summaryrefslogtreecommitdiffstats
path: root/man (follow)
Commit message (Collapse)AuthorAgeFilesLines
* man: restore example formatting in systemd-coredump(8)Zbigniew Jędrzejewski-Szmek2023-01-101-1/+2
| | | | Fixup for 4f57f77267610388139272d9ab9ee64dd78e9720.
* man: exec,nspawn: fix typoUlrich Ölmann2023-01-102-2/+2
|
* man: make clearer that sd_bus_get_timeout() returns an absolute time-outLennart Poettering2023-01-091-17/+15
| | | | | | Prompted by: https://lists.freedesktop.org/archives/systemd-devel/2023-January/048714.html
* man: improve docs about systemd-notify invocations and NotifyAccess= settingsLennart Poettering2023-01-061-22/+37
| | | | Fixes: #24516
* Merge pull request #25918 from bluca/smbios_sd_notifyLennart Poettering2023-01-062-7/+38
|\ | | | | Support AF_VSOCK in sd_notify and pick up notify_socket from creds
| * creds: import 'vmm.notify_socket' and use it to setLuca Boccassi2023-01-051-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is intended to be used with VSOCK, to notify the hypervisor/VMM, eg on the host: qemu <...> -smbios type=11,value=io.systemd.credential:vmm.notify_socket=vsock:2:1234 -device vhost-vsock-pci,id=vhost-vsock-pci0,guest-cid=42 (vsock:2:1234 -> send to host on vsock port 1234, default is to send to 0 which is the hypervisor itself) Also on the host: $ socat - VSOCK-LISTEN:1234,socktype=5 READY=1 STATUS=Ready.
| * sd_notify: support AF_VSOCKLuca Boccassi2023-01-051-7/+20
| | | | | | | | | | | | | | | | Allow sending notifications via AF_VSOCK, so that VMs can communicate to the hypervisor/VMM that they are finished booting. Note that if the hypervisor does not support SOCK_DGRAM over AF_VSOCK (ie: qemu at the time of writing), SOCK_SEQPACKET will be used instead.
* | man: document explicitly that LogRateLimit= has no effect on ↵Lennart Poettering2023-01-061-10/+15
| | | | | | | | | | | | StandardOutput=file:… Fixes: #25951
* | resolved: read DNS conf also from creds and kernel cmdlineLennart Poettering2023-01-053-0/+61
|/ | | | | | | | | | | Note that this drops ProtectProc=invisible from systemd-resolved.service. This is done because othewise access to the booted "kernel" command line is not necessarily available. That's because in containers we want to read /proc/1/cmdline for that. Fixes: #24103
* vconsole: permit configuration of vconsole settings via credentialsLennart Poettering2023-01-053-1/+59
|
* man: note that DynamicUser=yes is incompatible with D-BusLuca Boccassi2023-01-041-1/+3
| | | | | | | Due to policy checks against system users this cannot currently work, and it is non-obvious. In the future it might be implemented if support is added to dbus-broker/dbus-daemon, e.g.: https://github.com/bus1/dbus-broker/issues/259
* units: rename/rework systemd-boot-system-token.service → ↵Lennart Poettering2023-01-046-82/+107
| | | | | | | | | | | | | | | | | | | | | | | | | systemd-boot-random-seed.service This renames systemd-boot-system-token.service to systemd-boot-random-seed.service and conditions it less strictly. Previously, the job of the service was to write a "system token" EFI variable if it was missing. It called "bootctl --graceful random-seed" for that. With this change we condition it more liberally: instead of calling it only when the "system token" EFI variable isn't set, we call it whenever a boot loader interface compatible boot loader is used. This means, previously it was invoked on the first boot only: now it is invoked at every boot. This doesn#t change the command that is invoked. That's because previously already the "bootctl --graceful random-seed" did two things: set the system token if not set yet *and* refresh the random seed in the ESP. Previousy we put the focus on the former, now we shift the focus to the latter. With this simple change we can replace the logic f913c784ad4c93894fd6cb2590738113dff5a694 added, but from a service that can run much later and doesn't keep the ESP pinned.
* man: Fix systemd-boot man page wrong secure keys locationigo958622023-01-031-1/+1
| | | | | | | The keys should be placed at `/loader/keys/` not `/keys/`. See `src/boot/efi/boot.c` file and function `secure_boot_discover_keys`.
* ukify: Allow passing multiple directories to --toolsDaan De Meyer2022-12-221-4/+4
|
* gpt-auto-generator: honour rootfstype= and rootflags= kernel cmdline optionLennart Poettering2022-12-212-7/+18
| | | | | | | | Even if root= is not specified on the kernel cmdline, we should honour the other rootXYZ= options. Fixes: #8411 See: #17034
* man: create a new section for nspawn files in systemd.syntax man page (#25807)Steve Ramage2022-12-211-2/+5
| | | Closes #25806.
* systemctl: new option --drop-in for specifying drop-in filenameMike Yuan2022-12-201-0/+12
| | | | | | | | | Previously 'systemctl edit' would only operate on 'override.conf', but users may need more than that. Thus the new option '--drop-in' is added to allow users to specify the drop-in file name. Closes #25767
* vacuum journal remote (#25076)berenddeschouwer2022-12-171-1/+29
| | | | | * Support vacuuming for journal-remote Co-authored-by: Berend De Schouwer <berend@deschouwer.co.za>
* man/systemd-oomd.service: Document command line optionsJade Lovelace2022-12-161-1/+18
| | | | | | Previously these were not written down. This PR depends on #25670, since `--dry-run` prints at debug level in `main`, which is surprising behaviour.
* pcrphase: gracefully exit if TPM2 support is incompleteLennart Poettering2022-12-151-0/+8
| | | | | | | | If everything points to the fact that TPM2 should work, but then the driver fails to initialize we should handle this gracefully and not cause failing services all over the place. Fixes: #25700
* man: add two signature key example to systemd-measureLennart Poettering2022-12-151-0/+58
| | | | | | | @keszybz asked for an example with --append= used in the systemd-measure man page. Here it is. As requested: https://github.com/systemd/systemd/pull/25224#pullrequestreview-1190709772
* repart: Use "defer" in docs instead of "skip"Daan De Meyer2022-12-151-5/+5
|
* Merge pull request #24058 from qdeslandes/journald_regex_filteringYu Watanabe2022-12-152-0/+52
|\ | | | | Allow for journald logs filtering on a per-unit basis
| * journal: log filtering options support in PID1Quentin Deslandes2022-12-152-0/+52
| | | | | | | | | | | | | | | | | | Define new unit parameter (LogFilterPatterns) to filter logs processed by journald. This option is used to store a regular expression which is carried from PID1 to systemd-journald through a cgroup xattrs: `user.journald_log_filter_patterns`.
* | measure: add --append= switch for merging signaturesLennart Poettering2022-12-151-0/+13
|/ | | | | | | | Often it's useful to add multiple signatures in the signature JSON file to embedd in a single .pcrsig. (For example, a signature by key X for boot phase "enter-initrd" and one by key Y for "enter-initrd:leave-initrd" or so). Make this easy, by adding the ability to append signatures to a previously generated JSON file.
* repart: Rework Minimize= option settingsDaan De Meyer2022-12-151-5/+10
| | | | | | | | | | | | | Instead of having Minimize= take a boolean let's allow for two different ways to enable it. "best" means we want the most minimal image possible, which currently is only possible for read-only filesystems but can be extended in the future with bisection to find the most minimal possible size. We also add "guess", which is the current behavior, where we populate once and use the sparse size to make a reasonable guess on a size that fits all the sources without needing to O(log(n)) tries to find the most minimal size.
* systemctl: is-enabled: document the return code changeMike Yuan2022-12-141-0/+5
| | | | | | Follow-up for #25689 We've added a new output ("not-found") in #25689.
* Merge pull request #25734 from yuwata/sd-id128Yu Watanabe2022-12-141-6/+17
|\ | | | | sd-id128: several followups
| * man: update documents for sd_id128_get_invocation()Yu Watanabe2022-12-141-4/+14
| |
| * sd-id128: also refuse an empty invocation IDYu Watanabe2022-12-141-1/+2
| |
| * sd-id128: make sd_id128_get_machine() or friends return -EUCLEAN when an ID ↵Yu Watanabe2022-12-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | is in an invalid format EINVAL suggests that the caller passes an invalid argument. EIO is for "input/output error", i.e. the error you'd get if the disk or file system is borked, and this error code could be returned by the underlying read/write functions. Let's make the functions return an unambiguous error code.
* | Merge pull request #25717 from bluca/reloadLuca Boccassi2022-12-142-0/+12
|\ \ | |/ |/| manager: log reload() sender and allow rate-limiting
| * manager: add option to rate limit daemon-reloadLuca Boccassi2022-12-132-0/+12
| | | | | | | | | | | | Reloading is a heavy-weight operation, and currently it is not possible to stop an orchestrator from spamming reload requests. Add configuration options to allow rate-limiting.
* | repart: Rename --skip-partitions to --defer-partitionsDaan De Meyer2022-12-141-1/+1
| | | | | | | | | | Defer is better because it indicates that we still intend to populate these partitions later.
* | Merge pull request #25725 from keszybz/oom-policy-fixupLuca Boccassi2022-12-142-20/+21
|\ \ | | | | | | Add missing integration of OOMPolicy in scope units
| * | core,man: add missing integration of OOMPolicy= in scopesZbigniew Jędrzejewski-Szmek2022-12-132-12/+12
| | | | | | | | | | | | Fixup for 5fa098357e0ea9f05b00ed5b04a36ef9f64037db.
| * | man: rework description of OOMPolicy= a bitZbigniew Jędrzejewski-Szmek2022-12-131-9/+10
| |/ | | | | | | | | | | One had to read to the very end of the long description to notice that the setting is actually primarily intended for oomd. So let's mention oomd right at the beginning.
* / NEWS: add a bunch of entries for v253Zbigniew Jędrzejewski-Szmek2022-12-131-1/+1
|/ | | | | | | | During the call today we agreed to work towards -rc1 in January. Nevertheless, I already started writing this up and I'll push it so it doesn't get lost. I didn't include all the changes to systemd-repart, because those are still in flux.
* man: mention that sd_id128_get_boot() and friend may return -ENOSYSYu Watanabe2022-12-121-8/+14
| | | | | | | And drop to mention sd_id128_get_boot_app_specific() may return -ENOENT or -ENOMEDIUM. The function does not read /etc/machine-id. But reads a file in the procfs, which is a kind of the kernel API. Hence the failures are caused only when the system has wrong setup.
* man: mention sd_id128_get_machine() or friend may return -ENOPKGYu Watanabe2022-12-121-0/+8
|
* repart: support erofsLennart Poettering2022-12-102-7/+9
| | | | | | | | | | | | | | | So, i think "erofs" is probably the better, more modern alternative to "squashfs". Many of the benefits don't matter too much to us I guess, but there's one thing that stands out: erofs has a UUID in the superblock, squashfs has not. Having an UUID in the superblock matters if the file systems are used in an overlayfs stack, as overlayfs uses the UUIDs to robustly and persistently reference inodes on layers in case of metadata copy-up. Since we probably want to allow such uses in overlayfs as emplyoed by sysext (and the future syscfg) we probably should ramp up our erofs game early on. Hence let's natively support erofs, test it, and in fact mention it in the docs before squashfs even.
* Merge pull request #25665 from poettering/dissect-memoryLennart Poettering2022-12-081-0/+9
|\ | | | | dissect: add a mode for operating on an in-memory copy of a DDI, inst…
| * man: add doc for new --in-memory switch of systemd-dissectLennart Poettering2022-12-081-0/+9
| |
* | Merge pull request #25180 from keszybz/ukifyLennart Poettering2022-12-082-0/+313
|\ \ | |/ |/| ukify: add helper to create UKIs
| * ukify: allow multiple initrdsZbigniew Jędrzejewski-Szmek2022-12-071-3/+8
| | | | | | | | | | | | | | | | | | If given, multiple initrds are concatenated into a temporary file which then becomes the .initrd section. It is also possible to give no initrd. After all, some machines boot without an initrd, and it should be possible to use the stub without requiring an initrd. (The stub might not like this, but this is something to fix there.)
| * man: add man page for ukifyZbigniew Jędrzejewski-Szmek2022-12-072-0/+308
| |
* | man: mention that DefaultRouteOnDevice= create the IPv4 default routeYu Watanabe2022-12-081-1/+6
| | | | | | | | | | | | And add an example setting for creating an IPv6 default route. Closes #25440.
* | Merge pull request #25672 from jelly/FirwmwareNameYu Watanabe2022-12-081-0/+12
|\ \ | | | | | | Extend hostnamed DMI firmware properties
| * | hostnamed: expose FirmwareDate dbus propertyJelle van der Waa2022-12-071-0/+6
| | | | | | | | | | | | Expose /sys/class/dmi/id/bios_date as dbus property in hostnamed.
| * | hostnamed: expose FirmwareVendor as dbus propertyJelle van der Waa2022-12-071-0/+6
| | | | | | | | | | | | Expose /sys/class/dmi/id/bios_vendor as dbus property in hostnamed.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 15:09:13 +0100