summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2016-01-12man: add AmbientCapabilities entry.Ismo Puustinen
2016-01-11doc typo, src: systemd/src/journal-remote/journal-gatewayd.cArthur Clement
2016-01-06resolved: introduce support for per-interface negative trust anchorsLennart Poettering
2016-01-06resolved: populate negative trust anchor by defaultLennart Poettering
Let's increase compatibility with many private domains by default, and ship a default NTA list of wel-known private domains, where it is unlikely they will be deployed as official TLD anytime soon.
2016-01-05resolved: try to detect fritz.box-style private DNS zones, and downgrade to ↵Lennart Poettering
non-DNSSEC mode for them This adds logic to detect cases like the Fritz!Box routers which serve a private DNS domain "fritz.box" under the TLD "box" that does not exist in the root servers. If this is detected DNSSEC validation is turned off for this private domain, thus improving compatibility with such private DNS zones. This should be fairly secure as we first rely on the proof that .box does not exist before this logic is applied. Nevertheless the logic is only enabled for DNSSEC=allow-downgrade mode. This logic does not work for routers that set up a full DNS zone directly under a non-existing TLD, as in that case we cannot prove that the domain is truly non-existing according to the root servers.
2016-01-05resolved,networkd: add a per-interface DNSSEC settingLennart Poettering
This adds a DNSSEC= setting to .network files, and makes resolved honour them.
2016-01-05resolved: rename "downgrade-ok" mode to "allow-downgrade"Lennart Poettering
After discussing this with Tom, we figured out "allow-downgrade" sounds nicer.
2016-01-05man: document that DNS= and Domains= is implemented by resolvedLennart Poettering
2016-01-05resolved: make MulticastDNS support configurable in resolved.confLennart Poettering
The option is already there, but wasn't exported in the configuration file so far. Fix that.
2016-01-05networkd,resolved: add a per-interface mdns configuration optionLennart Poettering
2016-01-05man: fix a few typosLennart Poettering
2016-01-05man: add documentation for dnssec-trust-anchors.d(5)Lennart Poettering
2016-01-05man: add basic documentation for resolved.conf's DNSSEC= switchLennart Poettering
2015-12-26man: fix typosJakub Wilk
2015-12-25Merge pull request #2197 from mscherer/add_seal_configZbigniew Jędrzejewski-Szmek
Add Seal option in the configuration file for journald-remote
2015-12-21man: fix typo in systemctl(1)Michael Biebl
2015-12-20Add Seal option in the configuration file for journald-remoteMichael Scherer
While journal received remotely can be sealed, it can only be done on the command line using --seal, so for consistency, we will also permit to set it in the configuration file.
2015-12-15man: fix typo in journal-remote.conf(5)Yu Watanabe
2015-12-10importd: drop dkr supportLennart Poettering
The current code is not compatible with current dkr protocols anyway, and dkr has a different focus ("microservices") than nspawn anyway ("whole machine containers"), hence drop support for it, we cannot reasonably keep this up to date, and it creates the impression we'd actually care for the microservices usecase.
2015-11-27tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering
GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-11-27Merge pull request #1828 from fbuihuu/set-property-on-inactive-unitLennart Poettering
core: allow 'SetUnitProperties()' to run on inactive units too
2015-11-27Merge pull request #2040 from keszybz/randomized-delayLennart Poettering
core: rename Random* to RandomizedDelay*
2015-11-26Merge pull request #2031 from poettering/resolved-search-domainsTom Gundersen
resolved. Fully implement search domains for single-label names
2015-11-26man: remove repeated words in description of RandomizedDelayZbigniew Jędrzejewski-Szmek
2015-11-26core: rename Random* to RandomizedDelay*Zbigniew Jędrzejewski-Szmek
The name RandomSec is too generic: "Sec" just specifies the default unit type, and "Random" by itself is not enough. Rename to something that should give the user general idea what the setting does without looking at documentation.
2015-11-26Merge pull request #1994 from karelzak/rlimitsLennart Poettering
core: support <soft:hard> ranges for RLIMIT options
2015-11-26Merge pull request #2022 from alkino/masterLennart Poettering
man: Add a not that mount unit cannot be templated
2015-11-26man: fix function nameEvgeny Vereshchagin
2015-11-25resolved: add a generic DnsSearchDomain conceptLennart Poettering
With this change, we add a new object to resolved, "DnsSearchDomain=" which wraps a search domain. This is then used to introduce a global search domain list, in addition to the existing per-link search domain list which is reword to make use of this new object too. This is preparation for implement proper unicast DNS search domain support.
2015-11-25man: fix documentation how /etc/resolv.conf is readLennart Poettering
/etc/resolv.conf is only read when the DNS= setting does not appear at all in resolved.conf, regardless if set to the empty list or anything else. Correct that in the man page.
2015-11-25core: support <soft:hard> ranges for RLIMIT optionsKarel Zak
The new parser supports: <value> - specify both limits to the same value <soft:hard> - specify both limits the size or time specific suffixes are supported, for example LimitRTTIME=1sec LimitAS=4G:16G The patch introduces parse_rlimit_range() and rlim type (size, sec, usec, etc.) specific parsers. No code is duplicated now. The patch also sync docs for DefaultLimitXXX= and LimitXXX=. References: https://github.com/systemd/systemd/issues/1769
2015-11-24man: Add a not that mount unit cannot be templatedNicolas Cornu
2015-11-22man: include the target name when linking to man pages in html outputZbigniew Jędrzejewski-Szmek
Links like http://www.freedesktop.org/software/systemd/man/systemd.socket.html are changed to http://www.freedesktop.org/software/systemd/man/systemd.socket.html#Accept=. This implementation is quick & dirty, and misses various corner cases. A fairly important one is that when a few directives share the same anchor (which happens when multiple directives are described in the same paragraph), generated links for everything except the first one link to an invalid anchor. Another shortcoming is that the formatting does not use the proper generateID machinery, so the anchor name could be wrong in some cases. But it seems to work for a large percentage of links, so seems to be an improvement in usability. When the anchor is missing, we land at the top of the page, which is the same as before. If the anchor were to point to different spot, this would be more confusing... Not sure if that ever happens. Anyway, the user should be able to recover from landing on the wrong place in the page. (Mostly) fixes https://github.com/systemd/systemd/issues/1956.
2015-11-22core: allow 'SetUnitProperties()' to run on inactive units tooFranck Bui
'set-property' has been primarly designed to change some properties of *active* units. However it can easily work on inactive units as well. In that case changes are only saved in a drop-in for futur uses and changes will be effective when unit will be started. Actually it already works on inactive units but that was not documented and not fully supported. Indeed the inactive units had to be known by the manager otherwise it was reported as not loaded: $ systemctl status my-test.service * my-test.service - My Testing Unit Loaded: loaded (/etc/systemd/system/my-test.service; static; vendor preset: disabled) Drop-In: /etc/systemd/system/my-test.service.d Active: inactive (dead) $ systemctl set-property my-test.service MemoryLimit=1000000 Failed to set unit properties on my-test.service: Unit my-test.service is not loaded. [ Note: that the unit load state reported by the 'status' command might be confusing since it claimed the unit as loaded but 'set-property' reported the contrary. ] One can possibily workaround this by making the unit a dependency of another active unit so the manager will keep it around: $ systemctl add-wants multi-user.target my-test.service Created symlink from /etc/systemd/system/multi-user.target.wants/my-test.service to /etc/systemd/system/my-test.service. $ systemctl set-property my-test.service MemoryLimit=1000000 $ systemctl status my-test.service * my-test.service - My Testing Unit Loaded: loaded (/etc/systemd/system/my-test.service; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/my-test.service.d `-50-MemoryLimit.conf Active: inactive (dead) This patch simply forces 'SetUnitProperties()' to load the unit if it's not already the case. It also documents the fact that 'set-property' can be used on inactive units.
2015-11-21man: update WatchdogSec sectionEvgeny Vereshchagin
* add info about sd_event_set_watchdog * add missing Restart values
2015-11-20Merge pull request #1950 from evverx/man-systemd-exec-envLennart Poettering
man: systemd.exec: add missing variables
2015-11-19man: fully document sd-event interfacesLennart Poettering
This completes the set of man pages for sd-event and contains some minor other fixes for other man pages too. The sd_event_set_name(3) man page is renamed to sd_event_source_set_description(3), which is the correct name of the concept today.
2015-11-19gitignore: only ignore .html files in man/Martin Pitt
src/journal-remote/browse.html is git-tracked source and should not be ignored. Avoid accidentally ignoring similar ones in the future.
2015-11-19man: systemd.exec: add missing variablesEvgeny Vereshchagin
2015-11-18core: add new RandomSec= setting for time unitsLennart Poettering
This allows configuration of a random time on top of the elapse events, in order to spread time events in a network evenly across a range.
2015-11-18man: improve and fix documentation for RemainAfterElapse=Lennart Poettering
2015-11-18Merge pull request #1940 from evverx/man-journald-syslog-forwardingLennart Poettering
man: remove section about syslog forwarding
2015-11-18Merge pull request #1912 from mustrumr/calendarspec-sub-second-v3Lennart Poettering
Calendarspec sub second v3
2015-11-18Merge pull request #1889 from ssahani/socket-protoLennart Poettering
socket: Add support for socket protcol
2015-11-18socket: Add support for socket protcolSusant Sahani
Now we don't support the socket protocol like sctp and udplite . This patch add a new config param SocketProtocol: udplite/sctp With this now we can configure the protocol as udplite = IPPROTO_UDPLITE sctp = IPPROTO_SCTP Tested with nspawn:
2015-11-18man: remove section about syslog forwardingEvgeny Vereshchagin
journald: turn ForwardToSyslog= off by default After all, rsyslog and friends nowadays read their data directly from the journal, hence the forwarding is unnecessary in most cases. see 46b131574fdd7d77c15a0919ca9010c
2015-11-17man: calendarspec sub-second supportHristo Venev
2015-11-17core: add RemainAfterElapse= setting to timer unitsLennart Poettering
Previously, after a timer unit elapsed we'd leave it around for good, which has the nice benefit that starting a timer that shall trigger at a specific point in time multiple times will only result in one trigger instead of possibly many. With this change a new option RemainAfterElapse= is added. It defaults to "true", to mimic the old behaviour. If set to "false" timer units will be unloaded after they elapsed. This is specifically useful for transient timer units.
2015-11-16Merge pull request #1915 from poettering/btrfs-root-subvolDavid Herrmann
tmpfiles: create subvolumes for "v", "q", and "Q" only if / is a subv…
2015-11-16tmpfiles: create subvolumes for "v", "q", and "Q" only if / is a subvolumeLennart Poettering
It's not a good idea to create subvolumes for parts of the OS tree (such as /home, or /var) if the root directory is not a subvolume too. We shouldn't assume control of "heavier" objects such as subvolumes, if the originating object (the root directory) is a "light-weight" object, i.e. a plain directory. Effectively this means that chroot() environments that are run on a plain directory do not have to deal with problems around systemd creating subvolumes that cannot be removed with a simple "rm" anymore. However, if the chroot manager creates a proper subvolume for such an environment it will also get further subvolumes placed in there, under the assumption that the manager understands the concept of subvolumes in that case.