diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-07-30 16:16:26 +0200 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-07-31 15:52:27 +0200 |
| commit | 831f208783aeac443e6f2fc2efc3119535a032ef (patch) | |
| tree | 8ba1bf30dcd20d9e4d0a56ecd084fa4d3ddcc39c /man/org.freedesktop.systemd1.xml | |
| parent | exec-credential: Skip duplicate credentials in load_credential_glob() (diff) | |
| download | systemd-831f208783aeac443e6f2fc2efc3119535a032ef.tar.xz systemd-831f208783aeac443e6f2fc2efc3119535a032ef.zip | |
core: Add support for renaming credentials with ImportCredential=
This allows for "per-instance" credentials for units. The use case
is best explained with an example. Currently all our getty units
have the following stanzas in their unit file:
"""
ImportCredential=agetty.*
ImportCredential=login.*
"""
This means that setting agetty.autologin=root as a system credential
will make every instance of our all our getty units autologin as the
root user. This prevents us from doing autologin on /dev/hvc0 while
still requiring manual login on all other ttys.
To solve the issue, we introduce support for renaming credentials with
ImportCredential=. This will allow us to add the following to e.g.
serial-getty@.service:
"""
ImportCredential=tty.serial.%I.agetty.*:agetty.
ImportCredential=tty.serial.%I.login.*:login.
"""
which for serial-getty@hvc0.service will make the service manager read
all credentials of the form "tty.serial.hvc0.agetty.xxx" and pass them
to the service in the form "agetty.xxx" (same goes for login). We can
apply the same to each of the getty units to allow setting agetty and
login credentials for individual ttys instead of globally.
Diffstat (limited to 'man/org.freedesktop.systemd1.xml')
| -rw-r--r-- | man/org.freedesktop.systemd1.xml | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index 31e6194bec..b9120cc222 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -3187,6 +3187,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as ImportCredential = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly a(ss) ImportCredentialEx = [...]; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as SupplementaryGroups = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly s PAMName = '...'; @@ -3800,6 +3802,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { <!--property ImportCredential is not documented!--> + <!--property ImportCredentialEx is not documented!--> + <!--property SupplementaryGroups is not documented!--> <!--property PAMName is not documented!--> @@ -4488,6 +4492,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { <variablelist class="dbus-property" generated="True" extra-ref="ImportCredential"/> + <variablelist class="dbus-property" generated="True" extra-ref="ImportCredentialEx"/> + <variablelist class="dbus-property" generated="True" extra-ref="SupplementaryGroups"/> <variablelist class="dbus-property" generated="True" extra-ref="PAMName"/> @@ -5312,6 +5318,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as ImportCredential = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly a(ss) ImportCredentialEx = [...]; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as SupplementaryGroups = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly s PAMName = '...'; @@ -5939,6 +5947,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { <!--property ImportCredential is not documented!--> + <!--property ImportCredentialEx is not documented!--> + <!--property SupplementaryGroups is not documented!--> <!--property PAMName is not documented!--> @@ -6603,6 +6613,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { <variablelist class="dbus-property" generated="True" extra-ref="ImportCredential"/> + <variablelist class="dbus-property" generated="True" extra-ref="ImportCredentialEx"/> + <variablelist class="dbus-property" generated="True" extra-ref="SupplementaryGroups"/> <variablelist class="dbus-property" generated="True" extra-ref="PAMName"/> @@ -7291,6 +7303,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as ImportCredential = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly a(ss) ImportCredentialEx = [...]; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as SupplementaryGroups = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly s PAMName = '...'; @@ -7844,6 +7858,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { <!--property ImportCredential is not documented!--> + <!--property ImportCredentialEx is not documented!--> + <!--property SupplementaryGroups is not documented!--> <!--property PAMName is not documented!--> @@ -8420,6 +8436,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { <variablelist class="dbus-property" generated="True" extra-ref="ImportCredential"/> + <variablelist class="dbus-property" generated="True" extra-ref="ImportCredentialEx"/> + <variablelist class="dbus-property" generated="True" extra-ref="SupplementaryGroups"/> <variablelist class="dbus-property" generated="True" extra-ref="PAMName"/> @@ -9231,6 +9249,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as ImportCredential = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly a(ss) ImportCredentialEx = [...]; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as SupplementaryGroups = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly s PAMName = '...'; @@ -9770,6 +9790,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { <!--property ImportCredential is not documented!--> + <!--property ImportCredentialEx is not documented!--> + <!--property SupplementaryGroups is not documented!--> <!--property PAMName is not documented!--> @@ -10332,6 +10354,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { <variablelist class="dbus-property" generated="True" extra-ref="ImportCredential"/> + <variablelist class="dbus-property" generated="True" extra-ref="ImportCredentialEx"/> + <variablelist class="dbus-property" generated="True" extra-ref="SupplementaryGroups"/> <variablelist class="dbus-property" generated="True" extra-ref="PAMName"/> @@ -12099,8 +12123,9 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \ <varname>ExecMainHandoffTimestampMonotonic</varname>, and <varname>ExecMainHandoffTimestamp</varname> were added in version 256.</para> <para><varname>StatusBusError</varname>, - <varname>StatusVarlinkError</varname>, and - <varname>PrivateTmpEx</varname> were added in version 257.</para> + <varname>StatusVarlinkError</varname>, + <varname>PrivateTmpEx</varname>, and + <varname>ImportCredentialEx</varname> were added in version 257.</para> </refsect2> <refsect2> <title>Socket Unit Objects</title> @@ -12137,7 +12162,8 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \ <varname>EffectiveTasksMax</varname>, <varname>MemoryZSwapWriteback</varname>, and <varname>PassFileDescriptorsToExec</varname> were added in version 256.</para> - <para><varname>PrivateTmpEx</varname> was added in version 257.</para> + <para><varname>PrivateTmpEx</varname>, and + <varname>ImportCredentialEx</varname> were added in version 257.</para> </refsect2> <refsect2> <title>Mount Unit Objects</title> @@ -12171,7 +12197,8 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \ <varname>EffectiveMemoryMax</varname>, <varname>EffectiveTasksMax</varname>, and <varname>MemoryZSwapWriteback</varname> were added in version 256.</para> - <para><varname>PrivateTmpEx</varname> was added in version 257.</para> + <para><varname>PrivateTmpEx</varname>, and + <varname>ImportCredentialEx</varname> were added in version 257.</para> </refsect2> <refsect2> <title>Swap Unit Objects</title> @@ -12205,7 +12232,8 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \ <varname>EffectiveMemoryMax</varname>, <varname>EffectiveTasksMax</varname>, and <varname>MemoryZSwapWriteback</varname> were added in version 256.</para> - <para><varname>PrivateTmpEx</varname> was added in version 257.</para> + <para><varname>PrivateTmpEx</varname>, and + <varname>ImportCredentialEx</varname> were added in version 257.</para> </refsect2> <refsect2> <title>Slice Unit Objects</title> |