From ea539eb65950bea7a9734424e660ef84f6f30e6c Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Mon, 29 Jun 2015 20:19:56 -0400 Subject: man: information about available properties https://bugzilla.redhat.com/show_bug.cgi?id=1144496 --- man/systemctl.xml | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) (limited to 'man') diff --git a/man/systemctl.xml b/man/systemctl.xml index e18ef6f898..66a090049d 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -114,12 +114,30 @@ When showing unit/job/manager properties with the - show command, limit display to certain - properties as specified as argument. If not specified, all - set properties are shown. The argument should be a + show command, limit display to properties + specified in the argument. The argument should be a comma-separated list of property names, such as - MainPID. If specified more than once, all - properties with the specified names are shown. + MainPID. Unless specified, all known + properties are shown. If specified more than once, all + properties with the specified names are shown. Shell + completion is implemented for property names. + + For the manager itself, + systemctl show will show all available + properties. Those properties are documented in + systemd-system.conf5. + + + Properties for units vary by unit type, so showing any + unit (even a non-existent one) is a way to list properties + pertaining to this type. Similarly showing any job will list + properties pertaining to all jobs. Properties for units are + documented in + systemd.unit5, + and the pages for individual unit types + systemd.service5, + systemd.socket5, + etc. -- cgit v1.2.3-54-g00ecf From 9407bc2d03b6405754807b6f38c8ca95b4fc1f40 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Mon, 29 Jun 2015 20:34:45 -0400 Subject: man: update sysctl example about netfilter It turns out that since kernel 3.18 netfilter on bridged packets is off anyway, so the example should be reworded (and the module name updated). --- man/sysctl.d.xml | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'man') diff --git a/man/sysctl.d.xml b/man/sysctl.d.xml index 8a131791a5..e5b2bc0ac9 100644 --- a/man/sysctl.d.xml +++ b/man/sysctl.d.xml @@ -123,11 +123,12 @@ - Disable packet filter on bridged packets (method one) + Apply settings available only when a certain module is loaded (method one) /etc/udev/rules.d/99-bridge.rules: - ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/net/bridge" + ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", \ + RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/net/bridge" /etc/sysctl.d/bridge.conf: @@ -137,14 +138,20 @@ net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 + + This method applies settings when the module is + loaded. Please note that unless the br_netfilter + module is loaded, bridged packets will not be filtered by + netfilter (starting with kernel 3.18), so simply not loading the + module is suffient to avoid filtering. - Disable packet filter on bridged packets (method two) + Apply settings available only when a certain module is loaded (method two) /etc/modules-load.d/bridge.conf: - bridge + br_netfilter /etc/sysctl.d/bridge.conf: @@ -153,6 +160,12 @@ net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 + + This method forces the module to be always loaded. Please + note that unless the br_netfilter module is + loaded, bridged packets will not be filtered with netfilter + (starting with kernel 3.18), so simply not loading the module is + suffient to avoid filtering. -- cgit v1.2.3-54-g00ecf