diff --git a/man/bootctl.xml b/man/bootctl.xml index 4b5b2527b3..02ae5e1231 100644 --- a/man/bootctl.xml +++ b/man/bootctl.xml @@ -52,6 +52,8 @@ specified, this is the implied default. See the example below for details of the output. + + @@ -94,6 +96,8 @@ JSON output may be requested with . See the example below for details of the output. + + @@ -159,7 +163,9 @@ systemctl reboot --boot-loader-menu=timeout to reboot into the boot loader menu once. See systemctl1 - for details. + for details. + + @@ -174,7 +180,9 @@ If this is set to or no menu is shown and the default entry will be booted immediately, while setting this to disables the timeout while always showing the menu. When an empty string ("") is specified the - bootloader will revert to its default menu timeout. + bootloader will revert to its default menu timeout. + + @@ -192,7 +200,9 @@ Installs systemd-boot into the EFI system partition. A copy of systemd-boot will be stored as the EFI default/fallback loader at ESP/EFI/BOOT/BOOT*.EFI. The boot loader is then added - to the top of the firmware's boot loader list. + to the top of the firmware's boot loader list. + + @@ -202,14 +212,18 @@ systemd-boot7, if the available version is newer than the version installed in the EFI system partition. This also includes the EFI default/fallback loader at ESP/EFI/BOOT/BOOT*.EFI. The boot - loader is then added to end of the firmware's boot loader list if missing. + loader is then added to end of the firmware's boot loader list if missing. + + Removes all installed versions of systemd-boot from the EFI system partition - and the firmware's boot loader list. + and the firmware's boot loader list. + + @@ -218,7 +232,9 @@ Checks whether systemd-boot is installed in the ESP. Note that a single ESP might host multiple boot loaders; this hence checks whether systemd-boot is one (of possibly many) installed boot loaders — and neither - whether it is the default nor whether it is registered in any EFI variables. + whether it is the default nor whether it is registered in any EFI variables. + + @@ -235,7 +251,9 @@ systemd-boot-random-seed.service8. See Random Seeds for further - information. + information. + + @@ -316,7 +334,9 @@ This option modifies the behaviour of status. Only prints the path - to the EFI System Partition (ESP) to standard output and exits. + to the EFI System Partition (ESP) to standard output and exits. + + @@ -335,7 +355,9 @@ Note that this option (similarly to the option mentioned above), is available independently from the boot loader used, i.e. also without - systemd-boot being installed. + systemd-boot being installed. + + diff --git a/man/busctl.xml b/man/busctl.xml index 9a1543b421..ce23dd1b33 100644 --- a/man/busctl.xml +++ b/man/busctl.xml @@ -64,7 +64,7 @@ the owner of the bus (if no parameter is specified). - + @@ -77,7 +77,7 @@ CtrlC to terminate the dump. - + @@ -116,7 +116,7 @@ output is limited to members of the specified interface. - + @@ -285,6 +285,8 @@ if this option is specified, errors returned will still be printed and the tool will indicate success or failure with the process exit code. + + diff --git a/man/coredumpctl.xml b/man/coredumpctl.xml index caeff086ad..71eee177be 100644 --- a/man/coredumpctl.xml +++ b/man/coredumpctl.xml @@ -121,7 +121,9 @@ systemd-coredump8. Thus it may very well happen that a particular core dump is still listed in the journal while its corresponding core dump file has already been - removed. + removed. + + @@ -129,7 +131,9 @@ Show detailed information about the last core dump or core dumps matching specified characteristics - captured in the journal. + captured in the journal. + + @@ -138,7 +142,9 @@ Extract the last core dump matching specified characteristics. The core dump will be written on standard output, unless an output file is specified with - . + . + + @@ -226,7 +232,7 @@ field takes in matching core dump entries of the journal. - + @@ -234,7 +240,9 @@ FILE Write the core to . - + + + diff --git a/man/crypttab.xml b/man/crypttab.xml index dee1f75144..f90217da10 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -148,6 +148,8 @@ for possible values and the default value of this option. A cipher with unpredictable IV values, such as aes-cbc-essiv:sha256, is recommended. Embedded commas in the cipher specification need to be escaped by preceding them with a backslash, see example below. + + @@ -156,7 +158,9 @@ Allow discard requests to be passed through the encrypted block device. This improves performance on SSD storage but has security implications. - + + + @@ -166,7 +170,9 @@ hashing. See cryptsetup8 for possible values and the default value of this - option. + option. + + @@ -181,7 +187,9 @@ Optionally, the path may be followed by : and an /etc/fstab device specification (e.g. starting with UUID= or similar); in which case, the path is relative to the device file system root. The device gets mounted - automatically for LUKS device activation duration only. + automatically for LUKS device activation duration only. + + @@ -191,7 +199,9 @@ start of the key file. See cryptsetup8 for possible values and the default value of this - option. + option. + + @@ -202,7 +212,9 @@ cryptsetup8 for possible values and the default value of this option. This option is ignored in plain encryption mode, as the key file - size is then given by the key size. + size is then given by the key size. + + @@ -211,7 +223,9 @@ If enabled, the specified key file is erased after the volume is activated or when activation fails. This is in particular useful when the key file is only acquired transiently before activation (e.g. via a file in /run/, generated by a service running before - activation), and shall be removed after use. Defaults to off. + activation), and shall be removed after use. Defaults to off. + + @@ -224,7 +238,9 @@ . See cryptsetup8 for possible values. The default is to try all key slots in - sequential order. + sequential order. + + @@ -235,7 +251,9 @@ and falls back to a password if it could not be accessed. See systemd-cryptsetup-generator8 for key files on external devices. - + + + @@ -245,14 +263,18 @@ following options are ignored since they are provided by the LUKS header on the device: , , - . + . + + Decrypt BitLocker drive. Encryption parameters - are deduced by cryptsetup from BitLocker header. + are deduced by cryptsetup from BitLocker header. + + @@ -274,6 +296,8 @@ will be pulled in by local-fs.target, while the service to configure the network is usually only started after the local file system has been mounted. + + @@ -284,7 +308,9 @@ This means that it will not be automatically unlocked on boot, unless something else pulls it in. In particular, if the device is used for a mount point, it'll be unlocked automatically during boot, unless the mount point itself is also disabled with - . + . + + @@ -296,27 +322,35 @@ unsuccessful. Note that other units that depend on the unlocked device may still fail. In particular, if the device is used for a mount point, the mount point itself also needs to have the option, or the boot will fail if the device is not unlocked - successfully. + successfully. + + Start offset in the backend device, in 512-byte sectors. This - option is only relevant for plain devices. + option is only relevant for plain devices. + + - Force plain encryption mode. + Force plain encryption mode. + + Set up the encrypted block device in read-only - mode. + mode. + + @@ -326,6 +360,8 @@ an unbound workqueue so that encryption work is automatically balanced between available CPUs. This requires kernel 4.0 or newer. + + @@ -338,6 +374,8 @@ benefits the CFQ scheduler to have writes submitted using the same context. This requires kernel 4.0 or newer. + + @@ -378,6 +416,8 @@ with its number for IV generation being n. This option is only relevant for plain devices. + + @@ -387,7 +427,9 @@ Specifies the key size in bits. See cryptsetup8 for possible values and the default value of this - option. + option. + + @@ -396,7 +438,9 @@ Specifies the sector size in bytes. See cryptsetup8 for possible values and the default value of this - option. + option. + + @@ -411,7 +455,9 @@ WARNING: Using the option will destroy the contents of the named partition during every boot, so make sure the underlying block device is specified - correctly. + correctly. + + @@ -438,7 +484,9 @@ to all key files. When using an empty passphrase in combination with one or more key files, use /dev/null as the password file in the third - field. + field. + + @@ -452,7 +500,9 @@ no protection for the hidden volume if the outer volume is mounted instead. See cryptsetup8 - for more information on this limitation. + for more information on this limitation. + + @@ -465,14 +515,18 @@ See the entry for on the behavior of the passphrase and key files when using TrueCrypt - encryption mode. + encryption mode. + + Use TrueCrypt in system encryption mode. This - option implies . + option implies . + + @@ -483,7 +537,9 @@ derivation algorithms that cannot be detected without this flag. Enabling this option could substantially slow down unlocking, because VeraCrypt's key derivation takes much longer than TrueCrypt's. This - option implies . + option implies . + + @@ -513,7 +569,9 @@ Specifies the timeout for querying for a password. If no unit is specified, seconds is used. Supported units are s, ms, us, min, h, d. A timeout of 0 waits - indefinitely (which is the default). + indefinitely (which is the default). + + @@ -527,7 +585,9 @@ option implies . WARNING: Using the option will destroy the contents of the named partition - during every boot, so make sure the underlying block device is specified correctly. + during every boot, so make sure the underlying block device is specified correctly. + + @@ -535,7 +595,9 @@ Specifies the maximum number of times the user is queried for a password. The default is 3. If set to 0, the - user is queried for a password indefinitely. + user is queried for a password indefinitely. + + @@ -551,7 +613,9 @@ If the encryption password is read from console, it has to be entered twice to - prevent typos. + prevent typos. + + @@ -604,7 +668,9 @@ implement the newer and simpler FIDO2 standard. Consider using (described below) to enroll it via FIDO2 instead. Note that a security token enrolled via PKCS#11 cannot be used to unlock the volume via FIDO2, unless also enrolled via FIDO2, and vice - versa. + versa. + + @@ -788,7 +854,9 @@ Takes a boolean argument. If enabled, right before asking the user for a password it is first attempted to unlock the volume with an empty password. This is useful for systems that are initialized with an encrypted volume with only an empty password set, which shall be replaced with a - suitable password during first boot, but after activation. + suitable password during first boot, but after activation. + + @@ -797,7 +865,9 @@ Specifies how long systemd should wait for a block device to show up before giving up on the entry. The argument is a time in seconds or explicitly specified units of s, min, h, ms. - + + + @@ -816,6 +886,8 @@ All other encrypted block devices that contain file systems mounted in the initrd should use this option. + + diff --git a/man/file-hierarchy.xml b/man/file-hierarchy.xml index c976910446..583b9ab811 100644 --- a/man/file-hierarchy.xml +++ b/man/file-hierarchy.xml @@ -68,7 +68,7 @@ systems that run on physical or emulated hardware that requires boot loaders. - + @@ -92,7 +92,7 @@ back to defaults if configuration is missing. - + @@ -111,7 +111,7 @@ environment variable, or via the home directory field of the user database. - + @@ -122,7 +122,7 @@ may log in even without /home/ being available and mounted. - + @@ -134,7 +134,7 @@ available or writable only very late during boot. - + @@ -158,7 +158,7 @@ and similar calls. For more details, see Using /tmp/ and /var/tmp/ Safely. - + @@ -175,7 +175,7 @@ socket files, and similar. This directory is flushed on boot, and generally writable for privileged programs only. Always writable. - + @@ -185,7 +185,7 @@ when /var/log/ might not be accessible yet. - + @@ -200,7 +200,7 @@ url="https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG Base Directory Specification. - + @@ -218,7 +218,7 @@ by the administrator, except when installing or removing vendor-supplied packages. - + @@ -230,7 +230,7 @@ binaries); these should be placed in a subdirectory of /usr/lib/ instead. - + @@ -238,7 +238,7 @@ C and C++ API header files of system libraries. - + @@ -252,7 +252,7 @@ directory, use $libdir (see below), instead. - + @@ -271,7 +271,7 @@ system, invoke: # systemd-path system-library-arch - + @@ -283,7 +283,7 @@ of files stored below this directory is subject to specifications that ensure interoperability. - + @@ -291,7 +291,7 @@ Documentation for the operating system or system packages. - + @@ -304,7 +304,7 @@ defaults and to populate the local configuration with defaults. - + @@ -315,7 +315,7 @@ versions of files in the variable, persistent data directory /var/. - + @@ -335,7 +335,7 @@ late during boot. Components that are required to operate during early boot hence shall not unconditionally rely on this directory. - + @@ -346,7 +346,7 @@ programs, except for increased runtimes necessary to rebuild these caches. - + @@ -354,7 +354,7 @@ Persistent system data. System components may place private data in this directory. - + @@ -367,7 +367,7 @@ sd_journal_print3 calls. - + @@ -375,7 +375,7 @@ Persistent system spool data, such as printer or mail queues. - + @@ -398,7 +398,7 @@ and similar calls should be used. For further details about this directory, see Using /tmp/ and /var/tmp/ Safely. - + @@ -421,7 +421,7 @@ special purpose virtual file systems might be mounted below this directory. - + @@ -441,7 +441,7 @@ directories are not world-writable and hence not vulnerable to security-sensitive name clashes. - + @@ -454,7 +454,7 @@ A number of special purpose virtual file systems might be mounted below this directory. - + @@ -466,7 +466,7 @@ files. In sandboxed/containerized setups, this directory is generally mounted read-only. - + @@ -479,7 +479,7 @@ of special purpose virtual file systems might be mounted below this directory. - + @@ -520,7 +520,7 @@ binaries referencing these legacy paths correctly find their binaries. - + @@ -531,7 +531,7 @@ referencing this legacy path correctly find their resources. - + @@ -544,7 +544,7 @@ whose ABI places the dynamic loader in this path. - + @@ -555,7 +555,7 @@ this legacy path correctly find their runtime data. - + @@ -583,7 +583,7 @@ $XDG_CACHE_HOME set, it should use the directory specified in it instead of this directory. - + @@ -594,7 +594,7 @@ directory be missing. If an application finds $XDG_CONFIG_HOME set, it should use the directory specified in it instead of this directory. - + @@ -607,7 +607,7 @@ problematic if the home directory is shared between multiple hosts with different architectures. - + @@ -616,7 +616,7 @@ Static, private vendor data that is compatible with all architectures. - + @@ -626,7 +626,7 @@ defined on Multiarch Architecture Specifiers (Tuples) list. - + @@ -637,7 +637,7 @@ ensure interoperability. If an application finds $XDG_DATA_HOME set, it should use the directory specified in it instead of this directory. - + diff --git a/man/homectl.xml b/man/homectl.xml index 4dd16aa886..1cfbdcd4f8 100644 --- a/man/homectl.xml +++ b/man/homectl.xml @@ -139,7 +139,9 @@ short all superfluous whitespace is suppressed. If off (the default) the user information is not shown in JSON format but in a friendly human readable formatting instead. The option picks pretty when run interactively and - short otherwise. + short otherwise. + + @@ -338,7 +340,7 @@ user, including , and . - + @@ -808,7 +810,9 @@ Note that homectl uses bytes for key size, like /proc/crypto, but cryptsetup8 - uses bits. + uses bits. + + @@ -881,7 +885,9 @@ directory of the share. The setting allows specifying additional mount options when mounting the share, see mount.cifs8 - for details. + for details. + + diff --git a/man/hostnamectl.xml b/man/hostnamectl.xml index bb7c0b6e10..85594b07d7 100644 --- a/man/hostnamectl.xml +++ b/man/hostnamectl.xml @@ -64,7 +64,9 @@ status Show system hostname and related information. If no command is specified, - this is the implied default. + this is the implied default. + + diff --git a/man/journalctl.xml b/man/journalctl.xml index ebd92a71fe..df79e6d6e2 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -123,7 +123,9 @@ Note that only works if persistent logging is enabled, via the Storage= setting in - journald.conf5. + journald.conf5. + + @@ -131,7 +133,9 @@ Show messages from a running, local container. Specify a container name to connect - to. + to. + + @@ -139,7 +143,9 @@ Show entries interleaved from all available journals, including remote - ones. + ones. + + @@ -148,7 +154,9 @@ Takes a directory path as argument. If specified, journalctl will operate on the specified journal directory DIR instead of the default runtime and system - journal paths. + journal paths. + + @@ -157,7 +165,9 @@ Takes a file glob as an argument. If specified, journalctl will operate on the specified journal files matching GLOB instead of the default runtime and system journal paths. May be specified multiple times, in which case files will be suitably - interleaved. + interleaved. + + @@ -169,7 +179,9 @@ ROOT/var/lib/systemd/catalog/database, and journal files under ROOT/run/journal/ or ROOT/var/log/journal/ will be displayed). - + + + @@ -183,7 +195,9 @@ the Discoverable Partitions Specification. For further information on supported disk images, see systemd-nspawn1's - switch of the same name. + switch of the same name. + + @@ -197,7 +211,9 @@ shown, interleaved. If the namespace identifier is prefixed with + data from the specified namespace and the default namespace is shown, interleaved, but no other. For details about journal namespaces see - systemd-journald.service8. + systemd-journald.service8. + + @@ -226,7 +242,9 @@ after the current time, respectively. For complete time and date specification, see systemd.time7. Note that prints timestamps that follow precisely this format. - + + + @@ -234,7 +252,9 @@ Start showing entries from the location in the journal specified by the passed - cursor. + cursor. + + @@ -242,7 +262,9 @@ Start showing entries from the location in the journal after the location specified by the passed cursor. The cursor is shown when the - option is used. + option is used. + + @@ -252,7 +274,9 @@ entries after this location. Otherwise show entries according to the other given options. At the end, write the cursor of the last entry to FILE. Use this option to continually read the journal by sequentially - calling journalctl. + calling journalctl. + + @@ -281,7 +305,9 @@ logs for the boot given by ID are shown. The special argument all can be used to negate the effect of an earlier - use of . + use of . + + @@ -302,7 +328,9 @@ With , all arguments will be converted to match user messages as if specified with . - This parameter can be specified multiple times. + This parameter can be specified multiple times. + + @@ -316,7 +344,9 @@ systemd.slice5 unit, all logs of children of the unit will be shown. - This parameter can be specified multiple times. + This parameter can be specified multiple times. + + @@ -326,7 +356,9 @@ Show messages for the specified syslog identifier SYSLOG_IDENTIFIER. - This parameter can be specified multiple times. + This parameter can be specified multiple times. + + @@ -344,7 +376,9 @@ messages with this log level or a lower (hence more important) log level are shown. If a range is specified, all messages within the range are shown, including both the start and the end value of the range. This will add PRIORITY= matches for the specified - priorities. + priorities. + + @@ -354,7 +388,9 @@ facility names. The names are the usual syslog facilities as documented in syslog3. may be used to display a list of known facility names and exit. - + + + @@ -372,13 +408,17 @@ below. When used with (not prefixed with +), - is implied. + is implied. + + - Make pattern matching case sensitive or case insensitive. + Make pattern matching case sensitive or case insensitive. + + @@ -386,7 +426,9 @@ Show only kernel messages. This implies and adds the match - _TRANSPORT=kernel. + _TRANSPORT=kernel. + + @@ -408,7 +450,9 @@ is the default and generates an output that is mostly identical to the - formatting of classic syslog files, showing one line per journal entry. + formatting of classic syslog files, showing one line per journal entry. + + @@ -416,18 +460,24 @@ is very similar, but shows timestamps in the format the and options accept. Unlike the timestamp information shown in output mode this mode includes weekday, year and - timezone information in the output, and is locale-independent. + timezone information in the output, and is locale-independent. + + - is very similar, but shows ISO 8601 wallclock timestamps. + is very similar, but shows ISO 8601 wallclock timestamps. + + as for but includes full microsecond - precision. + precision. + + @@ -442,13 +492,17 @@ is very similar, but shows classic syslog timestamps with full microsecond - precision. + precision. + + is very similar, but shows monotonic timestamps instead of wallclock - timestamps. + timestamps. + + @@ -463,12 +517,16 @@ is very similar, but shows seconds passed since January 1st 1970 UTC instead of - wallclock timestamps ("UNIX time"). The time is shown with microsecond accuracy. + wallclock timestamps ("UNIX time"). The time is shown with microsecond accuracy. + + - shows the full-structured entry items with all fields. + shows the full-structured entry items with all fields. + + @@ -478,7 +536,9 @@ url="https://systemd.io/JOURNAL_EXPORT_FORMATS#journal-export-format">Journal Export Format for more information). To import the binary stream back into native journald format use - systemd-journal-remote8. + systemd-journal-remote8. + + @@ -499,13 +559,17 @@ containing the raw bytes individually formatted as unsigned numbers. - Note that this encoding is reversible (with the exception of the size limit). + Note that this encoding is reversible (with the exception of the size limit). + + formats entries as JSON data structures, but formats them in multiple lines in - order to make them more readable by humans. + order to make them more readable by humans. + + @@ -513,7 +577,9 @@ formats entries as JSON data structures, but wraps them in a format suitable for Server-Sent - Events. + Events. + + @@ -521,7 +587,9 @@ formats entries as JSON data structures, but prefixes them with an ASCII Record Separator character (0x1E) and suffixes them with an ASCII Line Feed character (0x0A), in accordance with JavaScript Object Notation - (JSON) Text Sequences (application/json-seq). + (JSON) Text Sequences (application/json-seq). + + @@ -529,14 +597,18 @@ generates a very terse output, only showing the actual message of each journal entry with no metadata, not even a timestamp. If combined with the option will output the listed fields for each log record, - instead of the message. + instead of the message. + + similar to , but prefixes the unit and user unit names instead of the traditional syslog identifier. Useful when using templated instances, as it will - include the arguments in the unit names. + include the arguments in the unit names. + + @@ -550,7 +622,9 @@ , and ), as well as on . For the former, the __CURSOR, __REALTIME_TIMESTAMP, __MONOTONIC_TIMESTAMP, and - _BOOT_ID fields are always printed. + _BOOT_ID fields are always printed. + + @@ -570,7 +644,9 @@ - Reverse output so that the newest entries are displayed first. + Reverse output so that the newest entries are displayed first. + + @@ -578,13 +654,17 @@ The cursor is shown after the last entry after two dashes: -- cursor: s=0639… - The format of the cursor is private and subject to change. + The format of the cursor is private and subject to change. + + - Express time in Coordinated Universal Time (UTC). + Express time in Coordinated Universal Time (UTC). + + @@ -600,7 +680,9 @@ Catalog Developer Documentation. Note: when attaching journalctl output to bug reports, please do - not use . + not use . + + @@ -610,7 +692,9 @@ switch has an effect only on the family of output modes (see above). Note: this option does not remove occurrences of the hostname from log entries themselves, so - it does not prevent the hostname from being visible in the logs. + it does not prevent the hostname from being visible in the logs. + + @@ -622,7 +706,9 @@ full fields, allowing them to wrap or be truncated by the pager, if one is used. The old options / are not useful anymore, except to - undo . + undo . + + @@ -679,7 +765,9 @@ while will disable this cap. Note that this option is only supported for the less1 - pager. + pager. + + @@ -696,21 +784,27 @@ Specifies the change interval for the sealing key when generating an FSS key pair with . Shorter intervals increase CPU consumption but shorten the time - range of undetectable journal alterations. Defaults to 15min. + range of undetectable journal alterations. Defaults to 15min. + + Specifies the FSS verification key to use for the - operation. + operation. + + When is passed and Forward Secure Sealing (FSS) has - already been configured, recreate FSS keys. + already been configured, recreate FSS keys. + + @@ -725,7 +819,9 @@ - Print all field names currently used in all entries of the journal. + Print all field names currently used in all entries of the journal. + + @@ -733,21 +829,27 @@ Print all possible data values the specified field can take in all entries of the - journal. + journal. + + Show a tabular list of boot numbers (relative to the current boot), their IDs, and - the timestamps of the first and last message pertaining to the boot. + the timestamps of the first and last message pertaining to the boot. + + Shows the current disk usage of all journal files. This shows the sum of the disk - usage of all archived and active journal files. + usage of all archived and active journal files. + + @@ -786,7 +888,9 @@ so, all active files are rotated first, and the requested vacuuming operation is executed right after. The rotation has the effect that all currently active files are archived (and potentially new, empty journal files opened as replacement), and hence the vacuuming operation has the greatest effect - as it can take all log data written so far into account. + as it can take all log data written so far into account. + + @@ -794,7 +898,9 @@ Check the journal file for internal consistency. If the file has been generated with FSS enabled and the FSS verification key has been specified with - , authenticity of the journal file is verified. + , authenticity of the journal file is verified. + + @@ -803,7 +909,9 @@ Asks the journal daemon to write all yet unwritten journal data to the backing file system and synchronize all journals. This call does not return until the synchronization operation is complete. This command guarantees that any log messages written before its invocation are safely - stored on disk at the time it returns. + stored on disk at the time it returns. + + @@ -813,7 +921,9 @@ requested the daemon will write further log data to /run/log/journal/ and stops writing to /var/log/journal/. A subsequent call to causes the log output to switch back to - /var/log/journal/, see above. + /var/log/journal/, see above. + + @@ -823,7 +933,9 @@ file system and /var/log/journal/ reside on the same mount point. This operation is used during system shutdown in order to make the journal daemon stop writing data to /var/log/journal/ in case that directory is located on a mount point that needs - to be unmounted. + to be unmounted. + + @@ -836,7 +948,9 @@ /var/log/journal/ once during system runtime (but see below), and this command exits cleanly without executing any operation if this has already happened. This command effectively guarantees that all data is flushed - to /var/log/journal/ at the time it returns. + to /var/log/journal/ at the time it returns. + + @@ -847,7 +961,9 @@ journal files are marked as archived and renamed, so that they are never written to in future. New (empty) journal files are then created in their place. This operation may be combined with , and - into a single command, see above. + into a single command, see above. + + @@ -857,7 +973,9 @@ journal fields accessed. This option is particularly useful when trying to identify out-of-order journal entries, as - happens for example when the machine is booted with the wrong system time. + happens for example when the machine is booted with the wrong system time. + + @@ -867,7 +985,9 @@ short description strings. If any 128-bit-IDs are specified, only those entries are - shown. + shown. + + @@ -878,7 +998,9 @@ files). If any 128-bit-IDs are specified, only those entries are - shown. + shown. + + @@ -886,7 +1008,9 @@ Update the message catalog index. This command needs to be executed each time new catalog files are installed, removed, or updated to rebuild the binary catalog - index. + index. + + @@ -898,7 +1022,9 @@ externally. Refer to the option in journald.conf5 for information on Forward Secure Sealing and for a link to a refereed scholarly paper detailing the - cryptographic theory it is based on. + cryptographic theory it is based on. + + diff --git a/man/journald.conf.xml b/man/journald.conf.xml index df263447c6..6b7280781b 100644 --- a/man/journald.conf.xml +++ b/man/journald.conf.xml @@ -424,6 +424,8 @@ systemd.journald.max_level_kmsg=, systemd.journald.max_level_console=, systemd.journald.max_level_wall=. + + diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml index 0b6d31817b..1a434420ac 100644 --- a/man/kernel-command-line.xml +++ b/man/kernel-command-line.xml @@ -80,6 +80,8 @@ Parameters understood by the system and service manager to control system behavior. For details, see systemd1. + + @@ -92,6 +94,8 @@ systemd-debug-generator8, to mask or start specific units at boot, or invoke a debug shell on tty9. + + @@ -204,6 +208,8 @@ Parameters understood by the system and service manager, as compatibility and convenience options. For details, see systemd1. + + @@ -240,6 +246,8 @@ Parameters understood by the file system checker services. For details, see systemd-fsck@.service8. + + @@ -265,6 +273,8 @@ Parameters understood by the journal service. For details, see systemd-journald.service8. + + @@ -278,6 +288,8 @@ Parameters understood by the virtual console setup logic. For details, see vconsole.conf5. + + @@ -301,6 +313,8 @@ Parameters understood by the device event managing daemon. For details, see systemd-udevd.service8. + + @@ -334,6 +348,8 @@ Configures the LUKS full-disk encryption logic at boot. For details, see systemd-cryptsetup-generator8. + + @@ -368,6 +384,8 @@ will be in effect. In this case rootfstype=, rootflags=, ro, rw will be interpreted by systemd-gpt-auto-generator. + + @@ -402,6 +420,8 @@ Configures the integrity protection root hash for the root and /usr file systems, and other related parameters. For details, see systemd-veritysetup-generator8. + + @@ -540,7 +560,7 @@ details, see systemd-modules-load.service8. - + @@ -565,6 +585,8 @@ fstab5-like paths are supported. For details, see systemd-hibernate-resume-generator8. + + diff --git a/man/kernel-install.xml b/man/kernel-install.xml index 9a21fd65e8..a109a1be38 100644 --- a/man/kernel-install.xml +++ b/man/kernel-install.xml @@ -139,7 +139,7 @@ If $KERNEL_INSTALL_LAYOUT is not "uki", this plugin does nothing. - + @@ -172,7 +172,7 @@ - + @@ -182,7 +182,7 @@ values of the various $KERNEL_INSTALL_* environment variables listed below. - + @@ -337,6 +337,8 @@ kernel and initrds under $BOOT/ENTRY-TOKEN/KERNEL-VERSION/ Implemented by 90-loaderentry.install. + + @@ -357,6 +359,8 @@ other Some other layout not understood natively by kernel-install. + + @@ -441,7 +445,7 @@ exist, /proc/cmdline is used. $KERNEL_INSTALL_CONF_ROOT may be used to override the path. - + @@ -497,7 +501,7 @@ If available, PRETTY_NAME= is read from these files and used as the title of the boot menu entry. Otherwise, Linux KERNEL-VERSION will be used. - + diff --git a/man/localectl.xml b/man/localectl.xml index f9ef2ed4c7..eb22857670 100644 --- a/man/localectl.xml +++ b/man/localectl.xml @@ -71,7 +71,9 @@ status Show current settings of the system locale and keyboard mapping. - If no command is specified, this is the implied default. + If no command is specified, this is the implied default. + + @@ -86,7 +88,7 @@ list-locales for a list of available locales (see below). - + @@ -94,7 +96,9 @@ List available locales useful for configuration with - set-locale. + set-locale. + + @@ -108,7 +112,9 @@ keyboard mapping of X11, after converting it to the closest matching X11 keyboard mapping. Use list-keymaps for a list of available - keyboard mappings (see below). + keyboard mappings (see below). + + @@ -116,7 +122,9 @@ List available keyboard mappings for the console, useful for configuration with - set-keymap. + set-keymap. + + @@ -130,7 +138,9 @@ for details. Unless is passed, the selected setting is also applied as the system console keyboard mapping, after converting it to the closest matching - console keyboard mapping. + console keyboard mapping. + + @@ -144,7 +154,9 @@ set-keymap. The command list-x11-keymap-variants optionally takes a layout parameter to limit the output to the variants suitable - for the specific layout. + for the specific layout. + + diff --git a/man/loginctl.xml b/man/loginctl.xml index e7ca4d6e97..9dd424efe2 100644 --- a/man/loginctl.xml +++ b/man/loginctl.xml @@ -115,7 +115,9 @@ unlock-sessions Activates/deactivates the screen lock on all - current sessions supporting it. + current sessions supporting it. + + @@ -348,6 +350,8 @@ Do not ellipsize process tree entries. + + diff --git a/man/logind.conf.xml b/man/logind.conf.xml index 9fa7e1f5cb..72f657ced4 100644 --- a/man/logind.conf.xml +++ b/man/logind.conf.xml @@ -251,7 +251,9 @@ to take over suspend and hibernation handling, and to use their own configuration mechanisms. If a low-level inhibitor lock is taken, logind will not take any action when that key or switch is triggered and the Handle*= - settings are irrelevant. + settings are irrelevant. + + @@ -280,7 +282,9 @@ This means that when systemd-logind is handling events by itself (no low level inhibitor locks are taken by another application), the lid switch does not respect suspend blockers by default, but the power and sleep keys - do. + do. + + diff --git a/man/machinectl.xml b/man/machinectl.xml index 12a4766a14..3f4228ee14 100644 --- a/man/machinectl.xml +++ b/man/machinectl.xml @@ -97,7 +97,9 @@ be started, use list-images (see below). Note that this command hides the special .host machine by default. Use the - switch to show it. + switch to show it. + + @@ -113,7 +115,7 @@ console output of the machine, but not necessarily journal contents of the machine itself. - + @@ -127,7 +129,7 @@ required, and does not print the control group tree or journal entries. Use status if you are looking for formatted human-readable output. - + @@ -161,7 +163,7 @@ systemd-nspawn directly. To stop a running container use machinectl poweroff. - + @@ -188,7 +190,7 @@ a single command, either interactively or in the background. - + @@ -233,7 +235,7 @@ preferable for scripting purposes. However, note that systemd-run might require higher privileges than machinectl shell. - + @@ -250,7 +252,7 @@ Note that this command does not implicitly start or power off the containers that are being operated on. If this is desired, combine the command with the switch. - + @@ -267,7 +269,7 @@ terminate a container or VM, without cleanly shutting it down. - + @@ -279,7 +281,7 @@ on a non-containerized system, and is compatible with containers running any system manager. - + @@ -292,7 +294,7 @@ poweroff to issue a clean shutdown request. - + @@ -305,7 +307,7 @@ process to kill. Use to select the signal to send. - + @@ -338,7 +340,7 @@ group ID is preserved for the copy, otherwise all files and directories in the copy will be owned by the root user and group (UID/GID 0). - + @@ -354,7 +356,7 @@ group ID is preserved for the copy, otherwise all files and directories in the copy will be owned by the root user and group (UID/GID 0). - + @@ -387,7 +389,7 @@ show-image (see below) to generate computer-parsable output instead. - + @@ -405,7 +407,7 @@ image-status if you are looking for formatted human-readable output. - + @@ -477,7 +479,7 @@ the host's own directory tree, may not be removed. - + @@ -705,7 +707,7 @@ transfers and their IDs, use list-transfers. - + @@ -780,7 +782,7 @@ processes of the machine. If omitted, defaults to . - + @@ -809,7 +811,7 @@ Note that this option is not supported for the login command. - + diff --git a/man/networkctl.xml b/man/networkctl.xml index 9da988923d..c83277a683 100644 --- a/man/networkctl.xml +++ b/man/networkctl.xml @@ -209,7 +209,7 @@ - + @@ -278,7 +278,7 @@ - + @@ -308,7 +308,7 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) 1 neighbors listed. - + @@ -347,7 +347,7 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) Deletes virtual netdevs. Takes interface name or index number. - + @@ -357,7 +357,7 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) Bring devices up. Takes interface name or index number. - + @@ -367,7 +367,7 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) Bring devices down. Takes interface name or index number. - + @@ -378,7 +378,7 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) Renew dynamic configurations e.g. addresses received from DHCP server. Takes interface name or index number. - + @@ -389,7 +389,7 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) Send a FORCERENEW message to all connected clients, triggering DHCP reconfiguration. Takes interface name or index number. - + @@ -402,7 +402,7 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) corresponding to the specified interface. So, if you edit config files, it is necessary to call networkctl reload first to apply new settings. - + diff --git a/man/networkd.conf.xml b/man/networkd.conf.xml index 9668aed614..018bde0fbf 100644 --- a/man/networkd.conf.xml +++ b/man/networkd.conf.xml @@ -147,7 +147,9 @@ 43793 as the vendor identifier (systemd) and hashed contents of machine-id5. This is the default if DUIDType= is not specified. - + + + @@ -158,7 +160,9 @@ machine-id5 is used as a DUID value. About the application-specific machine ID, see sd_id128_get_machine_app_specific3. - + + + @@ -168,13 +172,17 @@ then the MAC address of the interface is used as a DUID value. The value link-layer-time can take additional time value after a colon, e.g. link-layer-time:2018-01-23 12:34:56 UTC. The default time value is 2000-01-01 00:00:00 UTC. - + + + In all cases, DUIDRawData= can be used to override the - actual DUID value that is used. + actual DUID value that is used. + + @@ -203,6 +211,8 @@ DUIDRawData=00:00:ab:11:f9:2a:c2:77:29:f9:5c:00 43793 (00:00:ab:11), and identifier value f9:2a:c2:77:29:f9:5c:00. + + diff --git a/man/oomd.conf.xml b/man/oomd.conf.xml index 1bcb9ecbbe..4fc7abd895 100644 --- a/man/oomd.conf.xml +++ b/man/oomd.conf.xml @@ -58,7 +58,7 @@ ManagedOOMSwap=. Takes a value specified in percent (when suffixed with "%"), permille ("‰") or permyriad ("‱"), between 0% and 100%, inclusive. Defaults to 90%. - + @@ -76,7 +76,7 @@ ManagedOOMMemoryPressure=. Takes a fraction specified in the same way as SwapUsedLimit= above. Defaults to 60%. - + diff --git a/man/os-release.xml b/man/os-release.xml index 1736b5017f..fbcce9bd5a 100644 --- a/man/os-release.xml +++ b/man/os-release.xml @@ -215,7 +215,9 @@ Edition". Note: this field is for display purposes only. The VARIANT_ID field should - be used for making programmatic decisions. + be used for making programmatic decisions. + + @@ -227,7 +229,9 @@ may not be implemented on all systems. Examples: VARIANT_ID=server, VARIANT_ID=embedded. - + + + @@ -268,7 +272,9 @@ is optional and may not be implemented on all systems. Examples: VERSION_CODENAME=buster, - VERSION_CODENAME=xenial. + VERSION_CODENAME=xenial. + + @@ -283,7 +289,9 @@ optional. Examples: BUILD_ID="2013-03-20.3", BUILD_ID=201303203. - + + + @@ -384,7 +392,9 @@ systems. Examples: LOGO=fedora-logo, LOGO=distributor-logo-opensuse - + + + @@ -452,7 +462,9 @@ See org.freedesktop.hostname15 for a description of how systemd-hostnamed.service8 - determines the fallback hostname. + determines the fallback hostname. + + @@ -480,7 +492,9 @@ for more information. Examples: SYSEXT_LEVEL=2, SYSEXT_LEVEL=15.14. - + + + diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index 114f18851c..4aff032a0d 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -299,7 +299,7 @@ Sets unit MemoryMax=. - + @@ -307,7 +307,7 @@ Sets unit TasksMax=. - + @@ -315,7 +315,7 @@ Sets unit CPUWeight=. - + @@ -323,7 +323,7 @@ Sets unit IOWeight=. - + @@ -331,7 +331,7 @@ Sets unit RuntimeMaxSec=. - + diff --git a/man/portablectl.xml b/man/portablectl.xml index a94ffaf2d7..c7962f2349 100644 --- a/man/portablectl.xml +++ b/man/portablectl.xml @@ -155,7 +155,7 @@ files. This is a convenience feature to allow all arguments passed as attach also to detach. - + If and/or are passed, the portable services are immediately stopped (blocking operation) and/or disabled before detaching the image. Prefix(es) are also accepted, diff --git a/man/resolvectl.xml b/man/resolvectl.xml index 5249f9b909..549dbbd2b7 100644 --- a/man/resolvectl.xml +++ b/man/resolvectl.xml @@ -203,6 +203,8 @@ For details about these settings, their possible values and their effect, see the corresponding settings in systemd.network5. + + diff --git a/man/systemctl.xml b/man/systemctl.xml index 2a5597728c..22aebfbafe 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -171,6 +171,8 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service Also see , , and . + + @@ -198,6 +200,8 @@ Sun 2017-02-26 20:57:49 EST 2h 3min left Sun 2017-02-26 11:56:36 EST 6h ago ACTIVATES shows the name the service the timer activates when it runs. Also see and . + + @@ -224,6 +228,8 @@ Sun 2017-02-26 20:57:49 EST 2h 3min left Sun 2017-02-26 11:56:36 EST 6h ago non-zero otherwise. Unless is specified, this will also print the current unit state to standard output. + + @@ -349,6 +355,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err understanding of these units if any unit files were updated on disk and the daemon-reload command wasn't issued since. + + @@ -359,6 +367,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Show manual pages for one or more units, if available. If a PID is given, the manual pages for the unit the process belongs to are shown. + + @@ -393,6 +403,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Note that this command only lists units currently loaded into memory by the service manager. In particular, this command is not suitable to get a comprehensive list at all reverse dependencies on a specific unit, as it won't list the dependencies declared by units currently not loaded. + + @@ -497,6 +509,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err nothing if the units are not running. + + @@ -551,6 +565,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err not specified, the cache and runtime data as well as the file descriptor store are removed (as these three types of resources are generally redundant and reproducible on the next invocation of the unit). Note that the specified units must be stopped to invoke this operation. + + @@ -564,6 +580,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err to be suspended. Being suspended means that unit's processes won't be scheduled to run on CPU until thawed. Note that this command is supported only on systems that use unified cgroup hierarchy. Unit is automatically thawed just before we execute a job against the unit, e.g. before the unit is stopped. + + @@ -575,6 +593,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err This is the inverse operation to the freeze command and resumes the execution of processes in the unit's cgroup. + + @@ -609,6 +629,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err property to its defaults. Example: systemctl set-property avahi-daemon.service IPAddressDeny= + + @@ -1109,7 +1131,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err edit, systemctl set-property and systemctl mask and puts the original unit file with its settings back in effect. - + @@ -1129,7 +1151,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err in a way similar to enable. - + @@ -1175,7 +1197,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err /etc/, since they take precedence over /run/. - + @@ -1186,6 +1208,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Return the default target to boot into. This returns the target unit name default.target is aliased (symlinked) to. + + @@ -1197,7 +1221,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err (symlinks) the default.target alias to the given target unit. - + @@ -1218,7 +1242,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err containers matching one of them are shown. - + @@ -1341,7 +1365,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err are only meant for processes which are descendants of the shell. Such variables in the global environment block are confusing to other processes. - + @@ -1724,6 +1748,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Hibernate and suspend the system. This will trigger activation of the special target unit hybrid-sleep.target. This command is asynchronous, and will return after the hybrid sleep operation is successfully enqueued. It will not wait for the sleep/wake-up cycle to complete. + + @@ -1951,6 +1977,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err When passed to the list-jobs command, for each printed job show which other jobs are waiting for it. May be combined with to show both the jobs waiting for each job as well as all jobs each job is waiting for. + + @@ -2156,6 +2184,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Shortcut for . + + @@ -2538,7 +2568,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err menu timeout. Pass zero in order to disable the menu timeout. Note that not all boot loaders support this functionality. - + @@ -2551,7 +2581,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err as argument, or help in order to list available entries. Note that not all boot loaders support this functionality. - + @@ -2609,7 +2639,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err - Day YYYY-MM-DD HH:MM:SS.UUUUUU TZ + Day YYYY-MM-DD HH:MM:SS.UUUUUU TZ + + @@ -2626,7 +2658,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err - Day YYYY-MM-DD HH:MM:SS.UUUUUU UTC + Day YYYY-MM-DD HH:MM:SS.UUUUUU UTC + + diff --git a/man/systemd-ask-password.xml b/man/systemd-ask-password.xml index 6484bbb8a6..5bae448343 100644 --- a/man/systemd-ask-password.xml +++ b/man/systemd-ask-password.xml @@ -181,7 +181,9 @@ - Equivalent to , see above. + Equivalent to , see above. + + diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml index fa73def8b1..03fc63cd67 100644 --- a/man/systemd-boot.xml +++ b/man/systemd-boot.xml @@ -141,7 +141,7 @@ (Right) Boot selected entry - + @@ -199,7 +199,9 @@ h ? F1 - Show a help screen + Show a help screen + + @@ -304,14 +306,16 @@ Esc Ctrlc - Abort the edit and quit the editor + Abort the edit and quit the editor + + Ctrlk Clear the command line forwards - + @@ -319,13 +323,15 @@ AltBackspace Delete word backwards - + CtrlDel Altd - Delete word forwards + Delete word forwards + + diff --git a/man/systemd-cgls.xml b/man/systemd-cgls.xml index 8b72b9d06d..27332c5d31 100644 --- a/man/systemd-cgls.xml +++ b/man/systemd-cgls.xml @@ -71,6 +71,8 @@ Do not ellipsize process tree members. + + @@ -106,7 +108,9 @@ Limit control groups shown to the part corresponding to the container - MACHINE. + MACHINE. + + @@ -115,7 +119,9 @@ Controls whether to include information about extended attributes of the listed control groups in the output. With the long option, expects a boolean value. Defaults to no. - + + + @@ -123,7 +129,9 @@ Controls whether to include the numeric ID of the listed control groups in the - output. With the long option, expects a boolean value. Defaults to no. + output. With the long option, expects a boolean value. Defaults to no. + + diff --git a/man/systemd-escape.xml b/man/systemd-escape.xml index 6a5f31a2e3..397d8725ec 100644 --- a/man/systemd-escape.xml +++ b/man/systemd-escape.xml @@ -107,7 +107,9 @@ Instead of escaping the specified strings, undo the escaping, reversing the operation. May not be used in conjunction with or - . + . + + @@ -119,7 +121,9 @@ possibly automatically append an appropriate unit type suffix to the string. May not be used in conjunction with , or - . + . + + diff --git a/man/systemd-firstboot.xml b/man/systemd-firstboot.xml index bada361933..3aa160ecad 100644 --- a/man/systemd-firstboot.xml +++ b/man/systemd-firstboot.xml @@ -202,7 +202,9 @@ for more information on the format of the hashed password. Note that it is not recommended to specify plaintext passwords on the command line, as other users might be able to see them simply by invoking ps1. - + + + @@ -237,7 +239,9 @@ Prompt the user interactively for a specific basic setting. Note that any explicit configuration settings specified on the command line take precedence, and the user is - not prompted for it. + not prompted for it. + + @@ -265,7 +269,9 @@ Copy a specific basic setting from the host. This only works in combination with or . - + + + diff --git a/man/systemd-fstab-generator.xml b/man/systemd-fstab-generator.xml index b046e382e7..d411f03e7b 100644 --- a/man/systemd-fstab-generator.xml +++ b/man/systemd-fstab-generator.xml @@ -257,7 +257,7 @@ any swap devices configured in /etc/fstab. Defaults to enabled. - + diff --git a/man/systemd-gpt-auto-generator.xml b/man/systemd-gpt-auto-generator.xml index c6bbbfa0b0..e70bce6975 100644 --- a/man/systemd-gpt-auto-generator.xml +++ b/man/systemd-gpt-auto-generator.xml @@ -279,7 +279,9 @@ logic. The rootfstype= and rootflags= are used to select the - file system type and options when the root file system is automatically discovered. + file system type and options when the root file system is automatically discovered. + + diff --git a/man/systemd-journal-gatewayd.service.xml b/man/systemd-journal-gatewayd.service.xml index 800bf6e430..45adc2a042 100644 --- a/man/systemd-journal-gatewayd.service.xml +++ b/man/systemd-journal-gatewayd.service.xml @@ -176,7 +176,7 @@ GET parameters can be used to modify what events are returned. Supported parameters are described below. - + @@ -329,7 +329,7 @@ Match journal fields. See systemd.journal-fields7. - + diff --git a/man/systemd-journald.service.xml b/man/systemd-journald.service.xml index 1a2dc18bbf..31435b2865 100644 --- a/man/systemd-journald.service.xml +++ b/man/systemd-journald.service.xml @@ -240,6 +240,8 @@ systemd-tmpfiles --create --prefix /var/log/journal See journald.conf5 for information about these settings. + + diff --git a/man/systemd-machine-id-setup.xml b/man/systemd-machine-id-setup.xml index 8ad8389cb8..d1a77bdf34 100644 --- a/man/systemd-machine-id-setup.xml +++ b/man/systemd-machine-id-setup.xml @@ -87,7 +87,7 @@ given alternate root path, including the path for /etc/machine-id itself. - + diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml index 8db34b2300..3568fb5435 100644 --- a/man/systemd-measure.xml +++ b/man/systemd-measure.xml @@ -126,7 +126,9 @@ configures the files to read the unified kernel image components from. Each option corresponds with the equally named section in the unified kernel PE file. The switch expects the path to the ELF kernel file that the unified PE kernel will wrap. All switches except - are optional. Each option may be used at most once. + are optional. Each option may be used at most once. + + diff --git a/man/systemd-modules-load.service.xml b/man/systemd-modules-load.service.xml index ab32c1852e..fc51716121 100644 --- a/man/systemd-modules-load.service.xml +++ b/man/systemd-modules-load.service.xml @@ -56,7 +56,7 @@ Takes a comma-separated list of kernel modules to statically load during early boot. The option prefixed with rd. is read in the initrd only. - + diff --git a/man/systemd-mount.xml b/man/systemd-mount.xml index 854a2812e7..d92ef18657 100644 --- a/man/systemd-mount.xml +++ b/man/systemd-mount.xml @@ -272,7 +272,7 @@ , see above), and the file system block device is detected to be removable, this option is implied. - + diff --git a/man/systemd-network-generator.service.xml b/man/systemd-network-generator.service.xml index 776daec05a..0eb98a9635 100644 --- a/man/systemd-network-generator.service.xml +++ b/man/systemd-network-generator.service.xml @@ -72,6 +72,8 @@ — translated into systemd.link5 files. + + diff --git a/man/systemd-networkd-wait-online.service.xml b/man/systemd-networkd-wait-online.service.xml index c53f7213a0..06f837a50e 100644 --- a/man/systemd-networkd-wait-online.service.xml +++ b/man/systemd-networkd-wait-online.service.xml @@ -76,7 +76,7 @@ .network file is used if present, and degraded otherwise. - + @@ -87,7 +87,7 @@ interface is ignored. This option may be used more than once to ignore multiple network interfaces. - + @@ -101,7 +101,7 @@ But this does not override operational states specified in option. - + @@ -164,7 +164,7 @@ by the time the timeout elapses. A timeout of 0 disables the timeout. Defaults to 120 seconds. - + diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index aa96186173..9c6354a5fa 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -244,7 +244,9 @@ Note that this switch leaves hostname, machine ID and all other settings that could identify the instance - unmodified. + unmodified. + + @@ -265,6 +267,8 @@ With this option no modifications of the container image are retained. Use (described below) for other mechanisms to restrict persistency of container images during runtime. + + @@ -311,7 +315,9 @@ (and optionally ) options. Any other partitions, such as foreign partitions or swap partitions are not mounted. May not be specified - together with , . + together with , . + + @@ -400,7 +406,9 @@ former are not symlinks into the latter) are not supported by --volatile=yes as container payload. The option does not require any particular preparations in the OS, but do note that overlayfs behaviour differs from regular file systems - in a number of ways, and hence compatibility is limited. + in a number of ways, and hence compatibility is limited. + + @@ -428,6 +436,8 @@ Also see the RootHash= option in systemd.exec5. + + @@ -468,7 +478,9 @@ This is for containers which have several bootable directories in them; for example, several OSTree deployments. It emulates the behavior of the boot loader and the initrd which normally select which directory to mount as the root - and start the container's PID 1 in. + and start the container's PID 1 in. + + @@ -492,6 +504,8 @@ modified to run correctly as PID 1. Or in other words: this switch should be used for pretty much all commands, except when the command refers to an init or shell implementation, as these are generally capable of running correctly as PID 1. This option may not be combined with . + + @@ -546,7 +560,9 @@ Change to the specified working directory before invoking the process in the container. Expects - an absolute path in the container's file system namespace. + an absolute path in the container's file system namespace. + + @@ -559,7 +575,7 @@ are omitted, the value of the variable with the same name in the program environment will be used. - + @@ -580,7 +596,9 @@ SIGRTMIN+3 triggers an orderly shutdown). If is not used and this option is not specified the container's processes are terminated abruptly via SIGKILL. For a list of valid signals, see signal7. + project='man-pages'>signal7. + + @@ -593,7 +611,9 @@ With option systemd-nspawn waits for the READY=1 message from the init process in the container before sending its own to systemd. For more details about notifications - see sd_notify3. + see sd_notify3. + + @@ -636,7 +656,9 @@ with a random identifier in case mode is selected. If the root directory selected is the host's root directory the host's hostname is used as default - instead. + instead. + + @@ -652,6 +674,8 @@ exclusively. Note that regardless whether the container's hostname is initialized from the name set with or the one set with , the container can later override its kernel hostname freely on its own as well. + + @@ -678,6 +702,8 @@ Make the container part of the specified slice, instead of the default machine.slice. This applies only if the machine is run in its own scope unit, i.e. if isn't used. + + @@ -688,6 +714,8 @@ machine is run in its own scope unit, i.e. if isn't used. Takes unit property assignments in the same format as systemctl set-property. This is useful to set memory limits and similar for the container. + + @@ -703,7 +731,9 @@ tools such as ps1. If the container does not run a service manager, it is recommended to set this option to - no. + no. + + @@ -719,7 +749,9 @@ Note that passing disables the effect of and . Use and in combination to disable any kind of unit allocation or registration with - systemd-machined. + systemd-machined. + + @@ -797,7 +829,9 @@ Note that when user namespacing is used file ownership on disk reflects this, and all of the container's files and directories are owned by the container's effective user and group IDs. This means that copying files from and to the container image requires correction of the numeric UID/GID values, according to the UID/GID - shift applied. + shift applied. + + @@ -824,7 +858,7 @@ is used. This option has no effect if user namespacing is not used. - + @@ -841,6 +875,8 @@ ) on the file system by redoing the operation with the first UID of 0: systemd-nspawn … --private-users=0 --private-users-ownership=chown + + @@ -893,6 +929,8 @@ After=sys-subsystem-net-devices-ens1.device ens1 network interface has shown up. This is required since hardware probing is fully asynchronous, and network interfaces might be discovered only later during the boot process, after the container would normally be started without these explicit dependencies. + + @@ -911,7 +949,9 @@ After=sys-subsystem-net-devices-ens1.device As with , the underlying Ethernet network interface must already exist at the time the container is started, and thus similar unit file drop-ins as described - above might be useful. + above might be useful. + + @@ -931,7 +971,9 @@ After=sys-subsystem-net-devices-ens1.device As with , the underlying Ethernet network interface must already exist at the time the container is started, and thus similar unit file drop-ins as described - above might be useful. + above might be useful. + + @@ -971,6 +1013,8 @@ After=sys-subsystem-net-devices-ens1.device host-side interface name independently of the container name — but might require a bit more additional configuration in case bridging in a fashion similar to is desired. + + @@ -986,7 +1030,9 @@ After=sys-subsystem-net-devices-ens1.device used multiple times, and allows configuration of the network interface names. Note that has no effect on interfaces created with - . + . + + @@ -1002,7 +1048,9 @@ After=sys-subsystem-net-devices-ens1.device As with , the underlying bridge network interface must already exist at the time the container is started, and thus similar unit file drop-ins as described - above might be useful. + above might be useful. + + @@ -1031,6 +1079,8 @@ After=sys-subsystem-net-devices-ens1.device network interfaces. Using is hence in most cases fully automatic and sufficient to connect multiple local containers in a joined broadcast domain to the host, with further connectivity to the external network. + + @@ -1048,7 +1098,9 @@ After=sys-subsystem-net-devices-ens1.device for example, . Note that this option cannot be used together with other network-related options, such as - or . + or . + + @@ -1067,7 +1119,9 @@ After=sys-subsystem-net-devices-ens1.device same port as the host port is implied. This option is only supported if private networking is used, such as with , - . + . + + @@ -1102,7 +1156,9 @@ After=sys-subsystem-net-devices-ens1.device This option sets the bounding set of capabilities which also limits the ambient capabilities as given with the - . + . + + @@ -1118,7 +1174,9 @@ After=sys-subsystem-net-devices-ens1.device This option sets the bounding set of capabilities which also limits the ambient capabilities as given with the - . + . + + @@ -1152,7 +1210,9 @@ After=sys-subsystem-net-devices-ens1.device on the payload code of the container cannot acquire new privileges, i.e. the "setuid" file bit as well as file system capabilities will not have an effect anymore. See prctl2 for - details about this flag. + details about this flag. + + @@ -1168,7 +1228,9 @@ After=sys-subsystem-net-devices-ens1.device system call allow list (as opposed to a deny list!), and this command line option hence adds or removes entries from the default allow list, depending on the ~ prefix. Note that the applied system call filter is also altered implicitly if additional capabilities are passed using - the --capabilities=. + the --capabilities=. + + @@ -1177,6 +1239,8 @@ After=sys-subsystem-net-devices-ens1.device Sets the SELinux security context to be used to label processes in the container. + + @@ -1187,6 +1251,8 @@ After=sys-subsystem-net-devices-ens1.device Sets the SELinux security context to be used to label files in the virtual API file systems in the container. + + @@ -1218,7 +1284,9 @@ After=sys-subsystem-net-devices-ens1.device (i.e. is used, see above), any limits set will be applied to the resource usage of the same user on all local containers as well as the host. This means particular care needs to be taken with these limits as they might be triggered by possibly less trusted code. Example: - --rlimit=RLIMIT_NOFILE=8192:16384. + --rlimit=RLIMIT_NOFILE=8192:16384. + + @@ -1228,7 +1296,9 @@ After=sys-subsystem-net-devices-ens1.device /proc/self/oom_score_adj which influences the preference with which this container is terminated when memory becomes scarce. For details see proc5. Takes an - integer in the range -1000…1000. + integer in the range -1000…1000. + + @@ -1237,7 +1307,9 @@ After=sys-subsystem-net-devices-ens1.device Controls the CPU affinity of the container payload. Takes a comma separated list of CPU numbers or number ranges (the latter's start and end value separated by dashes). See sched_setaffinity2 for - details. + details. + + @@ -1250,7 +1322,9 @@ After=sys-subsystem-net-devices-ens1.device x86-64 are supported. This is useful when running a 32-bit container on a 64-bit host. If this setting is not used, the personality reported in the container is the - same as the one reported on the host. + same as the one reported on the host. + + @@ -1314,7 +1388,9 @@ After=sys-subsystem-net-devices-ens1.device bind mount anyway). Note that both if the file is bind mounted and if it is copied no further propagation of configuration is generally done after the one-time early initialization (this is because the file is usually updated through copying and renaming). Defaults to - auto. + auto. + + @@ -1334,7 +1410,9 @@ After=sys-subsystem-net-devices-ens1.device auto and the /etc/localtime file of the host is a symlink, then symlink mode is used, and copy otherwise, except if the image is read-only in which case bind is used instead. Defaults to - auto. + auto. + + @@ -1368,14 +1446,18 @@ After=sys-subsystem-net-devices-ens1.device auto is used. Note that is the default if the - systemd-nspawn@.service template unit file is used. + systemd-nspawn@.service template unit file is used. + + Equivalent to - . + . + + @@ -1435,7 +1517,9 @@ After=sys-subsystem-net-devices-ens1.device directories continue to be owned by the relevant host users and groups, which do not exist in the container, and thus show up under the wildcard UID 65534 (nobody). If such bind mounts are created, it is recommended to make them read-only, using . Alternatively you can use the "idmap" mount option to - map the filesystem IDs. + map the filesystem IDs. + + @@ -1516,7 +1600,9 @@ After=sys-subsystem-net-devices-ens1.device Note that this option cannot be used to replace the root file system of the container with a temporary file system. However, the option described below provides similar - functionality, with a focus on implementing stateless operating system images. + functionality, with a focus on implementing stateless operating system images. + + @@ -1566,7 +1652,9 @@ After=sys-subsystem-net-devices-ens1.device Note that this option cannot be used to replace the root file system of the container with an overlay file system. However, the option described above provides similar functionality, - with a focus on implementing stateless operating system images. + with a focus on implementing stateless operating system images. + + diff --git a/man/systemd-run.xml b/man/systemd-run.xml index a8026df84d..8a509be2ae 100644 --- a/man/systemd-run.xml +++ b/man/systemd-run.xml @@ -131,7 +131,9 @@ Use this unit name instead of an automatically - generated one. + generated one. + + @@ -220,6 +222,8 @@ RemainAfterExit= in systemd.service5. + + @@ -306,7 +310,7 @@ Also see Environment= in systemd.exec5. - + @@ -432,6 +436,8 @@ systemctl1's set-property command. These options may not be combined with or . + + diff --git a/man/systemd-socket-activate.xml b/man/systemd-socket-activate.xml index 2b850c5e18..1250725696 100644 --- a/man/systemd-socket-activate.xml +++ b/man/systemd-socket-activate.xml @@ -132,7 +132,7 @@ ignored. In case less names are given than descriptors, the remaining file descriptors will be unnamed. - + @@ -162,7 +162,9 @@ $SYSTEMD_LOG_LOCATION Same as in - systemd1. + systemd1. + + diff --git a/man/systemd-suspend.service.xml b/man/systemd-suspend.service.xml index 29249365a0..02daecf33b 100644 --- a/man/systemd-suspend.service.xml +++ b/man/systemd-suspend.service.xml @@ -108,6 +108,8 @@ Suspend, hibernate, suspend then hibernate, or put the system to hybrid sleep. + + diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml index 2ae91ab5c1..ac2be5a5c2 100644 --- a/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml @@ -81,7 +81,9 @@ Configures various parameters of basic manager operation. These options may be overridden by the respective process and kernel command line arguments. See systemd1 for - details. + details. + + @@ -182,7 +184,9 @@ recommended to enable KExecWatchdogSec= only if RuntimeWatchdogSec= is also enabled. - These settings have no effect if a hardware watchdog is not available. + These settings have no effect if a hardware watchdog is not available. + + @@ -388,7 +392,9 @@ default to &DEFAULT_TIMEOUT; in the system manager and &DEFAULT_USER_TIMEOUT; in the user manager. DefaultTimeoutAbortSec= is not set by default so that all units fall back to TimeoutStopSec=. DefaultRestartSec= defaults to 100 ms. - + + + @@ -417,7 +423,9 @@ for details on the per-service settings. DefaultStartLimitIntervalSec= defaults to 10s. DefaultStartLimitBurst= defaults to - 5. + 5. + + @@ -482,6 +490,8 @@ DefaultMemoryAccounting= defaults to &MEMORY_ACCOUNTING_DEFAULT;. DefaultTasksAccounting= defaults to yes. The other settings default to no. + + diff --git a/man/systemd-timesyncd.service.xml b/man/systemd-timesyncd.service.xml index 56cf4bce2f..87625ac3f2 100644 --- a/man/systemd-timesyncd.service.xml +++ b/man/systemd-timesyncd.service.xml @@ -87,7 +87,7 @@ ensure that the system clock remains somewhat reasonably initialized and roughly monotonic across reboots, in case no battery-buffered local RTC is available. - + diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml index 1e88046237..c048927882 100644 --- a/man/systemd-tmpfiles.xml +++ b/man/systemd-tmpfiles.xml @@ -180,7 +180,7 @@ specified prefix. This option can be specified multiple times. - + diff --git a/man/systemd-tty-ask-password-agent.xml b/man/systemd-tty-ask-password-agent.xml index e3925b923e..864dff3ff5 100644 --- a/man/systemd-tty-ask-password-agent.xml +++ b/man/systemd-tty-ask-password-agent.xml @@ -108,7 +108,7 @@ the calling TTY. If DEVICE is not specified, /dev/console will be used. - + diff --git a/man/systemd-udevd.service.xml b/man/systemd-udevd.service.xml index 853fed15bc..27d0e02195 100644 --- a/man/systemd-udevd.service.xml +++ b/man/systemd-udevd.service.xml @@ -65,6 +65,8 @@ Detach and run in the background. + + @@ -73,6 +75,8 @@ Print debug messages to standard error. + + @@ -81,6 +85,8 @@ Limit the number of events executed in parallel. + + @@ -93,6 +99,8 @@ might be useful when debugging system crashes during coldplug caused by loading non-working kernel modules. + + @@ -102,6 +110,8 @@ Set the number of seconds to wait for events to finish. After this time, the event will be terminated. The default is 180 seconds. + + @@ -132,6 +142,8 @@ , names will be resolved for every event. When set to , names will never be resolved and all devices will be owned by root. + + @@ -159,7 +171,7 @@ Limit the number of events executed in parallel. - + @@ -171,7 +183,7 @@ debugging system crashes during coldplug caused by loading non-working kernel modules. - + @@ -182,7 +194,7 @@ of seconds. This option might be useful if events are terminated due to kernel drivers taking too long to initialize. - + diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 1521dfd763..e5c1812643 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -190,7 +190,9 @@ systemd-soft-reboot.service8), in case the service is configured to survive it. - + + + @@ -350,7 +352,9 @@ In order to allow propagating mounts at runtime in a safe manner, /run/systemd/propagate on the host will be used to set up new mounts, and /run/host/incoming/ in the private namespace - will be used as an intermediate step to store them before being moved to the final mount point. + will be used as an intermediate step to store them before being moved to the final mount point. + + @@ -440,7 +444,9 @@ InaccessiblePaths=, or under /home/ and other protected directories if ProtectHome=yes is specified. TemporaryFileSystem= with :ro or - ProtectHome=tmpfs should be used instead. + ProtectHome=tmpfs should be used instead. + + @@ -674,7 +680,9 @@ owned by the dynamic user/group that are not subject to the lifecycle and access guarantees of the service. Note that this option is currently incompatible with D-Bus policies, thus a service using this option may currently not allocate a D-Bus service name (note that this does not affect calling - into other D-Bus services). Defaults to off. + into other D-Bus services). Defaults to off. + + @@ -779,7 +787,9 @@ CapabilityBoundingSet=~CAP_B CAP_C give it some capabilities. Note that in this case option keep-caps is automatically added to SecureBits= to retain the capabilities over the user change. AmbientCapabilities= does not affect commands prefixed with - +. + +. + + @@ -819,7 +829,9 @@ CapabilityBoundingSet=~CAP_B CAP_C crontab1, systemd-run1, or - arbitrary IPC services. + arbitrary IPC services. + + @@ -856,7 +868,9 @@ CapabilityBoundingSet=~CAP_B CAP_C non-overridden context. This does not affect commands prefixed with +. See setexeccon3 - for details. + for details. + + @@ -866,6 +880,8 @@ CapabilityBoundingSet=~CAP_B CAP_C this profile when started. Profiles must already be loaded in the kernel, or the unit will fail. If prefixed by -, all errors will be ignored. This setting has no effect if AppArmor is not enabled. This setting does not affect commands prefixed with +. + + @@ -881,7 +897,9 @@ CapabilityBoundingSet=~CAP_B CAP_C The value may be prefixed by -, in which case all errors will be ignored. An empty value may be specified to unset previous assignments. This does not affect commands prefixed with - +. + +. + + @@ -1146,7 +1164,9 @@ CapabilityBoundingSet=~CAP_B CAP_C is selected the unique invocation ID for the unit (see below) is added as a protected key by the name invocation_id to the newly created session keyring. Defaults to for services of the system service manager and to for - non-service units and for services of the user service manager. + non-service units and for services of the user service manager. + + @@ -1191,7 +1211,9 @@ CapabilityBoundingSet=~CAP_B CAP_C feature is useful when running 32-bit services on a 64-bit host system. If not specified, the personality is left unmodified and thus reflects the personality of the host system's kernel. This option is not useful on architectures for which only one native word width was ever available, such - as m68k (32-bit only) or alpha (64-bit only). + as m68k (32-bit only) or alpha (64-bit only). + + @@ -1360,7 +1382,9 @@ CapabilityBoundingSet=~CAP_B CAP_C ReadWritePaths= may be used to exclude specific directories from being made read-only. This setting is implied if DynamicUser= is set. This setting cannot ensure protection in all cases. In general it has the same limitations as ReadOnlyPaths=, see below. Defaults to - off. + off. + + @@ -1387,7 +1411,9 @@ CapabilityBoundingSet=~CAP_B CAP_C DynamicUser= is set. This setting cannot ensure protection in all cases. In general it has the same limitations as ReadOnlyPaths=, see below. - + + + @@ -1529,7 +1555,9 @@ StateDirectory=aaa/bbb ccc RuntimeDirectory=foo:bar foo:baz the service manager creates /run/foo (if it does not exist), and /run/bar plus /run/baz as symlinks to - /run/foo. + /run/foo. + + @@ -1544,7 +1572,9 @@ StateDirectory=aaa/bbb ccc ConfigurationDirectory=, respectively, as an octal number. Defaults to 0755. See "Permissions" in path_resolution7 for a - discussion of the meaning of permission bits. + discussion of the meaning of permission bits. + + @@ -1558,7 +1588,9 @@ StateDirectory=aaa/bbb ccc foo.service. If set to , then the directories are not removed when the service is stopped. Note that since the runtime directory /run/ is a mount point of tmpfs, then for system services the directories specified in - RuntimeDirectory= are removed when the system is rebooted. + RuntimeDirectory= are removed when the system is rebooted. + + @@ -1643,7 +1675,9 @@ NoExecPaths=/ ExecPaths=/usr/sbin/my_daemon /usr/lib /usr/lib64 - + + + @@ -1737,7 +1771,9 @@ BindReadOnlyPaths=/var/lib/systemd When access to some but not all devices must be possible, the DeviceAllow= setting might be used instead. See systemd.resource-control5. - + + + @@ -1897,7 +1933,9 @@ BindReadOnlyPaths=/var/lib/systemd Note that the implementation of this setting might be impossible (for example if user namespaces are not available), and the unit should be written in a way that does not solely rely on this setting for - security. + security. + + @@ -1968,7 +2006,9 @@ BindReadOnlyPaths=/var/lib/systemd inaccessible. If ProtectKernelTunables= is set, MountAPIVFS=yes is implied. - + + + @@ -1989,7 +2029,9 @@ BindReadOnlyPaths=/var/lib/systemd but the unit doesn't have the CAP_SYS_ADMIN capability (e.g. services for which User= is set), NoNewPrivileges=yes is implied. - + + + @@ -2025,7 +2067,9 @@ BindReadOnlyPaths=/var/lib/systemd above. Defaults to off. If ProtectControlGroups= is set, MountAPIVFS=yes is implied. - + + + @@ -2060,7 +2104,9 @@ BindReadOnlyPaths=/var/lib/systemd AF_UNIX address family should be included in the configured allow list as it is frequently used for local communication, including for syslog2 - logging. + logging. + + @@ -2195,7 +2241,9 @@ RestrictNamespaces=cgroup net If the second line is prefixed with ~, e.g., RestrictNamespaces=cgroup ipc RestrictNamespaces=~cgroup net - then, only ipc is set. + then, only ipc is set. + + @@ -2207,7 +2255,9 @@ RestrictNamespaces=~cgroup net Personality= directive. This may be useful to improve security, because odd personality emulations may be poorly tested and source of vulnerabilities. If running in user mode, or in system mode, but without the CAP_SYS_ADMIN capability (e.g. setting User=), - NoNewPrivileges=yes is implied. + NoNewPrivileges=yes is implied. + + @@ -2239,7 +2289,9 @@ RestrictNamespaces=~cgroup net restrictions of this option. Specifically, it is recommended to combine this option with SystemCallArchitectures=native or similar. If running in user mode, or in system mode, but without the CAP_SYS_ADMIN capability (e.g. setting - User=), NoNewPrivileges=yes is implied. + User=), NoNewPrivileges=yes is implied. + + @@ -2254,7 +2306,9 @@ RestrictNamespaces=~cgroup net NoNewPrivileges=yes is implied. Realtime scheduling policies may be used to monopolize CPU time for longer periods of time, and may hence be used to lock up or otherwise trigger Denial-of-Service situations on the system. It is hence recommended to restrict access to realtime scheduling to the few programs - that actually require them. Defaults to off. + that actually require them. Defaults to off. + + @@ -2287,7 +2341,9 @@ RestrictNamespaces=~cgroup net multiple units use the same user or group the IPC objects are removed when the last of these units is stopped. This setting is implied if DynamicUser= is set. - + + + @@ -2586,7 +2642,9 @@ SystemCallErrorNumber=EPERM PrivateDevices=, ProtectSystem=, ProtectHome=, ProtectKernelTunables=, ProtectControlGroups=, ProtectKernelLogs=, ProtectClock=, ReadOnlyPaths=, - InaccessiblePaths= and ReadWritePaths=. + InaccessiblePaths= and ReadWritePaths=. + + @@ -2599,7 +2657,9 @@ SystemCallErrorNumber=EPERM project='man-pages'>errno3 for a full list of error codes. When this setting is not used, or when the empty string or the special setting kill is assigned, the process will be terminated immediately when the - filter is triggered. + filter is triggered. + + @@ -2631,7 +2691,9 @@ SystemCallErrorNumber=EPERM System call architectures may also be restricted system-wide via the SystemCallArchitectures= option in the global configuration. See systemd-system.conf5 for - details. + details. + + @@ -2781,7 +2843,9 @@ SystemCallErrorNumber=EPERM See environ7 for details - about environment variables. + about environment variables. + + @@ -2805,7 +2869,9 @@ SystemCallErrorNumber=EPERM See "Environment Variables in Spawned Processes" below for a description of how those settings combine to form the inherited environment. See environ7 for general - information about environment variables. + information about environment variables. + + @@ -3392,7 +3458,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX consumers. For further information see System and Service - Credentials documentation. + Credentials documentation. + + @@ -3449,7 +3517,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX SetCredential=. As such, SetCredential= will act as default if no credentials are found by any of the former. In this case not being able to retrieve the credential from the path specified in LoadCredential= or - LoadCredentialEncrypted= is not considered fatal. + LoadCredentialEncrypted= is not considered fatal. + + @@ -3489,7 +3559,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX utmp/wtmp logic. If user is set, first an INIT_PROCESS entry, then a LOGIN_PROCESS entry and finally a USER_PROCESS entry is generated. In this case, the invoked process may be any process that is suitable to be run as session - leader. Defaults to init. + leader. Defaults to init. + + @@ -3562,7 +3634,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin in the system manager. In case of the user manager, a different path may be configured by the distribution. It is recommended to not rely on the order of entries, and have only one program - with a given name in $PATH. + with a given name in $PATH. + + @@ -3573,7 +3647,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX or on the kernel command line (see systemd1 and kernel-command-line7). - + + + @@ -3587,7 +3663,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX User= set, which includes user systemd instances. See passwd5. - + + + @@ -3597,7 +3675,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX as 32 character hexadecimal string. A new ID is assigned each time the unit changes from an inactive state into an activating or active state, and may be used to identify this specific runtime cycle, in particular in data stored offline, such as the journal. The same ID is passed to all processes run as part of the - unit. + unit. + + @@ -3607,7 +3687,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX services run by the user systemd instance, as well as any system services that use PAMName= with a PAM stack that includes pam_systemd. See below and pam_systemd8 for more - information. + information. + + @@ -3621,6 +3703,8 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX RuntimeDirectory=, StateDirectory=, CacheDirectory=, LogsDirectory=, and ConfigurationDirectory= when those settings are used. + + @@ -3631,7 +3715,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX ImportCredential=/LoadCredential=/SetCredential=. The directory is marked read-only and is placed in unswappable memory (if supported and permitted), and is only accessible to the UID associated with the unit via User= or - DynamicUser= (and the superuser). + DynamicUser= (and the superuser). + + @@ -3639,14 +3725,18 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX The PID of the unit's main process if it is known. This is only set for control processes as invoked by - ExecReload= and similar. + ExecReload= and similar. + + $MANAGERPID The PID of the user systemd - instance, set for processes spawned by it. + instance, set for processes spawned by it. + + @@ -3657,7 +3747,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX Information about file descriptors passed to a service for socket activation. See sd_listen_fds3. - + + + @@ -3665,7 +3757,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX The socket sd_notify() talks to. See sd_notify3. - + + + @@ -3674,7 +3768,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX Information about watchdog keep-alive notifications. See sd_watchdog_enabled3. - + + + @@ -3698,14 +3794,18 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX StandardOutput=tty, or StandardError=tty). See termcap5. - + + + $LOG_NAMESPACE Contains the name of the selected logging namespace when the - LogNamespace= service setting is used. + LogNamespace= service setting is used. + + @@ -3731,7 +3831,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX protocol to the native journal protocol (using sd_journal_print3 and other functions) if their standard output or standard error output is connected to the journal anyway, thus enabling - delivery of structured metadata along with logged messages. + delivery of structured metadata along with logged messages. + + @@ -3798,7 +3900,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX though this variable is available in both ExecStop= and ExecStopPost=, it is usually a better choice to place monitoring tools in the latter, as the former is only invoked for services that managed to start up correctly, and the latter covers both services that failed during their start-up and - those which failed during their runtime. + those which failed during their runtime. + + @@ -3914,7 +4018,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX - + + + @@ -3952,7 +4058,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX systemd.service5 for details. Service code may use this environment variable to automatically generate a PID file at the location configured in the unit file. This field is set to an absolute path in the file - system. + system. + + diff --git a/man/systemd.journal-fields.xml b/man/systemd.journal-fields.xml index 04d661e82c..365f61e38f 100644 --- a/man/systemd.journal-fields.xml +++ b/man/systemd.journal-fields.xml @@ -531,6 +531,8 @@ system and session units. See coredumpctl1. + + diff --git a/man/systemd.link.xml b/man/systemd.link.xml index cbc812c1e4..62578f48e4 100644 --- a/man/systemd.link.xml +++ b/man/systemd.link.xml @@ -146,6 +146,8 @@ (for IPv6 tunnel), or 20 (for InfiniBand). This option may appear more than once, in which case the lists are merged. If the empty string is assigned to this option, the list of hardware addresses defined prior to this is reset. Defaults to unset. + + @@ -170,6 +172,8 @@ A whitespace-separated list of shell-style globs matching the persistent path, as exposed by the udev property ID_PATH. + + @@ -180,6 +184,8 @@ device, as exposed by the udev property ID_NET_DRIVER of its parent device, or if that is not set, the driver as exposed by ethtool -i of the device itself. If the list is prefixed with a "!", the test is inverted. + + @@ -192,6 +198,8 @@ Valid types are named either from the udev DEVTYPE attribute, or ARPHRD_ macros in linux/if_arp.h, so this is not comprehensive. + + @@ -249,6 +257,8 @@ for details. When prefixed with an exclamation mark (!), the result is negated. If an empty string is assigned, the previously assigned value is cleared. + + @@ -261,6 +271,8 @@ for details. When prefixed with an exclamation mark (!), the result is negated. If an empty string is assigned, the previously assigned value is cleared. + + @@ -273,6 +285,8 @@ for details. When prefixed with an exclamation mark (!), the result is negated. If an empty string is assigned, the previously assigned value is cleared. + + @@ -313,6 +327,8 @@ for details. When prefixed with an exclamation mark (!), the result is negated. If an empty string is assigned, the previously assigned value is cleared. + + @@ -344,12 +360,16 @@ Description= A description of the device. + + Alias= The ifalias interface property is set to this value. + + @@ -372,6 +392,8 @@ properties to exist for the link. On hardware where these properties are not set, the generation of a persistent MAC address will fail. + + @@ -383,6 +405,8 @@ boot. Either way, the random address will have the unicast and locally administered bits set. + + @@ -397,6 +421,8 @@ An empty string assignment is equivalent to setting none. + + @@ -406,7 +432,7 @@ MACAddressPolicy= must either be unset, empty, or none. - + @@ -439,6 +465,8 @@ Hardware Database with the key ID_NET_NAME_FROM_DATABASE. + + @@ -449,6 +477,8 @@ udev property ID_NET_NAME_ONBOARD. See systemd.net-naming-scheme7. + + @@ -459,6 +489,8 @@ udev property ID_NET_NAME_SLOT. See systemd.net-naming-scheme7. + + @@ -469,6 +501,8 @@ ID_NET_NAME_PATH. See systemd.net-naming-scheme7. + + @@ -479,6 +513,8 @@ ID_NET_NAME_MAC. See systemd.net-naming-scheme7. + + @@ -491,6 +527,8 @@ + + @@ -517,6 +555,8 @@ ambiguity with interface specification by numeric indexes), as are the special strings ., .., all and default. + + @@ -582,6 +622,8 @@ The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G are supported and are understood to the base of 1024. + + @@ -590,6 +632,8 @@ The speed to set for the device, the value is rounded down to the nearest Mbps. The usual suffixes K, M, G are supported and are understood to the base of 1000. + + @@ -597,6 +641,8 @@ The duplex mode to set for the device. The accepted values are and . + + @@ -626,6 +672,8 @@ Wake on PHY activity. + + @@ -665,6 +713,8 @@ Wake on receipt of a magic packet. + + @@ -690,6 +740,8 @@ Defaults to unset, and the device's default will be used. This setting can be specified multiple times. If an empty string is assigned, then the all previous assignments are cleared. + + @@ -917,6 +969,8 @@ Takes an unsigned integer in the range 1…4294967295 or max. If set to max, the advertised maximum value of the hardware will be used. When unset, the number will not be changed. Defaults to unset. + + @@ -930,6 +984,8 @@ the range 1…4294967295 or max. If set to max, the advertised maximum value of the hardware will be used. When unset, the number will not be changed. Defaults to unset. + + diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml index f1e43f2a40..4cdd41c995 100644 --- a/man/systemd.mount.xml +++ b/man/systemd.mount.xml @@ -289,7 +289,9 @@ An automount unit will be created for the file system. See systemd.automount5 - for details. + for details. + + @@ -317,6 +319,8 @@ /etc/fstab, and will be ignored when part of the Options= setting in a unit file. + + @@ -443,6 +447,8 @@ Note that if (see above) is used, neither nor have any effect. The matching automount unit will be added as a dependency to the appropriate target. + + @@ -453,6 +459,8 @@ local-fs.target or remote-fs.target. Moreover the mount unit is not ordered before these target units. This means that the boot will continue without waiting for the mount unit and regardless whether the mount point can be mounted successfully. + + @@ -466,7 +474,9 @@ leave the partition mounted until final shutdown. Or in other words, if this flag is set it is assumed the mount shall be active during the entire regular runtime of the system, i.e. established before the initrd transitions into the host all the way until the host transitions to the final - shutdown phase. + shutdown phase. + + diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml index d8ac09c7cb..8932c11f05 100644 --- a/man/systemd.net-naming-scheme.xml +++ b/man/systemd.net-naming-scheme.xml @@ -129,6 +129,8 @@ + + @@ -243,6 +245,8 @@ In some configurations a parent PCI bridge of a given network controller may be associated with a slot. In such case we don't generate this device property to avoid possible naming conflicts. + + @@ -311,6 +315,8 @@ For PCI, BCMA, and USB devices, the same rules as described above for slot naming are used. + + diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 26b0e40861..3f1b18b2af 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -243,6 +243,8 @@ The interface name used when creating the netdev. This setting is compulsory. + + @@ -251,6 +253,8 @@ The netdev kind. This setting is compulsory. See the Supported netdev kinds section for the valid keys. + + @@ -452,6 +456,8 @@ The VLAN ID to use. An integer in the range 0…4094. This setting is compulsory. + + @@ -515,6 +521,8 @@ 1…4294967294, in the format from-to, e.g., 21-7 45-5. Note that from must be greater than or equal to to. When unset, the kernel's default will be used. + + @@ -538,6 +546,8 @@ passthru, and source. + + @@ -742,7 +752,7 @@ Takes a boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on. - + @@ -758,7 +768,7 @@ Takes a boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on. - + @@ -846,6 +856,8 @@ Takes a boolean. When true, the vxlan interface is created without any underlying network interface. Defaults to false, which means that a .network file that requests this VXLAN interface using VXLAN= is required for the VXLAN to be created. + + @@ -864,6 +876,8 @@ Specifies the Virtual Network Identifier (VNI) to use, a number between 0 and 16777215. This field is mandatory. + + diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 62adac34e1..c3b8e4778c 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -98,6 +98,8 @@ A whitespace-separated list of shell-style globs matching the device name, as exposed by the udev property INTERFACE, or device's alternative names. If the list is prefixed with a "!", the test is inverted. + + @@ -157,6 +159,8 @@ MACAddress= The hardware address to set for the device. + + @@ -344,6 +348,8 @@ Description= A description of the device. This is only used for presentation purposes. + + @@ -365,6 +371,8 @@ See the [DHCPv4] or [DHCPv6] sections below for further configuration options for the DHCP client support. + + @@ -645,6 +653,8 @@ Table=1234 10.0.0.0/8 for IPv4, and fd00::/8 for IPv6. This functionality is useful to manage a large number of dynamically created network interfaces with the same network configuration and automatic address range assignment. + + @@ -655,6 +665,8 @@ Table=1234 inet_pton3. This is a short-hand for a [Route] section only containing a Gateway= key. This option may be specified more than once. + + @@ -673,6 +685,8 @@ Table=1234 assigned, then the all previous assignments are cleared. This setting is read by systemd-resolved.service8. + + @@ -996,6 +1010,8 @@ Table=1234 to. See systemd.netdev5. + + @@ -1015,6 +1031,8 @@ Table=1234 VXLAN, or Xfrm to be created on the link. See systemd.netdev5. This option may be specified more than once. + + @@ -1128,7 +1146,7 @@ Table=1234 As in the [Network] section. This setting is mandatory. Each [Address] section can contain one Address= setting. - + @@ -1150,6 +1168,8 @@ Table=1234 If set to true, then the IPv4 broadcast address will be derived from the Address= setting. If set to false, then the broadcast address will not be set. Defaults to true, except for wireguard interfaces, where it default to false. + + @@ -1158,6 +1178,8 @@ Table=1234 Specifies the label for the IPv4 address. The label must be a 7-bit ASCII string with a length of 1…15 characters. Defaults to unset. + + @@ -1197,6 +1219,8 @@ Table=1234 address, taking the configured prefix length into account. Takes an unsigned integer in the range 0…4294967295. When unset or set to 0, the kernel's default value is used. This setting will be ignored when AddPrefixRoute= is false. + + @@ -1766,7 +1790,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix _ipv6ra. If _dhcp4 or _ipv6ra is set, then the gateway address provided by DHCPv4 or IPv6 RA is used. - + @@ -1778,7 +1802,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix can insert the route in the kernel table without it being complained about. Defaults to no. - + @@ -1787,6 +1811,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix The destination prefix of the route. Possibly followed by a slash and the prefix length. If omitted, a full-length host route is assumed. + + @@ -1890,7 +1916,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix anycast, or nat, then local is used. In other cases, defaults to main. - + @@ -1932,6 +1958,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix is generated. If throw, route lookup in the current routing table will fail and the route selection process will return to Routing Policy Database (RPDB). Defaults to unicast. + + @@ -2078,6 +2106,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix hostname must consist only of 7-bit ASCII lower-case characters and no spaces or dots, and be formatted as a valid DNS domain name. Otherwise, the hostname is not sent even if this option is true. + + @@ -2087,6 +2117,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix Use this value for the hostname which is sent to the DHCP server, instead of machine's hostname. Note that the specified hostname must consist only of 7-bit ASCII lower-case characters and no spaces or dots, and be formatted as a valid DNS domain name. + + @@ -2117,6 +2149,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix DUID, is used. IAID can be configured by IAID=. DUID can be configured by DUIDType= and DUIDRawData=. Defaults to . + + @@ -2124,6 +2158,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix VendorClassIdentifier= The vendor class identifier used to identify vendor type and configuration. + + @@ -2135,6 +2171,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix represents the user class of which the client is a member. Each class sets an identifying string of information to be used by the DHCP service to classify clients. Takes a whitespace-separated list of strings. + + @@ -2144,6 +2182,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix Override the global DUIDType= setting for this network. See networkd.conf5 for a description of possible values. + + @@ -2153,6 +2193,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix Override the global DUIDRawData= setting for this network. See networkd.conf5 for a description of possible values. + + @@ -2161,6 +2203,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix The DHCP Identity Association Identifier (IAID) for the interface, a 32-bit unsigned integer. + + @@ -2185,6 +2229,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix Windows, in order to reduce the ability to fingerprint and recognize installations. This means DHCP request sizes will grow and lease data will be more comprehensive than normally, though most of the requested data is not actually used. + + @@ -2242,6 +2288,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix sent from the DHCPv4 client. When CS6 (network control) or CS4 (realtime), the corresponding service type will be set. Defaults to CS6. + + @@ -2282,6 +2330,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix This corresponds to the option in resolv.conf5. + + @@ -2301,6 +2351,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix When true (the default), the NTP servers received from the DHCP server will be used by systemd-timesyncd.service. + + @@ -2345,6 +2397,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix Note, some drivers will reset the interfaces if the MTU is changed. For such interfaces, please try to use IgnoreCarrierLoss= with a short timespan, e.g. 3 seconds. + + @@ -2353,6 +2407,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix When true (the default), the hostname received from the DHCP server will be set as the transient hostname of the system. + + @@ -2374,6 +2430,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix When set to true, this setting corresponds to the option in resolv.conf5. + + @@ -2387,6 +2445,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix own address, the scope will be set to . Otherwise if the gateway is null (a direct route), a scope will be used. For anything else, scope defaults to . + + @@ -2396,6 +2456,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix Set the routing metric for routes specified by the DHCP server (including the prefix route added for the specified prefix). Takes an unsigned integer in the range 0…4294967295. Defaults to 1024. + + @@ -2410,6 +2472,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix When used in combination with VRF=, the VRF's routing table is used when this parameter is not specified. + + @@ -2465,7 +2529,9 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix UseTimezone= When true, the timezone received from the DHCP server will be set as timezone - of the local system. Defaults to false. + of the local system. Defaults to false. + + @@ -2501,6 +2567,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix This is necessary for devices that cannot receive RAW packets, or that cannot receive packets at all before an IP address has been configured. On the other hand, this must not be enabled on networks where broadcasts are filtered out. + + @@ -2521,6 +2589,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix ListenPort= Set the port from which the DHCP client packets originate. + + @@ -2615,6 +2685,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix RequestOptions= As in the [DHCPv4] section. + + @@ -2749,6 +2821,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix SendRelease= As in the [DHCPv4] section. + + @@ -2816,6 +2890,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix RFC 4291, section 2.5.4), in which case the allowed value is hexadecimal, from 0 to 0x7fffffffffffffff inclusive. + + @@ -2826,6 +2902,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix is enabled, the delegated prefixes are distributed through the IPv6 Router Advertisement. This setting will be ignored when the DHCPPrefixDelegation= setting is enabled on the upstream interface. Defaults to yes. + + @@ -2837,6 +2915,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix interface), the EUI-64 algorithm will be used by default to form an interface identifier from the delegated prefixes. See also Token= setting below. Defaults to yes. + + @@ -2847,6 +2927,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix delegated prefix. This accepts the same syntax as Token= in the [IPv6AcceptRA] section. If Assign= is set to false, then this setting will be ignored. Defaults to unset, which means the EUI-64 algorithm will be used. + + @@ -2854,6 +2936,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix ManageTemporaryAddress= As in the [Address] section, but defaults to true. + + @@ -2863,6 +2947,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix The metric of the route to the delegated prefix subnet. Takes an unsigned integer in the range 0…4294967295. When set to 0, the kernel's default value is used. Defaults to 256. + + @@ -3000,6 +3086,8 @@ Token=prefixstable:2002:da8:1:: This corresponds to the option in resolv.conf5. + + @@ -3020,6 +3108,8 @@ Token=prefixstable:2002:da8:1:: When set to true, this setting corresponds to the option in resolv.conf5. + + @@ -3409,7 +3499,9 @@ ServerAddress=192.168.0.1/24 Similar to the EmitDNS= and DNS= settings described above, these settings configure whether and what server information for the indicate protocol shall be emitted as part of the DHCP lease. The same syntax, propagation semantics and - defaults apply as for EmitDNS= and DNS=. + defaults apply as for EmitDNS= and DNS=. + + @@ -3423,7 +3515,9 @@ ServerAddress=192.168.0.1/24 the router option. When the EmitRouter= setting is disabled, the Router= setting will be ignored. The EmitRouter= setting defaults to true, and the Router= setting defaults to unset. - + + + @@ -3575,7 +3669,9 @@ ServerAddress=192.168.0.1/24 MACAddress= - The hardware address of a device to match. This key is mandatory. + The hardware address of a device to match. This key is mandatory. + + @@ -3609,7 +3705,9 @@ ServerAddress=192.168.0.1/24 OtherInformation= is set to true. Both settings default to false, which means that a DHCPv6 server is not being - used. + used. + + @@ -3618,6 +3716,8 @@ ServerAddress=192.168.0.1/24 Takes a timespan. Configures the IPv6 router lifetime in seconds. The value must be 0 seconds, or between 4 seconds and 9000 seconds. When set to 0, the host is not acting as a router. Defaults to 1800 seconds (30 minutes). + + @@ -3642,7 +3742,9 @@ ServerAddress=192.168.0.1/24 default added as synonyms for medium just to make configuration easier. See RFC 4191 - for details. Defaults to medium. + for details. Defaults to medium. + + @@ -3680,7 +3782,9 @@ ServerAddress=192.168.0.1/24 read from the [Network] section. If the [Network] section does not contain any DNS servers either, DNS servers from the uplink interface specified in UplinkInterface= will be used. When EmitDNS= is false, no DNS server information is sent in - Router Advertisement messages. EmitDNS= defaults to true. + Router Advertisement messages. EmitDNS= defaults to true. + + @@ -3693,7 +3797,9 @@ ServerAddress=192.168.0.1/24 search domains either, DNS search domains from the uplink interface specified in UplinkInterface= will be used. When EmitDomains= is false, no DNS search domain information is sent in Router Advertisement messages. - EmitDomains= defaults to true. + EmitDomains= defaults to true. + + @@ -3701,7 +3807,9 @@ ServerAddress=192.168.0.1/24 Lifetime in seconds for the DNS server addresses listed in DNS= and search domains listed in Domains=. Defaults to - 3600 seconds (one hour). + 3600 seconds (one hour). + + @@ -4051,6 +4159,8 @@ ServerAddress=192.168.0.1/24 MACAddress= As in the [Network] section. This key is mandatory. + + @@ -4125,6 +4235,8 @@ ServerAddress=192.168.0.1/24 VLANId= The VLAN ID for the new entry. Valid ranges are 0 (no VLAN) to 4094. Optional, defaults to 0. + + @@ -4356,6 +4468,8 @@ ServerAddress=192.168.0.1/24 Specifies the parent Queueing Discipline (qdisc). Takes one of clsact or ingress. This is mandatory. + + @@ -5334,7 +5448,7 @@ ServerAddress=192.168.0.1/24 Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and kernel's default is used. - + @@ -5622,6 +5736,8 @@ ServerAddress=192.168.0.1/24 The VLAN ID allowed on the port. This can be either a single ID or a range M-N. Takes an integer in the range 1…4094. + + diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index 9ee4ded0d9..7668e25f7e 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -195,6 +195,8 @@ CPUWeight=20 DisableControllers=cpu / \ Under the unified cgroup hierarchy, CPU accounting is available for all units and this setting has no effect. + + @@ -238,6 +240,8 @@ CPUWeight=20 DisableControllers=cpu / \ project='man-pages'>sched7. The effect of this feature is similar to the controller with no explicit configuration, so users should be careful to not mistake one for the other. + + @@ -259,6 +263,8 @@ CPUWeight=20 DisableControllers=cpu / \ Example: CPUQuota=20% ensures that the executed processes will never get more than 20% CPU time on one CPU. + + @@ -280,6 +286,8 @@ CPUWeight=20 DisableControllers=cpu / \ CFS Scheduler. Example: CPUQuotaPeriodSec=10ms to request that the CPU quota is measured in periods of 10ms. + + @@ -303,6 +311,8 @@ CPUWeight=20 DisableControllers=cpu / \ boot-up and shutdown differently than during normal runtime. This setting is supported only with the unified control group hierarchy. + + @@ -326,6 +336,8 @@ CPUWeight=20 DisableControllers=cpu / \ for this setting may be controlled with DefaultMemoryAccounting= in systemd-system.conf5. + + @@ -372,6 +384,8 @@ CPUWeight=20 DisableControllers=cpu / \ MemoryMin= applies to normal runtime of the system, and if the former is not set also to the startup and shutdown phases. Using StartupMemoryLow= allows prioritizing specific services at boot-up and shutdown differently than during normal runtime. + + @@ -398,6 +412,8 @@ CPUWeight=20 DisableControllers=cpu / \ MemoryHigh= applies to normal runtime of the system, and if the former is not set also to the startup and shutdown phases. Using StartupMemoryHigh= allows prioritizing specific services at boot-up and shutdown differently than during normal runtime. + + @@ -424,6 +440,8 @@ CPUWeight=20 DisableControllers=cpu / \ MemoryMax= applies to normal runtime of the system, and if the former is not set also to the startup and shutdown phases. Using StartupMemoryMax= allows prioritizing specific services at boot-up and shutdown differently than during normal runtime. + + @@ -446,6 +464,8 @@ CPUWeight=20 DisableControllers=cpu / \ MemorySwapMax= applies to normal runtime of the system, and if the former is not set also to the startup and shutdown phases. Using StartupMemorySwapMax= allows prioritizing specific services at boot-up and shutdown differently than during normal runtime. + + @@ -472,6 +492,8 @@ CPUWeight=20 DisableControllers=cpu / \ MemoryZSwapMax= applies to normal runtime of the system, and if the former is not set also to the startup and shutdown phases. Using StartupMemoryZSwapMax= allows prioritizing specific services at boot-up and shutdown differently than during normal runtime. + + @@ -496,6 +518,8 @@ CPUWeight=20 DisableControllers=cpu / \ boot-up and shutdown differently than during normal runtime. This setting is supported only with the unified control group hierarchy. + + @@ -518,6 +542,8 @@ CPUWeight=20 DisableControllers=cpu / \ slice and for all its parent slices and the units contained therein. The system default for this setting may be controlled with DefaultTasksAccounting= in systemd-system.conf5. + + @@ -539,6 +565,8 @@ CPUWeight=20 DisableControllers=cpu / \ The system default for this setting may be controlled with DefaultTasksMax= in systemd-system.conf5. + + @@ -560,6 +588,8 @@ CPUWeight=20 DisableControllers=cpu / \ therein. The system default for this setting may be controlled with DefaultIOAccounting= in systemd-system.conf5. + + @@ -585,6 +615,8 @@ CPUWeight=20 DisableControllers=cpu / \ the system, and if the former is not set also to the startup and shutdown phases. This allows prioritizing specific services at boot-up and shutdown differently than during runtime. + + @@ -610,6 +642,8 @@ CPUWeight=20 DisableControllers=cpu / \ correctly only for simpler cases, where the file system is directly placed on a partition or physical block device, or where simple 1:1 encryption using dm-crypt/LUKS is used. This discovery does not cover complex storage and in particular RAID and volume management storage devices. + + @@ -634,6 +668,8 @@ CPUWeight=20 DisableControllers=cpu / \ Similar restrictions on block device discovery as for IODeviceWeight= apply, see above. + + @@ -658,6 +694,8 @@ CPUWeight=20 DisableControllers=cpu / \ Similar restrictions on block device discovery as for IODeviceWeight= apply, see above. + + @@ -681,6 +719,8 @@ CPUWeight=20 DisableControllers=cpu / \ These settings are supported only if the unified control group hierarchy is used. Similar restrictions on block device discovery as for IODeviceWeight= apply, see above. + + @@ -708,6 +748,8 @@ CPUWeight=20 DisableControllers=cpu / \ The system default for this setting may be controlled with DefaultIPAccounting= in systemd-system.conf5. + + @@ -813,6 +855,8 @@ CPUWeight=20 DisableControllers=cpu / \ them for IP security. + + @@ -906,6 +950,8 @@ SocketBindDeny=any … + + @@ -954,6 +1000,8 @@ RestrictNetworkInterfaces=~eth1 + + @@ -999,6 +1047,8 @@ RestrictNetworkInterfaces=~eth1 support is not enabled in the underlying kernel or container manager). These settings will fail the service in that case. If compatibility with such systems is desired it is hence recommended to attach your filter manually (requires Delegate=yes) instead of using this setting. + + @@ -1050,6 +1100,8 @@ RestrictNetworkInterfaces=~eth1 Examples:BPFProgram=egress:/sys/fs/bpf/egress-hook BPFProgram=bind6:/sys/fs/bpf/sock-addr-hook + + @@ -1109,6 +1161,8 @@ DeviceAllow=/dev/loop-control … + + @@ -1125,6 +1179,8 @@ DeviceAllow=/dev/loop-control means to only allow types of access that are explicitly specified. + + @@ -1139,6 +1195,8 @@ DeviceAllow=/dev/loop-control /dev/random, and /dev/urandom. + + @@ -1150,11 +1208,15 @@ DeviceAllow=/dev/loop-control explicit DeviceAllow= is present. This is the default. + + + + @@ -1189,6 +1251,8 @@ DeviceAllow=/dev/loop-control systemd.service5, section "Default Dependencies" for details. + + @@ -1234,6 +1298,8 @@ DeviceAllow=/dev/loop-control For further details on the delegation model consult Control Group APIs and Delegation. + + @@ -1281,6 +1347,8 @@ DeviceAllow=/dev/loop-control of the cgroup hierarchy is unmanaged by systemd. + + @@ -1317,6 +1385,8 @@ DeviceAllow=/dev/loop-control cgroup's data for monitoring and detection. However, if an ancestor cgroup has one of these properties set to , a unit with can still be a candidate for systemd-oomd to terminate. + + @@ -1331,6 +1401,8 @@ DeviceAllow=/dev/loop-control which means to use the default set by oomd.conf5. + + @@ -1373,6 +1445,8 @@ DeviceAllow=/dev/loop-control systemd-oomd.service8 and oomd.conf5. + + diff --git a/man/systemd.special.xml b/man/systemd.special.xml index f13c279133..1d1796154e 100644 --- a/man/systemd.special.xml +++ b/man/systemd.special.xml @@ -127,6 +127,8 @@ The root mount point, i.e. the mount unit for the / path. This unit is unconditionally active, during the entire time the system is up, as this mount point is where the basic userspace is running from. + + @@ -177,6 +179,8 @@ systemd-bless-boot.service8 for a service that propagates boot success information to the boot loader, and orders itself after boot-complete.target. + + @@ -283,6 +287,8 @@ shutdown.target, which in turn should be conflicted by all units that want to be scheduled for shutdown when the service manager starts to exit. + + @@ -339,6 +345,8 @@ A special target unit for hibernating and suspending the system at the same time. This pulls in sleep.target. + + @@ -347,6 +355,8 @@ A special target unit for suspending the system for a period of time, waking it and putting it into hibernate. This pulls in sleep.target. + + @@ -372,6 +382,8 @@ This scope unit is where the system and service manager (PID 1) itself resides. It is active as long as the system is running. + + @@ -381,6 +393,8 @@ the main system. It is used to mount the real root and transition to it. See bootup7 for more discussion. + + @@ -394,6 +408,8 @@ sysroot.mount. Thus, once this target is reached the /sysroot/ hierarchy is fully set up, in preparation for the transition to the host OS. + + @@ -406,6 +422,8 @@ systemd-gpt-auto-generator3 automatically setup the appropriate dependencies to make this happen. + + @@ -415,6 +433,8 @@ automatically adds dependencies of type Before= to the sysroot.mount unit, which is generated from the kernel command line's root= setting (or equivalent). + + @@ -482,6 +502,8 @@ A standard target unit for starting all the containers and other virtual machines. See systemd-nspawn@.service for an example. + + @@ -533,6 +555,8 @@ logic. After the system has completed booting up, it will not track the online state of the system anymore. Due to this it cannot be used as a network connection monitor concept, it is purely a one-time system start-up concept. + + @@ -547,6 +571,8 @@ dependencies from this unit. This is best configured via a WantedBy=paths.target in the path unit's [Install] section. + + @@ -592,6 +618,8 @@ devices which are accessed over the network. It is used for crypttab8 entries marked with . + + @@ -699,6 +727,8 @@ section should only be done for units that need to be always active. In that case care needs to be taken to avoid creating a loop through the automatic dependencies on "parent" slices. + + @@ -803,6 +833,8 @@ system-update.target is reached, system-update-cleanup.service will remove the symlinks and reboot the machine. + + @@ -818,6 +850,8 @@ dependencies from this unit. This is best configured via WantedBy=timers.target in the timer unit's [Install] section. + + @@ -897,6 +931,8 @@ This may be used to pull in usb gadget dynamically when UDC hardware is found. + + @@ -939,7 +975,9 @@ part of any transaction unless a storage daemon is used. The instance name for instances of this template unit must be a properly escaped block device node path, e.g. blockdev@dev-mapper-foobar.target for the storage device - /dev/mapper/foobar. + /dev/mapper/foobar. + + cryptsetup-pre.target @@ -952,6 +990,8 @@ particularly useful to ensure that a service is shut down only after all encrypted block devices are fully stopped. + + @@ -991,6 +1031,8 @@ unit before this unit if you want to make use of the console just before getty is started. + + @@ -1041,6 +1083,8 @@ orders itself after this target, but does not pull it in. Also see Running Services After the Network Is Up for more information. + + @@ -1128,6 +1172,8 @@ monotonic. Enable systemd-timesyncd.service8, or an alternative NTP implementation to delay the target. + + @@ -1215,6 +1261,8 @@ The root slice is the root of the slice hierarchy. It usually does not contain units directly, but may be used to set defaults for the whole tree. + + @@ -1223,6 +1271,8 @@ By default, all system services started by systemd are found in this slice. + + @@ -1233,6 +1283,8 @@ behalf of the user, including the per-user systemd instance are found in this slice. This is pulled in by systemd-logind.service. + + @@ -1243,6 +1295,8 @@ registered with systemd-machined are found in this slice. This is pulled in by systemd-machined.service. + + @@ -1266,6 +1320,8 @@ compose the normal user session should be pulled into this target. In this regard, default.target is similar to multi-user.target in the system instance, but it is a real unit, not an alias. + + @@ -1328,6 +1384,8 @@ PartOf=graphical-session.target [Service] … + + @@ -1340,6 +1398,8 @@ PartOf=graphical-session.target upgrade (which needs to happen before starting any process that might use them). This target must be started before starting a graphical session like gnome-session.target. + + diff --git a/man/systemd.swap.xml b/man/systemd.swap.xml index 6cd5c9f118..1c019b26d8 100644 --- a/man/systemd.swap.xml +++ b/man/systemd.swap.xml @@ -141,6 +141,8 @@ swap.target. This means that the boot will continue even if this swap device is not activated successfully. + + diff --git a/man/systemd.system-credentials.xml b/man/systemd.system-credentials.xml index a450ae07df..f7f0df18aa 100644 --- a/man/systemd.system-credentials.xml +++ b/man/systemd.system-credentials.xml @@ -61,6 +61,8 @@ and only honoured if no locale has been configured before. firstboot.locale sets LANG, while firstboot.locale-message sets LC_MESSAGES. + + diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 8fd731add8..ae470ee96e 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -600,6 +600,8 @@ description.), so it should be capitalized, and should not be a full sentence, or a phrase with a continuous verb. Bad examples include exiting the container or updating the database once per day.. + + @@ -620,7 +622,9 @@ once, in which case the specified list of URIs is merged. If the empty string is assigned to this option, the list is reset and all prior assignments will have no - effect. + effect. + + @@ -643,7 +647,9 @@ bar.service as configured with Wants= and no ordering is configured with After= or Before=, then both units will be started simultaneously and without any delay between them if foo.service is - activated. + activated. + + @@ -670,7 +676,9 @@ example, a service process may decide to exit cleanly, or a device may be unplugged by the user), which is not propagated to units having a Requires= dependency. Use the BindsTo= dependency type together with After= to ensure that a unit may never be in active state - without a specific other unit also in active state (see below). + without a specific other unit also in active state (see below). + + @@ -688,6 +696,8 @@ RequisiteOf=a.service in property listing of b.service. RequisiteOf= dependency cannot be specified directly. + + @@ -715,6 +725,8 @@ BoundBy=a.service in property listing of b.service. BoundBy= dependency cannot be specified directly. + + @@ -733,6 +745,8 @@ ConsistsOf=a.service in property listing of b.service. ConsistsOf= dependency cannot be specified directly. + + @@ -776,7 +790,9 @@ required part of the transaction). In the latter case, the job that is not required will be removed, or in case both are not required, the unit that conflicts will be started and the - unit that is conflicted is stopped. + unit that is conflicted is stopped. + + @@ -817,14 +833,18 @@ Note that Before= dependencies on device units have no effect and are not supported. Devices generally become available as a result of an external hotplug event, and systemd - creates the corresponding device unit without delay. + creates the corresponding device unit without delay. + + OnFailure= A space-separated list of one or more units that are activated when this unit enters - the failed state. + the failed state. + + @@ -843,7 +863,9 @@ A space-separated list of one or more units to which reload requests from this unit shall be propagated to, or units from which reload requests shall be propagated to this unit, respectively. Issuing a reload request on a unit will automatically also enqueue reload requests on - all units that are linked to it using these two settings. + all units that are linked to it using these two settings. + + @@ -876,7 +898,9 @@ effect if PrivateNetwork=/NetworkNamespacePath=, PrivateIPC=/IPCNamespacePath= and/or PrivateTmp= is enabled for both the unit that joins the namespace and the unit - whose namespace is joined. + whose namespace is joined. + + @@ -890,7 +914,9 @@ Mount points marked with are not mounted automatically through local-fs.target, but are still honored for the purposes of this option, i.e. they - will be pulled in by this unit. + will be pulled in by this unit. + + @@ -911,7 +937,9 @@ option for details on the possible values. If this is set to isolate, only a single unit may be listed in - OnSuccess=/OnFailure=. + OnSuccess=/OnFailure=. + + @@ -920,7 +948,9 @@ Takes a boolean argument. If , this unit will not be stopped when isolating another unit. Defaults to for service, target, socket, timer, and path units, and for slice, scope, device, swap, mount, and automount - units. + units. + + @@ -933,7 +963,9 @@ are conflicting with other units, or the user explicitly requested their shut down. If this option is set, a unit will be automatically cleaned up if no other active unit requires - it. Defaults to . + it. Defaults to . + + @@ -950,7 +982,9 @@ that are not intended to be activated explicitly, and not accidentally deactivate units that are not intended to be deactivated. These options default to - . + . + + @@ -963,7 +997,9 @@ disabled except for target units that shall be used similar to runlevels in SysV init systems, just as a precaution to avoid unusable system states. This option defaults to - . + . + + @@ -982,7 +1018,9 @@ leave this option enabled for the majority of common units. If set to , this option does not disable all implicit dependencies, just non-essential - ones. + ones. + + @@ -1080,6 +1118,8 @@ unit itself. Or in other words: unit-specific timeouts are useful to abort unit state changes, and revert them. The job timeout set with this option however is useful to abort only the job waiting for the unit state to change. + + @@ -1138,7 +1178,7 @@ This setting does not apply to slice, target, device, and scope units, since they are unit types whose activation may either never fail, or may succeed only a single time. - + @@ -1170,7 +1210,9 @@ implementation of generator tools that convert configuration from an external configuration file format into native unit files. This functionality should not be used in normal - units. + units. + + @@ -1261,6 +1303,8 @@ condition. A special architecture name native is mapped to the architecture the system manager itself is compiled for. The test may be negated by prepending an exclamation mark. + + @@ -1884,6 +1928,8 @@ only the job queued for it. Use assertion expressions for units that cannot operate when specific requirements are not met, and when this is something the administrator or user should look into. + + @@ -2039,7 +2085,9 @@ in which case all listed names are used. At installation time, systemctl enable will create symlinks from these names to the unit filename. Note that not all unit types support such alias names, and this setting is not supported for them. Specifically, mount, slice, swap, and automount units do not support - aliasing. + aliasing. + + @@ -2070,7 +2118,9 @@ result in systemctl enable monitor@.service creating a container@.target.wants/monitor@.service link to monitor@.service, which applies to all instances of - container@.target. + container@.target. + + @@ -2085,7 +2135,9 @@ This option may be used more than once, or a space-separated list of unit names may be - given. + given. + + diff --git a/man/systemd.xml b/man/systemd.xml index 3bedfe4175..42da75022f 100644 --- a/man/systemd.xml +++ b/man/systemd.xml @@ -640,7 +640,9 @@ Sets the log target to console on SIGRTMIN+27 (or kmsg on SIGRTMIN+28), in a fashion equivalent to systemd.log_target=console (or systemd.log_target=kmsg on - SIGRTMIN+28) on the kernel command line. + SIGRTMIN+28) on the kernel command line. + + @@ -851,7 +853,7 @@ reboot loop. If combined with systemd.crash_shell, the system is rebooted after the shell exits. - + @@ -985,7 +987,9 @@ keys), or in testing/debugging environments. For further information see System and Service - Credentials documentation. + Credentials documentation. + + @@ -1032,7 +1036,9 @@ Boot into emergency mode. This is equivalent to systemd.unit=emergency.target or rd.systemd.unit=emergency.target, respectively, and - provided for compatibility reasons and to be easier to type. + provided for compatibility reasons and to be easier to type. + + @@ -1046,7 +1052,9 @@ Boot into rescue mode. This is equivalent to systemd.unit=rescue.target or rd.systemd.unit=rescue.target, respectively, and - provided for compatibility reasons and to be easier to type. + provided for compatibility reasons and to be easier to type. + + @@ -1198,7 +1206,9 @@ Dump exposed bus properties. This outputs a terse but complete list of properties - exposed on D-Bus. + exposed on D-Bus. + + @@ -1270,7 +1280,9 @@ Switch to a specific virtual console (VT) on crash. This switch has no effect when running as user instance. Same as systemd.crash_chvt= above (but not the - different spelling!). + different spelling!). + + @@ -1284,7 +1296,9 @@ Automatically reboot the system on crash. This switch has no effect when running as - user instance. See systemd.crash_reboot above. + user instance. See systemd.crash_reboot above. + + @@ -1346,7 +1360,9 @@ Override the machine-id set on the hard drive. See - systemd.machine_id= above. + systemd.machine_id= above. + + @@ -1355,7 +1371,7 @@ Globally enable/disable all service watchdog timeouts and emergency actions. See systemd.service_watchdogs above. - + diff --git a/man/sysusers.d.xml b/man/sysusers.d.xml index fd67c1f078..e7cd2855d9 100644 --- a/man/sysusers.d.xml +++ b/man/sysusers.d.xml @@ -114,7 +114,9 @@ r - 500-900 Create a system user and group of the specified name should they not exist yet. The user's primary group will be set to the group bearing the same name unless the ID field specifies it. The account will be - created disabled, so that logins are not allowed. + created disabled, so that logins are not allowed. + + @@ -122,14 +124,18 @@ r - 500-900 Create a system group of the specified name should it not exist yet. Note that u implicitly creates a matching group. The group will be - created with no password set. + created with no password set. + + m Add a user to a group. If the user or group do not exist yet, they will be implicitly - created. + created. + + @@ -140,7 +146,9 @@ r - 500-900 compiled-in default. Note that both UIDs and GIDs are allocated from the same pool, in order to ensure that users and groups of the same name are likely to carry the same - numeric UID and GID. + numeric UID and GID. + + diff --git a/man/timedatectl.xml b/man/timedatectl.xml index b1f33c64b2..f06441bfbe 100644 --- a/man/timedatectl.xml +++ b/man/timedatectl.xml @@ -58,7 +58,9 @@ Show current settings of the system clock and RTC, including whether network time synchronization is active. If no command is specified, this is the implied default. - + + + @@ -79,7 +81,9 @@ Set the system clock to the specified time. This will also update the RTC time accordingly. The time may be specified in the format "2012-10-30 - 18:17:16". + 18:17:16". + + @@ -92,7 +96,9 @@ call will alter the /etc/localtime symlink. See localtime5 - for more information. + for more information. + + @@ -100,7 +106,9 @@ List available time zones, one per line. Entries from the list can be set as the system timezone with - set-timezone. + set-timezone. + + @@ -119,7 +127,9 @@ This command will change the 3rd line of /etc/adjtime, as documented in hwclock8. - + + + @@ -130,7 +140,9 @@ synchronization service. If the argument is false, then this disables and stops the known network synchronization services. The way that the list of services is built is described in systemd-timedated.service8. - + + + @@ -233,7 +245,9 @@ When showing properties of systemd-timesyncd.service8, - show all properties regardless of whether they are set or not. + show all properties regardless of whether they are set or not. + + diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 4c972aa985..208fce2625 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -214,7 +214,9 @@ L /tmp/foobar - - - - /dev/null For this entry to be useful, at least one of the mode, user, group, or age arguments must be specified, since otherwise this entry has no effect. As an exception, an entry with no effect may - be useful when combined with !, see the examples. + be useful when combined with !, see the examples. + + @@ -226,7 +228,9 @@ L /tmp/foobar - - - - /dev/null A subvolume created with this line type is not assigned to any higher-level quota group. For that, use q or Q, which allow creating simple quota group - hierarchies, see below. + hierarchies, see below. + + @@ -239,7 +243,9 @@ L /tmp/foobar - - - - /dev/null If the subvolume already exists, no change to the quota hierarchy is made, regardless of whether the subvolume is already attached to a quota group or not. Also see Q below. See btrfs-qgroup8 for - details about the btrfs quota group concept. + details about the btrfs quota group concept. + + @@ -273,7 +279,9 @@ L /tmp/foobar - - - - /dev/null As with q, Q has no effect on the quota group hierarchy if the subvolume already exists, regardless of whether the subvolume already belong to a quota group or not. - + + + @@ -335,7 +343,9 @@ L /tmp/foobar - - - - /dev/null is omitted, files from the source directory /usr/share/factory/ with the same name are copied. Does not follow symlinks. Contents of the directories are subject to time-based cleanup if the age argument is specified. - + + + @@ -358,7 +368,9 @@ L /tmp/foobar - - - - /dev/null influence the effect of r or R lines. Lines of this type accept shell-style globs in place of normal path names. - + + + @@ -405,12 +417,16 @@ L /tmp/foobar - - - - /dev/null Please note that extended attributes settable with this line type are a different concept from the Linux file attributes settable with h/H, see - below. + below. + + T - Same as t, but operates recursively. + Same as t, but operates recursively. + + @@ -438,7 +454,9 @@ L /tmp/foobar - - - - /dev/null H - Sames as h, but operates recursively. + Sames as h, but operates recursively. + + @@ -455,7 +473,9 @@ L /tmp/foobar - - - - /dev/null file, unless base entries already exist or are explicitly specified. The mask will be added if not specified explicitly or already present. Lines of this type accept shell-style globs in place of normal path names. This can be useful for allowing additional access to certain files. Does not - follow symlinks. + follow symlinks. + + @@ -463,7 +483,9 @@ L /tmp/foobar - - - - /dev/null A+ Same as a and a+, but recursive. Does not follow - symlinks. + symlinks. + + diff --git a/man/udev.conf.xml b/man/udev.conf.xml index 26c3ae52d4..bfdba7b8b8 100644 --- a/man/udev.conf.xml +++ b/man/udev.conf.xml @@ -47,7 +47,7 @@ , and . - + diff --git a/man/udev.xml b/man/udev.xml index f5eaba23de..0f524697c0 100644 --- a/man/udev.xml +++ b/man/udev.xml @@ -111,6 +111,8 @@ -= Remove the value from a key that holds a list of entries. + + @@ -250,6 +252,8 @@ SYSCTL{kernel parameter} Match a kernel parameter value. + + @@ -271,6 +275,8 @@ System's architecture. See in systemd.unit5 for possible values. + + @@ -279,6 +285,8 @@ System's virtualization environment. See systemd-detect-virt1 for possible values. + + @@ -293,6 +301,8 @@ Unknown keys will never match. + + @@ -382,6 +392,8 @@ Separates alternative patterns. For example, the pattern string abc|x* would match either abc or x*. + + @@ -433,6 +445,8 @@ SECLABEL{module} Applies the specified Linux Security Module label to the device node. + + @@ -448,6 +462,8 @@ SYSCTL{kernel parameter} The value that should be written to kernel parameter. + + @@ -502,6 +518,8 @@ As program, but use one of the built-in programs rather than an external one. + + @@ -554,6 +572,8 @@ import its output, which must be in environment key format. Path specification, command/argument separation, and quoting work like in RUN. + + @@ -561,6 +581,8 @@ Similar to program, but use one of the built-in programs rather than an external one. + + @@ -667,6 +689,8 @@ --cleanup-db is called. This option can be useful in certain cases (e.g. Device Mapper devices) for persisting device state on the transition from initrd. + + diff --git a/man/udevadm.xml b/man/udevadm.xml index e8e5bda290..66d58a4d0c 100644 --- a/man/udevadm.xml +++ b/man/udevadm.xml @@ -450,6 +450,8 @@ Trigger events for devices with a matching device path. When this option is specified more than once, then each matching result is ORed, that is, all specified devices are triggered. + + @@ -494,6 +496,8 @@ settle. udevadm settle waits for all events to finish. This option only waits for events triggered by the same command to finish. + + @@ -730,6 +734,8 @@ be resolved for every event. When set to never, names will never be resolved and all devices will be owned by root. + + @@ -755,6 +761,8 @@ online, offline, bind, and unbind. Also, the special value help can be used to list the possible actions. The default value is add. + + diff --git a/man/ukify.xml b/man/ukify.xml index 3ee1306c6c..0d8a227796 100644 --- a/man/ukify.xml +++ b/man/ukify.xml @@ -190,7 +190,9 @@ Enable or disable a call to systemd-measure1 - to print pre-calculated PCR values. Defaults to false. + to print pre-calculated PCR values. Defaults to false. + + @@ -212,7 +214,7 @@ Note that the name is used as-is, and if the section name should start with a dot, it must be included in NAME. - + @@ -221,7 +223,9 @@ Specify one or more directories with helper tools. ukify will look for helper tools in those directories first, and if not found, try to load them from - $PATH in the usual fashion. + $PATH in the usual fashion. + + @@ -230,7 +234,9 @@ The output filename. If not specified, the name of the LINUX argument, with the suffix .unsigned.efi or .signed.efi will be used, depending on whether signing for SecureBoot was - performed. + performed. + + @@ -293,7 +299,9 @@ The kernel command line (the .cmdline section). The argument may be a literal string, or @ followed by a path name. If not specified, no command - line will be embedded. + line will be embedded. + + @@ -303,7 +311,9 @@ The os-release description (the .osrel section). The argument may be a literal string, or @ followed by a path name. If not specified, the os-release5 file - will be picked up from the host system. + will be picked up from the host system. + + @@ -312,7 +322,9 @@ The devicetree description (the .dtb section). The argument is a path to a compiled binary DeviceTree file. If not specified, the section will not be present. - + + + @@ -321,7 +333,9 @@ A picture to display during boot (the .splash section). The argument is a path to a BMP file. If not specified, the section will not be present. - + + + @@ -331,7 +345,9 @@ A path to a public key to embed in the .pcrpkey section. If not specified, and there's exactly one PCRPublicKey=/ argument, that key will be used. - Otherwise, the section will not be present. + Otherwise, the section will not be present. + + @@ -342,7 +358,9 @@ .uname section). If not specified, an attempt will be made to extract the version string from the kernel image. It is recommended to pass this explicitly if known, because the extraction is based on heuristics and not very reliable. If not specified and extraction fails, - the section will not be present. + the section will not be present. + + @@ -352,7 +370,9 @@ A comma or space-separated list of PCR banks to sign a policy for. If not present, all known banks will be used (sha1, sha256, sha384, sha512), which will fail if not supported by the - system. + system. + + @@ -373,7 +393,9 @@ A path to a private key to use for signing of the resulting binary. If the SigningEngine=/ option is used, this may also be an engine-specific designation. This option is required by - SecureBootSigningTool=sbsign/. + SecureBootSigningTool=sbsign/. + + @@ -383,7 +405,9 @@ A path to a certificate to use for signing of the resulting binary. If the SigningEngine=/ option is used, this may also be an engine-specific designation. This option is required by - SecureBootSigningTool=sbsign/. + SecureBootSigningTool=sbsign/. + + @@ -424,7 +448,9 @@ An "engine" for signing of the resulting binary. This option is currently passed verbatim to the option of sbsign1. - + + + @@ -438,7 +464,9 @@ SecureBootPrivateKey=/ option and the binary has not already been signed. If SignKernel=/ is true, and the binary has already - been signed, the signature will be appended anyway. + been signed, the signature will be appended anyway. + + @@ -471,7 +499,9 @@ A private key to use for signing PCR policies. On the commandline, this option may - be specified more than once, in which case multiple signatures will be made. + be specified more than once, in which case multiple signatures will be made. + + @@ -483,7 +513,9 @@ On the commandline, this option may be specified more than once, similarly to the option. If not present, the public keys will be extracted from the private keys. On the commandline, if present, the this option must be specified the same number - of times as the option. + of times as the option. + + @@ -497,7 +529,9 @@ will be used. On the commandline, when this argument is present, it must appear the same number of times as - the option. + the option. + + diff --git a/man/userdbctl.xml b/man/userdbctl.xml index 837b0c5ff6..c3b1a107d2 100644 --- a/man/userdbctl.xml +++ b/man/userdbctl.xml @@ -318,7 +318,7 @@ data, however the NSS/glibc APIs necessarily expose a more reduced set of fields only. - + diff --git a/man/veritytab.xml b/man/veritytab.xml index 55b3458257..bc9aa58f8c 100644 --- a/man/veritytab.xml +++ b/man/veritytab.xml @@ -218,7 +218,7 @@ This is based on crypttab(5). path to roothash signature file used to verify the root hash (in kernel). This feature requires Linux kernel version 5.4 or more recent. - +