summaryrefslogtreecommitdiffstats
path: root/man/systemd.exec.xml (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add SPDX license identifiers to man pagesZbigniew Jędrzejewski-Szmek2017-11-191-0/+2
|
* man: add link to kernel docs about no_new_privsZbigniew Jędrzejewski-Szmek2017-11-191-1/+5
|
* man: document LogFieldMax= and LogExtraFields=Lennart Poettering2017-11-161-0/+35
|
* man: update SyslogXYZ= documentation a bitLennart Poettering2017-11-161-61/+41
| | | | | | Let's clarify that these settings only apply to stdout/stderr logging. Always mention the journal before syslog (as the latter is in most ways just a legacy alias these days). Always mention the +console cases too.
* man: fix wrong tag (#7358)Yu Watanabe2017-11-161-3/+3
|
* man: document > /dev/stderr pitfalls (#7317)Lennart Poettering2017-11-141-2/+7
| | | | Fixes: #7254 See: #2473
* shared/seccomp: disallow pkey_mprotect the same as mprotect for W^X mappings ↵Zbigniew Jędrzejewski-Szmek2017-11-121-2/+3
| | | | | | | | | | | | | | (#7295) MemoryDenyWriteExecution policy could be be bypassed by using pkey_mprotect instead of mprotect to create an executable writable mapping. The impact is mitigated by the fact that the man page says "Note that this feature is fully available on x86-64, and partially on x86", so hopefully people do not rely on it as a sole security measure. Found by Karin Hossen and Thomas Imbert from Sogeti ESEC R&D. https://bugs.launchpad.net/bugs/1725348
* core: allow to specify errno number in SystemCallErrorNumber=Yu Watanabe2017-11-111-9/+5
|
* core: add support to specify errno in SystemCallFilter=Yu Watanabe2017-11-111-1/+6
| | | | | | | | | This makes each system call in SystemCallFilter= blacklist optionally takes errno name or number after a colon. The errno takes precedence over the one given by SystemCallErrorNumber=. C.f. #7173. Closes #7169.
* man: update documents for RuntimeDirectory= and friendsYu Watanabe2017-11-081-9/+7
|
* Merge pull request #7059 from yuwata/dynamic-user-7013Zbigniew Jędrzejewski-Szmek2017-10-181-1/+4
|\ | | | | dynamic-user: permit the case static uid and gid are different
| * man: comment a requirement about the static user or group when DynamicUser=yesYu Watanabe2017-10-181-1/+4
| |
* | man: fix typos (#7029)Jakub Wilk2017-10-101-7/+7
|/
* seccomp: add three more seccomp groupsLennart Poettering2017-10-051-0/+12
| | | | | | | | | @aio → asynchronous IO calls @sync → msync/fsync/... and friends @chown → changing file ownership (Also, change @privileged to reference @chown now, instead of the individual syscalls it contains)
* seccomp: remove '@credentials' syscall set (#6958)Djalal Harouni2017-10-031-4/+0
| | | | | | | | | | | | | | | | This removes the '@credentials' syscall set that was added in commit v234-468-gcd0ddf6f75. Most of these syscalls are so simple that we do not want to filter them. They work on the current calling process, doing only read operations, they do not have a deep kernel path. The problem may only be in 'capget' syscall since it can query arbitrary processes, and used to discover processes, however sending signal 0 to arbitrary processes can be used to discover if a process exists or not. It is unfortunate that Linux allows to query processes of different users. Lets put it now in '@process' syscall set, and later we may add it to a new '@basic-process' set that allows most basic process operations.
* man: document the new logicLennart Poettering2017-10-021-34/+57
|
* man: document that PAMName= and NotifyAccess=all don't mix well.Lennart Poettering2017-10-021-1/+12
| | | | See: #6045
* Merge pull request #6832 from poettering/keyring-modeZbigniew Jędrzejewski-Szmek2017-09-151-0/+20
|\ | | | | Add KeyringMode unit property to fix cryptsetup key caching
| * core: add new per-unit setting KeyringMode= for controlling kernel keyring setupLennart Poettering2017-09-151-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Usually, it's a good thing that we isolate the kernel session keyring for the various services and disconnect them from the user keyring. However, in case of the cryptsetup key caching we actually want that multiple instances of the cryptsetup service can share the keys in the root user's user keyring, hence we need to be able to disable this logic for them. This adds KeyringMode=inherit|private|shared: inherit: don't do any keyring magic (this is the default in systemd --user) private: a private keyring as before (default in systemd --system) shared: the new setting
* | doc: document service exit codesJan Synacek2017-09-151-0/+310
|/ | | | | | | (Heavily reworked by Lennart while rebasing) Fixes: #3545 Replaces: #5159
* core: make sure that $JOURNAL_STREAM prefers stderr over stdout information ↵Lennart Poettering2017-09-151-0/+6
| | | | | | | | | | | | | (#6824) If two separate log streams are connected to stdout and stderr, let's make sure $JOURNAL_STREAM points to the latter, as that's the preferred log destination, and the environment variable has been created in order to permit services to automatically upgrade from stderr based logging to native journal logging. Also, document this behaviour. Fixes: #6800
* Merge pull request #6801 from johnlinp/masterLennart Poettering2017-09-141-18/+21
|\ | | | | man: explicitly distinguish "implicit dependencies" and "default dependencies"
| * man: explicitly distinguish "implicit dependencies" and "default dependencies"John Lin2017-09-131-20/+23
| | | | | | | | Fixes: #6793
* | Merge pull request #6818 from poettering/nspawn-whitelistZbigniew Jędrzejewski-Szmek2017-09-141-0/+16
|\ \ | | | | | | convert nspawn syscall blacklist into a whitelist (and related stuff)
| * | seccomp: add four new syscall groupsLennart Poettering2017-09-141-0/+16
| | | | | | | | | | | | | | | | | | These groups should be useful shortcuts for sets of closely related syscalls where it usually makes more sense to allow them altogether or not at all.
* | | core: add new UnsetEnvironment= setting for unit filesLennart Poettering2017-09-141-29/+67
|/ / | | | | | | | | | | | | | | | | With this setting we can explicitly unset specific variables for processes of a unit, as last step of assembling the environment block for them. This is useful to fix #6407. While we are at it, greatly expand the documentation on how the environment block for forked off processes is assembled.
* | man: rework grammatical form of sentences in a table in systemd.exec(5)Zbigniew Jędrzejewski-Szmek2017-09-131-8/+8
| | | | | | | | | | | | | | "Currently, the following values are defined: xxx: in case <condition>" is awkward because "xxx" is always defined unconditionally. It is _used_ in case <condition> is true. Correct this and a bunch of other places where the sentence structure makes it unclear what is the subject of the sentence.
* | man: complete and rework $SERVICE_RESULT documentationLennart Poettering2017-09-121-18/+66
|/ | | | | | | | | | This reworks the paragraph describing $SERVICE_RESULT into a table, and adds two missing entries: "success" and "start-limit-hit". These two entries are then also added to the table explaining the $EXIT_CODE + $EXIT_STATUS variables. Fixes: #6597
* man: add examples for CapabilityBoundingSet=Yu Watanabe2017-09-041-5/+16
| | | | Follow-up for c792ec2e3512a672881fc847ff432e26b641c9c9.
* man: LockPersonality= takes a boolean argument (#6718)Yu Watanabe2017-09-011-1/+1
| | | Follow-up for 78e864e5b3cc11b72ae663f49f42f158cafbfedf.
* core: StateDirectory= and friends imply RequiresMountsFor=Yu Watanabe2017-08-311-4/+5
|
* seccomp: LockPersonality boolean (#6193)Topi Miettinen2017-08-291-0/+12
| | | | | | | | Add LockPersonality boolean to allow locking down personality(2) system call so that the execution domain can't be changed. This may be useful to improve security because odd emulations may be poorly tested and source of vulnerabilities, while system services shouldn't need any weird personalities.
* Fix typo in man/systemd.exec.xml (#6683)Diogo Pereira2017-08-281-1/+1
|
* seccomp: add new @setuid seccomp groupLennart Poettering2017-08-101-0/+4
| | | | | | | This new group lists all UID/GID credential changing syscalls (which are quite a number these days). This will become particularly useful in a later commit, which uses this group to optionally permit user credential changing to daemons in case ambient capabilities are not available.
* man: DynamicUser= does not imply PrivateDevices= (#6510)Yu Watanabe2017-08-071-5/+3
| | | Follow-up for effbd6d2eadb61bd236d118afc7901940c4c6b37.
* core: add {State,Cache,Log,Configuration}Directory= (#6384)Yu Watanabe2017-07-181-3/+24
| | | | | | | | This introduces {State,Cache,Log,Configuration}Directory= those are similar to RuntimeDirectory=. They create the directories under /var/lib, /var/cache/, /var/log, or /etc, respectively, with the mode specified in {State,Cache,Log,Configuration}DirectoryMode=. This also fixes #6391.
* Merge pull request #6328 from yuwata/runtime-preserveLennart Poettering2017-07-171-21/+42
|\ | | | | core: Allow preserving contents of RuntimeDirectory over process restart
| * core: support subdirectories in RuntimeDirectory= optionYu Watanabe2017-07-171-24/+27
| |
| * core: allow preserving contents of RuntimeDirectory= over process restartYu Watanabe2017-07-171-1/+19
| | | | | | | | | | | | | | This introduces RuntimeDirectoryPreserve= option which takes a boolean argument or 'restart'. Closes #6087.
* | Fix spelling (#6378)Lucas Werkmeister2017-07-151-1/+1
|/
* Merge pull request #6300 from keszybz/refuse-to-load-some-unitsLennart Poettering2017-07-121-9/+26
|\ | | | | Refuse to load some units
| * man: add warnings that Private*= settings are not always appliedZbigniew Jędrzejewski-Szmek2017-07-111-9/+26
| |
* | man: briefly document permitted user/group name syntax for User=/Group= and ↵Lennart Poettering2017-07-101-2/+17
|/ | | | | | | syusers.d (#6321) As discussed here: https://lists.freedesktop.org/archives/systemd-devel/2017-July/039237.html
* man: describe RuntimeDirectoryMode=Zbigniew Jędrzejewski-Szmek2017-06-171-1/+10
| | | | Fixes #5509.
* man: update MemoryDenyWriteExecute description for executable stacksZbigniew Jędrzejewski-Szmek2017-05-301-2/+2
| | | | | | | Without going into details, mention that libraries are also covered by the filters, and that executable stacks are a no no. Closes #5970.
* man: fix links to external man pagesZbigniew Jędrzejewski-Szmek2017-05-071-1/+1
| | | | linkchecker ftw!
* seccomp: add clone syscall definitions for mips (#5880)James Cowgill2017-05-031-1/+2
| | | | | | | | Also updates the documentation and adds a mention of ppc64 support which was enabled by #5325. Tested on Debian mipsel and mips64el. The other 4 mips architectures should have an identical user <-> kernel ABI to one of the 2 tested systems.
* man: document how to include an equals sign in a value provided to ↵Mark Stosberg2017-04-111-1/+1
| | | | | | | Environment= (#5710) It wasn't clear before how an equals sign in an "Environment=" value might be handled. Ref: http://stackoverflow.com/questions/43278883/how-to-write-systemd-environment-variables-value-which-contains/43280157
* man: fix typo (#5556)Torstein Husebø2017-03-081-1/+1
|
* man: document that ProtectKernelTunables= and ProtectControlGroups= implies ↵Lennart Poettering2017-02-211-11/+14
| | | | | | MountAPIVFS= See: #5384
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 22:56:13 +0100