summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2016-04-05man: fix cgroup attributes for device throttlingMartin Pitt
2016-04-05man: update links to kernel.org cgroup documentationMartin Pitt
This recently moved from /cgroups/ to /cgroup-v1/. Fixes #2958
2016-04-04Merge pull request #2959 from keszybz/stop-resolving-localdomainZbigniew Jędrzejewski-Szmek
*.localdomain != localhost
2016-04-04*.localdomain != localhostDavid R. Hedges
".localdomain" is not a reserved suffix (or prefix). I'm not aware of any product expecting *.localdomain to resolve to localhost, however I am aware of at least one product that defaults to ".localdomain" as its DNS suffix provided via DHCP (pfSense). This leads to unexpected results when attempting to access a host that's offline (or a host that's online, when nsswitch.conf is [mis-]configured to have myhostname ahead of DNS). Operate on: localhost (and localhost.) *.localhost (and *.localhost.) localhost.localdomain (and localhost.localdomain.) *.localhost.localdomain (and *.localhost.localdomain.) We should not cover: *.localdomain (nor *.localdomain.) localdomain (nor localdomain.)
2016-04-04Merge pull request #2849 from keszybz/offline-updatesLennart Poettering
Offline updates man page
2016-04-04run: add colon before printing started unitsIago López Galeiras
In 110ceee58e5bc796c03a7db2109f85a999d5bc2e we removed the period after printing the started units. This makes copying the unit name easier but results in improper English. This adds a colon before printing the units, which makes the output look better.
2016-04-02man/offline-updates: more links and support for multiple upgrade servicesZbigniew Jędrzejewski-Szmek
Most of the changes are already implemented in dnf-system-upgrade.service and packagekit-offline-update.service, so this update mostly changes the documentation to match status quo.
2016-03-31Merge pull request #2915 from vinaykul/masterZbigniew Jędrzejewski-Szmek
2016-03-30DHCP DUID, IAID configuration optionsVinay Kulkarni
2016-03-30man: Fix documented parameters for udev_device_get_ functionsAndrew Eikum
2016-03-23run: remove period when printing started unitsIago López Galeiras
If you start a unit with systemd-run you usually need its name to inspect it or stop it. Removing the period makes copying the unit name easier.
2016-03-21Revert "DHCP DUID and IAID configurability"Zbigniew Jędrzejewski-Szmek
2016-03-21Merge pull request #2760 from ronnychevalier/rc/core_no_new_privileges_seccompv3Daniel Mack
core: set NoNewPrivileges for seccomp if we don't have CAP_SYS_ADMIN
2016-03-20man: fix typo in systemd-sysv-generatorMichael Biebl
2016-03-15man: import "Implementing Offline System Updates"Zbigniew Jędrzejewski-Szmek
This imports most of http://www.freedesktop.org/wiki/Software/systemd/SystemUpdates/ to turn it into a man page. Similarly for the man page about generators, this will make it easier to keep up-to-date, keep a history of changes, and make it more discoverable for end-users.
2016-03-15man: document missing KillSignal= .nspawn optionPetros Angelatos
Signed-off-by: Petros Angelatos <petrosagg@gmail.com>
2016-03-14man: network - Fix misspelling of "router advertisement"Tobias Klauser
2016-03-09DHCP DUID and IAID configurabilityVinay Kulkarni
2016-03-01ask-password: add option --no-output to not print password to stdoutChristian Hesse
systemd-ask-password can store passwords in kernel keyring. However it uses to print the passwords to standard output nevertheless. Depending on where systemd-ask-password is called passwords may end on display or in log, leaking sensitive information. This allows to make systemd-ask-password quiet, effectively disabling printing passwords to standard output.
2016-02-28core: set NoNewPrivileges for seccomp if we don't have CAP_SYS_ADMINRonny Chevalier
The manpage of seccomp specify that using seccomp with SECCOMP_SET_MODE_FILTER will return EACCES if the caller do not have CAP_SYS_ADMIN set, or if the no_new_privileges bit is not set. Hence, without NoNewPrivilege set, it is impossible to use a SystemCall* directive with a User directive set in system mode. Now, NoNewPrivileges is set if we are in user mode, or if we are in system mode and we don't have CAP_SYS_ADMIN, and SystemCall* directives are used.
2016-02-24treewide: fix typos and then/that useTorstein Husebø
2016-02-24Merge pull request #2727 from ian-kelling/man-pr-v3Zbigniew Jędrzejewski-Szmek
man: clarify unit ordering language
2016-02-23man: clarify unit ordering languageIan Kelling
2016-02-23Merge pull request #2664 from zonque/bootchart-removalLennart Poettering
Remove systemd-bootchart
2016-02-23Merge pull request #2723 from poettering/importd-manZbigniew Jędrzejewski-Szmek
2016-02-23man: style fixesZbigniew Jędrzejewski-Szmek
2016-02-23man: change recommended order of NSS modules in /etc/nsswitch.confLennart Poettering
So far we recommended placing "nss-mymachines" after "nss-resolve" in the order of preference in /etc/nsswitch.conf. This change reverse this order. Rationale: single-label names are resolved via LLMNR by resolved, which has to time out if no peer by that name exists. By placing "nss-mymachines" first (which always responds immediately) we avoid running into this timeout for most containers. Both modules should return the same data if LLMNR is used by the container anyway. While we are at it, improve the man pages of the three NSS modules in other ways a bit.
2016-02-23Merge pull request #2717 from keszybz/networkctl-prettificationLennart Poettering
Networkctl prettification
2016-02-23man: add minimal man page for systemd-importd.serviceLennart Poettering
2016-02-23man: update link to Fedora Cloud imagesZbigniew Jędrzejewski-Szmek
Better to use the mirror manager and https.
2016-02-23Remove systemd-bootchartDaniel Mack
This commit rips out systemd-bootchart. It will be given a new home, outside of the systemd repository. The code itself isn't actually specific to systemd and can be used without systemd even, so let's put it somewhere else.
2016-02-23Merge pull request #2707 from teg/man-networkMartin Pitt
network: minor manpage clarifications
2016-02-23man: link - add suggestion for debuggingTom Gundersen
udevadm test-builtin can be very useful for testing .link files, so add a reference. Addresses issue #2406.
2016-02-23man: network - clarify BindCarrier documentationTom Gundersen
Make it clear that we are talking of links (in the sense used in networkd) and not ports. Addresses issue #964.
2016-02-23man: network - improve IPv6Token documentationTom Gundersen
Enabling router advertisement may even trigger SLAAC or DHCPv6 to be used to configure IPv6 addresses on the link. It may not be obvious that only in the SLAAC case will the Token have an effect. Clarify this in the man page. Addresses issue #863.
2016-02-22man: extend the Personality= documentationLennart Poettering
Among other fixes, add information about more architectures that are supported these days.
2016-02-21man: document the new EmitLLDP= .network settingLennart Poettering
Also, beef up the LLDP documentation a bit.
2016-02-21man: update references to fedora cloud imageLennart Poettering
We are now at F23, hence let's use that as example.
2016-02-21networkd: turn on LLDP reception by default, in "routers-only" modeLennart Poettering
This way "networkctl status" becomes a bit more useful by default, as router information is just visible, without any further configuration. LLDP reception is fully passive and relatively low simple and low traffic, hence this should be safe to enable by default.
2016-02-21networkctl: extend "networkctl list" and "networctl lldp" to optionally take ↵Lennart Poettering
interface names This way, the output may be reduced to only show data about the specified interfaces.
2016-02-21sd-lldp: rework sd-lldp APILennart Poettering
This reworks the sd-lldp substantially, simplifying things on one hand, and extending the logic a bit on the other. Specifically: - Besides the sd_lldp object only one other object is maintained now, sd_lldp_neighbor. It's used both as storage for literal LLDP packets, and for maintainging info about peers in the database. Separation between packet, TLV and chassis data is not maintained anymore. This should be a major simplification. - The sd-lldp API has been extended so that a couple of per-neighbor fields may be queried directly, without iterating through the object. Other fields that may appear multiple times, OTOH have to be iterated through. - The maximum number of entries in the neighbor database is now configurable during runtime. - The generation of callbacks from sd_lldp objects is more restricted: callbacks are only invoked when actual data changed. - The TTL information is now hooked with a timer event, so that removals from the neighbor database due to TTLs now result in a callback event. - Querying LLDP neighbor database will now return a strictly ordered array, to guarantee stability. - A "capabilities" mask may now be configured, that selects what type of LLDP neighbor data is collected. This may be used to restrict collection of LLDP info about routers instead of all neighbors. This is now exposed via networkd's LLDP= setting. - sd-lldp's API to serialize the collected data to text files has been removed. Instead, there's now an API to extract the raw binary data from LLDP neighbor objects, as well as one to convert this raw binary data back to an LLDP neighbor object. networkd will save this raw binary data to /run now, and the client side can simply parse the information. - support for parsing the more exotic TLVs has been removed, since we are not using that. Instead there are now APIs to extract the raw data from TLVs. Given how easy it is to parse the TLVs clients should do so now directly instead of relying on our APIs for that. - A lot of the APIs that parse out LLDP strings have been simplified so that they actually return strings, instead of char arrays with a length. To deal with possibly dangerous characters the strings are escaped if needed. - APIs to extract and format the chassis and port IDs as strings has been added. - lldp.h has been simplified a lot. The enums are anonymous now, since they were never used as enums, but simply as constants. Most definitions we don't actually use ourselves have eben removed.
2016-02-19systemd-resolve: fix typo in man pageSamuel Tardieu
2016-02-18resolve: print TLSA packets in hexadecimalZbigniew Jędrzejewski-Szmek
https://tools.ietf.org/html/rfc6698#section-2.2 says: > The certificate association data field MUST be represented as a string > of hexadecimal characters. Whitespace is allowed within the string of > hexadecimal characters
2016-02-18systemd-resolve: easy querying of TLSA recordsZbigniew Jędrzejewski-Szmek
$ systemd-resolve --tlsa fedoraproject.org _443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A= -- Cert. usage: CA constraint -- Selector: Full Certificate -- Matching type: SHA-256 $ systemd-resolve --tlsa=tcp fedoraproject.org:443 _443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A= ... $ systemd-resolve --tlsa=udp fedoraproject.org _443._udp.fedoraproject.org: resolve call failed: '_443._udp.fedoraproject.org' not found v2: - use uint16_t - refuse port 0
2016-02-16systemd-resolve: allow whole packets to be dumped in binary formZbigniew Jędrzejewski-Szmek
2016-02-16systemd-resolve: reword --help outputZbigniew Jędrzejewski-Szmek
The output didn't specify if the default for --cname/--search/--legend and other options was yes or no. Change the description to be explicit about that. Also make the --help output and man page closer.
2016-02-16man: show output in example systemd-resolve commandsZbigniew Jędrzejewski-Szmek
I think example output allows the reader of the man page to see what functionlity is provided without running the commands themselves. Specific values in the examples are bound to get out of date but this is not a problem.
2016-02-15Merge pull request #2618 from zonque/busproxy-removalLennart Poettering
remove bus-proxyd
2016-02-14Promote systemd-activate to /usr/bin/systemd-socket-activateZbigniew Jędrzejewski-Szmek
It has fairly wide functionality now and the interface has been stable for a while. It it a useful testing tool. The name is changed to better indicate what it does.
2016-02-13activate: allow multiple, possibly invalid, fd namesZbigniew Jędrzejewski-Szmek
Previous code only allowed a single name to be passed, and duplicated it over all descriptors. For the sake of testing, allow different names and in arbitrary number. If just one is given, duplicate it to match the number of sockets. This matches previuos behaviour. Since this is a testing tool, it seems useful to allow passing invalid names to test application behaviour with invalid names. Hence, only warn. When warning, escape the name.