summaryrefslogtreecommitdiff
path: root/man/systemd.exec.xml
AgeCommit message (Collapse)Author
2015-11-09Merge pull request #1799 from jengelh/docLennart Poettering
doc: typo and ortho fixes
2015-11-06doc: correct orthography, word forms and missing/extraneous wordsJan Engelhardt
2015-11-06doc: correct punctuation and improve typography in documentationJan Engelhardt
2015-11-06core: support IEC suffixes for RLIMIT stuffKarel Zak
Let's make things more user-friendly and support for example LimitAS=16G rather than force users to always use LimitAS=16106127360. The change is relevant for options: [Default]Limit{FSIZE,DATA,STACK,CORE,RSS,AS,MEMLOCK,MSGQUEUE} The patch introduces config_parse_bytes_limit(), it's the same as config_parse_limit() but uses parse_size() tu support the suffixes. Addresses: https://github.com/systemd/systemd/issues/1772
2015-11-02man: various typosThomas Hindoe Paaboel Andersen
2015-10-27man: Update man page documentation for CPUAffinityFilipe Brandenburger
Document support for commas as a separator and possibility of specifying ranges of CPU indices. Tested by regenerating the manpages locally and reading them on man.
2015-09-29core: allow setting WorkingDirectory= to the special value ~Lennart Poettering
If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-08-25man: add hyphen to improve man textLennart Poettering
2015-08-24core: optionally create LOGIN_PROCESS or USER_PROCESS utmp entriesLennart Poettering
When generating utmp/wtmp entries, optionally add both LOGIN_PROCESS and INIT_PROCESS entries or even all three of LOGIN_PROCESS, INIT_PROCESS and USER_PROCESS entries, instead of just a single INIT_PROCESS entry. With this change systemd may be used to not only invoke a getty directly in a SysV-compliant way but alternatively also a login(1) implementation or even forego getty and login entirely, and invoke arbitrary shells in a way that they appear in who(1) or w(1). This is preparation for a later commit that adds a "machinectl shell" operation to invoke a shell in a container, in a way that is compatible with who(1) and w(1).
2015-08-04man: Document invalid lines in EnvironmentFileRichard Maw
If a line doesn't contain an = separator, it is skipped, rather than raising an error. This is potentially useful, so let's document this behaviour.
2015-06-30man: ProtectHome= protects /root as wellChristian Hesse
2015-06-18man: revert dynamic paths for split-usr setupsTom Gundersen
This did not really work out as we had hoped. Trying to do this upstream introduced several problems that probably makes it better suited as a downstream patch after all. At any rate, it is not releaseable in the current state, so we at least need to revert this before the release. * by adjusting the path to binaries, but not do the same thing to the search path we end up with inconsistent man-pages. Adjusting the search path too would be quite messy, and it is not at all obvious that this is worth the effort, but at any rate it would have to be done before we could ship this. * this means that distributed man-pages does not make sense as they depend on config options, and for better or worse we are still distributing man pages, so that is something that definitely needs sorting out before we could ship with this patch. * we have long held that split-usr is only minimally supported in order to boot, and something we hope will eventually go away. So before we start adding even more magic/effort in order to make this work nicely, we should probably question if it makes sense at all.
2015-05-28man: generate configured paths in manpagesFilipe Brandenburger
In particular, use /lib/systemd instead of /usr/lib/systemd in distributions like Debian which still have not adopted a /usr merge setup. Use XML entities from man/custom-entities.ent to replace configured paths while doing XSLT processing of the original XML files. There was precedent of some files (such as systemd.generator.xml) which were already using this approach. This addresses most of the (manual) fixes from this patch: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/patches/Fix-paths-in-man-pages.patch?h=experimental-220 The idea of using generic XML entities was presented here: http://lists.freedesktop.org/archives/systemd-devel/2015-May/032240.html This patch solves almost all the issues, with the exception of: - Path to /bin/mount and /bin/umount. - Generic statements about preference of /lib over /etc. These will be handled separately by follow up patches. Tested: - With default configure settings, ran "make install" to two separate directories and compared the output to confirm they matched exactly. - Used a set of configure flags including $CONFFLAGS from Debian: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/rules Installed the tree and confirmed the paths use /lib/systemd instead of /usr/lib/systemd and that no other unexpected differences exist. - Confirmed that `make distcheck` still passes.
2015-03-13man: link to freebsd.org for inetd(8)Zbigniew Jędrzejewski-Szmek
2015-03-13man: fix a bunch of linksZbigniew Jędrzejewski-Szmek
All hail linkchecker!
2015-03-12man: split paragraphDavid Herrmann
Explicitly put the "multiple EnvironmentFile=" description into its own paragraph to make it much easier to find.
2015-02-10man: boilerplate unificationZbigniew Jędrzejewski-Szmek
2015-02-03Reindent man pages to 2chZbigniew Jędrzejewski-Szmek
2015-01-27man: document that ProtectSystem= also covers /bootLennart Poettering
2014-11-30man: document that we set both soft and hard limits for Limit directivesRonny Chevalier
See http://cgit.freedesktop.org/systemd/systemd/tree/src/core/load-fragment.c#n1100
2014-11-30man: fix typosRonny Chevalier
2014-11-30man: document equivalence between Limit directives and ulimitRonny Chevalier
See https://bugs.freedesktop.org/show_bug.cgi?id=80341
2014-11-24smack: introduce new SmackProcessLabel optionWaLyong Cho
In service file, if the file has some of special SMACK label in ExecStart= and systemd has no permission for the special SMACK label then permission error will occurred. To resolve this, systemd should be able to set its SMACK label to something accessible of ExecStart=. So introduce new SmackProcessLabel. If label is specified with SmackProcessLabel= then the child systemd will set its label to that. To successfully execute the ExecStart=, accessible label should be specified with SmackProcessLabel=. Additionally, by SMACK policy, if the file in ExecStart= has no SMACK64EXEC then the executed process will have given label by SmackProcessLabel=. But if the file has SMACK64EXEC then the SMACK64EXEC label will be overridden. [zj: reword man page]
2014-10-09man: SyslogIdentifier= has an effect on journal logging tooLennart Poettering
2014-10-03man: say that SecureBits= are space separatedZbigniew Jędrzejewski-Szmek
2014-09-06man: fix references to systemctl man page which is now in section 1Michael Biebl
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760613
2014-08-30Fix a few more typosRuben Kerkhof
2014-08-18man: fix typoRonny Chevalier
2014-08-11man: improve documentation for StandardOutput= and StandardInput=Lennart Poettering
2014-08-04Correct references to ProtectSystem and ProtectHome in documentationAnsgar Burchardt
2014-07-10man: proper link for dmesgZbigniew Jędrzejewski-Szmek
2014-07-07man: add a mapping for external manpagesZbigniew Jędrzejewski-Szmek
It is annoying when we have dead links on fd.o. Add project='man-pages|die-net|archlinux' to <citerefentry>-ies. In generated html, add external links to http://man7.org/linux/man-pages/man, http://linux.die.net/man/, https://www.archlinux.org/. By default, pages in sections 2 and 4 go to man7, since Michael Kerrisk is the autorative source on kernel related stuff. The rest of links goes to linux.die.net, because they have the manpages. Except for the pacman stuff, since it seems to be only available from archlinux.org. Poor gummiboot gets no link, because gummitboot(8) ain't to be found on the net. According to common wisdom, that would mean that it does not exist. But I have seen Kay using it, so I know it does, and deserves to be found. Can somebody be nice and put it up somewhere?
2014-06-28doc: grammatical correctionsJan Engelhardt
2014-06-06namespace: beef up read-only bind mount logicLennart Poettering
Instead of blindly creating another bind mount for read-only mounts, check if there's already one we can use, and if so, use it. Also, recursively mark all submounts read-only too. Also, ignore autofs mounts when remounting read-only unless they are already triggered.
2014-06-05core: don't include /boot in effect of ProtectSystem=Lennart Poettering
This would otherwise unconditionally trigger any /boot autofs mount, which we probably should avoid. ProtectSystem= will now only cover /usr and (optionally) /etc, both of which cannot be autofs anyway. ProtectHome will continue to cover /run/user and /home. The former cannot be autofs either. /home could be, however is frequently enough used (unlikey /boot) so that it isn't too problematic to simply trigger it unconditionally via ProtectHome=.
2014-06-04core: rename ReadOnlySystem= to ProtectSystem= and add a third value for ↵Lennart Poettering
also mounting /etc read-only Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit. With this in place we now have two neat options ProtectSystem= and ProtectHome= for protecting the OS itself (and optionally its configuration), and for protecting the user's data.
2014-06-03core: add new ReadOnlySystem= and ProtectedHome= settings for service unitsLennart Poettering
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
2014-05-19fix spelling of privilegeNis Martensen
2014-05-07doc: comma placement corrections and word orderJan Engelhardt
Set commas where there should be some. Some improvements to word order.
2014-05-07doc: corrections to words and formsJan Engelhardt
This patch exchange words which are inappropriate for a situation, deletes duplicated words, and adds particles where needed.
2014-05-06doc: typographical fine tuningJan Engelhardt
2014-03-25man: be more specific when EnvironmentFile= is readLennart Poettering
http://lists.freedesktop.org/archives/systemd-devel/2014-March/018004.html
2014-03-24core: remove tcpwrap supportLennart Poettering
tcpwrap is legacy code, that is barely maintained upstream. It's APIs are awful, and the feature set it exposes (such as DNS and IDENT access control) questionnable. We should not support this natively in systemd. Hence, let's remove the code. If people want to continue making use of this, they can do so by plugging in "tcpd" for the processes they start. With that scheme things are as well or badly supported as they were from traditional inetd, hence no functionality is really lost.
2014-03-20unit: turn off mount propagation for udevdLennart Poettering
Keep mounts done by udev rules private to udevd. Also, document how MountFlags= may be used for this.
2014-03-19man: improve documentation of fs namespace related settingsLennart Poettering
2014-03-18core: drop CAP_MKNOD when PrivateDevices= is setLennart Poettering
2014-03-03core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settingsLennart Poettering
As discussed on the ML these are useful to manage runtime directories below /run for services.
2014-02-26exec: imply NoNewPriviliges= only when seccomp filters are used in user modeLennart Poettering
2014-02-26core: add new RestrictAddressFamilies= switchLennart Poettering
This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-21core: Add AppArmor profile switchingMichael Scherer
This permit to switch to a specific apparmor profile when starting a daemon. This will result in a non operation if apparmor is disabled. It also add a new build requirement on libapparmor for using this feature.