summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2014-02-18seccomp: add helper call to add all secondary archs to a seccomp filterLennart Poettering
And make use of it where appropriate for executing services and for nspawn.
2014-02-18machinectl: remove unused --no-ask-passwordThomas Hindoe Paaboel Andersen
2014-02-18machinectl: add bash completionThomas Hindoe Paaboel Andersen
2014-02-18man: machinectl: there is no command 'kill-machine'Thomas Hindoe Paaboel Andersen
2014-02-18man: minor fixes to networkd pageTom Gundersen
Also enforce that we don't allow setting the Broadcast for IPv6 addresses.
2014-02-18doc: orthographic correctionsJan Engelhardt
2014-02-17doc: utilize the DocBook markup for some literalsJan Engelhardt
2014-02-17doc: reword "shared per-thread" wordingJan Engelhardt
Either it is shared across threads, or it is per-thread: decide. Reading the source code, I see a thread_local identifier, so that's that. But that does not yet preclude that a program may pass around the pointer returned from the function among its own threads. Do a best effort at saying so.
2014-02-17doc: balance C indirections in function prototypesJan Engelhardt
Shift the asterisks in the documentation's prototypes such that they are consistent among each other. Use the right side to match source code.
2014-02-17doc: properly use XML entitiesJan Engelhardt
2014-02-17doc: choose different words to improve clarityJan Engelhardt
I suggest the following changes to improve the way the text reads ("flows").
2014-02-17doc: resolve missing/extraneous words or inappropriate formsJan Engelhardt
Issues fixed: * missing words required by grammar * duplicated or extraneous words * inappropriate forms (e.g. singular/plural), and declinations * orthographic misspellings
2014-02-17doc: update punctuationJan Engelhardt
Resolve spotted issues related to missing or extraneous commas, dashes.
2014-02-17doc: detail what "UID" isJan Engelhardt
2014-02-17doc: quote consistently in autoconf codeJan Engelhardt
AS_HELP_STRING has been observed to expand such that the surround function complains; play it safe and consistenly quote the example code throughout.
2014-02-17man: fix a typoAnsgar Burchardt
2014-02-17Revert "man: systemd.service(5): clarify behavior of SuccessExitStatus"Lennart Poettering
This reverts commit 29e254f7f093c07a1ec7e845e60203357f585235. Conflicts: man/systemd.service.xml
2014-02-17Some modernizationsZbigniew Jędrzejewski-Szmek
2014-02-16nspawn: add new --network-bridge= switchTom Gundersen
This adds the host side of the veth link to the given bridge. Also refactor the creation of the veth interfaces a bit to set it up from the host rather than the container. This simplifies the addition to the bridge, but otherwise the behavior is unchanged.
2014-02-14man: use spaces instead of tabsJason St. John
Several sections of the man pages included intermixed tabs and spaces; this commit replaces all tabs with spaces.
2014-02-14man: replace STDOUT with standard output, etc.Zbigniew Jędrzejewski-Szmek
Actually 'STDOUT' is something that doesn't appear anywhere: in the stdlib we have 'stdin', and there's only the constant STDOUT_FILENO, so there's no reason to use capitals. When refering to code, STDOUT/STDOUT/STDERR are replaced with stdin/stdout/stderr, and in other places they are replaced with normal phrases like standard output, etc.
2014-02-14man: fix grammatical errors and other formatting issuesJason St. John
* standardize capitalization of STDIN, STDOUT, and STDERR * reword some sentences for clarity * reflow some very long lines to be shorter than ~80 characters * add some missing <literal>, <constant>, <varname>, <option>, and <filename> tags
2014-02-14man: always place <programlisting> and </programlisting> in a line with ↵Lennart Poettering
actual sources, so that we don't get spurious newlines in the man page output
2014-02-14man: systemd.service(5): clarify behavior of SuccessExitStatusDave Reisner
The behavior of this is a little cryptic in that $MAINPID must exit as a direct result of receiving a signal in order for a listed signal to be considered a success condition.
2014-02-13nspawn: add new --network-veth switch to add a virtual ethernet link to the hostLennart Poettering
2014-02-13nspawn: --private-network should imply CAP_NET_ADMINLennart Poettering
2014-02-13nspawn: add new --network-interface= switch to move an existing interface ↵Lennart Poettering
into the container
2014-02-13nspawn: introduce --capability=all for retaining all capabilitiesLennart Poettering
2014-02-13core: add a system-wide SystemCallArchitectures= settingLennart Poettering
This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13core: add SystemCallArchitectures= unit setting to allow disabling of non-nativeLennart Poettering
architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-12core: rework syscall filterLennart Poettering
- Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12syscallfilter: port to libseccompRonny Chevalier
2014-02-12man: use xinclude to de-deduplicate common textZbigniew Jędrzejewski-Szmek
I only tested with python-lxml. I'm not sure if xml.etree should be deprecated.
2014-02-12pager: support SYSTEMD_LESS environment variableJason A. Donenfeld
This allows customization of the arguments used by less. The main motivation is that some folks might not like having --no-init on every invocation of less.
2014-02-12nspawn: newer kernels (>= 3.14) allow resetting the audit loginuid, make use ↵Lennart Poettering
of this
2014-02-12machinectl: add new "machinectl reboot" callLennart Poettering
2014-02-11machined: optionally, allow registration of pre-existing units (scopesLennart Poettering
or services) as machine with machined
2014-02-11nspawn: add --register=yes|no switch to optionally disable registration of ↵Lennart Poettering
the container with machined
2014-02-10networkd: VLAN - allow multiple vlans to be created on a linkTom Gundersen
Also limit the range of vlan ids. Other implementations and documentation use the ranges {0,1}-{4094,4095}, but we use the one accepted by the kernel: 0-4094. Reported-by: Oleksii Shevchuk <alxchk@gmail.com>
2014-02-10nspawn: add new --share-system switch to run a container without PID/UTS/IPC ↵Lennart Poettering
namespacing
2014-02-10nspawn,man: use a common vocabulary when referring to selinux security contextsLennart Poettering
Let's always call the security labels the same way: SMACK: "Smack Label" SELINUX: "SELinux Security Context" And the low-level encapsulation is called "seclabel". Now let's hope we stick to this vocabulary in future, too, and don't mix "label"s and "security contexts" and so on wildly.
2014-02-10exec: Add support for ignoring errors on SELinuxContext by prefixing it with ↵Michael Scherer
-, like for others settings. Also remove call to security_check_context, as this doesn't serve anything, since setexeccon will fail anyway.
2014-02-10exec: Add SELinuxContext configuration itemMichael Scherer
This permit to let system administrators decide of the domain of a service. This can be used with templated units to have each service in a différent domain ( for example, a per customer database, using MLS or anything ), or can be used to force a non selinux enabled system (jvm, erlang, etc) to start in a different domain for each service.
2014-02-09man: fix another reference in systemd-inhibit(1)Zbigniew Jędrzejewski-Szmek
http://bugs.debian.org/738316
2014-02-09man: fix reference in systemd-inhibit(1)Zbigniew Jędrzejewski-Szmek
http://bugs.debian.org/738316
2014-02-07nspawn: rename --file-label to --apifs-label since it's really just about ↵Lennart Poettering
the API file systems, nothing else
2014-02-07networkd: netdev - rename Netdev to NetDevTom Gundersen
Both in the configuration file format and everywhere else in the code.
2014-02-07man: cryptsetup-1.6.3 now allows partition device file in system modeJan Janssen
2014-02-06nspawn: add --quiet switch for turning off any output noiseLennart Poettering
2014-02-05man: introduce new "Desktop" property for sessionsLennart Poettering
This is initialized from XDG_SESSION_DESKTOP and is useful for GNOME to recognize its own sessions. It's supposed to be set to a short string identifying the session, such as "kde" or "gnome".