summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2017-02-09man: update pam_systemd and systemd-logind man pages a bitLennart Poettering
This builds on @utezduyar's #4640, but extends on it. Fixes: #4550 Replaces: #4640
2017-02-09man: improve documentation on seccomp regarding alternative ABIsLennart Poettering
Let's clarify that RestrictAddressFamilies= and MemoryDenyWriteExecute= are only fully effective if non-native system call architectures are disabled, since they otherwise may be used to circumvent the filters, as the filters aren't equally effective on all ABIs. Fixes: #5277
2017-02-09Merge pull request #5287 from poettering/exit-codesZbigniew Jędrzejewski-Szmek
rework WorkingDirectory= and RootDirectory= management for services
2017-02-09Merge pull request #5255 from poettering/percent-escapeZbigniew Jędrzejewski-Szmek
fstab-generator: Options= applies specifier expansion
2017-02-09Revert "core/execute: set HOME, USER also for root users"Lennart Poettering
This reverts commit 8b89628a10af3863bfc97872912e9da4076a5929. This broke #5246
2017-02-09Merge pull request #5279 from keszybz/man-revertsMartin Pitt
A revert and some other tweaks for the man pages
2017-02-08Merge pull request #4962 from poettering/root-directory-2Zbigniew Jędrzejewski-Szmek
Add new MountAPIVFS= boolean unit file setting + RootImage=
2017-02-08man: add more commas for clarify and reword a few sentencesZbigniew Jędrzejewski-Szmek
2017-02-08man: revert documentation about RequiresMountsFor= honoring noautoZbigniew Jędrzejewski-Szmek
This effectively reverts commit 5d2abc04fc95f5c5f6d0eaf2f: Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> Date: Wed Apr 16 22:15:42 2014 -0400 man: document relationship between RequiresMountsFor and noauto https://bugzilla.redhat.com/show_bug.cgi?id=1088057 Fixes #5249.
2017-02-08man: break long lines and update Fedora versionsZbigniew Jędrzejewski-Szmek
We should try to keep the unbreakable lines below 80 columns. It's not always possible of course. Also, use the dl.fp.o alias instead of a specific mirror.
2017-02-09Merge pull request #5270 from poettering/seccomp-namespace-fixEvgeny Vereshchagin
swap seccomp filter params on s390
2017-02-09man: fix docs for swap's DefaultDependencies= (#5278)David Glasser
There was a missing dependency and one with the wrong type. Additionally, refer to DefaultDependencies= once instead of twice, without a vague reference in the first one that doesn't mention that the value matters. Fixes #5226.
2017-02-08seccomp: on s390 the clone() parameters are reversedLennart Poettering
Add a bit of code that tries to get the right parameter order in place for some of the better known architectures, and skips restrict_namespaces for other archs. This also bypasses the test on archs where we don't know the right order. In this case I didn't bother with testing the case where no filter is applied, since that is hopefully just an issue for now, as there's nothing stopping us from supporting more archs, we just need to know which order is right. Fixes: #5241
2017-02-08fstab-generator: also convert % → %% for What=Lennart Poettering
Same reasons as the previous patch.
2017-02-08fstab-generator: Options= applies specifier expansionLennart Poettering
Let's document that this is the case, and properly escape % when we generate Options= in the generator. Fixes: #5086
2017-02-08nspawn: Add support for sysroot pivoting (#5258)Philip Withnall
Add a new --pivot-root argument to systemd-nspawn, which specifies a directory to pivot to / inside the container; while the original / is pivoted to another specified directory (if provided). This adds support for booting container images which may contain several bootable sysroots, as is common with OSTree disk images. When these disk images are booted on real hardware, ostree-prepare-root is run in conjunction with sysroot.mount in the initramfs to achieve the same results.
2017-02-08seccomp: MemoryDenyWriteExecute= should affect both mmap() and mmap2() (#5254)Lennart Poettering
On i386 we block the old mmap() call entirely, since we cannot properly filter it. Thankfully it hasn't been used by glibc since quite some time. Fixes: #5240
2017-02-07man: s/--unmount/--umount/g (#5243)Lennart Poettering
The --help text currently uses the "--umount" spelling, hence to the same in the man page too. And let's settle on "umount" instead of "unmount" here, since most folks probably expect that when typing in a command, as util-linux' tool is called "umount" after all, and so is the symlink "systemd-umount" we install.
2017-02-07man: document *.d/ drop-in file order (#5262)Lucas Werkmeister
2017-02-07man: document that systemd-run --on-* cannot be used with --ptyLucas Werkmeister
2017-02-07man: use systemctl enable --nowLucas Werkmeister
2017-02-07man: add cross-referenceLucas Werkmeister
The third paragraph of the Description already linked to systemd.resource-control(5), but it was missing from the list of additional options for the [Service] section.
2017-02-07dissect: try to read roothash value off user.verity.roothash xattr of image fileLennart Poettering
This slightly extends the roothash loading logic to first check for a user.verity.roothash extended attribute on the image file. If it exists, it is used as Verity root hash and the ".roothash" file is not used. This should improve the chance that the roothash is retained when the file is moved around, as the data snippet is attached directly to the image file. The field is still detached from the file payload however, in order to make sure it may be trusted independently. This does not replace the ".roothash" file loading, it simply adds a second way to retrieve the data. Extended attributes are often a poor choice for storing metadata like this as it is usually difficult to discover for admins and users, and hard to fix if it ever gets out of sync. However, in this case I think it's safe as verity implies read-only access, and thus there's little chance of it to get out of sync.
2017-02-07core: add RootImage= setting for using a specific image file as root ↵Lennart Poettering
directory for a service This is similar to RootDirectory= but mounts the root file system from a block device or loopback file instead of another directory. This reuses the image dissector code now used by nspawn and gpt-auto-discovery.
2017-02-07core: add a per-unit setting MountAPIVFS= for mounting /dev, /proc, /sys in ↵Lennart Poettering
conjunction with RootDirectory= This adds a boolean unit file setting MountAPIVFS=. If set, the three main API VFS mounts will be mounted for the service. This only has an effect on RootDirectory=, which it makes a ton times more useful. (This is basically the /dev + /proc + /sys mounting code posted in the original #4727, but rebased on current git, and with the automatic logic replaced by explicit logic controlled by a unit file setting)
2017-02-07Merge pull request #5225 from poettering/seccomp-socketEvgeny Vereshchagin
make RestrictAddressFamilies= officially a NOP on i386
2017-02-06notify: document that we fake the PID when sending sd_notify()Lennart Poettering
2017-02-06man: document that sd_notify() is racy in some casesLennart Poettering
2017-02-06man: Document that RestrictAddressFamilies= doesn't work on s390/s390x/...Lennart Poettering
We already say that it doesn't work on i386, but there are more archs like that apparently.
2017-02-05Merge pull request #5223 from keszybz/root-workdirMartin Pitt
Fix WorkDir=~ with empty User=
2017-02-05build-sys,man: describe systemd-umount and hook it up to installation (#5227)Zbigniew Jędrzejewski-Szmek
2017-02-03man: clarify interface for suspend/resume integration (#5220)Martin Pitt
Fixes #4916.
2017-02-03core/execute: set HOME, USER also for root usersZbigniew Jędrzejewski-Szmek
This changes the environment for services running as root from: LANG=C.utf8 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin INVOCATION_ID=ffbdec203c69499a9b83199333e31555 JOURNAL_STREAM=8:1614518 to LANG=C.utf8 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin HOME=/root LOGNAME=root USER=root SHELL=/bin/sh INVOCATION_ID=15a077963d7b4ca0b82c91dc6519f87c JOURNAL_STREAM=8:1616718 Making the environment special for the root user complicates things unnecessarily. This change simplifies both our logic (by making the setting of the variables unconditional), and should also simplify the logic in services (particularly scripts). Fixes #5124.
2017-02-02Merge pull request #5202 from keszybz/cgls-unitsLennart Poettering
systemd-cgls --unit --user-unit
2017-02-01cgls: add --user-unit to show user unitsZbigniew Jędrzejewski-Szmek
2017-02-01cgls: add --unit to show unitsZbigniew Jędrzejewski-Szmek
$ systemd-cgls -u systemd-journald.service machine.slice I opted for a "global" switch, instead of modifying the behaviour of just one argument. It seem to be a more useful setting, since usually one will want to query one or more units, and not mix unit names with paths. Closes #5156.
2017-02-02man: fix spelling error parth -> pathBrandon Philips
2017-02-02systemctl: restore --failed (#5198)Zbigniew Jędrzejewski-Szmek
'systemctl --failed' is an extremely common operation and it's nice to have a shortcut for it. Revert "man: don't document systemctl --failed" and add the option back to systemctl's help and shell completion scripts. This reverts commit 036359ba8d0aba7db7eac75d10073a849a033fd1.
2017-01-31man: mention ConditionFirstBoot= in systemd-firstboot(1) (#5186)Zbigniew Jędrzejewski-Szmek
2017-01-20man: fix flag in systemd-run (#5107)Rike-Benjamin Schuppner
2017-01-19man: fix typos (#5109)Jakub Wilk
2017-01-17Merge pull request #4991 from poettering/seccomp-fixZbigniew Jędrzejewski-Szmek
2017-01-17man: fix typo (#5093)AsciiWolf
2017-01-14Merge pull request #4879 from poettering/systemdZbigniew Jędrzejewski-Szmek
2017-01-14man: provide a basic guide to the `systemctl status` output (#4950)Mark Stosberg
- Show example of all `systemctl status` output and documents what possible "Loaded:", "Active" and "Enabled" values mean. - Documents what different colors of the dot mean. - Documents "gotcha" with load-on-demand behavior which will report units as "loaded" even if they are only loaded to show their status. (From @poettering: https://github.com/systemd/systemd/issues/5063#issuecomment-272115024 )
2017-01-12Merge pull request #5069 from keszybz/fixletsLennart Poettering
Small fixes and enhancements to docs and code
2017-01-11man: link to sd-j-{remote,upload} from journalctl(1)Zbigniew Jędrzejewski-Szmek
2017-01-11Merge pull request #5009 from ian-kelling/ian-mnt-namespace-docZbigniew Jędrzejewski-Szmek
2017-01-11Document how restart actions work (#5052)micah
When a user is trying to understand what is going on with a restart action, it is useful to explicitly describe how the action is run. It may seem obvious, but it is helpful to be explicit so one knows there isn't a special ExecRestart= or similar option that they could be looking at.
2017-01-11man: add more links to systemd-ask-password and systemd-tty-ask-password-agentZbigniew Jędrzejewski-Szmek
Loosely inspired by https://bugzilla.redhat.com/show_bug.cgi?id=1411134.