --git a/man/machinectl.xml b/man/machinectl.xml index 43a3b98840..4b7f9a0391 100644 --- a/man/machinectl.xml +++ b/man/machinectl.xml @@ -589,13 +589,11 @@ <varlistentry> <term><command>clone</command> <replaceable>NAME</replaceable> <replaceable>NAME</replaceable></term> - <listitem><para>Clones a container or VM image. The - arguments specify the name of the image to clone and the name - of the newly cloned image. Note that plain directory container - images are cloned into subvolume images with this command. - Note that cloning a container or VM image is optimized for - btrfs file systems, and might not be efficient on others, due - to file system limitations.</para> + <listitem><para>Clones a container or VM image. The arguments specify the name of the image to clone and the + name of the newly cloned image. Note that plain directory container images are cloned into btrfs subvolume + images with this command, if the underlying file system supports this. Note that cloning a container or VM + image is optimized for btrfs file systems, and might not be efficient on others, due to file system + limitations.</para> <para>Note that this command leaves host name, machine ID and all other settings that could identify the instance diff --git a/man/sd_journal_open.xml b/man/sd_journal_open.xml index fef453f8dc..153af2387f 100644 --- a/man/sd_journal_open.xml +++ b/man/sd_journal_open.xml @@ -45,14 +45,16 @@ <refnamediv> <refname>sd_journal_open</refname> <refname>sd_journal_open_directory</refname> + <refname>sd_journal_open_directory_fd</refname> <refname>sd_journal_open_files</refname> - <refname>sd_journal_open_container</refname> + <refname>sd_journal_open_files_fd</refname> <refname>sd_journal_close</refname> <refname>sd_journal</refname> <refname>SD_JOURNAL_LOCAL_ONLY</refname> <refname>SD_JOURNAL_RUNTIME_ONLY</refname> <refname>SD_JOURNAL_SYSTEM</refname> <refname>SD_JOURNAL_CURRENT_USER</refname> + <refname>SD_JOURNAL_OS_ROOT</refname> <refpurpose>Open the system journal for reading</refpurpose> </refnamediv> @@ -74,6 +76,13 @@ </funcprototype> <funcprototype> + <funcdef>int <function>sd_journal_open_directory_fd</function></funcdef> + <paramdef>sd_journal **<parameter>ret</parameter></paramdef> + <paramdef>int <parameter>fd</parameter></paramdef> + <paramdef>int <parameter>flags</parameter></paramdef> + </funcprototype> + + <funcprototype> <funcdef>int <function>sd_journal_open_files</function></funcdef> <paramdef>sd_journal **<parameter>ret</parameter></paramdef> <paramdef>const char **<parameter>paths</parameter></paramdef> @@ -81,9 +90,10 @@ </funcprototype> <funcprototype> - <funcdef>int <function>sd_journal_open_container</function></funcdef> + <funcdef>int <function>sd_journal_open_files_fd</function></funcdef> <paramdef>sd_journal **<parameter>ret</parameter></paramdef> - <paramdef>const char *<parameter>machine</parameter></paramdef> + <paramdef>int <parameter>fds[]</parameter></paramdef> + <paramdef>unsigned <parameter>n_fds</parameter></paramdef> <paramdef>int <parameter>flags</parameter></paramdef> </funcprototype> @@ -117,29 +127,28 @@ <constant>SD_JOURNAL_CURRENT_USER</constant> are specified, all journal file types will be opened.</para> - <para><function>sd_journal_open_directory()</function> is similar - to <function>sd_journal_open()</function> but takes an absolute - directory path as argument. All journal files in this directory - will be opened and interleaved automatically. This call also takes - a flags argument, but it must be passed as 0 as no flags are - currently understood for this call.</para> - - <para><function>sd_journal_open_files()</function> is similar to - <function>sd_journal_open()</function> but takes a - <constant>NULL</constant>-terminated list of file paths to open. - All files will be opened and interleaved automatically. This call - also takes a flags argument, but it must be passed as 0 as no - flags are currently understood for this call. Please note that in - the case of a live journal, this function is only useful for - debugging, because individual journal files can be rotated at any - moment, and the opening of specific files is inherently - racy.</para> - - <para><function>sd_journal_open_container()</function> is similar - to <function>sd_journal_open()</function> but opens the journal - files of a running OS container. The specified machine name refers - to a container that is registered with - <citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> + <para><function>sd_journal_open_directory()</function> is similar to <function>sd_journal_open()</function> but + takes an absolute directory path as argument. All journal files in this directory will be opened and interleaved + automatically. This call also takes a flags argument. The only flags parameter accepted by this call is + <constant>SD_JOURNAL_OS_ROOT</constant>. If specified, the journal files are searched below the usual + <filename>/var/log/journal</filename> and <filename>/run/log/journal</filename> relative to the specified path, + instead of directly beneath it.</para> + + <para><function>sd_journal_open_directory_fd()</function> is similar to + <function>sd_journal_open_directory()</function>, but takes a file descriptor referencing a directory in the file + system instead of an absolute file system path.</para> + + <para><function>sd_journal_open_files()</function> is similar to <function>sd_journal_open()</function> but takes a + <constant>NULL</constant>-terminated list of file paths to open. All files will be opened and interleaved + automatically. This call also takes a flags argument, but it must be passed as 0 as no flags are currently + understood for this call. Please note that in the case of a live journal, this function is only useful for + debugging, because individual journal files can be rotated at any moment, and the opening of specific files is + inherently racy.</para> + + <para><function>sd_journal_open_files_fd()</function> is similar to <function>sd_journal_open_files()</function> + but takes an array of open file descriptors that must reference journal files, instead of an array of file system + paths. Pass the array of file descriptors as second argument, and the number of array entries in the third. The + flags parameter must be passed as 0.</para> <para><varname>sd_journal</varname> objects cannot be used in the child after a fork. Functions which take a journal object as an @@ -205,26 +214,6 @@ </refsect1> <refsect1> - <title>History</title> - - <para><function>sd_journal_open()</function>, - <function>sd_journal_close()</function>, - <constant>SD_JOURNAL_LOCAL_ONLY</constant>, - <constant>SD_JOURNAL_RUNTIME_ONLY</constant>, - <constant>SD_JOURNAL_SYSTEM_ONLY</constant> were added in - systemd-38.</para> - - <para><function>sd_journal_open_directory()</function> was added - in systemd-187.</para> - - <para><constant>SD_JOURNAL_SYSTEM</constant>, - <constant>SD_JOURNAL_CURRENT_USER</constant>, and - <function>sd_journal_open_files()</function> were added in - systemd-205. <constant>SD_JOURNAL_SYSTEM_ONLY</constant> was - deprecated.</para> - </refsect1> - - <refsect1> <title>See Also</title> <para> diff --git a/man/sd_uid_get_state.xml b/man/sd_uid_get_state.xml index 4cc7405dd6..130af761da 100644 --- a/man/sd_uid_get_state.xml +++ b/man/sd_uid_get_state.xml @@ -218,19 +218,6 @@ </refsect1> <refsect1> - <title>History</title> - - <para><function>sd_uid_get_state()</function>, - <function>sd_uid_is_on_seat()</function>, - <function>sd_uid_get_sessions()</function>, and - <function>sd_uid_get_seats()</function> functions were added in - systemd-31.</para> - - <para><function>sd_uid_get_display()</function> was added in - systemd-213.</para> - </refsect1> - - <refsect1> <title>See Also</title> <para> diff --git a/man/sd_watchdog_enabled.xml b/man/sd_watchdog_enabled.xml index 6e27528a71..3de9899453 100644 --- a/man/sd_watchdog_enabled.xml +++ b/man/sd_watchdog_enabled.xml @@ -155,18 +155,6 @@ </refsect1> <refsect1> - <title>History</title> - - <para>The watchdog functionality and the - <varname>$WATCHDOG_USEC</varname> variable were added in - systemd-41.</para> - - <para><function>sd_watchdog_enabled()</function> function was - added in systemd-209. Since that version, the - <varname>$WATCHDOG_PID</varname> variable is also set.</para> - </refsect1> - - <refsect1> <title>See Also</title> <para> <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index a0376ed3e0..bd688a0ee1 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -387,38 +387,79 @@ <varlistentry> <term><option>--private-users=</option></term> - <listitem><para>Enables user namespacing. If enabled, the - container will run with its own private set of Unix user and - group ids (UIDs and GIDs). Takes none, one or two - colon-separated parameters: the first parameter specifies the - first host UID to assign to the container, the second - parameter specifies the number of host UIDs to assign to the - container. If the second parameter is omitted, 65536 UIDs are - assigned. If the first parameter is also omitted (and hence - no parameter passed at all), the first UID assigned to the - container is read from the owner of the root directory of the - container's directory tree. By default, no user namespacing is - applied.</para> - - <para>Note that user namespacing currently requires OS trees - that are prepared for the UID shift that is being applied: - UIDs and GIDs used for file ownership or in file ACL entries - must be shifted to the container UID base that is - used during container runtime.</para> - - <para>It is recommended to assign at least 65536 UIDs to each - container, so that the usable UID range in the container - covers 16 bit. For best security, do not assign overlapping UID - ranges to multiple containers. It is hence a good idea to use - the upper 16 bit of the host 32-bit UIDs as container - identifier, while the lower 16 bit encode the container UID - used.</para> - - <para>When user namespaces are used, the GID range assigned to - each container is always chosen identical to the UID - range.</para></listitem> + <listitem><para>Controls user namespacing. If enabled, the container will run with its own private set of UNIX + user and group ids (UIDs and GIDs). This involves mapping the private UIDs/GIDs used in the container (starting + with the container's root user 0 and up) to a range of UIDs/GIDs on the host that are not used for other + purposes (usually in the range beyond the host's UID/GID 65536). The parameter may be specified as follows:</para> + + <orderedlist> + <listitem><para>The value <literal>no</literal> turns off user namespacing. This is the default.</para></listitem> + + <listitem><para>The value <literal>yes</literal> (or the omission of a parameter) turns on user + namespacing. The UID/GID range to use is determined automatically from the file ownership of the root + directory of the container's directory tree. To use this option, make sure to prepare the directory tree in + advance, and ensure that all files and directories in it are owned by UIDs/GIDs in the range you'd like to + use. Also, make sure that used file ACLs exclusively reference UIDs/GIDs in the appropriate range. If this + mode is used the number of UIDs/GIDs assigned to the container for use is 65536, and the UID/GID of the + root directory must be a multiple of 65536.</para></listitem> + + <listitem><para>The value "pick" turns on user namespacing. In this case the UID/GID range is automatically + chosen. As first step, the file owner of the root directory of the container's directory tree is read, and it + is checked that it is currently not used by the system otherwise (in particular, that no other container is + using it). If this check is successful, the UID/GID range determined this way is used, similar to the + behaviour if "yes" is specified. If the check is not successful (and thus the UID/GID range indicated in the + root directory's file owner is already used elsewhere) a new – currently unused – UID/GID range of 65536 + UIDs/GIDs is randomly chosen between the host UID/GIDs of 524288 and 1878982656, always starting at a + multiple of 65536. This setting implies <option>--private-users-chown</option> (see below), which has the + effect that the files and directories in the container's directory tree will be owned by the appropriate + users of the range picked. Using this option makes user namespace behaviour fully automatic. Note that the + first invocation of a previously unused container image might result in picking a new UID/GID range for it, + and thus in the (possibly expensive) file ownership adjustment operation. However, subsequent invocations of + the container will be cheap (unless of course the picked UID/GID range is assigned to a different use by + then).</para></listitem> + + <listitem><para>Finally if one or two colon-separated numeric parameters are specified, user namespacing is + turned on, too. The first parameter specifies the first host UID/GID to assign to the container, the second + parameter specifies the number of host UIDs/GIDs to assign to the container. If the second parameter is + omitted, 65536 UIDs/GIDs are assigned.</para></listitem> + </orderedlist> + + <para>It is recommended to assign at least 65536 UIDs/GIDs to each container, so that the usable UID/GID range in the + container covers 16 bit. For best security, do not assign overlapping UID/GID ranges to multiple containers. It is + hence a good idea to use the upper 16 bit of the host 32-bit UIDs/GIDs as container identifier, while the lower 16 + bit encode the container UID/GID used. This is in fact the behaviour enforced by the + <option>--private-users=pick</option> option.</para> + + <para>When user namespaces are used, the GID range assigned to each container is always chosen identical to the + UID range.</para> + + <para>In most cases, using <option>--private-users=pick</option> is the recommended option as it enhances + container security massively and operates fully automatically in most cases.</para> + + <para>Note that the picked UID/GID range is not written to <filename>/etc/passwd</filename> or + <filename>/etc/group</filename>. In fact, the allocation of the range is not stored persistently anywhere, + except in the file ownership of the files and directories of the container.</para></listitem> </varlistentry> + <varlistentry> + <term><option>-U</option></term> + + <listitem><para>If the kernel supports the user namespaces feature, equivalent to + <option>--private-users=pick</option>, otherwise equivalent to + <option>--private-users=no</option>.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--private-users-chown</option></term> + + <listitem><para>If specified, all files and directories in the container's directory tree will adjusted so that + they are owned to the appropriate UIDs/GIDs selected for the container (see above). This operation is + potentially expensive, as it involves descending and iterating through the full directory tree of the + container. Besides actual file ownership, file ACLs are adjusted as well.</para> + + <para>This option is implied if <option>--private-users=pick</option> is used. This option has no effect if + user namespacing is not used.</para></listitem> + </varlistentry> <varlistentry> <term><option>--private-network</option></term> diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml index edc6df914a..8833e73c72 100644 --- a/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml @@ -271,16 +271,16 @@ </varlistentry> <varlistentry> - <term><varname>DefaultStartLimitInterval=</varname></term> + <term><varname>DefaultStartLimitIntervalSec=</varname></term> <term><varname>DefaultStartLimitBurst=</varname></term> <listitem><para>Configure the default unit start rate limiting, as configured per-service by - <varname>StartLimitInterval=</varname> and + <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname>. See <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details on the per-service settings. - <varname>DefaultStartLimitInterval=</varname> defaults to + <varname>DefaultStartLimitIntervalSec=</varname> defaults to 10s. <varname>DefaultStartLimitBurst=</varname> defaults to 5.</para></listitem> </varlistentry> diff --git a/man/systemd.automount.xml b/man/systemd.automount.xml index 93bae2a6dc..a43dc981bd 100644 --- a/man/systemd.automount.xml +++ b/man/systemd.automount.xml @@ -66,14 +66,13 @@ [Install] sections. The automount specific configuration options are configured in the [Automount] section.</para> - <para>Automount units must be named after the automount - directories they control. Example: the automount point - <filename noindex='true'>/home/lennart</filename> must be - configured in a unit file - <filename>home-lennart.automount</filename>. For details about the - escaping logic used to convert a file system path to a unit name - see - <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> + <para>Automount units must be named after the automount directories they control. Example: the automount point + <filename noindex='true'>/home/lennart</filename> must be configured in a unit file + <filename>home-lennart.automount</filename>. For details about the escaping logic used to convert a file system + path to a unit name see + <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Note that + automount units cannot be templated, nor is it possible to add multiple names to an automount unit by creating + additional symlinks to its unit file.</para> <para>For each automount unit file a matching mount unit file (see <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry> diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 4ed62dbada..2a93760428 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -94,11 +94,9 @@ required to access <filename>/tmp</filename> and <filename>/var/tmp</filename>.</para> - <para>Units whose output standard output or error output is - connected to any other sink but <option>null</option>, - <option>tty</option> and <option>socket</option> automatically - acquire dependencies of type <varname>After=</varname> on - <filename>journald.socket</filename>.</para> + <para>Units whose standard output or error output is connected to <option>journal</option>, <option>syslog</option> + or <option>kmsg</option> (or their combinations with console output, see below) automatically acquire dependencies + of type <varname>After=</varname> on <filename>systemd-journald.socket</filename>.</para> </refsect1> <refsect1> @@ -470,6 +468,10 @@ similar to the same option of <varname>StandardInput=</varname>.</para> + <para>If the standard output (or error output, see below) of a unit is connected to the journal, syslog or the + kernel log buffer, the unit will implicitly gain a dependency of type <varname>After=</varname> on + <filename>systemd-journald.socket</filename> (also see the automatic dependencies section above).</para> + <para>This setting defaults to the value set with <option>DefaultStandardOutput=</option> in <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, @@ -627,27 +629,23 @@ <term><varname>LimitNICE=</varname></term> <term><varname>LimitRTPRIO=</varname></term> <term><varname>LimitRTTIME=</varname></term> - <listitem><para>These settings set both soft and hard limits - of various resources for executed processes. See - <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> - for details. The resource limit is possible to specify in two formats, - <option>value</option> to set soft and hard limits to the same value, - or <option>soft:hard</option> to set both limits individually (e.g. LimitAS=4G:16G). - Use the string <varname>infinity</varname> to - configure no limit on a specific resource. The multiplicative - suffixes K (=1024), M (=1024*1024) and so on for G, T, P and E - may be used for resource limits measured in bytes - (e.g. LimitAS=16G). For the limits referring to time values, - the usual time units ms, s, min, h and so on may be used (see - <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> - for details). Note that if no time unit is specified for - <varname>LimitCPU=</varname> the default unit of seconds is - implied, while for <varname>LimitRTTIME=</varname> the default - unit of microseconds is implied. Also, note that the effective - granularity of the limits might influence their - enforcement. For example, time limits specified for - <varname>LimitCPU=</varname> will be rounded up implicitly to - multiples of 1s.</para> + <listitem><para>Set soft and hard limits on various resources for executed processes. See + <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> for details on + the resource limit concept. Resource limits may be specified in two formats: either as single value to set a + specific soft and hard limit to the same value, or as colon-separated pair <option>soft:hard</option> to set + both limits individually (e.g. <literal>LimitAS=4G:16G</literal>). Use the string <varname>infinity</varname> + to configure no limit on a specific resource. The multiplicative suffixes K, M, G, T, P and E (to the base + 1024) may be used for resource limits measured in bytes (e.g. LimitAS=16G). For the limits referring to time + values, the usual time units ms, s, min, h and so on may be used (see + <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for + details). Note that if no time unit is specified for <varname>LimitCPU=</varname> the default unit of seconds + is implied, while for <varname>LimitRTTIME=</varname> the default unit of microseconds is implied. Also, note + that the effective granularity of the limits might influence their enforcement. For example, time limits + specified for <varname>LimitCPU=</varname> will be rounded up implicitly to multiples of 1s. For + <varname>LimitNICE=</varname> the value may be specified in two syntaxes: if prefixed with <literal>+</literal> + or <literal>-</literal>, the value is understood as regular Linux nice value in the range -20..19. If not + prefixed like this the value is understood as raw resource limit parameter in the range 0..40 (with 0 being + equivalent to 1).</para> <para>Note that most process resource limits configured with these options are per-process, and processes may fork in order diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml index f116782b40..bf56a49e58 100644 --- a/man/systemd.mount.xml +++ b/man/systemd.mount.xml @@ -82,14 +82,12 @@ will refuse options that are not listed in <filename>/etc/fstab</filename> if it is not run as UID 0.</para> - <para>Mount units must be named after the mount point directories - they control. Example: the mount point - <filename noindex='true'>/home/lennart</filename> must be - configured in a unit file <filename>home-lennart.mount</filename>. - For details about the escaping logic used to convert a file system - path to a unit name, see - <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. - Note that mount units cannot be templated.</para> + <para>Mount units must be named after the mount point directories they control. Example: the mount point <filename + noindex='true'>/home/lennart</filename> must be configured in a unit file <filename>home-lennart.mount</filename>. + For details about the escaping logic used to convert a file system path to a unit name, see + <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Note that mount + units cannot be templated, nor is possible to add multiple names to a mount unit by creating additional symlinks to + it.</para> <para>Optionally, a mount unit may be accompanied by an automount unit, to allow on-demand or parallelized mounting. See diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 9bf1b198ad..2a20748376 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -815,9 +815,8 @@ <varlistentry> <term><varname>ClientIdentifier=</varname></term> <listitem> - <para>DHCP client identifier to use. Either <literal>mac</literal> - to use the MAC address of the link or <literal>duid</literal> - (the default) to use a RFC4361-compliant Client ID.</para> + <para>The DHCPv4 client identifier to use. Either <literal>mac</literal> to use the MAC address of the link + or <literal>duid</literal> (the default, see below) to use a RFC4361-compliant Client ID.</para> </listitem> </varlistentry> <varlistentry> @@ -828,6 +827,25 @@ </listitem> </varlistentry> <varlistentry> + <term><varname>DUIDRawData=</varname></term> + <listitem><para>Specifies the DHCP DUID bytes as a single newline-terminated, hexadecimal string, with each + byte separated by a ':'. A DHCPv6 client sends the DHCP Unique Identifier (DUID) and the interface Identity + Association Identifier (IAID) to a DHCP server when acquiring a dynamic IPv6 address. Similar, DHCPv4 clients + send the IAID and DUID to the DHCP server when acquiring a dynamic IPv4 address if + <option>ClientIdentifier=duid</option>. IAID and DUID allows a DHCP server to uniquely identify the machine + and the interface requesting a DHCP IP address.</para> + + <para>The DUID value specified here takes precedence over the DUID that systemd-networkd generates + using the machine-id from the <filename>/etc/machine-id</filename> file, as well as the + global DUID that may be specified in <citerefentry><refentrytitle>networkd.conf + </refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> + + <para>The configured DHCP DUID should conform to the specification in + <ulink url="http://tools.ietf.org/html/rfc3315#section-9">RFC 3315</ulink>, + <ulink url="http://tools.ietf.org/html/rfc6355">RFC 6355</ulink>.</para> + </listitem> + </varlistentry> + <varlistentry> <term><varname>RequestBroadcast=</varname></term> <listitem> <para>Request the server to use broadcast messages before @@ -846,40 +864,7 @@ </listitem> </varlistentry> </variablelist> - - </refsect1> - - <refsect1> - <title>[DUID] Section Options</title> - - <para>This section configures the DHCP Unique Identifier (DUID) value used by DHCP - protocol. DHCPv6 client protocol sends the DHCP Unique Identifier and the interface - Identity Association Identifier (IAID) to a DHCP server when acquiring a dynamic IPv6 - address. DHCPv4 client protocol sends IAID and DUID to the DHCP server when acquiring - a dynamic IPv4 address if <option>ClientIdentifier=duid</option>. IAID and DUID allows a - DHCP server to uniquely identify the machine and the interface requesting a DHCP IP.</para> - - <para>The DUID value specified here overrides the DUID that systemd-networkd generates - using the machine-id from the <filename>/etc/machine-id</filename> file, as well as the - global DUID that may be specified in <citerefentry><refentrytitle>networkd.conf - </refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> - - <para>The configured DHCP DUID should conform to the specification in - <ulink url="http://tools.ietf.org/html/rfc3315#section-9">RFC 3315</ulink>, - <ulink url="http://tools.ietf.org/html/rfc6355">RFC 6355</ulink>.</para> - - <para>The following options are available in <literal>[DUID]</literal> section:</para> - - <variablelist class='network-directives'> - - <varlistentry> - <term><varname>RawData=</varname></term> - <listitem><para>Specifies the DUID bytes as a single newline-terminated, hexadecimal - string, with each byte separated by a ':'.</para></listitem> - </varlistentry> - - </variablelist> - </refsect1> + </refsect1> <refsect1> <title>[DHCPServer] Section Options</title> diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml index ce900a5db1..15360078ef 100644 --- a/man/systemd.nspawn.xml +++ b/man/systemd.nspawn.xml @@ -251,6 +251,14 @@ <option>--uuid=</option> command line switch. This option is privileged (see above). </para></listitem> </varlistentry> + + <varlistentry> + <term><varname>PrivateUsers=</varname></term> + + <listitem><para>Configures support for usernamespacing. This is equivalent to the + <option>--private-users=</option> command line switch, and takes the same options. This option is privileged + (see above). </para></listitem> + </varlistentry> </variablelist> </refsect1> @@ -314,6 +322,16 @@ for details about the specific options supported. This setting is privileged (see above).</para></listitem> </varlistentry> + + <varlistentry> + <term><varname>PrivateUsersChown=</varname></term> + + <listitem><para>Configures whether the ownership of the files and directories in the container tree shall be + adjusted to the UID/GID range used, if necessary and user namespacing is enabled. This is equivalent to the + <option>--private-users-chown</option> command line switch. This option is privileged (see + above). </para></listitem> + </varlistentry> + </variablelist> </refsect1> diff --git a/man/systemd.slice.xml b/man/systemd.slice.xml index 16247628af..eee98d99ee 100644 --- a/man/systemd.slice.xml +++ b/man/systemd.slice.xml @@ -71,6 +71,9 @@ the root slice <filename>-.slice</filename>. </para> + <para>Note that slice units cannot be templated, nor is possible to add multiple names to a slice unit by creating + additional symlinks to it.</para> + <para>By default, service and scope units are placed in <filename>system.slice</filename>, virtual machines and containers registered with diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index 2d6339680b..735268c79d 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -807,6 +807,22 @@ suffix.</para></listitem> </varlistentry> + <varlistentry> + <term><varname>TriggerLimitIntervalSec=</varname></term> + <term><varname>TriggerLimitBurst=</varname></term> + + <listitem><para>Configures a limit on how often this socket unit my be activated within a specific time + interval. The <varname>TriggerLimitIntervalSec=</varname> may be used to configure the length of the time + interval in the usual time units <literal>us</literal>, <literal>ms</literal>, <literal>s</literal>, + <literal>min</literal>, <literal>h</literal>, … and defaults to 5s (See + <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details on + the various time units available). The <varname>TriggerLimitBurst=</varname> setting takes an integer value and + specifies the numer of permitted activations per time interval, and defaults to 2500 (thus by default + permitting 2500 activations per 5s). Set either to 0 to disable any form of trigger rate limiting. If the limit + is hit, the socket unit is placed into a failure mode, and will not be connectible anymore until + restarted. Note that this limit is enforced before the service activation is enqueued.</para></listitem> + </varlistentry> + </variablelist> <para>Check diff --git a/man/systemd.swap.xml b/man/systemd.swap.xml index 6fc4c7bf13..cf4e1ba839 100644 --- a/man/systemd.swap.xml +++ b/man/systemd.swap.xml @@ -78,13 +78,12 @@ which configure resource control settings for these processes of the unit.</para> - <para>Swap units must be named after the devices - or files they control. Example: the swap device - <filename noindex='true'>/dev/sda5</filename> must be configured in a - unit file <filename>dev-sda5.swap</filename>. For details about - the escaping logic used to convert a file system path to a unit - name, see - <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> + <para>Swap units must be named after the devices or files they control. Example: the swap device <filename + noindex='true'>/dev/sda5</filename> must be configured in a unit file <filename>dev-sda5.swap</filename>. For + details about the escaping logic used to convert a file system path to a unit name, see + <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Note that swap + units cannot be templated, nor is possible to add multiple names to a swap unit by creating additional symlinks to + it.</para> </refsect1> <refsect1> diff --git a/man/systemd.timer.xml b/man/systemd.timer.xml index eb0afee141..0d0cccf152 100644 --- a/man/systemd.timer.xml +++ b/man/systemd.timer.xml @@ -73,6 +73,12 @@ <filename>foo.timer</filename> activates a matching service <filename>foo.service</filename>. The unit to activate may be controlled by <varname>Unit=</varname> (see below).</para> + + <para>Note that in case the unit to activate is already active at the time the timer elapses it is not restarted, + but simply left running. There is no concept of spawning new service instances in this case. Due to this, services + with <varname>RemainAfterExit=</varname> set (which stay around continously even after the service's main process + exited) are usually not suitable for activation via repetitive timers, as they will only be activated once, and + then stay around forever.</para> </refsect1> <refsect1> diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 7993301167..abd47bd237 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -751,14 +751,14 @@ </varlistentry> <varlistentry> - <term><varname>StartLimitInterval=</varname></term> + <term><varname>StartLimitIntervalSec=</varname></term> <term><varname>StartLimitBurst=</varname></term> <listitem><para>Configure unit start rate limiting. By default, units which are started more than 5 times within 10 seconds are not permitted to start any more times until the 10 second interval ends. With these two - options, this rate limiting may be modified. Use <varname>StartLimitInterval=</varname> to configure the - checking interval (defaults to <varname>DefaultStartLimitInterval=</varname> in manager configuration file, set - to 0 to disable any kind of rate limiting). Use <varname>StartLimitBurst=</varname> to configure how many + options, this rate limiting may be modified. Use <varname>StartLimitIntervalSec=</varname> to configure the + checking interval (defaults to <varname>DefaultStartLimitIntervalSec=</varname> in manager configuration file, + set to 0 to disable any kind of rate limiting). Use <varname>StartLimitBurst=</varname> to configure how many starts per interval are allowed (defaults to <varname>DefaultStartLimitBurst=</varname> in manager configuration file). These configuration options are particularly useful in conjunction with the service setting <varname>Restart=</varname> (see @@ -769,14 +769,15 @@ manually at a later point, from which point on, the restart logic is again activated. Note that <command>systemctl reset-failed</command> will cause the restart rate counter for a service to be flushed, which is useful if the administrator wants to manually start a unit and the start limit interferes with - that.</para></listitem> + that. Note that this rate-limiting is enforced after any unit condition checks are executed, and hence unit + activations with failing conditions are not counted by this rate limiting.</para></listitem> </varlistentry> <varlistentry> <term><varname>StartLimitAction=</varname></term> <listitem><para>Configure the action to take if the rate limit configured with - <varname>StartLimitInterval=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes one of + <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>, <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or <option>poweroff-immediate</option>. If <option>none</option> is set, hitting the rate limit will trigger no @@ -1102,13 +1103,12 @@ <varlistentry> <term><varname>Alias=</varname></term> - <listitem><para>A space-separated list of additional names - this unit shall be installed under. The names listed here must - have the same suffix (i.e. type) as the unit file name. This - option may be specified more than once, in which case all - listed names are used. At installation time, - <command>systemctl enable</command> will create symlinks from - these names to the unit filename.</para></listitem> + <listitem><para>A space-separated list of additional names this unit shall be installed under. The names listed + here must have the same suffix (i.e. type) as the unit file name. This option may be specified more than once, + in which case all listed names are used. At installation time, <command>systemctl enable</command> will create + symlinks from these names to the unit filename. Note that not all unit types support such alias names, and this + setting is not supported for them. Specifically, mount, slice, swap, and automount units do not support + aliasing.</para></listitem> </varlistentry> <varlistentry> |