| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Not properties.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using hidepid=invisible on procfs, the kernel will check if the
gid of the process trying to access /proc is the same as the gid of
the process that mounted the /proc instance, or if it has the ptrace
capability:
https://github.com/torvalds/linux/blob/v5.10/fs/proc/base.c#L723
https://github.com/torvalds/linux/blob/v5.10/fs/proc/root.c#L155
Given we set up the /proc instance as root for system services,
The same restriction applies to CAP_SYS_PTRACE, if a process runs with
it then hidepid=invisible has no effect.
ProtectProc effectively can only be used with User= or DynamicUser=yes,
without CAP_SYS_PTRACE.
Update the documentation to explicitly state these limitations.
Fixes #18997
|
| |
|
|
|
|
| |
statically configured ones
Prompted by #9473.
|
| |\
| |
| | |
Suggest network-online.target for rc.local
|
| | |
| |
| |
| | |
Replacement for #18853.
|
| | |
| |
| |
| | |
This makes it easier to find for users.
|
| | | |
|
| |/
|
|
| |
Fixup for 6c41cf445912c12e14b1e94414a0fce1fa060ac2.
|
| |
|
| |
fixed typo of filename
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Tables with only one column aren't really tables, they are lists. And if
each cell only consists of a single word, they are probably better
written in a single line. Hence, shorten the man page a bit, and list
boot loader spec partition types in a simple sentence.
Also, drop "root-secondary" from the list. When dissecting images we'll
upgrade "root-secondary" to "root" if we mount it, and do so only if
"root" doesn't exist. Hence never mention "root-secondary" as we never
will mount a partition under that id.
|
| |
|
|
| |
Fixes #18914.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Fixes: #18793
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's useful to be able to combine a regular /usr/ file system with a
tmpfs as root, for an OS that boots up in volatile mode on every single
boot. Let's add explicit support for this via root=tmpfs.
Note the relationship to the existing systemd.volatile= option:
1. The kernel command line "root=/dev/… systemd.volatile=yes" will mount
the specified root fs, and then hide everything at the top by
overmounting it with a tmpfs, except for the /usr subtree.
2. The kernel command line "root=tmpfs mount.usr=/dev/…" otoh will mount
a toot fs at the top (just like the case above), but will then mount
the top-level dir of the fs specified in mount.usr= directly below
it.
Or to say this differently: in the first case /usr/ from the physical
storage fs is going to become /usr/ of the hierarchy ultimately booted,
while in the second case / from the physical storage fs is going to
become /usr of the hierarchy booted.
Philosophically I figure systemd.volatile= is more an option for
"one-off" boots, while root=tmpfs is something to have as default mode
of operation for suitable images.
This is currently hard to test reasonably, since Dracut refuses to
accept root=tmpfs. This needs to be addressed separately though.
|
| | |
|
| |\
| |
| | |
Two minor small man page updates
|
| | |
| |
| |
| | |
Let's make it clear that they are not as useful as the full thing.
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
| |
https://github.com/systemd/systemd/pull/18827#discussion_r584807684
|
| | |
|
| |
|
|
|
|
| |
This got moved under the systemd umbrella a long time ago.
Github redirects from the old path, so the link worked, but it's
nicer to use the real location.
|
| |\
| |
| | |
A bunch of man page updates
|
| | |
| |
| |
| |
| |
| | |
Esp. CHASSIS is only useful as an override. Make that clear in the description.
Fixes #3496.
|
| | |
| |
| |
| |
| |
| |
| | |
We shouldn't imply that invocation without any parameters is OK.
Also, mention that the service can be restarted.
Fixes #8684.
|
| | |
| |
| |
| | |
Fixes #10604.
|
| | |
| |
| |
| |
| | |
We use very similar quoting rules in many places. Let's move this
lengthy text out of systemd.service page.
|
| | |
| |
| |
| | |
Fixes #11914.
|
| | |
| |
| |
| | |
Fixes #15984.
|
| | |
| |
| |
| |
| | |
The plural version should always be adjacent to the singular one.
And the plural should not be explained before the singular one…
|
| | |
| |
| |
| |
| |
| |
| | |
I tried to make the explanation brief, but this isn't so easy. It seems better
to push this out to a footnote instead of the main text.
Fixes #16584.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Fixes #16644.
Also break the text into paragraphs to make it a bit easier to read.
|
| | | |
|
| | |
| |
| |
| |
| | |
This requires a bit of gimnastics, but I think it's still better than
status quo ante, and better than duplicating the text.
|
| | |
| |
| |
| |
| |
| |
| | |
Fixes #17484.
This patch affects systemctl(1), as well as all man pages that include
all of common-variables.xml, i.e. most of our command line tools.
|
| | |
| |
| |
| | |
Some are not about less, e.g. $SYSTEMD_URLIFY.
|
| | |
| |
| |
| |
| | |
We save a wealth of information about the process, but this might not be
immediately obvious.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes #17910: we didn't clearly explain that coredumps may exist without
journal entries, and vice versa.
Also, make the examples more concrete, and use '$' instead of '#' to avoid
suggesting that running as root is required. The text is extended a bit in
various places. In the description of systemd-coredump, the details of executor
separation are split out to a separate subsection, since they are rather
detailed and not necessary to understand for normal use.
|
| | |
| |
| | |
/etc/systemd/systemd/ => /etc/systemd/system/
|
| |\ \
| |/
|/| |
some improvements regarding network.target docs
|
| | |
| |
| |
| |
| |
| | |
synthetic network interfaces have been created
Prompted by: #18793
|
| | |
| |
| |
| |
| |
| | |
other hosts
Let's make things a tiny bit more explicit.
|
| | |
| |
| |
| | |
The man page otherwise looks very weirdly aligned.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
systemd.unit(5) is a wall of text. And this particular feature can be very useful
in the context of resource control. Let's avertise this cool feature a bit more.
Fixes #17900.
|
