diff options
| author | Lennart Poettering <lennart@poettering.net> | 2023-06-23 17:49:44 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-07-04 22:59:07 +0200 |
| commit | 0dea5b7719b6dc0e2026923fc6ad0a80a8fd1db5 (patch) | |
| tree | d47cb597d83a7a639d13b85b0da66b59f6b5c7a2 /man/systemd.exec.xml | |
| parent | execute: fix credential dir handling for fs which support ACLs (diff) | |
| download | systemd-0dea5b7719b6dc0e2026923fc6ad0a80a8fd1db5.tar.xz systemd-0dea5b7719b6dc0e2026923fc6ad0a80a8fd1db5.zip | |
import-creds: define a new dir where initrd configurators can pass credentials to host
Diffstat (limited to 'man/systemd.exec.xml')
| -rw-r--r-- | man/systemd.exec.xml | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 5a917d8349..ccec6ec423 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -3274,18 +3274,20 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX 11) with a prefix of <literal>io.systemd.credential:</literal> or <literal>io.systemd.credential.binary:</literal>. In both cases a key/value pair separated by <literal>=</literal> is expected, in the latter case the right-hand side is Base64 decoded when - parsed (thus permitting binary data to be passed in). Example - <ulink url="https://www.qemu.org/docs/master/system/index.html">qemu</ulink> - switch: <literal>-smbios + parsed (thus permitting binary data to be passed in). Example <ulink + url="https://www.qemu.org/docs/master/system/index.html">qemu</ulink> switch: <literal>-smbios type=11,value=io.systemd.credential:xx=yy</literal>, or <literal>-smbios type=11,value=io.systemd.credential.binary:rick=TmV2ZXIgR29ubmEgR2l2ZSBZb3UgVXA=</literal>. Alternatively, use the <command>qemu</command> <literal>fw_cfg</literal> node - <literal>opt/io.systemd.credentials/</literal>. Example <command>qemu</command> switch: <literal>-fw_cfg - name=opt/io.systemd.credentials/mycred,string=supersecret</literal>. They may also be specified on - the kernel command line using the <literal>systemd.set_credential=</literal> switch (see - <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>) and from - the UEFI firmware environment via - <citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para> + <literal>opt/io.systemd.credentials/</literal>. Example <command>qemu</command> switch: + <literal>-fw_cfg name=opt/io.systemd.credentials/mycred,string=supersecret</literal>. They may also + be passed from the UEFI firmware environment via + <citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>, + from the initrd (see + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>), or be + specified on the kernel command line using the <literal>systemd.set_credential=</literal> switch (see + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> – this is + not recommended since unprivileged userspace can read the kernel command line). </para> <para>If referencing an <constant>AF_UNIX</constant> stream socket to connect to, the connection will originate from an abstract namespace socket, that includes information about the unit and the |