summaryrefslogtreecommitdiffstats
path: root/man (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* | Merge pull request #6763 from kinvolk/iaguis/no-new-privsLuca Boccassi2023-11-071-80/+33
|\ \ | | | | | | core: allow using seccomp without no_new_privs when unprivileged
| * | core: allow using seccomp without no_new_privs when unprivilegedIago López Galeiras2023-11-071-80/+33
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Until now, using any form of seccomp while being unprivileged (User=) resulted in systemd enabling no_new_privs. There's no need for doing this because: * We trust the filters we apply * If User= is set and a process wants to apply a new seccomp filter, it will need to set no_new_privs itself An example of application that might want seccomp + !no_new_privs is a program that wants to run as an unprivileged user but uses file capabilities to start a web server on a privileged port while benefitting from a restrictive seccomp profile. We now keep the privileges needed to do seccomp before calling enforce_user() and drop them after the seccomp filters are applied. If the syscall filter doesn't allow the needed syscalls to drop the privileges, we keep the previous behavior by enabling no_new_privs.
* | Merge pull request #29909 from keszybz/documentation-cleanupLuca Boccassi2023-11-078-14/+14
|\ \ | | | | | | Two small documentation cleanups
| * | man: link to new btrfs website for btrfs man pagesZbigniew Jędrzejewski-Szmek2023-11-078-14/+14
| |/ | | | | | | | | | | | | https://archive.kernel.org/oldwiki/btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5).html says "This wiki has been archived and the content is no longer updated." and redirects to https://btrfs.readthedocs.io/en/latest/btrfs-man5.html. Let's move all the btrfs links to btrfs.readthedocs.io.
* | man: document /usr/lib/modules/ paths as recommend copy source for ↵Lennart Poettering2023-11-071-0/+25
| | | | | | | | kernel-install
* | kernel-install: make "inspect" work more like "add" regarding omission of ↵Lennart Poettering2023-11-071-4/+6
| | | | | | | | | | | | | | | | parameters This makes "kernel-install inspect" work more "kernel-install add": if the version or kernel image is specified as "-" or omitted we'll make it up.
* | kernel-install: add add-all verbLennart Poettering2023-11-071-0/+14
| |
* | kernel-install: make version/kernel image parameters optional for "add"Lennart Poettering2023-11-071-6/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Let's make kernel-install a bit easier to use: If the kernel version is not specified, let's imply "uname -r", so that we regnerate the entries for the current kernel. If the kernel image is not specified let's imply using /usr/lib/modules/$version/vmlinuz, i.e. the location distros like Fedora drop the kernel into, which we generally recommend people to use. If the kernel is not found there, don't try to automatically pick the kernel path, and fail, as before.
* | kernel-install: add command to list installed kernelsLennart Poettering2023-11-071-0/+15
|/ | | | | This simply dumps the dirs in /usr/lib/modules/ and whether they contain a vmlinuz binary.
* Merge pull request #29879 from Flowdalic/cgroup-memory-peakMike Yuan2023-11-071-12/+54
|\ | | | | cgroup: add support for memory.peak
| * cgroup: add support for memory.peakFlorian Schmaus2023-11-061-12/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | Linux's Control Group v2 interfaces exposes memory.peak, which contains the "max memory usage recorded for the cgroup and its descendants since the creation of the cgroup." This commit adds a new property "MemoryPeak" for units and makes "systemctl show" display this value if it is available. Fixes #29878. Signed-off-by: Florian Schmaus <flo@geekplace.eu>
* | kernel-install: Add --root, --image and --image-policyDaan De Meyer2023-11-061-0/+27
| | | | | | | | | | Currently only supported for the "inspect" verb as "add" and "remove" require figuring out what to do with plugins.
* | Merge pull request #29882 from keszybz/documentation-cleanupLuca Boccassi2023-11-0641-237/+292
|\ \ | | | | | | Documentation cleanup
| * | man/systemd-stub: split and simplify a wall'o'text paragraphZbigniew Jędrzejewski-Szmek2023-11-061-22/+24
| | |
| * | man/networkctl,systemd-soft-reboot: capitalize and add periodsZbigniew Jędrzejewski-Szmek2023-11-062-28/+32
| | | | | | | | | | | | | | | We added version information, so now each bullet point contains multiple paragraphs, so we need proper sentences.
| * | man: "Documentation" is not part of the titleZbigniew Jędrzejewski-Szmek2023-11-063-4/+4
| | | | | | | | | | | | | | | | | | <ulinks> contents are used to generate a SEE ALSO section at the bottom of a man page, so we need to include the title, without additional words, in the content.
| * | man: more hyperlinks and other fixesZbigniew Jędrzejewski-Szmek2023-11-0626-119/+159
| | | | | | | | | | | | Closes https://github.com/systemd/systemd/issues/29814.
| * | man: use meaningful titles for <ulink>sZbigniew Jędrzejewski-Szmek2023-11-0612-64/+73
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As pointed out in https://github.com/systemd/systemd/issues/29814, we need to use phrases are are meaningful on their own, because the man page formatter creates a list at the bottom. With <ulink>see docs</ulink>, we end up with: NOTES: 1. see docs https://some.url/page 2. see docs https://some.url/page2 which is not very useful :( Also, the text inside the tag should not include punctuation. Python helper: from xml_helper import xml_parse for p in glob.glob('../man/*.xml'): t = xml_parse(p) ulinks = t.iterfind('.//ulink') for ulink in ulinks: if ulink.text is None: continue text = ' '.join(ulink.text.split()) print(f'{p}: {text}')
* | man: fix typoLuca Boccassi2023-11-061-9/+9
| | | | | | | | allows to -> allows one to
* | man/bootctl: fix --dry-run entryAntonio Alvarez Feijoo2023-11-061-1/+1
| | | | | | | | Fixes 8702496bfb0205764569782a9a2ebd11fd80e5e8
* | man/measure: document --unameAntonio Alvarez Feijoo2023-11-061-3/+5
| | | | | | | | Follow up to b6f2e6860220aa89550f690b12246c4e8eb6e908
* | kernel-install: Add --json option for inspect verbDaan De Meyer2023-11-061-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In mkosi, we can't use kernel-install directly but we do want to mimick its behavior as much as possible. Let's make that easier by making it easy to fetch data from kernel-install as JSON. To get all the necessary data, we extend the inspect verb to also allow passing in a kernel version and initrds, to mimick the "add" verb. The kernel version is used to determine the "Entry Directory", and in absence of auto-detection of kernel version in kernel-install we have to allow users to pass it. We also add --no-pager while we're at it.
* | kernel-install: Fix doc whitespaceDaan De Meyer2023-11-061-2/+2
| |
* | vmspawn: extend kernel cmdline with extra argsv255-rc1Sam Leonard2023-11-061-1/+1
|/ | | | | | | | This changes how the "extra" command line arguments passed to vmspawn are handled. Previously they were appended to the QEMU command line directly. Now they are appended to the kernel command line using SMBIOS instead.
* network: do not try to set invalid value for IPv6 hop limitYu Watanabe2023-11-061-3/+3
|
* Merge pull request #29858 from bluca/newsLuca Boccassi2023-11-041-2/+1
|\ | | | | man/NEWS update for sleep.conf
| * man: drop obsolete reference to SuspendMode=Luca Boccassi2023-11-041-2/+1
| | | | | | | | Follow-up for 1f82c21dce
* | tree-wide: fix typoYu Watanabe2023-11-042-4/+4
|/
* portable: add support for confextMaanya Goenka2023-11-032-5/+6
| | | | Support confexts for portable services
* Merge pull request #28891 from poettering/pcrlockLuca Boccassi2023-11-036-0/+908
|\ | | | | new pcrlock tool for generating signed PCR policies for PCR 0, 1, 4, …
| * man: document pcrlockLennart Poettering2023-11-036-0/+908
| |
* | Merge pull request #29508 from CodethinkLabs/systemd-vmspawn-prLuca Boccassi2023-11-032-0/+162
|\ \ | | | | | | systemd-vmspawn implementation that only supports disk images
| * | vmspawn: created man pageSam Leonard2023-11-022-0/+162
| | |
* | | Merge pull request #29827 from yuwata/network-install-default-configsLennart Poettering2023-11-033-6/+6
|\ \ \ | |_|/ |/| | network: add meson option to install default configs
| * | man: mention that network files should be prefixed with number smaller than 70Yu Watanabe2023-11-033-6/+6
| | |
* | | man: mention DHCPv4 Router option is ignored when Classless Static Routes ↵Yu Watanabe2023-11-031-3/+7
|/ / | | | | | | | | | | option is received For #29564.
* / man: add docs for new storagetm serviceLennart Poettering2023-11-023-0/+118
|/
* man: run ninja update-man-rules againLennart Poettering2023-11-011-3/+3
| | | | Apparently this has been forgotten a couple of times.
* man: Improve text for SystemMaxFileSize when not setAndré Paiusco2023-11-011-3/+3
| | | If one sets the SystemMaxUse=64G by the current documentation would expect that each files size would be around 1/8 of this value (8G), althought if the SystemMaxFileSize is not explicit set, it has a max of 128M per file.
* analyze: handle CAP_BPF supportPeter Hutterer2023-11-011-0/+3
|
* man: explicitly mention that environment.d/ cannot be used to set the ↵Lennart Poettering2023-11-011-11/+17
| | | | | | service manager's own env block Fixes: #29414
* man: fix typoYu Watanabe2023-11-011-1/+1
| | | | Follow-up for ba87a61d05d637be9f0b21707f7fe3b0a74c5a05.
* network: support ID_NET_MANAGED_BY udev propertyYu Watanabe2023-11-011-0/+8
| | | | | | | If the property is set, networkd manages the interface only when its value is "io.systemd.Network". Closes #29768.
* Merge pull request #29770 from Werkov/doc-fixesYu Watanabe2023-11-012-1/+5
|\ | | | | Doc fixes
| * man: Add remarks about StandardInput=socket and sd_listen_fds()Michal Koutný2023-10-312-1/+5
| | | | | | | | | | | | | | It confuses users when they cannot find respective environment variables with config that is supposes for (x)inetd activated service only. Fix: #29670
* | man: change title of the section to better reflect actual contentMichal Sekletar2023-10-311-1/+1
| |
* | Merge pull request #29769 from poettering/network-generator-llLennart Poettering2023-10-311-7/+16
|\ \ | | | | | | network-generator: add new mode ip=link-local
| * | man: document the new ip=link-local kernel cmdline optionLennart Poettering2023-10-311-7/+16
| |/
* / New PAM module: pam_systemd_loadkeyJin Liu2023-10-312-0/+100
|/ | | | | | | | This module reads password from kernel keyring and sets it as PAM authtok. It's inspired by gdm's pam_gdm, which reads the LUKS password stored by systemd-cryptsetup, so Gnome Keyring can be automatically unlocked if set to the same password (when autologin is enabled so the user doesn't enter a password in gdm).
* network: introduce SendHostname/Hostname DHCPv6 optionsRonan Pigott2023-10-301-0/+24
| | | | | These options were previously reused by the DHCPv6 client from the DHCPv4 client settings. Let's separate them for consistency.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 13:37:11 +0100