summaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
Diffstat (limited to 'man')
-rw-r--r--man/busctl.xml8
-rw-r--r--man/pam_systemd.xml39
-rw-r--r--man/sd_journal_print.xml2
-rw-r--r--man/sd_notify.xml9
-rw-r--r--man/systemctl.xml12
-rw-r--r--man/systemd-analyze.xml2
-rw-r--r--man/systemd-cgls.xml21
-rw-r--r--man/systemd-firstboot.xml10
-rw-r--r--man/systemd-fstab-generator.xml2
-rw-r--r--man/systemd-logind.service.xml10
-rw-r--r--man/systemd-mount.xml20
-rw-r--r--man/systemd-notify.xml22
-rw-r--r--man/systemd-nspawn.xml48
-rw-r--r--man/systemd-resolve.xml2
-rw-r--r--man/systemd-run.xml6
-rw-r--r--man/systemd-socket-proxyd.xml6
-rw-r--r--man/systemd-suspend.service.xml6
-rw-r--r--man/systemd.exec.xml220
-rw-r--r--man/systemd.journal-fields.xml10
-rw-r--r--man/systemd.mount.xml20
-rw-r--r--man/systemd.network.xml23
-rw-r--r--man/systemd.nspawn.xml9
-rw-r--r--man/systemd.offline-updates.xml2
-rw-r--r--man/systemd.service.xml45
-rw-r--r--man/systemd.swap.xml37
-rw-r--r--man/systemd.unit.xml13
26 files changed, 384 insertions, 220 deletions
diff --git a/man/busctl.xml b/man/busctl.xml
index 052a33097f..f63d0d5bab 100644
--- a/man/busctl.xml
+++ b/man/busctl.xml
@@ -291,11 +291,11 @@
<listitem><para>Similar to <command>monitor</command> but
writes the output in pcap format (for details, see the <ulink
- url="http://wiki.wireshark.org/Development/LibpcapFileFormat">Libpcap
- File Format</ulink> description. Make sure to redirect the
- output to STDOUT to a file. Tools like
+ url="https://wiki.wireshark.org/Development/LibpcapFileFormat">Libpcap
+ File Format</ulink> description). Make sure to redirect
+ standard output to a file. Tools like
<citerefentry project='die-net'><refentrytitle>wireshark</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- may be used to dissect and view the generated
+ may be used to dissect and view the resulting
files.</para></listitem>
</varlistentry>
diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml
index ddda81bc90..6e1aa0dd9a 100644
--- a/man/pam_systemd.xml
+++ b/man/pam_systemd.xml
@@ -59,29 +59,23 @@
<citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
and hence the systemd control group hierarchy.</para>
- <para>On login, this module ensures the following:</para>
+ <para>On login, this module — in conjunction with <filename>systemd-logind.service</filename> — ensures the
+ following:</para>
<orderedlist>
- <listitem><para>If it does not exist yet, the user runtime
- directory <filename>/run/user/$USER</filename> is created and
- its ownership changed to the user that is logging
- in.</para></listitem>
-
- <listitem><para>The <varname>$XDG_SESSION_ID</varname>
- environment variable is initialized. If auditing is available
- and <command>pam_loginuid.so</command> was run before this
- module (which is highly recommended), the variable is
- initialized from the auditing session id
- (<filename>/proc/self/sessionid</filename>). Otherwise, an
+ <listitem><para>If it does not exist yet, the user runtime directory <filename>/run/user/$UID</filename> is
+ either created or mounted as new <literal>tmpfs</literal> file system with quota applied, and its ownership
+ changed to the user that is logging in.</para></listitem>
+
+ <listitem><para>The <varname>$XDG_SESSION_ID</varname> environment variable is initialized. If auditing is
+ available and <command>pam_loginuid.so</command> was run before this module (which is highly recommended), the
+ variable is initialized from the auditing session id (<filename>/proc/self/sessionid</filename>). Otherwise, an
independent session counter is used.</para></listitem>
- <listitem><para>A new systemd scope unit is created for the
- session. If this is the first concurrent session of the user, an
- implicit slice below <filename>user.slice</filename> is
- automatically created and the scope placed into it. An instance
- of the system service <filename>user@.service</filename>, which
- runs the systemd user manager instance, is started.
- </para></listitem>
+ <listitem><para>A new systemd scope unit is created for the session. If this is the first concurrent session of
+ the user, an implicit per-user slice unit below <filename>user.slice</filename> is automatically created and the
+ scope placed into it. An instance of the system service <filename>user@.service</filename>, which runs the
+ systemd user manager instance, is started. </para></listitem>
</orderedlist>
<para>On logout, this module ensures the following:</para>
@@ -89,10 +83,9 @@
<orderedlist>
<listitem><para>If enabled in
<citerefentry><refentrytitle>logind.conf</refentrytitle>
- <manvolnum>5</manvolnum></citerefentry>, all processes of the
- session are terminated. If the last concurrent session of a user
- ends, the user's systemd instance will be terminated too, and so
- will the user's slice unit.</para></listitem>
+ <manvolnum>5</manvolnum></citerefentry> (<varname>KillUserProcesses=</varname>), all processes of the session are
+ terminated. If the last concurrent session of a user ends, the user's systemd instance will be terminated too,
+ and so will the user's slice unit.</para></listitem>
<listitem><para>If the last concurrent session of a user ends,
the <varname>$XDG_RUNTIME_DIR</varname> directory and all its
diff --git a/man/sd_journal_print.xml b/man/sd_journal_print.xml
index ff3638c909..a741abe32d 100644
--- a/man/sd_journal_print.xml
+++ b/man/sd_journal_print.xml
@@ -133,7 +133,7 @@
project='man-pages'><refentrytitle>readv</refentrytitle><manvolnum>3</manvolnum></citerefentry> for details)
instead of the format string. Each structure should reference one field of the entry to submit. The second argument
specifies the number of structures in the array. <function>sd_journal_sendv()</function> is particularly useful to
- submit binary objects to the journal where that is necessary. Note that this function wil not strip trailing
+ submit binary objects to the journal where that is necessary. Note that this function will not strip trailing
whitespace of the passed fields, but passes the specified data along unmodified. This is different from both
<function>sd_journal_print()</function> and <function>sd_journal_send()</function> described above, which are based
on format strings, and do strip trailing whitespace.</para>
diff --git a/man/sd_notify.xml b/man/sd_notify.xml
index 6e98041912..4dcefc4baf 100644
--- a/man/sd_notify.xml
+++ b/man/sd_notify.xml
@@ -268,6 +268,15 @@
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details.</para>
+ <para>Note that <function>sd_notify()</function> notifications may be attributed to units correctly only if either
+ the sending process is still around at the time PID 1 processes the message, or if the sending process is
+ explicitly runtime-tracked by the service manager. The latter is the case if the service manager originally forked
+ off the process, i.e. on all processes that match <varname>NotifyAccess=</varname><option>main</option> or
+ <varname>NotifyAccess=</varname><option>exec</option>. Conversely, if an auxiliary process of the unit sends an
+ <function>sd_notify()</function> message and immediately exits, the service manager might not be able to properly
+ attribute the message to the unit, and thus will ignore it, even if
+ <varname>NotifyAccess=</varname><option>all</option> is set for it.</para>
+
<para><function>sd_notifyf()</function> is similar to
<function>sd_notify()</function> but takes a
<function>printf()</function>-like format string plus
diff --git a/man/systemctl.xml b/man/systemctl.xml
index 87cf52172b..25db00e5f6 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -393,10 +393,14 @@
<xi:include href="user-system-options.xml" xpointer="user" />
<xi:include href="user-system-options.xml" xpointer="system" />
- <!-- we do not document -failed here, as it has been made
- redundant by -state=failed, which it predates. To keep
- things simple, we only document the new switch, while
- keeping the old one around for compatibility only. -->
+ <varlistentry>
+ <term><option>--failed</option></term>
+
+ <listitem>
+ <para>List units in failed state. This is equivalent to
+ <option>--state=failed</option>.</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><option>--no-wall</option></term>
diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml
index 7d5410d693..095d4e7e78 100644
--- a/man/systemd-analyze.xml
+++ b/man/systemd-analyze.xml
@@ -354,7 +354,7 @@ Documentation=man:nosuchfile(1)
Requires=different.service
[Service]
-Desription=x
+Description=x
$ systemd-analyze verify ./user.slice
[./user.slice:9] Unknown lvalue 'WhatIsThis' in section 'Unit'
diff --git a/man/systemd-cgls.xml b/man/systemd-cgls.xml
index e8f0368f48..219514b183 100644
--- a/man/systemd-cgls.xml
+++ b/man/systemd-cgls.xml
@@ -54,6 +54,12 @@
<arg choice="opt" rep="repeat">OPTIONS</arg>
<arg choice="opt" rep="repeat">CGROUP</arg>
</cmdsynopsis>
+ <cmdsynopsis>
+ <command>systemd-cgls</command>
+ <arg choice="opt" rep="repeat">OPTIONS</arg>
+ <arg choice="plain"><option>--unit</option>|<option>--user-unit</option></arg>
+ <arg choice="opt" rep="repeat">UNIT</arg>
+ </cmdsynopsis>
</refsynopsisdiv>
<refsect1>
@@ -96,6 +102,21 @@
</varlistentry>
<varlistentry>
+ <term><option>-u</option></term>
+ <term><option>--unit</option></term>
+
+ <listitem><para>Show cgroup subtrees for the specified units.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--user-unit</option></term>
+
+ <listitem><para>Show cgroup subtrees for the specified user units.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><option>-k</option></term>
<listitem><para>Include kernel threads in output.
diff --git a/man/systemd-firstboot.xml b/man/systemd-firstboot.xml
index 8cdc297a0e..539422ab98 100644
--- a/man/systemd-firstboot.xml
+++ b/man/systemd-firstboot.xml
@@ -63,8 +63,14 @@
<para><command>systemd-firstboot</command> initializes the most
basic system settings interactively on the first boot, or
- optionally non-interactively when a system image is created. The
- following settings may be set up:</para>
+ optionally non-interactively when a system image is created.
+ The service is started if <varname>ConditionFirstBoot=yes</varname>
+ is satisfied. This essentially means that <filename>/etc</filename>
+ is empty, see
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details.</para>
+
+ <para>The following settings may be set up:</para>
<itemizedlist>
<listitem><para>The system locale, more specifically the two
diff --git a/man/systemd-fstab-generator.xml b/man/systemd-fstab-generator.xml
index 5f37e9193e..50d24d67f0 100644
--- a/man/systemd-fstab-generator.xml
+++ b/man/systemd-fstab-generator.xml
@@ -193,7 +193,7 @@
<para>If set to <option>state</option> the generator will leave the root
directory mount point unaltered, however will mount a <literal>tmpfs</literal> file system to
- <filename>/var</filename>. In this mode the normal system configuration (i.e the contents of
+ <filename>/var</filename>. In this mode the normal system configuration (i.e. the contents of
<literal>/etc</literal>) is in effect (and may be modified during system runtime), however the system state
(i.e. the contents of <literal>/var</literal>) is reset at boot and lost at shutdown.</para>
diff --git a/man/systemd-logind.service.xml b/man/systemd-logind.service.xml
index f0bdb1c756..9288f48f07 100644
--- a/man/systemd-logind.service.xml
+++ b/man/systemd-logind.service.xml
@@ -60,8 +60,14 @@
manages user logins. It is responsible for:</para>
<itemizedlist>
- <listitem><para>Keeping track of users and sessions, their
- processes and their idle state</para></listitem>
+ <listitem><para>Keeping track of users and sessions, their processes and their idle state. This is implemented by
+ allocating a systemd slice unit for each user below <filename>user.slice</filename>, and a scope unit below it
+ for each concurrent session of a user. Also, a per-user service manager is started as system service instance of
+ <filename>user@.service</filename> for each user logged in.</para></listitem>
+
+ <listitem><para>Generating and managing session IDs. If auditing is available and an audit session ID is set for
+ a session already, the session ID is initialized from it. Otherwise, an independent session counter is
+ used.</para></listitem>
<listitem><para>Providing PolicyKit-based access for users to
operations such as system shutdown or sleep</para></listitem>
diff --git a/man/systemd-mount.xml b/man/systemd-mount.xml
index 06b7c85bd8..8bba286787 100644
--- a/man/systemd-mount.xml
+++ b/man/systemd-mount.xml
@@ -45,7 +45,8 @@
<refnamediv>
<refname>systemd-mount</refname>
- <refpurpose>Establish a mount or auto-mount point transiently</refpurpose>
+ <refname>systemd-umount</refname>
+ <refpurpose>Establish and destroy transient mount or auto-mount points</refpurpose>
</refnamediv>
<refsynopsisdiv>
@@ -60,6 +61,11 @@
<arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
<arg choice="plain"><option>--list</option></arg>
</cmdsynopsis>
+ <cmdsynopsis>
+ <command>systemd-umount</command>
+ <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
+ <arg choice="plain" rep="repeat"><replaceable>WHERE</replaceable></arg>
+ </cmdsynopsis>
</refsynopsisdiv>
<refsect1>
@@ -91,6 +97,9 @@
<para>Use the <option>--list</option> command to show a terse table of all local, known block devices with file
systems that may be mounted with this command.</para>
+
+ <para><command>systemd-umount</command> can be used to unmount a mount or automount point. It is the same
+ as <command>systemd-mount</command> <option>--unmount</option>.</para>
</refsect1>
<refsect1>
@@ -239,6 +248,15 @@
such as labels, etc.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>-u</option></term>
+ <term><option>--umount</option></term>
+
+ <listitem><para>Stop the mount and automount units corresponding to the specified mount points
+ <replaceable>WHERE</replaceable>.</para>
+ </listitem>
+ </varlistentry>
+
<xi:include href="user-system-options.xml" xpointer="user" />
<xi:include href="user-system-options.xml" xpointer="system" />
<xi:include href="user-system-options.xml" xpointer="host" />
diff --git a/man/systemd-notify.xml b/man/systemd-notify.xml
index 4a8e119eb6..8c56a6b8ed 100644
--- a/man/systemd-notify.xml
+++ b/man/systemd-notify.xml
@@ -72,10 +72,24 @@
<para>The command line may carry a list of environment variables
to send as part of the status update.</para>
- <para>Note that systemd will refuse reception of status updates
- from this command unless <varname>NotifyAccess=all</varname> is
- set for the service unit this command is called from.</para>
-
+ <para>Note that systemd will refuse reception of status updates from this command unless
+ <varname>NotifyAccess=</varname> is set for the service unit this command is called from.</para>
+
+ <para>Note that <function>sd_notify()</function> notifications may be attributed to units correctly only if either
+ the sending process is still around at the time PID 1 processes the message, or if the sending process is
+ explicitly runtime-tracked by the service manager. The latter is the case if the service manager originally forked
+ off the process, i.e. on all processes that match <varname>NotifyAccess=</varname><option>main</option> or
+ <varname>NotifyAccess=</varname><option>exec</option>. Conversely, if an auxiliary process of the unit sends an
+ <function>sd_notify()</function> message and immediately exits, the service manager might not be able to properly
+ attribute the message to the unit, and thus will ignore it, even if
+ <varname>NotifyAccess=</varname><option>all</option> is set for it.</para>
+
+ <para><command>systemd-notify</command> will first attempt to invoke <function>sd_notify()</function> pretending to
+ have the PID of the invoking process. This will only succeed when invoked with sufficient privileges. On failure,
+ it will then fall back to invoking it under its own PID. This behaviour is useful in order that when the tool is
+ invoked from a shell script the shell process — and not the <command>systemd-notify</command> process — appears as
+ sender of the message, which in turn is helpful if the shell process is the main process of a service, due to the
+ limitations of <varname>NotifyAccess=</varname><option>all</option> described above.</para>
</refsect1>
<refsect1>
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index f6b3f57fc7..17c14e9f22 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -256,10 +256,14 @@
<listitem><para>Takes a data integrity (dm-verity) root hash specified in hexadecimal. This option enables data
integrity checks using dm-verity, if the used image contains the appropriate integrity data (see above). The
- specified hash must match the root hash of integrity data, and is usually at least 256bits (and hence 64
- hexadecimal characters) long (in case of SHA256 for example). If this option is not specified, but a file with
- the <filename>.roothash</filename> suffix is found next to the image file, bearing otherwise the same name the
- root hash is read from it and automatically used.</para></listitem>
+ specified hash must match the root hash of integrity data, and is usually at least 256 bits (and hence 64
+ formatted hexadecimal characters) long (in case of SHA256 for example). If this option is not specified, but
+ the image file carries the <literal>user.verity.roothash</literal> extended file attribute (see <citerefentry
+ project='man-pages'><refentrytitle>xattr</refentrytitle><manvolnum>7</manvolnum></citerefentry>), then the root
+ hash is read from it, also as formatted hexadecimal characters. If the extended file attribute is not found (or
+ is not supported by the underlying file system), but a file with the <filename>.roothash</filename> suffix is
+ found next to the image file, bearing otherwise the same name, the root hash is read from it and automatically
+ used, also as formatted hexadecimal characters.</para></listitem>
</varlistentry>
<varlistentry>
@@ -336,6 +340,22 @@
</varlistentry>
<varlistentry>
+ <term><option>--pivot-root=</option></term>
+
+ <listitem><para>Pivot the specified directory to <filename>/</filename> inside the container, and either unmount the
+ container's old root, or pivot it to another specified directory. Takes one of: a path argument — in which case the
+ specified path will be pivoted to <filename>/</filename> and the old root will be unmounted; or a colon-separated pair
+ of new root path and pivot destination for the old root. The new root path will be pivoted to <filename>/</filename>,
+ and the old <filename>/</filename> will be pivoted to the other directory. Both paths must be absolute, and are resolved
+ in the container's file system namespace.</para>
+
+ <para>This is for containers which have several bootable directories in them; for example, several
+ <ulink url="https://ostree.readthedocs.io/en/latest/">OSTree</ulink> deployments. It emulates the behavior of
+ the boot loader and initial RAM disk which normally select which directory to mount as the root and start the
+ container's PID 1 in.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><option>-u</option></term>
<term><option>--user=</option></term>
@@ -1026,8 +1046,9 @@
<example>
<title>Download a Fedora image and start a shell in it</title>
- <programlisting># machinectl pull-raw --verify=no http://ftp.halifax.rwth-aachen.de/fedora/linux/releases/24/CloudImages/x86_64/images/Fedora-Cloud-Base-24-1.2.x86_64.raw.xz
-# systemd-nspawn -M Fedora-Cloud-Base-24-1.2.x86_64.raw</programlisting>
+ <programlisting># machinectl pull-raw --verify=no \
+ https://download.fedoraproject.org/pub/fedora/linux/releases/25/CloudImages/x86_64/images/Fedora-Cloud-Base-25-1.3.x86_64.raw.xz
+# systemd-nspawn -M Fedora-Cloud-Base-25-1.3.x86_64.raw</programlisting>
<para>This downloads an image using
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
@@ -1037,7 +1058,9 @@
<example>
<title>Build and boot a minimal Fedora distribution in a container</title>
- <programlisting># dnf -y --releasever=23 --installroot=/srv/mycontainer --disablerepo='*' --enablerepo=fedora --enablerepo=updates install systemd passwd dnf fedora-release vim-minimal
+ <programlisting># dnf -y --releasever=25 --installroot=/srv/mycontainer \
+ --disablerepo='*' --enablerepo=fedora --enablerepo=updates install \
+ systemd passwd dnf fedora-release vim-minimal
# systemd-nspawn -bD /srv/mycontainer</programlisting>
<para>This installs a minimal Fedora distribution into the
@@ -1080,7 +1103,16 @@
<title>Run a container with SELinux sandbox security contexts</title>
<programlisting># chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container
-# systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh</programlisting>
+# systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 \
+ -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh</programlisting>
+ </example>
+
+ <example>
+ <title>Run a container with an OSTree deployment</title>
+
+ <programlisting># systemd-nspawn -b -i ~/image.raw \
+ --pivot-root=/ostree/deploy/$OS/deploy/$CHECKSUM:/sysroot \
+ --bind=+/sysroot/ostree/deploy/$OS/var:/var</programlisting>
</example>
</refsect1>
diff --git a/man/systemd-resolve.xml b/man/systemd-resolve.xml
index f3dbaec744..50da971b07 100644
--- a/man/systemd-resolve.xml
+++ b/man/systemd-resolve.xml
@@ -273,7 +273,7 @@
<literal>payload</literal>, the payload of the packet is exported. If the argument is
<literal>packet</literal>, the whole packet is dumped in wire format, prefixed by
length specified as a little-endian 64-bit number. This format allows multiple packets
- to be dumped and unambigously parsed.</para></listitem>
+ to be dumped and unambiguously parsed.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/man/systemd-run.xml b/man/systemd-run.xml
index 8d881f15d6..5e44b1523d 100644
--- a/man/systemd-run.xml
+++ b/man/systemd-run.xml
@@ -77,7 +77,7 @@
other service, and thus shows up in the output of <command>systemctl list-units</command> like any other unit. It
will run in a clean and detached execution environment, with the service manager as its parent process. In this
mode, <command>systemd-run</command> will start the service asynchronously in the background and return after the
- command has begun execution (unless <option>--no-block</option> or <option>--watch</option> are specified, see
+ command has begun execution (unless <option>--no-block</option> or <option>--wait</option> are specified, see
below).</para>
<para>If a command is run as transient scope unit, it will be executed by <command>systemd-run</command> itself as
@@ -250,7 +250,7 @@
command. See <varname>OnActiveSec=</varname>, <varname>OnBootSec=</varname>, <varname>OnStartupSec=</varname>,
<varname>OnUnitActiveSec=</varname> and <varname>OnUnitInactiveSec=</varname> in
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
- details. These options may not be combined with <option>--scope</option>.</para>
+ details. These options may not be combined with <option>--scope</option> or <option>--pty</option>.</para>
</listitem>
</varlistentry>
@@ -259,7 +259,7 @@
<listitem><para>Defines a calendar timer for starting the specified command. See <varname>OnCalendar=</varname>
in <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>. This
- option may not be combined with <option>--scope</option>.</para>
+ option may not be combined with <option>--scope</option> or <option>--pty</option>.</para>
</listitem>
</varlistentry>
diff --git a/man/systemd-socket-proxyd.xml b/man/systemd-socket-proxyd.xml
index a86b13daa8..b8a7800b82 100644
--- a/man/systemd-socket-proxyd.xml
+++ b/man/systemd-socket-proxyd.xml
@@ -135,8 +135,7 @@ server {
</example>
<example>
<title>Enabling the proxy</title>
- <programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket
-# systemctl start proxy-to-nginx.socket
+ <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
$ curl http://localhost:80/]]></programlisting>
</example>
</refsect2>
@@ -176,8 +175,7 @@ server {
</example>
<example>
<title>Enabling the proxy</title>
- <programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket
-# systemctl start proxy-to-nginx.socket
+ <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
$ curl http://localhost:80/]]></programlisting>
</example>
</refsect2>
diff --git a/man/systemd-suspend.service.xml b/man/systemd-suspend.service.xml
index a8beb86f4d..c7733f2885 100644
--- a/man/systemd-suspend.service.xml
+++ b/man/systemd-suspend.service.xml
@@ -89,8 +89,10 @@
<para>Note that scripts or binaries dropped in
<filename>/usr/lib/systemd/system-sleep/</filename> are intended
for local use only and should be considered hacks. If applications
- want to be notified of system suspend/hibernation and resume,
- there are much nicer interfaces available.</para>
+ want to react to system suspend/hibernation and resume,
+ they should rather use the <ulink
+ url="http://www.freedesktop.org/wiki/Software/systemd/inhibit">Inhibitor
+ interface</ulink>.</para>
<para>Note that
<filename>systemd-suspend.service</filename>,
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 07da57e11a..16f0f07db7 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -86,12 +86,10 @@
<para>A few execution parameters result in additional, automatic
dependencies to be added.</para>
- <para>Units with <varname>WorkingDirectory=</varname> or
- <varname>RootDirectory=</varname> set automatically gain
- dependencies of type <varname>Requires=</varname> and
- <varname>After=</varname> on all mount units required to access
- the specified paths. This is equivalent to having them listed
- explicitly in <varname>RequiresMountsFor=</varname>.</para>
+ <para>Units with <varname>WorkingDirectory=</varname>, <varname>RootDirectory=</varname> or
+ <varname>RootImage=</varname> set automatically gain dependencies of type <varname>Requires=</varname> and
+ <varname>After=</varname> on all mount units required to access the specified paths. This is equivalent to having
+ them listed explicitly in <varname>RequiresMountsFor=</varname>.</para>
<para>Similar, units with <varname>PrivateTmp=</varname> enabled automatically get mount unit dependencies for all
mounts required to access <filename>/tmp</filename> and <filename>/var/tmp</filename>. They will also gain an
@@ -117,9 +115,10 @@
<varname>User=</varname> is used. If not set, defaults to the root directory when systemd is running as a
system instance and the respective user's home directory if run as user. If the setting is prefixed with the
<literal>-</literal> character, a missing working directory is not considered fatal. If
- <varname>RootDirectory=</varname> is not set, then <varname>WorkingDirectory=</varname> is relative to the root
- of the system running the service manager. Note that setting this parameter might result in additional
- dependencies to be added to the unit (see above).</para></listitem>
+ <varname>RootDirectory=</varname>/<varname>RootImage=</varname> is not set, then
+ <varname>WorkingDirectory=</varname> is relative to the root of the system running the service manager. Note
+ that setting this parameter might result in additional dependencies to be added to the unit (see
+ above).</para></listitem>
</varlistentry>
<varlistentry>
@@ -132,8 +131,33 @@
the <function>chroot()</function> jail. Note that setting this parameter might result in additional
dependencies to be added to the unit (see above).</para>
- <para>The <varname>PrivateUsers=</varname> setting is particularly useful in conjunction with
- <varname>RootDirectory=</varname>. For details, see below.</para></listitem>
+ <para>The <varname>MountAPIVFS=</varname> and <varname>PrivateUsers=</varname> settings are particularly useful
+ in conjunction with <varname>RootDirectory=</varname>. For details, see below.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>RootImage=</varname></term>
+ <listitem><para>Takes a path to a block device node or regular file as argument. This call is similar to
+ <varname>RootDirectory=</varname> however mounts a file system hierarchy from a block device node or loopack
+ file instead of a directory. The device node or file system image file needs to contain a file system without a
+ partition table, or a file system within an MBR/MS-DOS or GPT partition table with only a single
+ Linux-compatible partition, or a set of file systems within a GPT partition table that follows the <ulink
+ url="http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/">Discoverable Partitions
+ Specification</ulink>.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>MountAPIVFS=</varname></term>
+
+ <listitem><para>Takes a boolean argument. If on, a private mount namespace for the unit's processes is created
+ and the API file systems <filename>/proc</filename>, <filename>/sys</filename>, and <filename>/dev</filename>
+ are mounted inside of it, unless they are already mounted. Note that this option has no effect unless used in
+ conjunction with <varname>RootDirectory=</varname>/<varname>RootImage=</varname> as these three mounts are
+ generally mounted in the host anyway, and unless the root directory is changed, the private mount namespace
+ will be a 1:1 copy of the host's, and include these three mounts. Note that the <filename>/dev</filename> file
+ system of the host is bind mounted if this option is used without <varname>PrivateDevices=</varname>. To run
+ the service with a private, minimal version of <filename>/dev/</filename>, combine this option with
+ <varname>PrivateDevices=</varname>.</para></listitem>
</varlistentry>
<varlistentry>
@@ -938,7 +962,7 @@
access a process might have to the file system hierarchy. Each setting takes a space-separated list of paths
relative to the host's root directory (i.e. the system running the service manager). Note that if paths
contain symlinks, they are resolved relative to the root directory set with
- <varname>RootDirectory=</varname>.</para>
+ <varname>RootDirectory=</varname>/<varname>RootImage=</varname>.</para>
<para>Paths listed in <varname>ReadWritePaths=</varname> are accessible from within the namespace with the same
access modes as from outside of it. Paths listed in <varname>ReadOnlyPaths=</varname> are accessible for
@@ -957,9 +981,10 @@
<para>Paths in <varname>ReadWritePaths=</varname>, <varname>ReadOnlyPaths=</varname> and
<varname>InaccessiblePaths=</varname> may be prefixed with <literal>-</literal>, in which case they will be
ignored when they do not exist. If prefixed with <literal>+</literal> the paths are taken relative to the root
- directory of the unit, as configured with <varname>RootDirectory=</varname>, instead of relative to the root
- directory of the host (see above). When combining <literal>-</literal> and <literal>+</literal> on the same
- path make sure to specify <literal>-</literal> first, and <literal>+</literal> second.</para>
+ directory of the unit, as configured with <varname>RootDirectory=</varname>/<varname>RootImage=</varname>,
+ instead of relative to the root directory of the host (see above). When combining <literal>-</literal> and
+ <literal>+</literal> on the same path make sure to specify <literal>-</literal> first, and <literal>+</literal>
+ second.</para>
<para>Note that using this setting will disconnect propagation of mounts from the service to the host
(propagation in the opposite direction continues to work). This means that this setting may not be used for
@@ -981,7 +1006,7 @@
source path, destination path and option string, where the latter two are optional. If only a source path is
specified the source and destination is taken to be the same. The option string may be either
<literal>rbind</literal> or <literal>norbind</literal> for configuring a recursive or non-recursive bind
- mount. If the destination parth is omitted, the option string must be omitted too.</para>
+ mount. If the destination path is omitted, the option string must be omitted too.</para>
<para><varname>BindPaths=</varname> creates regular writable bind mounts (unless the source file system mount
is already marked read-only), while <varname>BindReadOnlyPaths=</varname> creates read-only bind mounts. These
@@ -990,9 +1015,9 @@
that in this case both read-only and regular bind mounts are reset, regardless which of the two settings is
used.</para>
- <para>This option is particularly useful when <varname>RootDirectory=</varname> is used. In this case the
- source path refers to a path on the host file system, while the destination path referes to a path below the
- root directory of the unit.</para></listitem>
+ <para>This option is particularly useful when <varname>RootDirectory=</varname>/<varname>RootImage=</varname>
+ is used. In this case the source path refers to a path on the host file system, while the destination path
+ refers to a path below the root directory of the unit.</para></listitem>
</varlistentry>
<varlistentry>
@@ -1080,10 +1105,10 @@
such as <varname>CapabilityBoundingSet=</varname> will affect only the latter, and there's no way to acquire
additional capabilities in the host's user namespace. Defaults to off.</para>
- <para>This setting is particularly useful in conjunction with <varname>RootDirectory=</varname>, as the need to
- synchronize the user and group databases in the root directory and on the host is reduced, as the only users
- and groups who need to be matched are <literal>root</literal>, <literal>nobody</literal> and the unit's own
- user and group.</para></listitem>
+ <para>This setting is particularly useful in conjunction with
+ <varname>RootDirectory=</varname>/<varname>RootImage=</varname>, as the need to synchronize the user and group
+ databases in the root directory and on the host is reduced, as the only users and groups who need to be matched
+ are <literal>root</literal>, <literal>nobody</literal> and the unit's own user and group.</para></listitem>
</varlistentry>
<varlistentry>
@@ -1335,6 +1360,11 @@
filter is reset, all prior assignments will have no effect. This does not affect commands prefixed with
<literal>+</literal>.</para>
+ <para>Note that on systems supporting multiple ABIs (such as x86/x86-64) it is recommended to turn off
+ alternative ABIs for services, so that they cannot be used to circumvent the restrictions of this
+ option. Specifically, it is recommended to combine this option with
+ <varname>SystemCallArchitectures=native</varname> or similar.</para>
+
<para>Note that strict system call filters may impact execution and error handling code paths of the service
invocation. Specifically, access to the <function>execve</function> system call is required for the execution
of the service binary — if it is blocked service invocation will necessarily fail. Also, if execution of the
@@ -1484,64 +1514,62 @@
<varlistentry>
<term><varname>SystemCallArchitectures=</varname></term>
- <listitem><para>Takes a space-separated list of architecture identifiers to
- include in the system call filter. The known architecture identifiers are the same
- as for <varname>ConditionArchitecture=</varname> described in
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- as well as <constant>x32</constant>, <constant>mips64-n32</constant>,
- <constant>mips64-le-n32</constant>, and the special identifier
- <constant>native</constant>. Only system calls of the specified architectures will
- be permitted to processes of this unit. This is an effective way to disable
- compatibility with non-native architectures for processes, for example to prohibit
- execution of 32-bit x86 binaries on 64-bit x86-64 systems. The special
- <constant>native</constant> identifier implicitly maps to the native architecture
- of the system (or more strictly: to the architecture the system manager is
- compiled for). If running in user mode, or in system mode, but without the
- <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting
- <varname>User=nobody</varname>), <varname>NoNewPrivileges=yes</varname> is
- implied. Note that setting this option to a non-empty list implies that
- <constant>native</constant> is included too. By default, this option is set to the
- empty list, i.e. no architecture system call filtering is applied.
- </para></listitem>
+ <listitem><para>Takes a space-separated list of architecture identifiers to include in the system call
+ filter. The known architecture identifiers are the same as for <varname>ConditionArchitecture=</varname>
+ described in <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ as well as <constant>x32</constant>, <constant>mips64-n32</constant>, <constant>mips64-le-n32</constant>, and
+ the special identifier <constant>native</constant>. Only system calls of the specified architectures will be
+ permitted to processes of this unit. This is an effective way to disable compatibility with non-native
+ architectures for processes, for example to prohibit execution of 32-bit x86 binaries on 64-bit x86-64
+ systems. The special <constant>native</constant> identifier implicitly maps to the native architecture of the
+ system (or more strictly: to the architecture the system manager is compiled for). If running in user mode, or
+ in system mode, but without the <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting
+ <varname>User=nobody</varname>), <varname>NoNewPrivileges=yes</varname> is implied. Note that setting this
+ option to a non-empty list implies that <constant>native</constant> is included too. By default, this option is
+ set to the empty list, i.e. no system call architecture filtering is applied.</para>
+
+ <para>Note that system call filtering is not equally effective on all architectures. For example, on x86
+ filtering of network socket-related calls is not possible, due to ABI limitations — a limitation that x86-64
+ does not have, however. On systems supporting multiple ABIs at the same time — such as x86/x86-64 — it is hence
+ recommended to limit the set of permitted system call architectures so that secondary ABIs may not be used to
+ circumvent the restrictions applied to the native ABI of the system. In particular, setting
+ <varname>SystemCallFilter=native</varname> is a good choice for disabling non-native ABIs.</para>
+
+ <para>System call architectures may also be restricted system-wide via the
+ <varname>SystemCallArchitectures=</varname> option in the global configuration. See
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+ details.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>RestrictAddressFamilies=</varname></term>
- <listitem><para>Restricts the set of socket address families
- accessible to the processes of this unit. Takes a
- space-separated list of address family names to whitelist,
- such as
- <constant>AF_UNIX</constant>,
- <constant>AF_INET</constant> or
- <constant>AF_INET6</constant>. When
- prefixed with <constant>~</constant> the listed address
- families will be applied as blacklist, otherwise as whitelist.
- Note that this restricts access to the
- <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>2</manvolnum></citerefentry>
- system call only. Sockets passed into the process by other
- means (for example, by using socket activation with socket
- units, see
- <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
- are unaffected. Also, sockets created with
- <function>socketpair()</function> (which creates connected
- AF_UNIX sockets only) are unaffected. Note that this option
- has no effect on 32-bit x86 and is ignored (but works
- correctly on x86-64). If running in user mode, or in system
- mode, but without the <constant>CAP_SYS_ADMIN</constant>
- capability (e.g. setting <varname>User=nobody</varname>),
- <varname>NoNewPrivileges=yes</varname> is implied. By
- default, no restriction applies, all address families are
- accessible to processes. If assigned the empty string, any
- previous list changes are undone.</para>
-
- <para>Use this option to limit exposure of processes to remote
- systems, in particular via exotic network protocols. Note that
- in most cases, the local <constant>AF_UNIX</constant> address
- family should be included in the configured whitelist as it is
- frequently used for local communication, including for
+ <listitem><para>Restricts the set of socket address families accessible to the processes of this unit. Takes a
+ space-separated list of address family names to whitelist, such as <constant>AF_UNIX</constant>,
+ <constant>AF_INET</constant> or <constant>AF_INET6</constant>. When prefixed with <constant>~</constant> the
+ listed address families will be applied as blacklist, otherwise as whitelist. Note that this restricts access
+ to the <citerefentry
+ project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call
+ only. Sockets passed into the process by other means (for example, by using socket activation with socket
+ units, see <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
+ are unaffected. Also, sockets created with <function>socketpair()</function> (which creates connected AF_UNIX
+ sockets only) are unaffected. Note that this option has no effect on 32-bit x86, s390, s390x, mips, mips-le,
+ ppc, ppc-le, pcc64, ppc64-le and is ignored (but works correctly on other ABIs, including x86-64). Note that on
+ systems supporting multiple ABIs (such as x86/x86-64) it is recommended to turn off alternative ABIs for
+ services, so that they cannot be used to circumvent the restrictions of this option. Specifically, it is
+ recommended to combine this option with <varname>SystemCallArchitectures=native</varname> or similar. If
+ running in user mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant> capability
+ (e.g. setting <varname>User=nobody</varname>), <varname>NoNewPrivileges=yes</varname> is implied. By default,
+ no restrictions apply, all address families are accessible to processes. If assigned the empty string, any
+ previous address familiy restriction changes are undone. This setting does not affect commands prefixed with
+ <literal>+</literal>.</para>
+
+ <para>Use this option to limit exposure of processes to remote access, in particular via exotic and sensitive
+ network protocols, such as <constant>AF_PACKET</constant>. Note that in most cases, the local
+ <constant>AF_UNIX</constant> address family should be included in the configured whitelist as it is frequently
+ used for local communication, including for
<citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry>
- logging. This does not affect commands prefixed with <literal>+</literal>.</para></listitem>
+ logging.</para></listitem>
</varlistentry>
<varlistentry>
@@ -1565,11 +1593,10 @@
<citerefentry><refentrytitle>setns</refentrytitle><manvolnum>2</manvolnum></citerefentry> system calls, taking
the specified flags parameters into account. Note that — if this option is used — in addition to restricting
creation and switching of the specified types of namespaces (or all of them, if true) access to the
- <function>setns()</function> system call with a zero flags parameter is prohibited.
- If running in user mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant>
- capability (e.g. setting <varname>User=</varname>), <varname>NoNewPrivileges=yes</varname>
- is implied.
- </para></listitem>
+ <function>setns()</function> system call with a zero flags parameter is prohibited. This setting is only
+ supported on x86, x86-64, s390 and s390x, and enforces no restrictions on other architectures. If running in user
+ mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting
+ <varname>User=</varname>), <varname>NoNewPrivileges=yes</varname> is implied. </para></listitem>
</varlistentry>
<varlistentry>
@@ -1618,22 +1645,23 @@
<term><varname>MemoryDenyWriteExecute=</varname></term>
<listitem><para>Takes a boolean argument. If set, attempts to create memory mappings that are writable and
- executable at the same time, or to change existing memory mappings to become executable, or mapping shared memory
- segments as executable are prohibited.
- Specifically, a system call filter is added that rejects
- <citerefentry><refentrytitle>mmap</refentrytitle><manvolnum>2</manvolnum></citerefentry>
- system calls with both <constant>PROT_EXEC</constant> and <constant>PROT_WRITE</constant> set,
- <citerefentry><refentrytitle>mprotect</refentrytitle><manvolnum>2</manvolnum></citerefentry>
- system calls with <constant>PROT_EXEC</constant> set and
- <citerefentry><refentrytitle>shmat</refentrytitle><manvolnum>2</manvolnum></citerefentry>
- system calls with <constant>SHM_EXEC</constant> set. Note that this option is incompatible with programs
- that generate program code dynamically at runtime, such as JIT execution engines, or programs compiled making
- use of the code "trampoline" feature of various C compilers. This option improves service security, as it makes
- harder for software exploits to change running code dynamically.
- If running in user mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant>
- capability (e.g. setting <varname>User=</varname>), <varname>NoNewPrivileges=yes</varname>
- is implied.
- </para></listitem>
+ executable at the same time, or to change existing memory mappings to become executable, or mapping shared
+ memory segments as executable are prohibited. Specifically, a system call filter is added that rejects
+ <citerefentry><refentrytitle>mmap</refentrytitle><manvolnum>2</manvolnum></citerefentry> system calls with both
+ <constant>PROT_EXEC</constant> and <constant>PROT_WRITE</constant> set,
+ <citerefentry><refentrytitle>mprotect</refentrytitle><manvolnum>2</manvolnum></citerefentry> system calls with
+ <constant>PROT_EXEC</constant> set and
+ <citerefentry><refentrytitle>shmat</refentrytitle><manvolnum>2</manvolnum></citerefentry> system calls with
+ <constant>SHM_EXEC</constant> set. Note that this option is incompatible with programs that generate program
+ code dynamically at runtime, such as JIT execution engines, or programs compiled making use of the code
+ "trampoline" feature of various C compilers. This option improves service security, as it makes harder for
+ software exploits to change running code dynamically. Note that this feature is fully available on x86-64, and
+ partially on x86. Specifically, the <function>shmat()</function> protection is not available on x86. Note that
+ on systems supporting multiple ABIs (such as x86/x86-64) it is recommended to turn off alternative ABIs for
+ services, so that they cannot be used to circumvent the restrictions of this option. Specifically, it is
+ recommended to combine this option with <varname>SystemCallArchitectures=native</varname> or similar. If
+ running in user mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant> capability
+ (e.g. setting <varname>User=</varname>), <varname>NoNewPrivileges=yes</varname> is implied. </para></listitem>
</varlistentry>
<varlistentry>
diff --git a/man/systemd.journal-fields.xml b/man/systemd.journal-fields.xml
index 494f97aad1..2b0acee407 100644
--- a/man/systemd.journal-fields.xml
+++ b/man/systemd.journal-fields.xml
@@ -243,6 +243,16 @@
</varlistentry>
<varlistentry>
+ <term><varname>_SYSTEMD_INVOCATION_ID=</varname></term>
+ <listitem>
+ <para>The invocation ID for the runtime cycle of the unit
+ the message was generated in, as available to processes
+ of the unit in <varname>$INVOCATION_ID</varname> (see
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>_HOSTNAME=</varname></term>
<listitem>
<para>The name of the originating host.</para>
diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml
index 2117433bf0..bb372d788a 100644
--- a/man/systemd.mount.xml
+++ b/man/systemd.mount.xml
@@ -337,14 +337,12 @@
<varlistentry>
<term><varname>What=</varname></term>
- <listitem><para>Takes an absolute path of a device node, file
- or other resource to mount. See
- <citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- for details. If this refers to a device node, a dependency on
- the respective device unit is automatically created. (See
- <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for more information.) This option is
- mandatory.</para></listitem>
+ <listitem><para>Takes an absolute path of a device node, file or other resource to mount. See <citerefentry
+ project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> for details. If
+ this refers to a device node, a dependency on the respective device unit is automatically created. (See
+ <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more
+ information.) This option is mandatory. Note that the usual specifier expansion is applied to this setting,
+ literal percent characters should hence be written as <literal>%%</literal>.</para></listitem>
</varlistentry>
<varlistentry>
@@ -366,9 +364,9 @@
<varlistentry>
<term><varname>Options=</varname></term>
- <listitem><para>Mount options to use when mounting. This takes
- a comma-separated list of options. This setting is
- optional.</para></listitem>
+ <listitem><para>Mount options to use when mounting. This takes a comma-separated list of options. This setting
+ is optional. Note that the usual specifier expansion is applied to this setting, literal percent characters
+ should hence be written as <literal>%%</literal>.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 8d44779a0c..b807ebf29b 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -612,6 +612,25 @@
</para></listitem>
</varlistentry>
<varlistentry>
+ <term><varname>IPv6ProxyNDPAddress=</varname></term>
+ <listitem><para>An IPv6 address, for which Neighbour Advertisement
+ messages will be proxied.
+ Proxy NDP (Neighbor Discovery Protocol) is a technique for IPv6 to
+ allow routing of addresses to a different destination when peers expect them
+ to be present on a certain physical link.
+ In this case a router answers Neighbour Advertisement messages intended for
+ another machine by offering its own MAC address as destination.
+ Unlike proxy ARP for IPv4, is not enabled globally, but will only send Neighbour
+ Advertisement messages for addresses in the IPv6 neighbor proxy table,
+ which can also be shown by <command>ip -6 neighbour show proxy</command>
+ This option may be specified more than once. systemd-networkd will control the
+ per-interface `proxy_ndp` switch for each configured interface, depending on whether
+ there are <option>IPv6ProxyNDPAddress=</option> entries configured and add these to
+ the kernels IPv6 neighbor proxy table.
+ Defaults to unset.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry>
<term><varname>Bridge=</varname></term>
<listitem>
<para>The name of the bridge to add the link to. See
@@ -1454,7 +1473,7 @@ Name=bond1
Kind=bond
</programlisting>
- <programlisting># /etc/systemd/network/30-bond1-dev1.nework
+ <programlisting># /etc/systemd/network/30-bond1-dev1.network
[Match]
MACAddress=52:54:00:e9:64:41
@@ -1462,7 +1481,7 @@ MACAddress=52:54:00:e9:64:41
Bond=bond1
</programlisting>
- <programlisting># /etc/systemd/network/30-bond1-dev2.nework
+ <programlisting># /etc/systemd/network/30-bond1-dev2.network
[Match]
MACAddress=52:54:00:e9:64:42
diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml
index 7143188356..4f3f052911 100644
--- a/man/systemd.nspawn.xml
+++ b/man/systemd.nspawn.xml
@@ -202,6 +202,15 @@
</varlistentry>
<varlistentry>
+ <term><varname>PivotRoot=</varname></term>
+
+ <listitem><para>Selects a directory to pivot to <filename>/</filename> inside the container when starting up.
+ Takes a single path, or a pair of two paths separated by a colon. Both paths must be absolute, and are resolved
+ in the container's file system namespace. This corresponds to the <option>--pivot-root=</option> command line
+ switch.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>Capability=</varname></term>
<term><varname>DropCapability=</varname></term>
diff --git a/man/systemd.offline-updates.xml b/man/systemd.offline-updates.xml
index d673cf5db8..06690b41f4 100644
--- a/man/systemd.offline-updates.xml
+++ b/man/systemd.offline-updates.xml
@@ -91,7 +91,7 @@
update units. Only one service should perform an update (see the next point), and all
the other ones should exit cleanly with a "success" return code and without doing
anything. Update services should be ordered after <filename>sysinit.target</filename>
- so that the update starts after after all file systems have been mounted.</para>
+ so that the update starts after all file systems have been mounted.</para>
</listitem>
<listitem>
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
index 522ed5e61e..627176750f 100644
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
@@ -136,9 +136,10 @@
process it supervises. A number of options that may be used in
this section are shared with other unit types. These options are
documented in
- <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
and
- <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
The options specific to the <literal>[Service]</literal> section
of service units are the following:</para>
@@ -792,26 +793,26 @@
<varlistentry>
<term><varname>NotifyAccess=</varname></term>
- <listitem><para>Controls access to the service status
- notification socket, as accessible via the
- <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
- call. Takes one of <option>none</option> (the default),
- <option>main</option>, <option>exec</option> or
- <option>all</option>. If <option>none</option>, no daemon status
- updates are accepted from the service processes, all status
- update messages are ignored. If <option>main</option>, only
- service updates sent from the main process of the service are
- accepted. If <option>exec</option>, only service updates sent
- from any of the control processes originating from one of the
- <varname>Exec*=</varname> commands are accepted. If
- <option>all</option>, all services updates from all members of
- the service's control group are accepted. This option should
- be set to open access to the notification socket when using
- <varname>Type=notify</varname> or
- <varname>WatchdogSec=</varname> (see above). If those options
- are used but <varname>NotifyAccess=</varname> is not
- configured, it will be implicitly set to
- <option>main</option>.</para></listitem>
+ <listitem><para>Controls access to the service status notification socket, as accessible via the
+ <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry> call. Takes one
+ of <option>none</option> (the default), <option>main</option>, <option>exec</option> or
+ <option>all</option>. If <option>none</option>, no daemon status updates are accepted from the service
+ processes, all status update messages are ignored. If <option>main</option>, only service updates sent from the
+ main process of the service are accepted. If <option>exec</option>, only service updates sent from any of the
+ main or control processes originating from one of the <varname>Exec*=</varname> commands are accepted. If
+ <option>all</option>, all services updates from all members of the service's control group are accepted. This
+ option should be set to open access to the notification socket when using <varname>Type=notify</varname> or
+ <varname>WatchdogSec=</varname> (see above). If those options are used but <varname>NotifyAccess=</varname> is
+ not configured, it will be implicitly set to <option>main</option>.</para>
+
+ <para>Note that <function>sd_notify()</function> notifications may be attributed to units correctly only if
+ either the sending process is still around at the time PID 1 processes the message, or if the sending process
+ is explicitly runtime-tracked by the service manager. The latter is the case if the service manager originally
+ forked off the process, i.e. on all processes that match <option>main</option> or
+ <option>exec</option>. Conversely, if an auxiliary process of the unit sends an
+ <function>sd_notify()</function> message and immediately exits, the service manager might not be able to
+ properly attribute the message to the unit, and thus will ignore it, even if
+ <varname>NotifyAccess=</varname><option>all</option> is set for it.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/man/systemd.swap.xml b/man/systemd.swap.xml
index cf4e1ba839..184abff260 100644
--- a/man/systemd.swap.xml
+++ b/man/systemd.swap.xml
@@ -94,10 +94,10 @@
dependencies on the device units or the mount units of the files
they are activated from.</para>
- <para>Swap units with <varname>DefaultDependencies=</varname> in the <literal>[Unit]</literal> section enabled
- implicitly acquire a <varname>Conflicts=</varname> and an <varname>After=</varname> dependency on
- <filename>umount.target</filename> so that they are deactivated at shutdown, unless
- <varname>DefaultDependencies=no</varname> is specified.</para>
+ <para>Swap units with <varname>DefaultDependencies=</varname> set to its default <option>yes</option> value in the
+ <literal>[Unit]</literal> section enabled implicitly acquire a <varname>Conflicts=</varname> and a
+ <varname>Before=</varname> dependency on <filename>umount.target</filename> so that they are deactivated at
+ shutdown as well as a <varname>Before=swap.target</varname> dependency.</para>
<para>Additional implicit dependencies may be added as result of
execution and resource control parameters as documented in
@@ -170,17 +170,15 @@
<varlistentry>
<term><varname>What=</varname></term>
- <listitem><para>Takes an absolute path of a device node or
- file to use for paging. See
- <citerefentry project='man-pages'><refentrytitle>swapon</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- for details. If this refers to a device node, a dependency on
- the respective device unit is automatically created. (See
- <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for more information.) If this refers to a file, a dependency
- on the respective mount unit is automatically created. (See
- <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for more information.) This option is
- mandatory.</para></listitem>
+ <listitem><para>Takes an absolute path of a device node or file to use for paging. See <citerefentry
+ project='man-pages'><refentrytitle>swapon</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
+ details. If this refers to a device node, a dependency on the respective device unit is automatically
+ created. (See
+ <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more
+ information.) If this refers to a file, a dependency on the respective mount unit is automatically
+ created. (See <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for more information.) This option is mandatory. Note that the usual specifier expansion is applied to this
+ setting, literal percent characters should hence be written as <literal>%%</literal>.</para></listitem>
</varlistentry>
<varlistentry>
@@ -195,12 +193,11 @@
<varlistentry>
<term><varname>Options=</varname></term>
- <listitem><para>May contain an option string for the swap
- device. This may be used for controlling discard options among
- other functionality, if the swap backing device supports the
- discard or trim operation. (See
+ <listitem><para>May contain an option string for the swap device. This may be used for controlling discard
+ options among other functionality, if the swap backing device supports the discard or trim operation. (See
<citerefentry project='man-pages'><refentrytitle>swapon</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- for more information.) </para></listitem>
+ for more information.) Note that the usual specifier expansion is applied to this setting, literal percent
+ characters should hence be written as <literal>%%</literal>.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index dbb0dc7bd7..417840e6c2 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -203,7 +203,8 @@
<filename>/run/systemd/system</filename> directories. Drop-in files in <filename>/etc</filename>
take precedence over those in <filename>/run</filename> which in turn take precedence over those
in <filename>/usr/lib</filename>. Drop-in files under any of these directories take precedence
- over unit files wherever located.</para>
+ over unit files wherever located. Multiple drop-in files with different names are applied in
+ lexicographic order, regardless of which of the directories they reside in.</para>
<!-- Note that we do not document .include here, as we consider it mostly obsolete, and want
people to use .d/ drop-ins instead. -->
@@ -630,11 +631,9 @@
all mount units required to access the specified path.</para>
<para>Mount points marked with <option>noauto</option> are not
- mounted automatically and will be ignored for the purposes of
- this option. If such a mount should be a requirement for this
- unit, direct dependencies on the mount units may be added
- (<varname>Requires=</varname> and <varname>After=</varname> or
- some other combination). </para></listitem>
+ mounted automatically through <filename>local-fs.target</filename>,
+ but are still honored for the purposes of this option, i.e. they
+ will be pulled in by this unit.</para></listitem>
</varlistentry>
<varlistentry>
@@ -1343,7 +1342,7 @@ ExecStart=/usr/sbin/foo-daemon
file <filename><replaceable>name</replaceable>.conf</filename>
there that only changes the specific settings one is interested
in. Note that multiple such drop-in files are read if
- present.</para>
+ present, processed in lexicographic order of their filename.</para>
<para>The advantage of the first method is that one easily
overrides the complete unit, the vendor unit is not parsed at