diff options
Diffstat (limited to '')
| -rw-r--r-- | docs/BUILDING_IMAGES.md | 2 | ||||
| -rw-r--r-- | docs/FILE_DESCRIPTOR_STORE.md | 14 | ||||
| -rw-r--r-- | docs/PORTABLE_SERVICES.md | 2 |
3 files changed, 9 insertions, 9 deletions
diff --git a/docs/BUILDING_IMAGES.md b/docs/BUILDING_IMAGES.md index 15ca27845e..b11afa3a36 100644 --- a/docs/BUILDING_IMAGES.md +++ b/docs/BUILDING_IMAGES.md @@ -5,7 +5,7 @@ layout: default SPDX-License-Identifier: LGPL-2.1-or-later --- -# Safely Building Images +# Building Images Safely In many scenarios OS installations are shipped as pre-built images, that require no further installation process beyond simple `dd`-ing the image to diff --git a/docs/FILE_DESCRIPTOR_STORE.md b/docs/FILE_DESCRIPTOR_STORE.md index 15973cd20b..7921bf4fc8 100644 --- a/docs/FILE_DESCRIPTOR_STORE.md +++ b/docs/FILE_DESCRIPTOR_STORE.md @@ -47,7 +47,7 @@ conveniently be used to serialize service state into and then place in the fdstore, in order to implement service restarts with full service state being passed over. -# Basic Mechanism +## Basic Mechanism The fdstore is enabled per-service via the [`FileDescriptorStoreMax=`](https://www.freedesktop.org/software/systemd/man/systemd.service.html#FileDescriptorStoreMax=) @@ -76,7 +76,7 @@ both operates on IPv4 and IPv6 and treats both more or less the same.). And that's already the gist of it. -# Seamless Service Restarts +## Seamless Service Restarts A system service that provides a client-facing interface that shall be able to seamlessly restart can make use of this in a scheme like the following: @@ -107,7 +107,7 @@ processes remaining skew them), security policies (as processes with possibly out-of-date security policies – SElinux, AppArmor, any LSM, seccomp, BPF — in effect remain), and similar. -# File Descriptor Store Life-cycle +## File Descriptor Store Lifecycle By default any file descriptor stored in the fdstore for which a `POLLHUP` or `POLLERR` is seen is automatically closed and removed from the fdstore. This @@ -148,7 +148,7 @@ way will not receive an automatic `POLLHUP` event anymore if the service code issues `close()` on the socket. It must accompany it with an `FDSTOREREMOVE=1` notification to the service manager, so that the fd is comprehensively closed. -# Access Control +## Access Control Access to the fds in the file descriptor store is generally restricted to the service code itself. Pushing fds into or removing fds from the fdstore is @@ -160,7 +160,7 @@ By default only the main service process hence can push/remove fds, but by setting `NotifyAccess=all` this may be relaxed to allow arbitrary service child processes to do the same. -# Soft Reboot +## Soft Reboot The fdstore is particularly interesting in [soft reboot](https://www.freedesktop.org/software/systemd/man/systemd-soft-reboot.service.html) @@ -181,7 +181,7 @@ continuously). For further details see [Resource Pass-Through](https://www.freedesktop.org/software/systemd/man/systemd-soft-reboot.service.html#Resource%20Pass-Through). -# initrd Transitions +## Initrd Transitions The fdstore may also be used to pass file descriptors for resources from the initrd context to the main system. Restarting all processes after the @@ -198,7 +198,7 @@ The soft reboot cycle transition and the initrd→host transition are semantically very similar, hence similar rules apply, and in both cases it is recommended to use the fdstore if pinned resources shall be passed over. -# Debugging +## Debugging The [`systemd-analyze`](https://www.freedesktop.org/software/systemd/man/systemd-analyze.html#systemd-analyze%20fdstore%20%5BUNIT...%5D) diff --git a/docs/PORTABLE_SERVICES.md b/docs/PORTABLE_SERVICES.md index 7f07f231da..6f5ff112d2 100644 --- a/docs/PORTABLE_SERVICES.md +++ b/docs/PORTABLE_SERVICES.md @@ -5,7 +5,7 @@ layout: default SPDX-License-Identifier: LGPL-2.1-or-later --- -# Portable Services Introduction +# Portable Services systemd (since version 239) supports a concept of "Portable Services". "Portable Services" are a delivery method for system services that uses |