summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2016-11-04man: update kernel-install(8) to match reality (#4563)Zbigniew Jędrzejewski-Szmek
2016-11-03Merge pull request #4548 from keszybz/seccomp-helpZbigniew Jędrzejewski-Szmek
systemd-analyze syscall-filter
2016-11-03doc: clarify NoNewPrivileges (#4562)Kees Cook
Setting no_new_privs does not stop UID changes, but rather blocks gaining privileges through execve(). Also fixes a small typo.
2016-11-03seccomp-util, analyze: export comments as a help stringZbigniew Jędrzejewski-Szmek
Just to make the whole thing easier for users.
2016-11-03analyze: add syscall-filter verbZbigniew Jędrzejewski-Szmek
This should make it easier for users to understand what each filter means as the list of syscalls is updated in subsequent systemd versions.
2016-11-02man: fix two typos (is → are) (#4544)Lucas Werkmeister
2016-11-02Merge pull request #4456 from keszybz/stored-fdsLennart Poettering
Preserve stored fds over service restart
2016-11-02man: document that too strict system call filters may affect the service managerLennart Poettering
If execve() or socket() is filtered the service manager might get into trouble executing the service binary, or handling any failures when this fails. Mention this in the documentation. The other option would be to implicitly whitelist all system calls that are required for these codepaths. However, that appears less than desirable as this would mean socket() and many related calls have to be whitelisted unconditionally. As writing system call filters requires a certain level of expertise anyway it sounds like the better option to simply document these issues and suggest that the user disables system call filters in the service temporarily in order to debug any such failures. See: #3993.
2016-11-02seccomp: add two new syscall groupsLennart Poettering
@resources contains various syscalls that alter resource limits and memory and scheduling parameters of processes. As such they are good candidates to block for most services. @basic-io contains a number of basic syscalls for I/O, similar to the list seccomp v1 permitted but slightly more complete. It should be useful for building basic whitelisting for minimal sandboxes
2016-11-02man: two minor fixesLennart Poettering
2016-11-02seccomp: include pipes and memfd in @ipcLennart Poettering
These system calls clearly fall in the @ipc category, hence should be listed there, simply to avoid confusion and surprise by the user.
2016-11-02seccomp: drop execve() from @process listLennart Poettering
The system call is already part in @default hence implicitly allowed anyway. Also, if it is actually blocked then systemd couldn't execute the service in question anymore, since the application of seccomp is immediately followed by it.
2016-11-02seccomp: add clock query and sleeping syscalls to "@default" groupLennart Poettering
Timing and sleep are so basic operations, it makes very little sense to ever block them, hence don't.
2016-11-01seccomp: allow specifying arm64, mips, ppc (#4491)Zbigniew Jędrzejewski-Szmek
"Secondary arch" table for mips is entirely speculative…
2016-10-31man: fix typos (#4527)Jakub Wilk
2016-10-30Implement VeraCrypt volume handling in crypttab (#4501)George Hilliard
This introduces a new option, `tcrypt-veracrypt`, that sets the corresponding VeraCrypt flag in the flags passed to cryptsetup.
2016-10-30man: make systemd-escape examples more consistentLucas Werkmeister
The first example wasn't phrased with "To ..." as the other three are, and the last example was lacking the colon.
2016-10-30man: add missing periodLucas Werkmeister
2016-10-30man: improve systemd-escape --path descriptionLucas Werkmeister
The option does more than the documentation gave it credit for.
2016-10-28man: add a note that FDSTORE=1 requires epoll-compatible fdsZbigniew Jędrzejewski-Szmek
Let's say that this was not obvious from our man page.
2016-10-28Merge pull request #4495 from topimiettinen/block-shmat-execDjalal Harouni
seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute
2016-10-28Merge pull request #4458 from keszybz/man-nonewprivilegesMartin Pitt
Document NoNewPrivileges default value
2016-10-28udev: allow substitutions for SECLABEL key (#4505)Michal Sekletar
2016-10-27Merge pull request #4442 from keszybz/detect-virt-usernsEvgeny Vereshchagin
detect-virt: add --private-users switch to check if a userns is active; add Condition=private-users
2016-10-26detect-virt: add --private-users switch to check if a userns is activeZbigniew Jędrzejewski-Szmek
Various things don't work when we're running in a user namespace, but it's pretty hard to reliably detect if that is true. A function is added which looks at /proc/self/uid_map and returns false if the default "0 0 UINT32_MAX" is found, and true if it finds anything else. This misses the case where an 1:1 mapping with the full range was used, but I don't know how to distinguish this case. 'systemd-detect-virt --private-users' is very similar to 'systemd-detect-virt --chroot', but we check for a user namespace instead.
2016-10-26vconsole: manual update (#4021)Michal Soltys
To more correctly reflect current behaviour as well as to provide a few more details.
2016-10-26seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecuteTopi Miettinen
shmat(..., SHM_EXEC) can be used to create writable and executable memory, so let's block it when MemoryDenyWriteExecute is set.
2016-10-25man: document that systemctl cat shows file content (#4488)Lucas Werkmeister
... and that that content might be outdated.
2016-10-25Merge pull request #4474 from poettering/nsswitchMartin Pitt
various nss module/resolved fixes
2016-10-24man: document the default value of NoNewPrivileges=Zbigniew Jędrzejewski-Szmek
Fixes #4329.
2016-10-25man: Fix event source priority enum names in synopsis (#4478)Martin Ejdestig
2016-10-24man: sync up the suggested nsswitch.conf configuration for our four NSS modulesLennart Poettering
This unifies the suggested nsswitch.conf configuration for our four NSS modules to this: hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname Note that this restores "myhostname" to the suggested configuration of nss-resolve for the time being, undoing 4484e1792b64b01614f04b7bde97bf019f601bf9. "myhostname" should probably be dropped eventually, but when we do this we should do it in full, and not only drop it from the suggested nsswitch.conf for one of the modules, but also drop it in source and stop referring to it altogether. Note that nss-resolve doesn't replace nss-myhostname in full: the former only works if D-Bus/resolved is available for resolving the local hostname, the latter works in all cases even if D-Bus or resolved are not in operation, hence there's some value in keeping the line as it is right now. Note that neither dns nor myhostname are considered at all with the above configuration unless the resolve module actually returns UNAVAIL. Thus, even though handling of local hostname resolving is implemented twice this way it is only executed once for each lookup.
2016-10-24Merge pull request #4459 from keszybz/commandline-parsingLennart Poettering
Commandline parsing simplification and udev fix
2016-10-24shared, systemctl: teach is-enabled to show installation targetsJan Synacek
It may be desired by users to know what targets a particular service is installed into. Improve user friendliness by teaching the is-enabled command to show such information when used with --full. This patch makes use of the newly added UnitFileFlags and adds UNIT_FILE_DRY_RUN flag into it. Since the API had already been modified, it's now easy to add the new dry-run feature for other commands as well. As a next step, --dry-run could be added to systemctl, which in turn might pave the way for a long requested dry-run feature when running systemctl start.
2016-10-22Merge pull request #4428 from lnykryn/ctrl_v2Zbigniew Jędrzejewski-Szmek
rename failure-action to emergency-action and use it for ctrl+alt+del burst
2016-10-22journald: convert journald to use parse_proc_cmdlineZbigniew Jędrzejewski-Szmek
This makes journald use the common option parsing functionality. One behavioural change is implemented: "systemd.journald.forward_to_syslog" is now equivalent to "systemd.journald.forward_to_syslog=1". I think it's nicer to use this way.
2016-10-21journald: systemd.journald.max_level_* kernel command line options (#4427)Umut Tezduyar Lindskog
The log forward levels can be configured through kernel command line.
2016-10-21core: use emergency_action for ctr+alt+del burstLukas Nykryn
Fixes #4306
2016-10-20man: document default for User=Lennart Poettering
Replaces: #4375
2016-10-20man: one more cgroup wording fixLennart Poettering
2016-10-20Merge pull request #4417 from keszybz/man-and-rlimitLennart Poettering
Two unrelated patches: man page tweaks and rlimit log levels
2016-10-19man: document dependencies implied by Sockets= (#4412)Lucas Werkmeister
Fixes #4410. Also includes two minor improvements to the previous sentence.
2016-10-19Merge pull request #4390 from keszybz/install-specifiersLennart Poettering
Various install-related tweaks
2016-10-17core/exec: add a named-descriptor option ("fd") for streams (#4179)Luca Bruno
This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-17man: add a note that NULL "s" arg for sd_bus_message_appendZbigniew Jędrzejewski-Szmek
2016-10-17man: avoid abbreviated "cgroups" terminology (#4396)Lennart Poettering
Let's avoid the overly abbreviated "cgroups" terminology. Let's instead write: "Linux Control Groups (cgroups)" is the long form wherever the term is introduced in prose. Use "control groups" in the short form wherever the term is used within brief explanations. Follow-up to: #4381
2016-10-17man: mention that systemctl --root=/ operates on the fs directlyZbigniew Jędrzejewski-Szmek
2016-10-17Merge pull request #4381 from keszybz/man-pagesMartin Pitt
2016-10-16man: document sd_event_get_tid() return value (#4385)Martin Ejdestig
2016-10-15man: drop discouragment of runtime and vendor drop-insZbigniew Jędrzejewski-Szmek
In certain situations drop-ins in /usr/lib/ are useful, for example when one package wants to modify the behaviour of another package, or the vendor wants to tweak some upstream unit without patching. Drop-ins in /run are useful for testing, and may also be created by systemd itself. Follow-up for the discussion in #2103.