summaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
Diffstat (limited to 'man')
-rw-r--r--man/systemctl.xml80
-rw-r--r--man/systemd.exec.xml89
-rw-r--r--man/systemd.resource-control.xml4
3 files changed, 127 insertions, 46 deletions
diff --git a/man/systemctl.xml b/man/systemctl.xml
index 2288f65d16..914af929c8 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -481,19 +481,16 @@
<para>When used with <command>enable</command>, overwrite
any existing conflicting symlinks.</para>
- <para>When used with <command>halt</command>,
- <command>poweroff</command>, <command>reboot</command> or
- <command>kexec</command>, execute the selected operation
- without shutting down all units. However, all processes will
- be killed forcibly and all file systems are unmounted or
- remounted read-only. This is hence a drastic but relatively
- safe option to request an immediate reboot. If
- <option>--force</option> is specified twice for these
- operations, they will be executed immediately without
- terminating any processes or unmounting any file
- systems. Warning: specifying <option>--force</option> twice
- with any of these operations might result in data
- loss.</para>
+ <para>When used with <command>halt</command>, <command>poweroff</command>, <command>reboot</command> or
+ <command>kexec</command>, execute the selected operation without shutting down all units. However, all
+ processes will be killed forcibly and all file systems are unmounted or remounted read-only. This is hence a
+ drastic but relatively safe option to request an immediate reboot. If <option>--force</option> is specified
+ twice for these operations (with the exception of <command>kexec</command>), they will be executed
+ immediately, without terminating any processes or unmounting any file systems. Warning: specifying
+ <option>--force</option> twice with any of these operations might result in data loss. Note that when
+ <option>--force</option> is specified twice the selected operation is executed by
+ <command>systemctl</command> itself, and the system manager is not contacted. This means the command should
+ succeed even when the system manager hangs or crashed.</para>
</listitem>
</varlistentry>
@@ -1602,48 +1599,45 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
<term><command>halt</command></term>
<listitem>
- <para>Shut down and halt the system. This is mostly equivalent to
- <command>start halt.target --job-mode=replace-irreversibly</command>, but also
- prints a wall message to all users. If combined with
- <option>--force</option>, shutdown of all running services is
- skipped, however all processes are killed and all file
- systems are unmounted or mounted read-only, immediately
- followed by the system halt. If <option>--force</option> is
- specified twice, the operation is immediately executed
- without terminating any processes or unmounting any file
- systems. This may result in data loss.</para>
+ <para>Shut down and halt the system. This is mostly equivalent to <command>start halt.target
+ --job-mode=replace-irreversibly</command>, but also prints a wall message to all users. If combined with
+ <option>--force</option>, shutdown of all running services is skipped, however all processes are killed and
+ all file systems are unmounted or mounted read-only, immediately followed by the system halt. If
+ <option>--force</option> is specified twice, the operation is immediately executed without terminating any
+ processes or unmounting any file systems. This may result in data loss. Note that when
+ <option>--force</option> is specified twice the halt operation is executed by
+ <command>systemctl</command> itself, and the system manager is not contacted. This means the command should
+ succeed even when the system manager hangs or crashed.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>poweroff</command></term>
<listitem>
- <para>Shut down and power-off the system. This is mostly
- equivalent to <command>start poweroff.target --job-mode=replace-irreversibly</command>,
- but also prints a wall message to all users. If combined with
- <option>--force</option>, shutdown of all running services is
- skipped, however all processes are killed and all file
- systems are unmounted or mounted read-only, immediately
- followed by the powering off. If <option>--force</option> is
- specified twice, the operation is immediately executed
- without terminating any processes or unmounting any file
- systems. This may result in data loss.</para>
+ <para>Shut down and power-off the system. This is mostly equivalent to <command>start poweroff.target
+ --job-mode=replace-irreversibly</command>, but also prints a wall message to all users. If combined with
+ <option>--force</option>, shutdown of all running services is skipped, however all processes are killed and
+ all file systems are unmounted or mounted read-only, immediately followed by the powering off. If
+ <option>--force</option> is specified twice, the operation is immediately executed without terminating any
+ processes or unmounting any file systems. This may result in data loss. Note that when
+ <option>--force</option> is specified twice the power-off operation is executed by
+ <command>systemctl</command> itself, and the system manager is not contacted. This means the command should
+ succeed even when the system manager hangs or crashed.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>reboot <optional><replaceable>arg</replaceable></optional></command></term>
<listitem>
- <para>Shut down and reboot the system. This is mostly
- equivalent to <command>start reboot.target --job-mode=replace-irreversibly</command>,
- but also prints a wall message to all users. If combined with
- <option>--force</option>, shutdown of all running services is
- skipped, however all processes are killed and all file
- systems are unmounted or mounted read-only, immediately
- followed by the reboot. If <option>--force</option> is
- specified twice, the operation is immediately executed
- without terminating any processes or unmounting any file
- systems. This may result in data loss.</para>
+ <para>Shut down and reboot the system. This is mostly equivalent to <command>start reboot.target
+ --job-mode=replace-irreversibly</command>, but also prints a wall message to all users. If combined with
+ <option>--force</option>, shutdown of all running services is skipped, however all processes are killed and
+ all file systems are unmounted or mounted read-only, immediately followed by the reboot. If
+ <option>--force</option> is specified twice, the operation is immediately executed without terminating any
+ processes or unmounting any file systems. This may result in data loss. Note that when
+ <option>--force</option> is specified twice the reboot operation is executed by
+ <command>systemctl</command> itself, and the system manager is not contacted. This means the command should
+ succeed even when the system manager hangs or crashed.</para>
<para>If the optional argument
<replaceable>arg</replaceable> is given, it will be passed
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 4d52982b64..4a3dd14c39 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1193,7 +1193,78 @@
<function>read</function> and <function>write</function>, and
right after it add a blacklisting of
<function>write</function>, then <function>write</function>
- will be removed from the set.) </para></listitem>
+ will be removed from the set.)</para>
+
+ <para>As the number of possible system
+ calls is large, predefined sets of system calls are provided.
+ A set starts with <literal>@</literal> character, followed by
+ name of the set.
+
+ <table>
+ <title>Currently predefined system call sets</title>
+
+ <tgroup cols='2'>
+ <colspec colname='set' />
+ <colspec colname='description' />
+ <thead>
+ <row>
+ <entry>Set</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>@clock</entry>
+ <entry>System calls for changing the system clock (<function>adjtimex()</function>,
+ <function>settimeofday()</function>)</entry>
+ </row>
+ <row>
+ <entry>@io-event</entry>
+ <entry>Event loop use (<function>poll()</function>, <function>select()</function>,
+ <citerefentry project='man-pages'><refentrytitle>epoll</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <function>eventfd()</function>...)</entry>
+ </row>
+ <row>
+ <entry>@ipc</entry>
+ <entry>SysV IPC, POSIX Message Queues or other IPC (<citerefentry project='man-pages'><refentrytitle>mq_overview</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>svipc</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
+ </row>
+ <row>
+ <entry>@module</entry>
+ <entry>Kernel module control (<function>create_module()</function>, <function>init_module()</function>...)</entry>
+ </row>
+ <row>
+ <entry>@mount</entry>
+ <entry>File system mounting and unmounting (<function>chroot()</function>, <function>mount()</function>...)</entry>
+ </row>
+ <row>
+ <entry>@network-io</entry>
+ <entry>Socket I/O (including local AF_UNIX):
+ <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry></entry>
+ </row>
+ <row>
+ <entry>@obsolete</entry>
+ <entry>Unusual, obsolete or unimplemented (<function>fattach()</function>, <function>gtty()</function>, <function>vm86()</function>...)</entry>
+ </row>
+ <row>
+ <entry>@privileged</entry>
+ <entry>All system calls which need superuser capabilities (<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
+ </row>
+ <row>
+ <entry>@process</entry>
+ <entry>Process control, execution, namespaces (<function>execve()</function>, <function>kill()</function>, <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>...)</entry>
+ </row>
+ <row>
+ <entry>@raw-io</entry>
+ <entry>Raw I/O ports (<function>ioperm()</function>, <function>iopl()</function>, <function>pciconfig_read()</function>...)</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ Note, that as new system calls are added to the kernel, additional system calls might be added to the groups
+ above, so the contents of the sets may change between systemd versions.</para></listitem>
</varlistentry>
<varlistentry>
@@ -1317,6 +1388,22 @@
<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>MemoryDenyWriteExecute=</varname></term>
+
+ <listitem><para>Takes a boolean argument. If set, attempts to create memory mappings that are writable and
+ executable at the same time, or to change existing memory mappings to become executable are prohibited.
+ Specifically, a system call filter is added that rejects
+ <citerefentry><refentrytitle>mmap</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+ system calls with both <constant>PROT_EXEC</constant> and <constant>PROT_WRITE</constant> set
+ and <citerefentry><refentrytitle>mprotect</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+ system calls with <constant>PROT_EXEC</constant> set. Note that this option is incompatible with programs
+ that generate program code dynamically at runtime, such as JIT execution engines, or programs compiled making
+ use of the code "trampoline" feature of various C compilers. This option improves service security, as it makes
+ harder for software exploits to change running code dynamically.
+ </para></listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml
index 570619a743..d4c8fa7091 100644
--- a/man/systemd.resource-control.xml
+++ b/man/systemd.resource-control.xml
@@ -248,7 +248,7 @@
<para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. If assigned the
- special value <literal>max</literal>, no memory limit is applied. This controls the
+ special value <literal>infinity</literal>, no memory limit is applied. This controls the
<literal>memory.high</literal> control group attribute. For details about this control group attribute, see
<ulink url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para>
@@ -269,7 +269,7 @@
<para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. If assigned the
- special value <literal>max</literal>, no memory limit is applied. This controls the
+ special value <literal>infinity</literal>, no memory limit is applied. This controls the
<literal>memory.max</literal> control group attribute. For details about this control group attribute, see
<ulink url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para>
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2025-02-19 09:48:16 +0000