diff --git a/man/bootctl.xml b/man/bootctl.xml index 7bdada8a88..4b5b2527b3 100644 --- a/man/bootctl.xml +++ b/man/bootctl.xml @@ -67,7 +67,9 @@ Hint: use systemctl reboot --firmware-setup to reboot into firmware setup once. See systemctl1 - for details. + for details. + + @@ -100,14 +102,18 @@ Removes a boot loader entry including the files it refers to. Takes a single boot loader entry ID string or a glob pattern as argument. Referenced files such as kernel or initrd are - only removed if no other entry refers to them. + only removed if no other entry refers to them. + + Removes files from the ESP and XBOOTLDR partitions that belong to the entry token but - are not referenced in any boot loader entries. + are not referenced in any boot loader entries. + + @@ -244,13 +250,17 @@ Takes a kernel image as argument. Checks what kind of kernel the image is. Returns one of uki, pe, and unknown. - + + + kernel - Takes a kernel image as argument. Prints details about the image. + Takes a kernel image as argument. Prints details about the image. + + @@ -268,7 +278,9 @@ Takes a directory path as an argument. All paths will be prefixed with the given alternate root path, including config search - paths. + paths. + + @@ -281,7 +293,9 @@ table, following the Discoverable Partitions Specification. For further information on supported disk images, see systemd-nspawn1's - switch of the same name. + switch of the same name. + + @@ -293,7 +307,9 @@ (the default), image or host. With auto binaries will be picked from the specified directory or image, and if not found they will be picked from the host. With image or host no fallback search will be - performed if the binaries are not found in the selected source. + performed if the binaries are not found in the selected source. + + @@ -335,12 +351,16 @@ (e.g. /dev/nvme0n1). If the root file system is tmpfs (or a similar in-memory file system), the block device backing /usr/ is returned if applicable. If the root file system is a network file system (e.g. NFS, CIFS) the operation will - fail. + fail. + + - Do not touch the firmware's boot loader list stored in EFI variables. + Do not touch the firmware's boot loader list stored in EFI variables. + + @@ -348,7 +368,9 @@ Ignore failure when the EFI System Partition cannot be found, when EFI variables cannot be written, or a different or newer boot loader is already installed. Currently only applies to is-installed, update, and random-seed - verbs. + verbs. + + @@ -356,7 +378,9 @@ Suppress printing of the results of various commands and also the hints about ESP - being unavailable. + being unavailable. + + @@ -368,7 +392,9 @@ entry token, as specified with parameter described below, and is placed immediately below the $BOOT root directory (i.e. beneath the file system returned by the option, see above). Defaults to - no. + no. + + @@ -413,12 +439,16 @@ on the same medium, and they can update their boot loader entries independently. When using another identifier (such as the OS ID or the OS image ID), parallel installations of the same OS would try to use the same entry name. To support parallel installations, the installer must use a different entry - token when adding a second installation. + token when adding a second installation. + + - Install binaries for all supported EFI architectures (this implies ). + Install binaries for all supported EFI architectures (this implies ). + + @@ -431,7 +461,9 @@ found on the various disks installed in the system. Specifically distributions should not use this flag to install a branded entry in the boot option list. However in situations with multiple disks, each with their own ESP partition, it can be beneficial to make it easier to identify the bootloader being used in - the firmware's boot option menu. + the firmware's boot option menu. + + @@ -439,7 +471,9 @@ Dry run for and . In dry run mode, the unlink and cleanup operations only print the files that would get deleted - without actually deleting them. + without actually deleting them. + + diff --git a/man/busctl.xml b/man/busctl.xml index 294ef5d4b7..9a1543b421 100644 --- a/man/busctl.xml +++ b/man/busctl.xml @@ -50,7 +50,9 @@ names. By default, shows both unique and well-known names, but this may be changed with the and switches. This is the default - operation if no command is specified. + operation if no command is specified. + + @@ -60,7 +62,9 @@ bus service (if one is specified by its unique or well-known name), a process (if one is specified by its numeric PID), or the owner of the bus (if no parameter is - specified). + specified). + + @@ -71,7 +75,9 @@ to or from this peer, identified by its well-known or unique name. Otherwise, show all messages on the bus. Use CtrlC - to terminate the dump. + to terminate the dump. + + @@ -84,7 +90,9 @@ Make sure to redirect standard output to a file or pipe. Tools like wireshark1 may be used to dissect and view the resulting - files. + files. + + @@ -94,7 +102,9 @@ services. If SERVICE is specified, show object tree of the specified services only. Otherwise, show all object trees of all services on the bus that acquired - at least one well-known name. + at least one well-known name. + + @@ -104,7 +114,9 @@ signals of the specified object (identified by its path) on the specified service. If the interface argument is passed, the output is limited to members of the specified - interface. + interface. + + @@ -116,7 +128,9 @@ string is required, followed by the arguments, individually formatted as strings. For details on the formatting used, see below. To suppress output of the returned data, use the - option. + option. + + @@ -125,7 +139,9 @@ Emit a signal. Takes an object path, interface name and method name. If parameters shall be passed, a signature string is required, followed by the arguments, individually formatted as strings. For details on the formatting used, see below. To specify the destination of the signal, - use the option. + use the option. + + @@ -137,7 +153,9 @@ specified at once, in which case their values will be shown one after the other, separated by newlines. The output is, by default, in terse format. Use for a - more elaborate output format. + more elaborate output format. + + @@ -146,13 +164,17 @@ Set the current value of an object property. Takes a service name, object path, interface name, property name, property signature, followed by a list of - parameters formatted as strings. + parameters formatted as strings. + + help - Show command syntax help. + Show command syntax help. + + @@ -170,7 +192,9 @@ ADDRESS instead of using suitable defaults for either the system or user bus (see and - options). + options). + + @@ -180,7 +204,9 @@ column containing the names of containers they belong to. See systemd-machined.service8. - + + + @@ -189,14 +215,18 @@ When showing the list of peers, show only "unique" names (of the form :number.number). - + + + The opposite of — - only "well-known" names will be shown. + only "well-known" names will be shown. + + @@ -205,6 +235,8 @@ When showing the list of peers, show only peers which have actually not been activated yet, but may be started automatically if accessed. + + @@ -215,7 +247,9 @@ subset matching MATCH. See sd_bus_add_match3. - + + + @@ -225,6 +259,8 @@ When used with the capture command, specifies the maximum bus message size to capture ("snaplen"). Defaults to 4096 bytes. + + @@ -234,6 +270,8 @@ When used with the tree command, shows a flat list of object paths instead of a tree. + + @@ -257,6 +295,8 @@ When used with the call or get-property command, shows output in a more verbose format. + + @@ -267,6 +307,8 @@ When used with the introspect call, dump the XML description received from the D-Bus org.freedesktop.DBus.Introspectable.Introspect call instead of the normal output. + + @@ -279,6 +321,8 @@ redundant whitespace or line breaks) or pretty (for a pretty version of the same, with indentation and line breaks). Note that transformation from D-Bus marshalling to JSON is done in a loss-less way, which means type information is embedded into the JSON object tree. + + @@ -289,6 +333,8 @@ Equivalent to when invoked interactively from a terminal. Otherwise equivalent to , in particular when the output is piped to some other program. + + @@ -307,6 +353,8 @@ code. To only suppress output of the reply message payload, use above. Defaults to yes. + + @@ -319,6 +367,8 @@ called service, should it not be running yet but is configured to be auto-started. Defaults to yes. + + @@ -331,6 +381,8 @@ authorization while executing the operation, if the security policy is configured for this. Defaults to yes. + + @@ -347,6 +399,8 @@ tool does not wait for any reply message then. When not specified or when set to 0, the default of 25s is assumed. + + @@ -361,6 +415,8 @@ shown is possibly inconsistent, as the data read from /proc/ might be more recent than the rest of the credential information. Defaults to yes. + + @@ -371,6 +427,8 @@ Controls whether to wait for the specified AF_UNIX bus socket to appear in the file system before connecting to it. Defaults to off. When enabled, the tool will watch the file system until the socket is created and then connect to it. + + @@ -380,6 +438,8 @@ Takes a service name. When used with the emit command, a signal is emitted to the specified service. + + @@ -394,6 +454,8 @@ Do not ellipsize the output in list command. + + diff --git a/man/coredump.conf.xml b/man/coredump.conf.xml index ac8d984670..61014d3823 100644 --- a/man/coredump.conf.xml +++ b/man/coredump.conf.xml @@ -72,7 +72,9 @@ to disk first. Thus, unless ProcessSizeMax= is set to 0 (see below), the core will be written to /var/lib/systemd/coredump/ either way (under a temporary filename, or even in an unlinked file), Storage= thus only controls whether to leave it - there even after it was processed. + there even after it was processed. + + @@ -81,6 +83,8 @@ Controls compression for external storage. Takes a boolean argument, which defaults to yes. + + @@ -94,6 +98,8 @@ Setting Storage=none and ProcessSizeMax=0 disables all coredump handling except for a log entry. + + @@ -108,7 +114,9 @@ lowered relative to the default, but not increased. Unit suffixes are allowed just as in . - ExternalSizeMax=infinity sets the core size to unlimited. + ExternalSizeMax=infinity sets the core size to unlimited. + + @@ -128,7 +136,9 @@ core dumps are processed. Note that old core dumps are also removed based on time via systemd-tmpfiles8. - Set either value to 0 to turn off size-based cleanup. + Set either value to 0 to turn off size-based cleanup. + + diff --git a/man/coredumpctl.xml b/man/coredumpctl.xml index 0f4a2e83e6..caeff086ad 100644 --- a/man/coredumpctl.xml +++ b/man/coredumpctl.xml @@ -58,12 +58,16 @@ TIME The timestamp of the crash, as reported by the kernel. + + PID The identifier of the process that crashed. + + @@ -71,13 +75,17 @@ UID GID The user and group identifiers of the process that crashed. + + SIGNAL The signal that caused the process to crash, when applicable. - + + + @@ -93,13 +101,17 @@ stored in its entirety, error means that the core file cannot be accessed, most likely because of insufficient permissions, and missing means that the core was stored in a file, but - this file has since been removed. + this file has since been removed. + + EXE The full path to the executable. For backtraces of scripts - this is the name of the interpreter. + this is the name of the interpreter. + + @@ -138,7 +150,9 @@ will be used. This may be changed using the option or the $SYSTEMD_DEBUGGER environment variable. Use the option to pass extra - command line arguments to the debugger. + command line arguments to the debugger. + + @@ -162,28 +176,36 @@ Show information of the most recent core dump only, instead of listing all known core - dumps. Equivalent to . + dumps. Equivalent to . + + INT Show at most the specified number of entries. The specified parameter must be an - integer greater or equal to 1. + integer greater or equal to 1. + + - Only print entries which are since the specified date. + Only print entries which are since the specified date. + + - Only print entries which are until the specified date. + Only print entries which are until the specified date. + + @@ -191,7 +213,9 @@ Reverse output so that the newest entries are displayed first. - + + + @@ -200,7 +224,9 @@ Print all possible data values the specified field takes in matching core dump entries of the - journal. + journal. + + @@ -217,7 +243,9 @@ Use the given debugger for the debug command. If not given and $SYSTEMD_DEBUGGER is unset, then gdb1 - will be used. + will be used. + + @@ -226,7 +254,9 @@ Pass the given ARGS as extra command line arguments to the debugger. Quote as appropriate when ARGS contain whitespace. - (See Examples.) + (See Examples.) + + @@ -237,7 +267,9 @@ files matching GLOB instead of the default runtime and system journal paths. May be specified multiple times, in which case files will be suitably - interleaved. + interleaved. + + @@ -245,14 +277,18 @@ DIR Use the journal files in the specified . - + + + Use root directory when searching for coredumps. - + + + @@ -265,7 +301,9 @@ table, following the Discoverable Partitions Specification. For further information on supported disk images, see systemd-nspawn1's - switch of the same name. + switch of the same name. + + @@ -276,14 +314,18 @@ Suppresses informational messages about lack of access to journal files and possible in-flight coredumps. - + + + Look at all available journal files in /var/log/journal/ - (excluding journal namespaces) instead of only local ones. + (excluding journal namespaces) instead of only local ones. + + @@ -299,7 +341,9 @@ Process ID of the process that dumped - core. An integer. + core. An integer. + + @@ -307,7 +351,9 @@ Name of the executable (matches ). Must not contain slashes. - + + + @@ -315,7 +361,9 @@ Path to the executable (matches ). Must contain at least one - slash. + slash. + + @@ -324,7 +372,9 @@ General journalctl match filter, must contain an equals sign (=). See journalctl1. - + + + @@ -344,7 +394,9 @@ $SYSTEMD_DEBUGGER Use the given debugger for the debug - command. See the option. + command. See the option. + + diff --git a/man/crypttab.xml b/man/crypttab.xml index f977fd694d..dee1f75144 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -348,6 +348,8 @@ default is to queue these requests and process them asynchronously. This requires kernel 5.9 or newer. + + @@ -357,6 +359,8 @@ default is to queue these requests and process them asynchronously. This requires kernel 5.9 or newer. + + @@ -498,6 +502,8 @@ is not checked against these bounds. See documentation for more information. + + @@ -536,7 +542,9 @@ Takes a boolean argument, defaults to false. If true, never query interactively - for the password/PIN. Useful for headless systems. + for the password/PIN. Useful for headless systems. + + @@ -559,7 +567,9 @@ (*) is echoed for each character typed. Regardless of which mode is chosen, if the user hits the tabulator key () at any time, or the backspace key () before any other - data has been entered, then echo is turned off. + data has been entered, then echo is turned off. + + @@ -628,7 +638,9 @@ Note that many security tokens that implement FIDO2 also implement PKCS#11, suitable for unlocking volumes via the option described above. Typically the newer, - simpler FIDO2 standard is preferable. + simpler FIDO2 standard is preferable. + + @@ -640,7 +652,9 @@ must be of LUKS2 type, and the CID is read from the LUKS2 JSON token header. Use systemd-cryptenroll1 for enrolling a FIDO2 token in the LUKS2 header compatible with this automatic - mode. + mode. + + @@ -649,7 +663,9 @@ Takes a string, configuring the FIDO2 Relying Party (rp) for the FIDO2 unlock operation. If not specified io.systemd.cryptsetup is used, except if the LUKS2 JSON token header contains a different value. It should normally not be necessary to override - this. + this. + + @@ -680,7 +696,9 @@ used to unlock the volume. When the randomized key is encrypted the current values of the selected PCRs (see below) are included in the operation, so that different PCR state results in different encrypted keys and the decrypted key can only be recovered if the same PCR state is - reproduced. + reproduced. + + @@ -692,7 +710,9 @@ systemd-cryptenroll writes it there. If not used (and no metadata in the LUKS2 JSON token header defines it), defaults to a list of a single entry: PCR 7. Assign an empty string to encode a policy that binds the key to no PCRs, making the key accessible to local programs regardless - of the current PCR state. + of the current PCR state. + + @@ -700,7 +720,9 @@ Takes a boolean argument, defaults to false. Controls whether TPM2 volume unlocking is bound to a PIN in addition to PCRs. Similarly, this option is only useful - when TPM2 enrollment metadata is not available. + when TPM2 enrollment metadata is not available. + + @@ -715,7 +737,9 @@ unlock a LUKS2 volume with a signed TPM2 PCR enrollment a suitable signature file tpm2-pcr-signature.json is searched for in /etc/systemd/, /run/systemd/, /usr/lib/systemd/ (in this - order). + order). + + @@ -727,7 +751,9 @@ the specified PCR. The volume key is measured along with the activated volume name and its UUID. This functionality is particularly useful for the encrypted volume backing the root file system, as it then allows later TPM objects to be securely bound to the root file system and hence the specific - installation. + installation. + + @@ -737,7 +763,9 @@ above. Multiple banks may be specified, separated by a colon character. If not specified automatically determines available and used banks. Expects a message digest name (e.g. sha1, sha256, …) as argument, to identify the - bank. + bank. + + @@ -749,7 +777,9 @@ for supported formats). Defaults to 30s. Once the specified timeout elapsed authentication via password is attempted. Note that this timeout applies to waiting for the security device to show up — it does not apply to the PIN prompt for the device (should one be needed) or similar. Pass 0 to turn - off the time-out and wait forever. + off the time-out and wait forever. + + diff --git a/man/file-hierarchy.xml b/man/file-hierarchy.xml index 4e5eeda9e5..c976910446 100644 --- a/man/file-hierarchy.xml +++ b/man/file-hierarchy.xml @@ -51,7 +51,9 @@ The file system root. Usually writable, but this is not required. Possibly a temporary file system (tmpfs). Not shared with other hosts - (unless read-only). + (unless read-only). + + @@ -64,7 +66,9 @@ should be considered read-only, except when a new kernel or boot loader is installed. This directory only exists on systems that run on physical or emulated hardware that - requires boot loaders. + requires boot loaders. + + @@ -73,7 +77,9 @@ Partition (ESP), the latter is mounted here. Tools that need to operate on the EFI system partition should look for it at this mount point first, and fall back to /boot/ — if the former doesn't qualify (for example if it is not a mount point or does not have the correct file system type - MSDOS_SUPER_MAGIC). + MSDOS_SUPER_MAGIC). + + @@ -84,7 +90,9 @@ applications should not make assumptions about this directory being fully populated or populated at all, and should fall back to defaults if configuration is - missing. + missing. + + @@ -101,7 +109,9 @@ Applications should generally not reference this directory directly, but via the per-user $HOME environment variable, or via the home directory field of the - user database. + user database. + + @@ -110,7 +120,9 @@ user's home directory is located outside of /home/ in order to make sure the root user may log in even without /home/ being - available and mounted. + available and mounted. + + @@ -120,7 +132,9 @@ this directory is organized internally. Generally writable, and possibly shared among systems. This directory might become available or writable only very late during - boot. + boot. + + @@ -143,6 +157,8 @@ project='man-pages'>mkdtemp3, and similar calls. For more details, see Using /tmp/ and /var/tmp/ Safely. + + @@ -157,7 +173,9 @@ /run/ A tmpfs file system for system packages to place runtime data, socket files, and similar. This directory is flushed on boot, and generally writable for privileged - programs only. Always writable. + programs only. Always writable. + + @@ -165,7 +183,9 @@ Runtime system logs. System components may place private logs in this directory. Always writable, even when /var/log/ might not be accessible - yet. + yet. + + @@ -178,7 +198,9 @@ $XDG_RUNTIME_DIR environment variable, as documented in the XDG - Base Directory Specification. + Base Directory Specification. + + @@ -194,7 +216,9 @@ Usually read-only, but this is not required. Possibly shared between multiple hosts. This directory should not be modified by the administrator, except when installing or removing - vendor-supplied packages. + vendor-supplied packages. + + @@ -204,13 +228,17 @@ It is recommended not to place binaries in this directory that are not useful for invocation from a shell (such as daemon binaries); these should be placed in a subdirectory of - /usr/lib/ instead. + /usr/lib/ instead. + + /usr/include/ C and C++ API header files of system - libraries. + libraries. + + @@ -222,7 +250,9 @@ from a shell. Such binaries may be for any architecture supported by the system. Do not place public libraries in this directory, use $libdir (see below), - instead. + instead. + + @@ -239,7 +269,9 @@ architecture-dependent, too. To query $libdir for the primary architecture of the system, invoke: - # systemd-path system-library-arch + # systemd-path system-library-arch + + @@ -249,13 +281,17 @@ such as documentation, man pages, time zone information, fonts and other resources. Usually, the precise location and format of files stored below this directory is subject to - specifications that ensure interoperability. + specifications that ensure interoperability. + + /usr/share/doc/ Documentation for the operating system or - system packages. + system packages. + + @@ -266,7 +302,9 @@ be placed in /etc/. This is useful to compare the local configuration of a system with vendor defaults and to populate the local configuration with - defaults. + defaults. + + @@ -275,7 +313,9 @@ Similar to /usr/share/factory/etc/, but for vendor versions of files in the variable, persistent data directory - /var/. + /var/. + + @@ -293,7 +333,9 @@ system might start up without this directory being populated. Persistency is recommended, but optional, to support ephemeral systems. This directory might become available or writable only very late during boot. Components that are required to operate during early boot hence shall not - unconditionally rely on this directory. + unconditionally rely on this directory. + + @@ -302,13 +344,17 @@ components may place non-essential data in this directory. Flushing this directory should have no effect on operation of programs, except for increased runtimes necessary to rebuild - these caches. + these caches. + + /var/lib/ Persistent system data. System components may - place private data in this directory. + place private data in this directory. + + @@ -319,13 +365,17 @@ syslog3 and sd_journal_print3 - calls. + calls. + + /var/spool/ Persistent system spool data, such as printer - or mail queues. + or mail queues. + + @@ -347,6 +397,8 @@ project='man-pages'>mkdtemp3, and similar calls should be used. For further details about this directory, see Using /tmp/ and /var/tmp/ Safely. + + @@ -367,7 +419,9 @@ systemd-udevd8, and should not be written to by other components. A number of special purpose virtual file systems might be mounted below - this directory. + this directory. + + @@ -385,7 +439,9 @@ programs) or $XDG_RUNTIME_DIR (for user programs) instead of POSIX shared memory segments, since these directories are not world-writable and hence not vulnerable to - security-sensitive name clashes. + security-sensitive name clashes. + + @@ -396,7 +452,9 @@ where normal files may be stored. For details, see proc5. A number of special purpose virtual file systems might be - mounted below this directory. + mounted below this directory. + + @@ -406,7 +464,9 @@ configure the settings in this API file tree is via sysctl.d5 files. In sandboxed/containerized setups, this directory is - generally mounted read-only. + generally mounted read-only. + + @@ -417,7 +477,9 @@ where normal files may be stored. In sandboxed/containerized setups, this directory is generally mounted read-only. A number of special purpose virtual file systems might be mounted below - this directory. + this directory. + + @@ -437,7 +499,9 @@ cgroup2 will not have resource controllers attached. In sandboxed/containerized setups, this directory may either not exist or may include a subset of functionality. - + + + @@ -454,7 +518,9 @@ These compatibility symlinks point to /usr/bin/, ensuring that scripts and binaries referencing these legacy paths correctly find their - binaries. + binaries. + + @@ -463,7 +529,9 @@ This compatibility symlink points to /usr/lib/, ensuring that programs referencing this legacy path correctly find their - resources. + resources. + + @@ -474,7 +542,9 @@ binaries referencing this legacy path correctly find their dynamic loader. This symlink only exists on architectures whose ABI places the dynamic loader in this - path. + path. + + @@ -483,7 +553,9 @@ This compatibility symlink points to /run/, ensuring that programs referencing this legacy path correctly find their runtime - data. + data. + + @@ -509,7 +581,9 @@ directory. Flushing this directory should have no effect on operation of programs, except for increased runtimes necessary to rebuild these caches. If an application finds $XDG_CACHE_HOME set, it should use the directory specified in it instead of this - directory. + directory. + + @@ -518,7 +592,9 @@ Application configuration. When a new user is created, this directory will be empty or not exist at all. Applications should fall back to defaults should their configuration in this directory be missing. If an application finds $XDG_CONFIG_HOME set, it should use - the directory specified in it instead of this directory. + the directory specified in it instead of this directory. + + @@ -529,14 +605,18 @@ shell; these should be placed in a subdirectory of ~/.local/lib/ instead. Care should be taken when placing architecture-dependent binaries in this place, which might be problematic if the home directory is shared between multiple hosts with different - architectures. + architectures. + + ~/.local/lib/ Static, private vendor data that is compatible with all - architectures. + architectures. + + @@ -544,7 +624,9 @@ Location for placing public dynamic libraries. The architecture identifier to use is defined on Multiarch Architecture Specifiers - (Tuples) list. + (Tuples) list. + + @@ -553,7 +635,9 @@ Resources shared between multiple packages, such as fonts or artwork. Usually, the precise location and format of files stored below this directory is subject to specifications that ensure interoperability. If an application finds $XDG_DATA_HOME set, it should use - the directory specified in it instead of this directory. + the directory specified in it instead of this directory. + + @@ -562,7 +646,9 @@ Application state. When a new user is created, this directory will be empty or not exist at all. Applications should fall back to defaults should their state in this directory be missing. If an application finds $XDG_STATE_HOME set, it should use the directory - specified in it instead of this directory. + specified in it instead of this directory. + + diff --git a/man/homectl.xml b/man/homectl.xml index c34f178439..4dd16aa886 100644 --- a/man/homectl.xml +++ b/man/homectl.xml @@ -123,7 +123,9 @@ the structure documented in JSON User Records. This option may be used in conjunction with the create and update commands (see below), where it allows configuring the user record in JSON - as-is, instead of setting the individual user record properties (see below). + as-is, instead of setting the individual user record properties (see below). + + @@ -159,7 +161,9 @@ cryptographic signatures and thus may only be modified when the private key to update them is available on the destination machine. When replicating users in minimal mode, the signature is removed during the replication and thus the record will be implicitly signed with the key of the destination - machine and may be updated there without any private key replication. + machine and may be updated there without any private key replication. + + @@ -188,7 +192,9 @@ NAME The real name for the user. This corresponds with the GECOS field on classic UNIX NSS - records. + records. + + @@ -202,14 +208,18 @@ name and realm is seen it is assumed to refer to the same user while a user with the same name but different realm is considered a different user. Note that this means that two users sharing the same name but with distinct realms are not allowed on the same system. Assigning a realm to a user is - optional. + optional. + + EMAIL Takes an electronic mail address to associate with the user. On log-in the - $EMAIL environment variable is initialized from this value. + $EMAIL environment variable is initialized from this value. + + @@ -217,7 +227,9 @@ Takes location specification for this user. This is free-form text, which might or might not be usable by geo-location applications. Example: or + Germany" or + + @@ -225,7 +237,9 @@ Takes an icon name to associate with the user, following the scheme defined by the Icon Naming - Specification. + Specification. + + @@ -235,7 +249,9 @@ Takes a path to use as home directory for the user. Note that this is the directory the user's home directory is mounted to while the user is logged in. This is not where the user's data is actually stored, see for that. If not specified defaults to - /home/$USER. + /home/$USER. + + @@ -253,7 +269,9 @@ Note that users managed by systemd-homed always have a matching group associated with the same name as well as a GID matching the UID of the user. Thus, configuring the - GID separately is not permitted. + GID separately is not permitted. + + @@ -268,7 +286,9 @@ project='man-pages'>groupadd8. Any non-existent groups are ignored. This option may be used more than once, in which case all specified group lists are combined. If the user is currently a member of a group which is not listed, - the user will be removed from the group. + the user will be removed from the group. + + @@ -281,7 +301,9 @@ project='man-pages'>capabilities7 for details on the capabilities concept. These options may be used more than once, in which case the specified lists are combined. If the parameter begins with a ~ character the - effect is inverted: the specified capability is dropped from the specific set. + effect is inverted: the specified capability is dropped from the specific set. + + @@ -290,14 +312,18 @@ Takes a file system path to a directory. Specifies the skeleton directory to initialize the home directory with. All files and directories in the specified path are copied into any newly create home directory. If not specified defaults to /etc/skel/. - + + + SHELL Takes a file system path. Specifies the shell binary to execute on terminal - logins. If not specified defaults to /bin/bash. + logins. If not specified defaults to /bin/bash. + + @@ -310,7 +336,9 @@ Note that a number of other settings also result in environment variables to be set for the user, including , and - . + . + + @@ -322,7 +350,9 @@ variable TZ=:Europe/Amsterdam. (: is used intentionally as part of the timezone specification, see tzset3.) - + + + @@ -331,7 +361,9 @@ Takes a specifier indicating the preferred language of the user. The $LANG environment variable is initialized from this value on login, and thus a value suitable for this environment variable is accepted here, for example - . + . + + @@ -339,7 +371,9 @@ Either takes a SSH authorized key line to associate with the user record or a @ character followed by a path to a file to read one or more such lines from. SSH keys configured this way are made available to SSH to permit access to this home directory and user - record. This option may be used more than once to configure multiple SSH keys. + record. This option may be used more than once to configure multiple SSH keys. + + @@ -366,7 +400,9 @@ authentication and hence can be used for implying the user identity to use for logging in, which FIDO2 does not allow. PKCS#11/PIV devices generally require initialization (i.e. storing a private/public key pair on them, see example below) before they can be used; FIDO2 security tokens - generally do not required that, and work out of the box. + generally do not required that, and work out of the box. + + @@ -379,7 +415,9 @@ denotes 2048-bit RSA with PKCS#1.5 padding and SHA-256. eddsa denotes EDDSA over Curve25519 with SHA-512. - Note that your authenticator may not support some algorithms. + Note that your authenticator may not support some algorithms. + + @@ -408,7 +446,9 @@ Note that many hardware security tokens implement both FIDO2 and PKCS#11/PIV (and thus may be used with either or ), for a - discussion see above. + discussion see above. + + @@ -418,7 +458,9 @@ a PIN when unlocking the account (the FIDO2 clientPin feature). Defaults to yes. (Note: this setting is without effect if the security token does not support the clientPin feature at all, or does not allow enabling or disabling - it.) + it.) + + @@ -428,7 +470,9 @@ verify presence (tap the token, the FIDO2 up feature) when unlocking the account. Defaults to yes. (Note: this setting is without effect if the security token does not support the up feature at all, or does not allow enabling or disabling it.) - + + + @@ -437,7 +481,9 @@ When enrolling a FIDO2 security token, controls whether to require user verification when unlocking the account (the FIDO2 uv feature). Defaults to no. (Note: this setting is without effect if the security token does not support - the uv feature at all, or does not allow enabling or disabling it.) + the uv feature at all, or does not allow enabling or disabling it.) + + @@ -447,7 +493,9 @@ account. A recovery key is a computer generated access key that may be used to regain access to an account if the password has been forgotten or the authentication token lost. The key is generated and shown on screen, and should be printed or otherwise transferred to a secure location. A recovery key - may be entered instead of a regular password to unlock the account. + may be entered instead of a regular password to unlock the account. + + @@ -455,7 +503,9 @@ Takes a boolean argument. Specifies whether this user account shall be locked. If true logins into this account are prohibited, if false (the default) they are permitted (of course, - only if authorization otherwise succeeds). + only if authorization otherwise succeeds). + + @@ -465,7 +515,9 @@ These options take a timestamp string, in the format documented in systemd.time7 and configures points in time before and after logins into this account are not - permitted. + permitted. + + @@ -475,7 +527,9 @@ Configures a rate limit on authentication attempts for this user. If the user attempts to authenticate more often than the specified number, on a specific system, within the specified time interval authentication is refused until the time interval passes. Defaults to 10 - times per 1min. + times per 1min. + + @@ -483,7 +537,9 @@ Takes a password hint to store alongside the user record. This string is stored accessible only to privileged users and the user itself and may not be queried by other users. - Example: . + Example: . + + @@ -493,14 +549,18 @@ Takes a boolean argument. Configures whether to enforce the system's password policy for this user, regarding quality and strength of selected passwords. Defaults to on. is short for - . + . + + BOOL Takes a boolean argument. If true the user is asked to change their password on next - login. + login. + + @@ -524,7 +584,9 @@ has to pass after the password as expired until the user is not permitted to log in or change the password anymore. Note that these options only apply to password authentication, and do not apply to other forms of authentication, for example PKCS#11-based security token - authentication. + authentication. + + @@ -539,7 +601,9 @@ used this configures the size of the loopback file and file system contained therein. For the other storage backends configures disk quota using the filesystem's native quota logic, if available. If not specified, defaults to 85% of the available disk space for the LUKS2 backend and to no quota for - the others. + the others. + + @@ -548,7 +612,9 @@ Takes a UNIX file access mode written in octal. Configures the access mode of the home directory itself. Note that this is only used when the directory is first created, and the user may change this any time afterwards. Example: - + + + @@ -556,14 +622,18 @@ Takes the access mode mask (in octal syntax) to apply to newly created files and directories of the user ("umask"). If set this controls the initial umask set for all login sessions of - the user, possibly overriding the system's defaults. + the user, possibly overriding the system's defaults. + + NICE Takes the numeric scheduling priority ("nice level") to apply to the processes of the user at login - time. Takes a numeric value in the range -20 (highest priority) to 19 (lowest priority). + time. Takes a numeric value in the range -20 (highest priority) to 19 (lowest priority). + + @@ -574,7 +644,9 @@ for details. Takes a resource limit name (e.g. LIMIT_NOFILE) followed by an equal sign, followed by a numeric limit. Optionally, separated by colon a second numeric limit may be specified. If two are specified this refers to the soft and hard limits, respectively. If only one - limit is specified the setting sets both limits in one. + limit is specified the setting sets both limits in one. + + @@ -589,7 +661,9 @@ identity. This controls the TasksMax= setting of the per-user systemd slice unit user-$UID.slice. See systemd.resource-control5 - for further details. + for further details. + + @@ -602,7 +676,9 @@ MemoryHigh= and MemoryMax= settings of the per-user systemd slice unit user-$UID.slice. See systemd.resource-control5 - for further details. + for further details. + + @@ -614,7 +690,9 @@ 1…10000. This controls the CPUWeight= and IOWeight= settings of the per-user systemd slice unit user-$UID.slice. See systemd.resource-control5 - for further details. + for further details. + + @@ -625,7 +703,9 @@ subvolume, cifs. For details about these mechanisms, see above. If a new home directory is created and the storage type is not specifically specified, homed.conf5 - defines which default storage to use. + defines which default storage to use. + + @@ -639,7 +719,9 @@ cifs storage mechanism. To use LUKS2 storage on a regular block device (for example a USB stick) pass the path to the block device here. Specifying the path to a directory here when using LUKS2 storage is not allowed. Similar, specifying the path to a regular file or device - node is not allowed if any of the other storage backends are used. + node is not allowed if any of the other storage backends are used. + + @@ -650,7 +732,9 @@ directories in memory (and accessible) after logout. This option is also supported on other backends, but should not bring any benefit there. Defaults to off, except if the selected storage backend is fscrypt, where it defaults to on. Note that flushing OS caches will negatively influence performance - of the OS shortly after logout. + of the OS shortly after logout. + + @@ -661,7 +745,9 @@ xfs. If not specified homed.conf5 defines which default file system type to use. Note that xfs is not recommended as - its support for file system resizing is too limited. + its support for file system resizing is too limited. + + @@ -675,7 +761,9 @@ home directories which results in I/O errors if the underlying file system runs full while the upper file system wants to allocate a block. Such I/O errors are generally not handled well by file systems nor applications. When LUKS2 storage is used on top of regular block devices (instead of on top a - loopback file) the discard logic defaults to on. + loopback file) the discard logic defaults to on. + + @@ -685,7 +773,9 @@ system. However, while controls what happens when the home directory is active, controls what happens when it becomes inactive, i.e. whether to trim/allocate the storage when deactivating the home directory. This option defaults - to on, to ensure disk space is minimized while a user is not logged in. + to on, to ensure disk space is minimized while a user is not logged in. + + @@ -693,7 +783,9 @@ Takes a string containing additional mount options to use when mounting the LUKS volume. If specified, this string will be appended to the default, built-in mount - options. + options. + + @@ -736,7 +828,9 @@ configured size, but while deactivated it is compacted taking up only the minimal space possible. Note that if the system is powered off abnormally or if the user otherwise not logged out cleanly the shrinking operation will not take place, and the user has to re-login/logout again before it is - executed again. + executed again. + + @@ -754,7 +848,9 @@ off no automatic free space distribution is done for this home area. Note that resizing the home area explicitly (with homectl resize see below) will implicitly turn off the automatic rebalancing. To reenable the automatic rebalancing use - with an empty parameter. + with an empty parameter. + + @@ -766,7 +862,9 @@ noexec mount options for the home directories. By default nodev and nosuid are on, while noexec is off. For details about these mount options see mount8. + project='man-pages'>mount8. + + @@ -794,7 +892,9 @@ logind.conf5 (for home directories of LUKS2 storage located on removable media this defaults to 0 though). A longer time makes sure quick, repetitive logins are more efficient as the user's service manager doesn't - have to be started every time. + have to be started every time. + + @@ -802,7 +902,9 @@ Configures whether to kill all processes of the user on logout. The default is configured in - logind.conf5. + logind.conf5. + + @@ -810,7 +912,9 @@ Takes a boolean argument. Configures whether the graphical UI of the system should automatically log this user in if possible. Defaults to off. If less or more than one user is marked - this way automatic login is disabled. + this way automatic login is disabled. + + @@ -829,7 +933,9 @@ systemd-homed.service. This command is also executed if none is specified on the command line. (Note that the list of users shown by this command does not include users managed by other subsystems, such as system users or any traditional users listed in - /etc/passwd.) + /etc/passwd.) + + @@ -846,14 +952,18 @@ mechanism. If the LUKS2 mechanism is used, this generally involves: inquiring the user for a password, setting up a loopback device, validating and activating the LUKS2 volume, checking the file system, mounting the file system, and potentially changing the ownership of all included files to the - correct UID/GID. + correct UID/GID. + + deactivate USER [USER…] Deactivate one or more home directories. This undoes the effect of - activate. + activate. + + @@ -863,7 +973,9 @@ information about the home directory and its user account, including runtime data such as current state, disk use and similar. Combine with to show the detailed JSON user record instead, possibly combined with to suppress certain aspects - of the output. + of the output. + + @@ -872,7 +984,9 @@ Validate authentication credentials of a home directory. This queries the caller for a password (or similar) and checks that it correctly unlocks the home directory. This leaves the home directory in the state it is in, i.e. it leaves the home directory in inactive state if it was - inactive before, and in active state if it was active before. + inactive before, and in active state if it was active before. + + @@ -884,7 +998,9 @@ and its user accounts. The specified user name should follow the strict syntax described on User/Group Name Syntax. + url="https://systemd.io/USER_NAMES">User/Group Name Syntax. + + @@ -892,7 +1008,9 @@ Remove a home directory/user account. This will remove both the home directory's user record and the home directory itself, and thus delete all files and directories owned by the - user. + user. + + @@ -905,13 +1023,17 @@ Note that changes to user records not signed by a cryptographic private key available locally are not permitted, unless is used with a user record that is already - correctly signed by a recognized private key. + correctly signed by a recognized private key. + + passwd USER - Change the password of the specified home directory/user account. + Change the password of the specified home directory/user account. + + @@ -930,7 +1052,9 @@ usual suffixes B, K, M, G, T (to the base of 1024). The special strings min and max may be specified in place of a numeric size value, for minimizing or maximizing disk space assigned to the home area, taking constraints of the file system, disk usage inside - the home area and on the backing storage into account. + the home area and on the backing storage into account. + + @@ -941,7 +1065,9 @@ home directory is unlocked again (i.e. re-authenticated). This functionality is primarily intended to be used during system suspend to make sure the user's data cannot be accessed until the user re-authenticates on resume. This operation is only defined for home directories that use the LUKS2 - storage mechanism. + storage mechanism. + + @@ -949,7 +1075,9 @@ Resume access to the user's home directory again, undoing the effect of lock above. This requires authentication of the user, as the cryptographic keys - required for access to the home directory need to be reacquired. + required for access to the home directory need to be reacquired. + + @@ -958,7 +1086,9 @@ Execute the lock command on all suitable home directories at once. This operation is generally executed on system suspend (i.e. by systemctl suspend and related commands), to ensure all active user's cryptographic keys for accessing - their home directories are removed from memory. + their home directories are removed from memory. + + @@ -967,7 +1097,9 @@ Execute the deactivate command on all active home directories at once. This operation is generally executed on system shut down (i.e. by systemctl poweroff and related commands), to ensure all active user's home directories are fully - deactivated before /home/ and related file systems are unmounted. + deactivated before /home/ and related file systems are unmounted. + + @@ -977,7 +1109,9 @@ caller's identity, not the specified user's) and deactivate the home directory afterwards again (unless the user is logged in otherwise). This command is useful for running privileged backup scripts and such, but requires authentication with the user's credentials in order to be able to - unlock the user's home directory. + unlock the user's home directory. + + @@ -989,7 +1123,9 @@ will only complete once disk space is rebalanced according to the rebalancing weights. Note that rebalancing also takes place automatically in the background in regular intervals. Use this command to synchronously ensure disk space is properly redistributed before initiating an operation requiring - large amounts of disk space. + large amounts of disk space. + + diff --git a/man/homed.conf.xml b/man/homed.conf.xml index 7e99aa6191..acc5f5f176 100644 --- a/man/homed.conf.xml +++ b/man/homed.conf.xml @@ -57,7 +57,9 @@ to luks. Otherwise defaults to subvolume if /home/ is on a btrfs file system, and directory otherwise. Note that the storage selected on the homectl command line always takes - precedence. + precedence. + + @@ -67,7 +69,9 @@ ext4 or xfs. If not specified defaults to btrfs. This setting has no effect if a different storage mechanism is used. The file system type selected on the homectl command line always takes - precedence. + precedence. + + diff --git a/man/hostnamectl.xml b/man/hostnamectl.xml index 49bad01ded..bb7c0b6e10 100644 --- a/man/hostnamectl.xml +++ b/man/hostnamectl.xml @@ -84,7 +84,9 @@ The static and transient hostnames must each be either a single DNS label (a string composed of 7-bit ASCII lower-case characters and no spaces or dots, limited to the format allowed for DNS domain name labels), or a sequence of such labels separated by single dots that forms a valid DNS FQDN. The - hostname must be at most 64 characters, which is a Linux limitation (DNS allows longer names). + hostname must be at most 64 characters, which is a Linux limitation (DNS allows longer names). + + @@ -96,7 +98,9 @@ graphical applications to visualize this host. The icon name should follow the Icon - Naming Specification. + Naming Specification. + + @@ -119,6 +123,8 @@ vm and container for virtualized systems that lack an immediate physical chassis. + + @@ -135,6 +141,8 @@ staging, production. + + @@ -149,6 +157,8 @@ location of the system, if it is known and applicable. This may be as generic as Berlin, Germany or as specific as Left Rack, 2nd Shelf. + + @@ -164,7 +174,9 @@ Do not query the user for authentication for - privileged operations. + privileged operations. + + @@ -176,7 +188,9 @@ switches is specified, hostnamectl will print out just this selected hostname. If used with hostname, only the selected hostnames will be updated. When more - than one of these switches are specified, all the specified hostnames will be updated. + than one of these switches are specified, all the specified hostnames will be updated. + + diff --git a/man/integritytab.xml b/man/integritytab.xml index 12ec2933a9..a4b18af300 100644 --- a/man/integritytab.xml +++ b/man/integritytab.xml @@ -69,7 +69,9 @@ Allow the use of discard (TRIM) requests for the device. This option is available since the Linux kernel version 5.7. - + + + @@ -83,7 +85,9 @@ the dm-integrity documentation. Note that without a journal, if there is a crash, it is possible that the integrity tags and data will not match. If used, the journal-* options below will have no effect if passed. - + + + @@ -92,7 +96,9 @@ Journal watermark in percent. When the journal percentage exceeds this watermark, the journal flush will be started. Setting a value of "0%" uses default value. - + + + @@ -101,7 +107,9 @@ Commit time in milliseconds. When this time passes (and no explicit flush operation was issued), the journal is written. Setting a value of zero uses default value. - + + + @@ -111,7 +119,9 @@ Specify a separate block device that contains existing data. The second field specified in the integritytab for block device then will contain calculated integrity tags and journal for data-device, but not the end user data. - + + + @@ -119,7 +129,9 @@ The algorithm used for integrity checking. The default is crc32c. Must match option used during format. - + + + diff --git a/man/iocost.conf.xml b/man/iocost.conf.xml index be74244267..a7fdc66c86 100644 --- a/man/iocost.conf.xml +++ b/man/iocost.conf.xml @@ -58,7 +58,9 @@ attached to the devices. If a device does not have the specified solution, the first one listed in IOCOST_SOLUTIONS is used instead. - E.g. TargetSolution=isolated-bandwidth. + E.g. TargetSolution=isolated-bandwidth. + + diff --git a/man/journal-remote.conf.xml b/man/journal-remote.conf.xml index 56992369ac..a5a5b56ec3 100644 --- a/man/journal-remote.conf.xml +++ b/man/journal-remote.conf.xml @@ -56,32 +56,42 @@ Seal= Periodically sign the data in the journal using Forward Secure Sealing. - + + + SplitMode= One of host or none. - + + + ServerKeyFile= - SSL key in PEM format. + SSL key in PEM format. + + ServerCertificateFile= - SSL certificate in PEM format. + SSL certificate in PEM format. + + TrustedCertificateFile= - SSL CA certificate. + SSL CA certificate. + + @@ -108,7 +118,9 @@ this limit is reached; active files will stay around. This means that, in effect, there might still be more journal files around in total than this limit after a vacuuming operation is - complete. + complete. + + diff --git a/man/journal-upload.conf.xml b/man/journal-upload.conf.xml index a1caae1982..1bc7f082cc 100644 --- a/man/journal-upload.conf.xml +++ b/man/journal-upload.conf.xml @@ -53,25 +53,33 @@ of option in systemd-journal-upload8 for the description of possible values. There is no default value, so either this - option or the command-line option must be always present to make an upload. + option or the command-line option must be always present to make an upload. + + ServerKeyFile= - SSL key in PEM format. + SSL key in PEM format. + + ServerCertificateFile= - SSL CA certificate in PEM format. + SSL CA certificate in PEM format. + + TrustedCertificateFile= - SSL CA certificate. + SSL CA certificate. + + @@ -82,7 +90,9 @@ not reachable over the network for the configured time, systemd-journal-upload exits. Takes a value in seconds (or in other time units if suffixed with "ms", "min", "h", etc). For details, see systemd.time5. - + + + diff --git a/man/journalctl.xml b/man/journalctl.xml index d6f2278983..ebd92a71fe 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -434,7 +434,9 @@ Truncate each log message at the first newline character on output, so that only the - first line of each message is displayed. + first line of each message is displayed. + + @@ -453,7 +455,9 @@ as for but includes the time difference to the previous entry. - Maybe unreliable time differences are marked by a *. + Maybe unreliable time differences are marked by a *. + + diff --git a/man/journald.conf.xml b/man/journald.conf.xml index 2642872407..df263447c6 100644 --- a/man/journald.conf.xml +++ b/man/journald.conf.xml @@ -98,6 +98,8 @@ Note that per-user journal files are not supported unless persistent storage is enabled, thus making journalctl --user unavailable. + + @@ -125,7 +127,9 @@ url="https://eprint.iacr.org/2013/397">Seekable Sequential Key Generators by G. A. Marson and B. Poettering (doi:10.1007/978-3-642-40203-6_7) and may be used to protect - journal files from unnoticed alteration. + journal files from unnoticed alteration. + + @@ -142,7 +146,9 @@ instead stored in the single system journal. In this mode unprivileged users generally do not have access to their own log data. Note that splitting up journal files by user is only available for journals stored persistently. If journals are stored on volatile storage (see Storage= above), only a single - journal file is used. Defaults to uid. + journal file is used. Defaults to uid. + + @@ -314,7 +320,9 @@ month, week, day, h or m to override the default time unit of - seconds. + seconds. + + @@ -334,7 +342,9 @@ month, week, day, h or m to override the default time unit of - seconds. + seconds. + + @@ -346,7 +356,9 @@ immediately after a log message of priority CRIT, ALERT or EMERG has been logged. This setting hence applies only to messages of the levels ERR, WARNING, NOTICE, INFO, DEBUG. The - default timeout is 5 minutes. + default timeout is 5 minutes. + + @@ -420,7 +432,9 @@ Takes a boolean value. If enabled systemd-journal processes /dev/kmsg messages generated by the kernel. In the default journal namespace - this option is enabled by default, it is disabled in all others. + this option is enabled by default, it is disabled in all others. + + @@ -437,6 +451,8 @@ to prevent systemd-journald from collecting the generated messages, the socket unit systemd-journald-audit.socket can be disabled and in this case this setting is without effect. + + @@ -445,7 +461,9 @@ Change the console TTY to use if ForwardToConsole=yes is used. Defaults to - /dev/console. + /dev/console. + + @@ -463,7 +481,9 @@ bytes. If the value is suffixed with K, M, G or T, the specified size is parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Defaults to 48K, which is relatively large but still small enough so that log records likely fit into network datagrams along with extra room for - metadata. Note that values below 79 are not accepted and will be bumped to 79. + metadata. Note that values below 79 are not accepted and will be bumped to 79. + + diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml index d15b4bf3fc..0b6d31817b 100644 --- a/man/kernel-command-line.xml +++ b/man/kernel-command-line.xml @@ -103,6 +103,8 @@ Additional parameters understood by systemd-run-generator8, to run a command line specified on the kernel command line as system service after booting up. + + @@ -113,6 +115,8 @@ takes over. This parameter allows specifying an absolute path where core dump files should be stored until a handler is installed. The path should be absolute and may contain specifiers, see core5 for details. + + @@ -126,6 +130,8 @@ and systemd-rfkill.service8. + + @@ -151,6 +157,8 @@ systemd-volatile-root.service8 and systemd-fstab-generator8. + + @@ -161,6 +169,8 @@ and service manager to control console log verbosity. For details, see systemd1. + + @@ -171,6 +181,8 @@ and service manager to control console log verbosity. For details, see systemd1. + + @@ -215,6 +227,8 @@ manager to control locale and language settings. For details, see systemd1. + + @@ -236,6 +250,8 @@ Parameter understood by the file quota checker service. For details, see systemd-quotacheck.service8. + + @@ -295,6 +311,8 @@ May be used to disable the Plymouth boot splash. For details, see plymouth8. + + @@ -327,6 +345,8 @@ Configures the /etc/fstab logic at boot. For details, see systemd-fstab-generator8. + + @@ -360,6 +380,8 @@ Configures the /usr file system (if required) and its file system type and mount options. For details, see systemd-fstab-generator8. + + @@ -390,6 +412,8 @@ Configures whether the serial-getty@.service will run. For details, see systemd-getty-generator8. + + @@ -400,6 +424,8 @@ Configures whether GPT-based partition auto-discovery shall be attempted. For details, see systemd-gpt-auto-generator8. + + @@ -411,7 +437,9 @@ policy string to apply, as per systemd.image-policy7. For details see - systemd-gpt-auto-generator8. + systemd-gpt-auto-generator8. + + @@ -421,6 +449,8 @@ Overrides the default start job timeout DefaultTimeoutStartSec= at boot. For details, see systemd-system.conf5. + + @@ -431,6 +461,8 @@ Overrides the default device timeout DefaultDeviceTimeoutSec= at boot. For details, see systemd-system.conf5. + + @@ -440,6 +472,8 @@ Overrides the watchdog device path WatchdogDevice=. For details, see systemd-system.conf5. + + @@ -453,6 +487,8 @@ implicitly assumed time unit) or the special strings off or default. For details, see systemd-system.conf5. + + @@ -465,6 +501,8 @@ implicitly assumed time unit) or the special strings off or default. For details, see systemd-system.conf5. + + @@ -475,6 +513,8 @@ Overrides the watchdog pre-timeout settings otherwise configured with RuntimeWatchdogPreGovernor=. Takes a string value. For details, see systemd-system.conf5. + + @@ -486,6 +526,8 @@ processes it forks. This takes precedence over CPUAffinity=, see systemd-system.conf5 for details. + + @@ -497,6 +539,8 @@ Load a specific kernel module early at boot. For details, see systemd-modules-load.service8. + + @@ -506,7 +550,9 @@ Configures DNS server information and search domains, see systemd-resolved.service8 - for details. + for details. + + @@ -531,7 +577,9 @@ the relevant settings are not initialized yet. Not to be confused with systemd.condition-first-boot= (see below), which overrides the result of the ConditionFirstBoot= unit file condition, and thus controls more than just - systemd-firstboot.service behaviour. + systemd-firstboot.service behaviour. + + @@ -540,7 +588,9 @@ Takes a boolean argument. If specified, overrides the result of ConditionNeedsUpdate= unit condition checks. See systemd.unit5 for - details. + details. + + @@ -551,7 +601,9 @@ systemd.unit5 for details. Not to be confused with systemd.firstboot= which only controls behaviour of the systemd-firstboot.service system service but has no effect on the - condition check (see above). + condition check (see above). + + @@ -559,7 +611,9 @@ Takes a decimal, numeric timestamp in μs since January 1st 1970, 00:00am, to set the system clock to. The system time is set to the specified timestamp early during boot. It is not - propagated to the hardware clock (RTC). + propagated to the hardware clock (RTC). + + @@ -583,6 +637,8 @@ Again: do not use this option outside of testing environments, it's a security risk elsewhere, as secret key material derived from the entropy pool can possibly be reconstructed by unprivileged programs. + + @@ -591,7 +647,9 @@ Accepts a hostname to set during early boot. If specified takes precedence over what is set in /etc/hostname. Note that this does not bar later runtime changes to - the hostname, it simply controls the initial hostname set during early boot. + the hostname, it simply controls the initial hostname set during early boot. + + @@ -605,7 +663,9 @@ configure the $TERM value used by systemd if not set explicitly using TERM on the kernel command line. The tty name should be specified without the /dev/ prefix (e.g. systemd.tty.rows.ttyS0=80). - + + + @@ -618,7 +678,9 @@ systemd 252 Kernel command-line arguments systemd.unified_cgroup_hierarchy and systemd.legacy_systemd_cgroup_controller were deprecated. Please switch to - the unified cgroup hierarchy. + the unified cgroup hierarchy. + + diff --git a/man/kernel-install.xml b/man/kernel-install.xml index fd9f4f1c45..797e78f291 100644 --- a/man/kernel-install.xml +++ b/man/kernel-install.xml @@ -129,6 +129,8 @@ If $KERNEL_INSTALL_LAYOUT is not "uki", this plugin does nothing. + + @@ -156,6 +158,8 @@ 90-uki-copy.install removes the file $BOOT/EFI/Linux/ENTRY-TOKEN-KERNEL-VERSION.efi. + + @@ -164,6 +168,8 @@ Shows the various paths and parameters configured or auto-detected. In particular shows the values of the various $KERNEL_INSTALL_* environment variables listed below. + + @@ -199,6 +205,8 @@ the entry token, and is placed immediately below the boot root directory. When auto, the directory is created or removed only when the install layout is bls. Defaults to auto. + + @@ -241,6 +249,8 @@ installations of the same OS would try to use the same entry name. To support parallel installations, the installer must use a different entry token when adding a second installation. + + @@ -249,6 +259,8 @@ Output additional information about operations being performed. + + @@ -324,6 +336,8 @@ unified kernel images under $BOOT/EFI/Linux as $BOOT/EFI/Linux/ENTRY-TOKEN-KERNEL-VERSION[+TRIES].efi. Implemented by 90-uki-copy.install. + + @@ -341,6 +355,8 @@ $BOOT/ENTRY-TOKEN exists, or otherwise. Leaving layout blank has the same effect. This is the default. + + @@ -395,6 +411,8 @@ Drop-in files which are executed by kernel-install. + + @@ -409,6 +427,8 @@ does not exist, /usr/lib/kernel/cmdline is used. If that also does not exist, /proc/cmdline is used. $KERNEL_INSTALL_CONF_ROOT may be used to override the path. + + @@ -426,6 +446,8 @@ systemd-boot7 which implement boot attempt counting with a counter embedded in the entry file name. $KERNEL_INSTALL_CONF_ROOT may be used to override the path. + + @@ -437,6 +459,8 @@ naming Boot Loader Specification entries, see $KERNEL_INSTALL_ENTRY_TOKEN above for details. $KERNEL_INSTALL_CONF_ROOT may be used to override the path. + + @@ -446,6 +470,8 @@ The content of this file specifies the machine identification MACHINE-ID. + + @@ -457,6 +483,8 @@ Read by 90-loaderentry.install. If available, PRETTY_NAME= is read from these files and used as the title of the boot menu entry. Otherwise, Linux KERNEL-VERSION will be used. + + @@ -481,6 +509,8 @@ initrd_generator=, uki_generator=. See the Environment variables section above for details. + + @@ -491,6 +521,8 @@ Ini-style configuration file for ukify1 which is only effective when $KERNEL_INSTALL_LAYOUT or layout= in install.conf is set to and $KERNEL_INSTALL_UKI_GENERATOR or uki_generator= in install.conf is set to . $KERNEL_INSTALL_CONF_ROOT may be used to override the path. + + diff --git a/man/loader.conf.xml b/man/loader.conf.xml index dbbc4b4f5d..1c71a9b7de 100644 --- a/man/loader.conf.xml +++ b/man/loader.conf.xml @@ -117,7 +117,9 @@ glob7, but do not support all features. In particular, set negation and named character classes are not supported. The matching is done case-insensitively on the entry ID (as shown by bootctl - list). + list). + + @@ -132,6 +134,8 @@ is shown and the default entry will be booted immediately. The menu can be shown by pressing and holding a key before systemd-boot is launched. Setting this to menu-force disables the timeout while always showing the menu. + + @@ -147,6 +151,8 @@ 0 Standard UEFI 80x25 mode + + @@ -154,6 +160,8 @@ 1 80x50 mode, not supported by all devices + + @@ -162,6 +170,8 @@ the first non-standard mode provided by the device firmware, if any + + @@ -169,6 +179,8 @@ auto Pick a suitable mode automatically using heuristics + + @@ -176,6 +188,8 @@ max Pick the highest-numbered available mode + + @@ -183,10 +197,14 @@ keep Keep the mode selected by firmware (the default) + + + + @@ -195,7 +213,9 @@ Takes a boolean argument. Enable (the default) or disable the editor. The editor should be disabled if the machine can be accessed by - unauthorized persons. + unauthorized persons. + + @@ -204,7 +224,9 @@ Takes a boolean argument. Enable (the default) or disable entries for other boot entries found on the boot partition. In particular, this may be useful when loader entries are created to show replacement - descriptions for those entries. + descriptions for those entries. + + @@ -212,14 +234,18 @@ A boolean controlling the presence of the "Reboot into firmware" entry (enabled by default). If this is disabled, the firmware interface may still be reached - by using the f key. + by using the f key. + + beep Takes a boolean argument. If timeout enabled beep every second, otherwise beep n times when n-th entry in boot menu is selected (default disabled). - Currently, only x86 is supported, where it uses the PC speaker. + Currently, only x86 is supported, where it uses the PC speaker. + + @@ -231,26 +257,34 @@ - No action is taken. + No action is taken. + + Boot entries for found secure boot keys are created that allow manual - enrollment. + enrollment. + + Same behavior as , but will try to automatically enroll the key auto if it is considered to be safe. Currently, this is only - the case if the system is running inside a virtual machine. + the case if the system is running inside a virtual machine. + + Always enroll the auto key if found. Note that a warning - message with a timeout will still be shown if this operation is unknown to be safe. + message with a timeout will still be shown if this operation is unknown to be safe. + + @@ -307,7 +341,9 @@ sbvarsign --attr ${attr} --key KEK.key --cert KEK.crt --output db.auth db db.esl keys being loaded, some files necessary for the system to function properly still won't be. This is especially the case with Option ROMs (e.g. for storage controllers or graphics cards). See Secure Boot and Option ROMs - for more details. + for more details. + + @@ -332,7 +368,9 @@ sbvarsign --attr ${attr} --key KEK.key --cert KEK.crt --output db.auth db db.esl When Secure Boot is enabled, changing this to PCRs 0,2,7,11 should be safe. The TPM key protector needs to be removed and then added back for the PCRs on an already encrypted drive to change. If PCR 4 is not measured, this setting can be disabled to speed - up booting into Windows. + up booting into Windows. + + diff --git a/man/localectl.xml b/man/localectl.xml index 617922ebd5..f9ef2ed4c7 100644 --- a/man/localectl.xml +++ b/man/localectl.xml @@ -84,7 +84,9 @@ locale7 for details on the available settings and their meanings. Use list-locales for a list of available - locales (see below). + locales (see below). + + @@ -158,7 +160,9 @@ Do not query the user for authentication for - privileged operations. + privileged operations. + + @@ -168,7 +172,9 @@ set-x11-keymap is invoked and this option is passed, then the keymap will not be converted from the console to X11, or X11 to console, - respectively. + respectively. + + diff --git a/man/loginctl.xml b/man/loginctl.xml index 792166300d..e7ca4d6e97 100644 --- a/man/loginctl.xml +++ b/man/loginctl.xml @@ -63,7 +63,9 @@ the caller's session is shown. This function is intended to generate human-readable output. If you are looking for computer-parsable output, use show-session - instead. + instead. + + @@ -78,7 +80,9 @@ . This command is intended to be used whenever computer-parsable output is required. Use session-status if you are looking for - formatted human-readable output. + formatted human-readable output. + + @@ -88,7 +92,9 @@ the foreground if another session is currently in the foreground on the respective seat. Takes a session identifier as argument. If no argument is specified, the session of the - caller is put into foreground. + caller is put into foreground. + + @@ -99,7 +105,9 @@ or more sessions, if the session supports it. Takes one or more session identifiers as arguments. If no argument is specified, the session of the caller is locked/unlocked. - + + + @@ -115,7 +123,9 @@ Terminates a session. This kills all processes of the session and deallocates all resources attached to the session. If the argument is specified as empty string the session invoking - the command is terminated. + the command is terminated. + + @@ -124,7 +134,9 @@ Send a signal to one or more processes of the session. Use to select which process to kill. Use to select the signal to send. If the argument is specified as empty string the signal is sent to the - session invoking the command. + session invoking the command. + + @@ -146,7 +158,9 @@ is shown for the user of the session of the caller. This function is intended to generate human-readable output. If you are looking for computer-parsable output, use - show-user instead. + show-user instead. + + @@ -161,7 +175,9 @@ . This command is intended to be used whenever computer-parsable output is required. Use user-status if you are looking for - formatted human-readable output. + formatted human-readable output. + + @@ -178,7 +194,9 @@ See also KillUserProcesses= setting in logind.conf5. - + + + @@ -186,7 +204,9 @@ Terminates all sessions of a user. This kills all processes of all sessions of the user and deallocates all runtime resources attached to the user. If the argument is specified as - empty string the sessions of the user invoking the command are terminated. + empty string the sessions of the user invoking the command are terminated. + + @@ -194,7 +214,9 @@ Send a signal to all processes of a user. Use to select the signal to send. If the argument is specified as empty string the signal is sent to the sessions - of the user invoking the command. + of the user invoking the command. + + @@ -215,7 +237,9 @@ session's seat is shown. This function is intended to generate human-readable output. If you are looking for computer-parsable output, use show-seat - instead. + instead. + + @@ -230,7 +254,9 @@ . This command is intended to be used whenever computer-parsable output is required. Use seat-status if you are looking for - formatted human-readable output. + formatted human-readable output. + + @@ -245,7 +271,9 @@ prefixed with seat. To drop assignment of a device to a specific seat, just reassign it to a different seat, or use flush-devices. - + + + @@ -262,7 +290,9 @@ Terminates all sessions on a seat. This kills all processes of all sessions on the seat and deallocates all - runtime resources attached to them. + runtime resources attached to them. + + @@ -299,7 +329,9 @@ When showing session/user/seat properties, only print the value, and skip the property name and - =. + =. + + @@ -327,7 +359,9 @@ kill. Must be one of , or to select whether to kill only the leader process of the session or all processes of the session. If - omitted, defaults to . + omitted, defaults to . + + @@ -352,6 +386,8 @@ and session-status, controls the number of journal lines to show, counting from the most recent ones. Takes a positive integer argument. Defaults to 10. + + @@ -364,7 +400,9 @@ of the journal entries that are shown. For the available choices, see journalctl1. - Defaults to short. + Defaults to short. + + diff --git a/man/logind.conf.xml b/man/logind.conf.xml index 9682add08c..9fa7e1f5cb 100644 --- a/man/logind.conf.xml +++ b/man/logind.conf.xml @@ -89,7 +89,9 @@ getty is always available. Defaults to 6 (in other words, there will always be a getty available on Alt-F6.). When set to 0, - VT reservation is disabled. + VT reservation is disabled. + + @@ -160,6 +162,8 @@ idle inhibitor lock is active, and subsequently, the time configured with IdleActionSec= (see below) has expired. + + @@ -168,7 +172,9 @@ Configures the delay after which the action configured in IdleAction= (see above) is - taken after the system is idle. + taken after the system is idle. + + @@ -189,7 +195,9 @@ service is terminated immediately when the last session of the user has ended. If this option is configured to non-zero rapid logout/login cycles are sped up, as the user's service manager is not constantly restarted. If set to infinity the per-user service for a user is never terminated again after first login, - and continues to run until system shutdown. Defaults to 10s. + and continues to run until system shutdown. Defaults to 10s. + + @@ -287,7 +295,9 @@ kernel fully probed all hotplugged devices. This is safe, as long as you do not care for systemd to account for devices that have been plugged or unplugged while the system was off. - Defaults to 30s. + Defaults to 30s. + + @@ -302,7 +312,9 @@ limit relative to the amount of physical RAM. Defaults to 10%. Note that this size is a safety limit only. As each runtime directory is a tmpfs file system, it will only consume as much - memory as is needed. + memory as is needed. + + @@ -315,14 +327,18 @@ Defaults to RuntimeDirectorySize= divided by 4096. Note that this size is a safety limit only. As each runtime directory is a tmpfs file system, it will - only consume as much memory as is needed. + only consume as much memory as is needed. + + InhibitorsMax= Controls the maximum number of concurrent inhibitors to permit. Defaults to 8192 - (8K). + (8K). + + @@ -331,7 +347,9 @@ Controls the maximum number of concurrent user sessions to manage. Defaults to 8192 (8K). Depending on how the pam_systemd.so module is included in the PAM stack configuration, further login sessions will either be refused, or permitted but not tracked by - systemd-logind. + systemd-logind. + + @@ -341,7 +359,9 @@ user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users - are excluded from the effect of this setting. Defaults to yes. + are excluded from the effect of this setting. Defaults to yes. + + @@ -353,7 +373,9 @@ (systemd-logind is not checking the idle state of sessions). For details about the syntax of time spans, see systemd.time7. - + + + diff --git a/man/machine-info.xml b/man/machine-info.xml index bae5e4beb3..1b265310a9 100644 --- a/man/machine-info.xml +++ b/man/machine-info.xml @@ -104,7 +104,9 @@ Note that most systems allow detection of the chassis type automatically (based on firmware information or suchlike). This setting should only be used to override a misdetection or to manually - configure the chassis type where automatic detection is not available. + configure the chassis type where automatic detection is not available. + + @@ -116,7 +118,9 @@ integration, staging, production. - + + + @@ -126,7 +130,9 @@ and known. Takes a human-friendly, free-form string. This may be as generic as Berlin, Germany or as specific as Left Rack, 2nd Shelf. - + + + @@ -134,7 +140,9 @@ Specifies the hardware vendor. If unspecified, the hardware vendor set in DMI or hwdb7 will be - used. + used. + + @@ -142,7 +150,9 @@ Specifies the hardware model. If unspecified, the hardware model set in DMI or hwdb7 will be - used. + used. + + diff --git a/man/machinectl.xml b/man/machinectl.xml index 39fa748d98..12a4766a14 100644 --- a/man/machinectl.xml +++ b/man/machinectl.xml @@ -111,7 +111,9 @@ instead. Note that the log data shown is reported by the virtual machine or container manager, and frequently contains console output of the machine, but not necessarily journal - contents of the machine itself. + contents of the machine itself. + + @@ -123,7 +125,9 @@ to show those too. To select specific properties to show, use . This command is intended to be used whenever computer-parsable output is required, and does not print the control group tree or journal entries. Use status if you - are looking for formatted human-readable output. + are looking for formatted human-readable output. + + @@ -155,7 +159,9 @@ To interactively start a container on the command line with full access to the container's console, please invoke systemd-nspawn directly. To stop a running - container use machinectl poweroff. + container use machinectl poweroff. + + @@ -180,7 +186,9 @@ systemd-run1 with the switch to directly invoke a single command, either interactively or in the - background. + background. + + @@ -223,7 +231,9 @@ systemd-run's switch to acquire an interactive shell, similarly to machinectl shell. In general, systemd-run is preferable for scripting purposes. However, note that systemd-run might require - higher privileges than machinectl shell. + higher privileges than machinectl shell. + + @@ -238,7 +248,9 @@ This command implicitly reloads the system manager configuration after completing the operation. Note that this command does not implicitly start or power off the containers that are being operated on. - If this is desired, combine the command with the switch. + If this is desired, combine the command with the switch. + + @@ -253,7 +265,9 @@ init system, such as sysvinit. Use terminate (see below) to immediately terminate a container or VM, without cleanly shutting it - down. + down. + + @@ -263,7 +277,9 @@ trigger a reboot by sending SIGINT to the container's init process, which is roughly equivalent to pressing Ctrl+Alt+Del on a non-containerized system, and is compatible with - containers running any system manager. + containers running any system manager. + + @@ -274,7 +290,9 @@ processes of the virtual machine or container and deallocates all resources attached to that instance. Use poweroff to issue a clean shutdown - request. + request. + + @@ -285,7 +303,9 @@ the host, not the processes inside the virtual machine or container. Use to select which process to kill. Use to select the - signal to send. + signal to send. + + @@ -300,7 +320,9 @@ systemd-nspawn1 containers, and only if user namespacing () is not used. This command supports bind mounting directories, regular files, device nodes, AF_UNIX socket nodes, as well as - FIFOs. + FIFOs. + + @@ -314,7 +336,9 @@ If host and container share the same user and group namespace, file ownership by numeric user ID and group ID is preserved for the copy, otherwise all files and directories in the copy will be owned by the root - user and group (UID/GID 0). + user and group (UID/GID 0). + + @@ -328,7 +352,9 @@ If host and container share the same user and group namespace, file ownership by numeric user ID and group ID is preserved for the copy, otherwise all files and directories in the copy will be owned by the root - user and group (UID/GID 0). + user and group (UID/GID 0). + + @@ -347,7 +373,9 @@ (.) are not shown. To show these too, specify . Note that a special image .host always implicitly exists and refers - to the image the host itself is booted from. + to the image the host itself is booted from. + + @@ -357,7 +385,9 @@ more container or VM images. This function is intended to generate human-readable output. Use show-image (see below) to generate - computer-parsable output instead. + computer-parsable output instead. + + @@ -373,7 +403,9 @@ . This command is intended to be used whenever computer-parsable output is required. Use image-status if you are looking for - formatted human-readable output. + formatted human-readable output. + + @@ -382,13 +414,17 @@ Edit the settings file of the specified machines. For the format of the settings file, refer to systemd.nspawn5. If an existing settings file of the given machine can't be found, edit automatically - create a new settings file from scratch under /etc/ + create a new settings file from scratch under /etc/ + + cat NAME|FILE - Show the settings file of the specified machines. + Show the settings file of the specified machines. + + @@ -407,7 +443,9 @@ change them in the copy. If combined with the switch a read-only cloned image is - created. + created. + + @@ -415,7 +453,9 @@ Renames a container or VM image. The arguments specify the name of the image to rename and the new - name of the image. + name of the image. + + @@ -424,7 +464,9 @@ Marks or (unmarks) a container or VM image read-only. Takes a VM or container image name, followed by a boolean as arguments. If the boolean is omitted, positive is - implied, i.e. the image is marked read-only. + implied, i.e. the image is marked read-only. + + @@ -433,7 +475,9 @@ Removes one or more container or VM images. The special image .host, which refers to the host's own directory tree, may not be - removed. + removed. + + @@ -450,7 +494,9 @@ units. If the size limit shall be disabled, specify - as size. - Note that per-container size limits are only supported on btrfs file systems. + Note that per-container size limits are only supported on btrfs file systems. + + @@ -467,7 +513,9 @@ pull-raw usually create hidden, read-only, unmodified machine images from the downloaded image first, before cloning a writable working copy of it, in order to avoid duplicate downloads in case of images that are reused multiple times. Use machinectl clean to remove old, hidden images created this - way. + way. + + @@ -526,7 +574,9 @@ Note that pressing C-c during execution of this command will not abort the download. Use cancel-transfer, described - below. + below. + + @@ -565,7 +615,9 @@ Note that pressing C-c during execution of this command will not abort the download. Use cancel-transfer, described - below. + below. + + @@ -591,7 +643,9 @@ Much like image downloads, ongoing imports may be listed with list-transfers and aborted with - cancel-transfer. + cancel-transfer. + + @@ -600,7 +654,9 @@ Imports a container image stored in a local directory into /var/lib/machines/, operates similarly to import-tar or import-raw, but the first argument is the source directory. If supported, this - command will create a btrfs snapshot or subvolume for the new image. + command will create a btrfs snapshot or subvolume for the new image. + + @@ -626,7 +682,9 @@ Note that, currently, only directory and subvolume images may be exported as TAR images, and only raw disk images as RAW - images. + images. + + @@ -634,7 +692,9 @@ Shows a list of container or VM image downloads, imports and exports that are currently in - progress. + progress. + + @@ -643,7 +703,9 @@ Aborts a download, import or export of the container or VM image with the specified ID. To list ongoing transfers and their IDs, use - list-transfers. + list-transfers. + + @@ -666,7 +728,9 @@ argument should be a property name, such as Name. If specified more than once, all properties with the specified names are - shown. + shown. + + @@ -681,14 +745,18 @@ images beginning in a dot character (.). - When cleaning VM or container images, remove all images, not just hidden ones. + When cleaning VM or container images, remove all images, not just hidden ones. + + When printing properties with show, only print the value, - and skip the property name and =. + and skip the property name and =. + + @@ -697,6 +765,8 @@ Do not ellipsize process tree entries or table. This implies . + + @@ -708,7 +778,9 @@ , or to select whether to kill only the leader process of the machine or all processes of the machine. If omitted, defaults to - . + . + + @@ -720,7 +792,9 @@ open the interactive shell session as. If the argument to the shell command also specifies a user name, this option is ignored. If the name is not specified in either way, root will be used by default. Note that this switch is - not supported for the login command (see below). + not supported for the login command (see below). + + @@ -733,7 +807,9 @@ the same name in the program environment will be used. Note that this option is not supported for the login command. - + + + @@ -742,7 +818,9 @@ When used with bind, creates the destination file or directory before applying the bind mount. Note that even though the name of this option suggests that it is suitable only for directories, this option also creates the destination file node to mount over if the object to mount is not - a directory, but a regular file, device node, socket or FIFO. + a directory, but a regular file, device node, socket or FIFO. + + @@ -751,7 +829,9 @@ When used with bind, creates a read-only bind mount. When used with clone, import-raw or import-tar a - read-only container or VM image is created. + read-only container or VM image is created. + + @@ -762,6 +842,8 @@ controls the number of journal lines to show, counting from the most recent ones. Takes a positive integer argument. Defaults to 10. + + @@ -773,7 +855,9 @@ controls the formatting of the journal entries that are shown. For the available choices, see journalctl1. - Defaults to short. + Defaults to short. + + @@ -792,7 +876,9 @@ strongly recommended to set this option to signature if the server and protocol support this. Defaults to - signature. + signature. + + @@ -803,6 +889,8 @@ the containers will also be started or powered off. The start or poweroff operation is only carried out when the respective enable or disable operation has been successful. + + @@ -812,7 +900,9 @@ When downloading a container or VM image, and a local copy by the specified local machine name already exists, delete it first and replace it by the newly downloaded - image. + image. + + @@ -824,7 +914,9 @@ uncompressed, xz, gzip, bzip2. By default, the format is determined automatically from the image file - name passed. + name passed. + + @@ -833,14 +925,18 @@ When used with the command, limits the number of IP addresses shown for every machine. Defaults to 1. All addresses can be requested with all. If the limit is 0, the address column is not shown. Otherwise, if the machine - has more addresses than shown, follows the last address. + has more addresses than shown, follows the last address. + + - Suppresses additional informational output while running. + Suppresses additional informational output while running. + + @@ -852,7 +948,9 @@ Connect to systemd-machined.service8 running in a local container, to perform the specified operation within - the container. + the container. + + diff --git a/man/networkctl.xml b/man/networkctl.xml index 7d461786d7..9da988923d 100644 --- a/man/networkctl.xml +++ b/man/networkctl.xml @@ -73,30 +73,40 @@ missing the device is missing + + off the device is powered down + + no-carrier the device is powered up, but it does not yet have a carrier + + dormant the device has a carrier, but is not yet ready for normal traffic + + degraded-carrier one of the bonding or bridge slave network interfaces is in off, no-carrier, or dormant state, and the master interface has no address. + + @@ -104,6 +114,8 @@ the link has a carrier, or for bond or bridge master, all bonding or bridge slave network interfaces are enslaved to the master + + @@ -112,12 +124,16 @@ the link has carrier and addresses valid on the local link configured. For bond or bridge master this means that not all slave network interfaces have carrier but at least one does. + + enslaved the link has carrier and is enslaved to bond or bridge master network interface + + @@ -125,6 +141,8 @@ the link has carrier and routable address configured. For bond or bridge master it is not necessary for all slave network interfaces to have carrier, but at least one must. + + @@ -136,46 +154,62 @@ pending udev is still processing the link, we don't yet know if we will manage it + + initialized udev has processed the link, but we don't yet know if we will manage it + + configuring in the process of retrieving configuration or configuring the link + + configured link configured successfully + + unmanaged networkd is not handling the link + + failed networkd failed to manage the link + + linger the link is gone, but has not yet been dropped by networkd + + + + @@ -213,28 +247,38 @@ unknown all links have unknown online status (i.e. there are no required links) + + offline all required links are offline + + partial some, but not all, required links are online + + online all required links are online + + + + @@ -263,6 +307,8 @@ t - Telephone; d - DOCSIS cable device; a - Station; c - Customer VLAN; s - Service VLAN, m - Two-port MAC Relay (TPMR) 1 neighbors listed. + + @@ -289,6 +335,8 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) ::ffff:0.0.0.0/96 4 ::/96 3 ::1/128 0 + + @@ -297,7 +345,9 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) delete DEVICE… - Deletes virtual netdevs. Takes interface name or index number. + Deletes virtual netdevs. Takes interface name or index number. + + @@ -305,7 +355,9 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) up DEVICE… - Bring devices up. Takes interface name or index number. + Bring devices up. Takes interface name or index number. + + @@ -313,7 +365,9 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) down DEVICE… - Bring devices down. Takes interface name or index number. + Bring devices down. Takes interface name or index number. + + @@ -322,7 +376,9 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) DEVICE… Renew dynamic configurations e.g. addresses received from DHCP server. - Takes interface name or index number. + Takes interface name or index number. + + @@ -331,7 +387,9 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) DEVICE… Send a FORCERENEW message to all connected clients, triggering DHCP reconfiguration. - Takes interface name or index number. + Takes interface name or index number. + + @@ -342,7 +400,9 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) Reconfigure network interfaces. Takes interface name or index number. Note that this does not reload .netdev or .network corresponding to the specified interface. So, if you edit config files, it is necessary to call - networkctl reload first to apply new settings. + networkctl reload first to apply new settings. + + @@ -354,7 +414,9 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) Note that even if an existing .netdev is modified or removed, systemd-networkd does not update or remove the netdev. If a new, modified or removed .network file is found, then all interfaces - which match the file are reconfigured. + which match the file are reconfigured. + + @@ -378,7 +440,9 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) Note that the changed link settings are not automatically applied after reloading. To achieve that, trigger uevents for the corresponding interface. Refer to systemd.link5 - for more information. + for more information. + + @@ -387,7 +451,9 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) FILE|@DEVICEShow network configuration files. This command honors - the @ prefix in the same way as edit. + the @ prefix in the same way as edit. + + @@ -406,6 +472,8 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) Show all links with status. + + @@ -417,6 +485,8 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) Show link statistics with status. + + @@ -426,6 +496,8 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) Do not ellipsize the output. + + @@ -436,6 +508,8 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) When used with status, controls the number of journal lines to show, counting from the most recent ones. Takes a positive integer argument. Defaults to 10. + + @@ -446,6 +520,8 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) When used with edit, edit the drop-in file NAME instead of the main configuration file. + + @@ -455,6 +531,8 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) When used with edit, systemd-networkd or systemd-udevd will not be reloaded after the editing finishes. + + diff --git a/man/networkd.conf.xml b/man/networkd.conf.xml index f25083cc69..9668aed614 100644 --- a/man/networkd.conf.xml +++ b/man/networkd.conf.xml @@ -53,13 +53,17 @@ Takes a boolean. If set to yes, then systemd-networkd measures the traffic of each interface, and networkctl status INTERFACE shows the measured speed. - Defaults to no. + Defaults to no. + + SpeedMeterIntervalSec= Specifies the time interval to calculate the traffic speed of each interface. - If SpeedMeter=no, the value is ignored. Defaults to 10sec. + If SpeedMeter=no, the value is ignored. Defaults to 10sec. + + @@ -68,7 +72,9 @@ that are not configured in .network files (except for rules with protocol kernel). When false, it will not remove any foreign rules, keeping them even if they are not configured in a .network file. Defaults to yes. - + + + @@ -79,7 +85,9 @@ is true or dhcp, and static when KeepConfiguration= is true or static). When false, it will not remove any foreign routes, keeping them even if they are not configured in a .network file. - Defaults to yes. + Defaults to yes. + + @@ -92,7 +100,9 @@ 254, and 255, respectively. The route table number must be an integer in the range 1…4294967295, except for predefined numbers 253, 254, and 255. This setting can be specified multiple times. If an empty string is specified, then the list specified earlier are cleared. Defaults to unset. - + + + @@ -103,6 +113,8 @@ kernel. See for details in systemd.network5. Defaults to no. + + @@ -213,7 +225,9 @@ DUIDRawData=00:00:ab:11:f9:2a:c2:77:29:f9:5c:00 DUIDType= DUIDRawData= - As in the [DHCPv4] section. + As in the [DHCPv4] section. + + diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml index 49d67dd21b..6a1d84e721 100644 --- a/man/nss-resolve.xml +++ b/man/nss-resolve.xml @@ -74,7 +74,9 @@ Takes a boolean argument. When false, cryptographic validation of resource records via DNSSEC will be disabled. This may be useful for testing, or when system time is known to be - unreliable. + unreliable. + + @@ -86,7 +88,9 @@ name, will not be returned. See section SYNTHETIC RECORDS in systemd-resolved.service8 for more information. This may be useful to query the "public" resource records, independent of the - configuration of the local machine. + configuration of the local machine. + + @@ -97,7 +101,9 @@ Takes a boolean argument. When false, the cache of previously queried records will not be used by systemd-resolved8. - + + + @@ -106,7 +112,9 @@ $SYSTEMD_NSS_RESOLVE_ZONE Takes a boolean argument. When false, answers using locally registered public - LLMNR/mDNS resource records will not be returned. + LLMNR/mDNS resource records will not be returned. + + @@ -115,7 +123,9 @@ $SYSTEMD_NSS_RESOLVE_TRUST_ANCHOR Takes a boolean argument. When false, answers using locally configured trust anchors - will not be used. + will not be used. + + @@ -126,7 +136,9 @@ Takes a boolean argument. When false, answers will be returned without using the network, i.e. either from local sources or the cache in systemd-resolved8. - + + + diff --git a/man/oomctl.xml b/man/oomctl.xml index 950e79df13..fd366c7edb 100644 --- a/man/oomctl.xml +++ b/man/oomctl.xml @@ -49,7 +49,9 @@ dump Show the current state of the cgroups and system contexts stored by - systemd-oomd. + systemd-oomd. + + diff --git a/man/oomd.conf.xml b/man/oomd.conf.xml index 1092fee1da..1bcb9ecbbe 100644 --- a/man/oomd.conf.xml +++ b/man/oomd.conf.xml @@ -56,7 +56,9 @@ usage greater than 5% of total swap, starting from the ones with the highest swap usage. Which control groups are monitored and what action gets taken depends on what the unit has configured for ManagedOOMSwap=. Takes a value specified in percent (when suffixed with "%"), - permille ("‰") or permyriad ("‱"), between 0% and 100%, inclusive. Defaults to 90%. + permille ("‰") or permyriad ("‱"), between 0% and 100%, inclusive. Defaults to 90%. + + @@ -72,7 +74,9 @@ ones with the most reclaim activity to the least reclaim activity. Which control groups are monitored and what action gets taken depends on what the unit has configured for ManagedOOMMemoryPressure=. Takes a fraction specified in the same way as - SwapUsedLimit= above. Defaults to 60%. + SwapUsedLimit= above. Defaults to 60%. + + @@ -81,7 +85,9 @@ Sets the amount of time a unit's control group needs to have exceeded memory pressure limits before systemd-oomd will take action. Memory pressure limits are defined by DefaultMemoryPressureLimit= and ManagedOOMMemoryPressureLimit=. - Must be set to 0, or at least 1 second. Defaults to 30 seconds when unset or 0. + Must be set to 0, or at least 1 second. Defaults to 30 seconds when unset or 0. + + diff --git a/man/org.freedesktop.resolve1.xml b/man/org.freedesktop.resolve1.xml index 403eb14538..f9cba4f612 100644 --- a/man/org.freedesktop.resolve1.xml +++ b/man/org.freedesktop.resolve1.xml @@ -803,59 +803,83 @@ node /org/freedesktop/resolve1/link/_1 { org.freedesktop.resolve1.NoNameServers - No suitable DNS servers were found to resolve a request. + No suitable DNS servers were found to resolve a request. + + org.freedesktop.resolve1.InvalidReply - A response from the selected DNS server was not understood. + A response from the selected DNS server was not understood. + + org.freedesktop.resolve1.NoSuchRR The requested name exists, but there is no resource record of the requested type for - it. (This is the DNS NODATA case). + it. (This is the DNS NODATA case). + + org.freedesktop.resolve1.CNameLoop - The look-up failed because a CNAME or DNAME loop was detected. + The look-up failed because a CNAME or DNAME loop was detected. + + org.freedesktop.resolve1.Aborted The look-up was aborted because the selected protocol became unavailable while the - operation was ongoing. + operation was ongoing. + + org.freedesktop.resolve1.NoSuchService A service look-up was successful, but the SRV record - reported that the service is not available. + reported that the service is not available. + + org.freedesktop.resolve1.DnssecFailed - The acquired response did not pass DNSSEC validation. + The acquired response did not pass DNSSEC validation. + + org.freedesktop.resolve1.NoTrustAnchor No chain of trust could be established for the response to a configured DNSSEC trust - anchor. + anchor. + + org.freedesktop.resolve1.ResourceRecordTypeUnsupported The requested resource record type is not supported on the selected DNS servers. This error is generated for example when an RRSIG record is requested from a DNS server that does not - support DNSSEC. + support DNSSEC. + + org.freedesktop.resolve1.NoSuchLink No network interface with the specified network interface index exists. - + + + org.freedesktop.resolve1.LinkBusy The requested configuration change could not be made because systemd-networkd8, - already took possession of the interface and supplied configuration data for it. + already took possession of the interface and supplied configuration data for it. + + org.freedesktop.resolve1.NetworkDown The requested look-up failed because the system is currently not connected to any - suitable network. + suitable network. + + org.freedesktop.resolve1.DnsError.NXDOMAIN org.freedesktop.resolve1.DnsError.REFUSED @@ -863,7 +887,9 @@ node /org/freedesktop/resolve1/link/_1 { The look-up failed with a DNS return code reporting a failure. The error names used as suffixes here are defined in by IANA in DNS RCODEs. - + + + diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index e6164de8d9..75d3d457bd 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -1637,27 +1637,35 @@ node /org/freedesktop/systemd1 { For more information on this issue consult The Case for the /usr Merge - . + . + + cgroups-missing - Support for cgroups is unavailable. + Support for cgroups is unavailable. + + cgroupsv1 - The system is using the old cgroup hierarchy. + The system is using the old cgroup hierarchy. + + local-hwclock The local hardware clock (RTC) is configured to be in local time rather than - UTC. + UTC. + + @@ -1666,28 +1674,36 @@ node /org/freedesktop/systemd1 { The system is running past the end of support declared by the vendor. See the description of SUPPORT_END= in os-release5. - + + + old-kernel The system is running a kernel version that is older than the minimum supported by - this version of systemd. + this version of systemd. + + var-run-bad /run/ does not exist or /var/run is not a - symlink to /run/. + symlink to /run/. + + overflowuid-not-65534 overflowgid-not-65534 - The kernel overflow UID or GID have a value other than 65534. + The kernel overflow UID or GID have a value other than 65534. + + @@ -1695,7 +1711,9 @@ node /org/freedesktop/systemd1 { short-gid-range The UID or GID range assigned to the running systemd instance covers less than - 0…65534. + 0…65534. + + diff --git a/man/os-release.xml b/man/os-release.xml index 74bdea996c..1736b5017f 100644 --- a/man/os-release.xml +++ b/man/os-release.xml @@ -297,7 +297,9 @@ the local system. Examples: IMAGE_ID=vendorx-cashier-system, - IMAGE_ID=netbook-image. + IMAGE_ID=netbook-image. + + @@ -309,7 +311,9 @@ Examples: IMAGE_VERSION=33, IMAGE_VERSION=47.1rc1. - + + + @@ -365,7 +369,9 @@ not provided. For example, SUPPORT_END=2001-01-01 means that the system was supported - until the end of the last day of the previous millennium. + until the end of the last day of the previous millennium. + + @@ -403,7 +409,9 @@ needed to distinguish the OS vendor from the OS itself. It is intended to be human readable. Examples: VENDOR_NAME="Fedora Project" for Fedora Linux, - VENDOR_NAME="Canonical" for Ubuntu. + VENDOR_NAME="Canonical" for Ubuntu. + + @@ -419,7 +427,9 @@ setting. Examples: VENDOR_URL="https://fedoraproject.org/", - VENDOR_URL="https://canonical.com/". + VENDOR_URL="https://canonical.com/". + + @@ -454,7 +464,9 @@ It may provide redundant information when used in a GPT partition with a GUID type that already encodes the architecture. If this is not the case, the architecture should be specified in e.g., an extension image, to prevent an incompatible host from loading it. - + + + @@ -479,7 +491,9 @@ for more information. Examples: CONFEXT_LEVEL=2, CONFEXT_LEVEL=15.14. - + + + @@ -490,13 +504,17 @@ the system extension is applicable to: i.e. to regular systems, to initrds, or to portable service images. If unspecified, SYSEXT_SCOPE=system portable is implied, i.e. any system extension without this field is applicable to regular systems and to portable service environments, - but not to initrd environments. + but not to initrd environments. + + CONFEXT_SCOPE= - Semantically the same as SYSEXT_SCOPE= but for confext images. + Semantically the same as SYSEXT_SCOPE= but for confext images. + + @@ -507,7 +525,9 @@ (and thus allowing them to be distinguished from other OS images, such as bootable system images). It is also used when a portable service image is attached: the specified or implied portable service prefix is checked against the list specified here, to enforce restrictions how images may - be attached to a system. + be attached to a system. + + diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index c430e7dd51..114f18851c 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -94,7 +94,9 @@ environment variable (see below) takes precedence. One of user, greeter, lock-screen or background. See sd_session_get_class3 for - details about the session class. + details about the session class. + + @@ -104,7 +106,9 @@ environment variable (see below) takes precedence. One of unspecified, tty, x11, wayland or mir. See sd_session_get_type3 for - details about the session type. + details about the session type. + + @@ -119,7 +123,9 @@ Specification. (However, note that the option only takes a single item, and not a colon-separated list like $XDG_CURRENT_DESKTOP.) See sd_session_get_desktop3 for - further details. + further details. + + @@ -135,7 +141,9 @@ (i.e. usually contains the full set of capabilities). The default ambient set is set to CAP_WAKE_ALARM for regular users if the PAM session is associated with a local seat or if it is invoked for the systemd-user service. Otherwise defaults to the - empty set. + empty set. + + @@ -203,7 +211,9 @@ $LANG If a JSON user record is known for the user logging in these variables are - initialized from the respective data in the record. + initialized from the respective data in the record. + + @@ -218,28 +228,36 @@ $XDG_SESSION_TYPE The session type. This may be used instead of type= on the module parameter - line, and is usually preferred. + line, and is usually preferred. + + $XDG_SESSION_CLASS The session class. This may be used instead of class= on the module parameter - line, and is usually preferred. + line, and is usually preferred. + + $XDG_SESSION_DESKTOP The desktop identifier. This may be used instead of desktop= on the module - parameter line, and is usually preferred. + parameter line, and is usually preferred. + + $XDG_SEAT The seat name the session shall be registered - for, if any. + for, if any. + + @@ -247,7 +265,9 @@ The VT number the session shall be registered for, if any. (Only applies to seats with a VT available, such - as seat0) + as seat0) + + @@ -277,31 +297,41 @@ systemd.memory_max= - Sets unit MemoryMax=. + Sets unit MemoryMax=. + + systemd.tasks_max= - Sets unit TasksMax=. + Sets unit TasksMax=. + + systemd.cpu_weight= - Sets unit CPUWeight=. + Sets unit CPUWeight=. + + systemd.io_weight= - Sets unit IOWeight=. + Sets unit IOWeight=. + + systemd.runtime_max_sec= - Sets unit RuntimeMaxSec=. + Sets unit RuntimeMaxSec=. + + diff --git a/man/pam_systemd_home.xml b/man/pam_systemd_home.xml index 489dde8711..e81fdbf28a 100644 --- a/man/pam_systemd_home.xml +++ b/man/pam_systemd_home.xml @@ -83,14 +83,18 @@ This setting may also be controlled via the $SYSTEMD_HOME_SUSPEND environment variable (see below), which pam_systemd_home reads during initialization and sets for sessions. If both the environment variable is set and the module parameter specified the latter - takes precedence. + takes precedence. + + debug= Takes an optional boolean argument. If yes or without the argument, the module will log - debugging information as it operates. + debugging information as it operates. + + @@ -118,7 +122,9 @@ $SYSTEMD_HOME=1 - Indicates that the user's home directory is managed by systemd-homed.service. + Indicates that the user's home directory is managed by systemd-homed.service. + + @@ -127,7 +133,9 @@ Indicates whether the session has been registered with the suspend mechanism enabled or disabled (see above). The variable's value is either 0 or 1. Note that the module both reads the variable when initializing, and sets it for - sessions. + sessions. + + diff --git a/man/portablectl.xml b/man/portablectl.xml index 162db7658a..a94ffaf2d7 100644 --- a/man/portablectl.xml +++ b/man/portablectl.xml @@ -78,7 +78,9 @@ in the portable image search paths (see below), along with brief metadata and state information. Note that many of the commands below may both operate on images inside and outside of the search paths. This command is hence mostly a convenience option, the commands are generally not restricted to what this list - shows. + shows. + + @@ -138,6 +140,8 @@ If and/or are passed, the portable services are immediately started (blocking operation unless is passed) and/or enabled after attaching the image. + + @@ -149,7 +153,9 @@ again. This command expects an image name or path as parameter. Note that if a path is specified only the last component of it (i.e. the file or directory name itself, not the path to it) is used for finding matching unit files. This is a convenience feature to allow all arguments passed as attach also to - detach. + detach. + + If and/or are passed, the portable services are immediately stopped (blocking operation) and/or disabled before detaching the image. Prefix(es) are also accepted, @@ -163,7 +169,9 @@ This is useful in case the image was replaced. Running units are not stopped during the process. Partial matching, to allow for different versions in the image name, is allowed: only the part before the first _ character has to match. If the new image doesn't exist, the existing one will not be detached. The parameters - follow the same syntax as the attach command. + follow the same syntax as the attach command. + + If and/or are passed, the portable services are immediately stopped if removed, started and/or enabled if added, or restarted if updated. Prefixes are also @@ -183,6 +191,8 @@ command is useful to determine whether an image qualifies as portable service image, and which unit files are included. This command expects the path to the image as parameter, optionally followed by a list of unit file prefixes to consider, similar to the attach command described above. + + @@ -236,6 +246,8 @@ + + @@ -244,7 +256,9 @@ Marks or (unmarks) a portable service image read-only. Takes an image name, followed by a boolean as arguments. If the boolean is omitted, positive is implied, i.e. the image is marked - read-only. + read-only. + + @@ -252,7 +266,9 @@ Removes one or more portable service images. Note that this command will only remove the specified image path itself — it refers to a symbolic link then the symbolic link is removed and not the - image it points to. + image it points to. + + @@ -268,7 +284,9 @@ Note that per-image size limits are only supported on btrfs file systems. Also, depending on BindPaths= settings in the portable service's unit files directories from the host might be visible in the image environment during runtime which are not affected by this setting, as only the image - itself is counted against this limit. + itself is counted against this limit. + + @@ -285,7 +303,9 @@ - Suppresses additional informational output while running. + Suppresses additional informational output while running. + + @@ -293,7 +313,9 @@ PROFILE When attaching an image, select the profile to use. By default the default - profile is used. For details about profiles, see below. + profile is used. For details about profiles, see below. + + @@ -305,7 +327,9 @@ profile drop-ins are symlinked while unit files are copied. Note that this option expresses a preference only, in cases where symbolic links cannot be created — for example when the image operated on is a raw disk image, and hence not directly referentiable from the host file system — copying of files is used - unconditionally. + unconditionally. + + @@ -314,7 +338,9 @@ When specified the unit and drop-in files are placed in /run/systemd/system.attached/ instead of /etc/systemd/system.attached/. Images attached with this option set hence remain attached - only until the next reboot, while they are normally attached persistently. + only until the next reboot, while they are normally attached persistently. + + @@ -322,7 +348,9 @@ Don't reload the service manager after attaching or detaching a portable service image. Normally the service manager is reloaded to ensure it is aware of added or removed unit - files. + files. + + @@ -331,26 +359,34 @@ When inspecting portable service images, show the (unprocessed) contents of the metadata files pulled from the image, instead of brief summaries. Specifically, this will show the os-release5 and unit file - contents of the image. + contents of the image. + + - Immediately enable/disable the portable service after attaching/detaching. + Immediately enable/disable the portable service after attaching/detaching. + + Immediately start/stop/restart the portable service after attaching/before - detaching/after upgrading. + detaching/after upgrading. + + - Don't block waiting for attach --now to complete. + Don't block waiting for attach --now to complete. + + @@ -371,7 +407,9 @@ Note that the same extensions have to be specified, in the same order, when attaching - and detaching. + and detaching. + + @@ -380,7 +418,9 @@ Skip safety checks and attach or detach images (with extensions) without first ensuring that the units are not running, and do not insist that the extension-release.NAME file in the extension image has - to match the image filename. + to match the image filename. + + diff --git a/man/poweroff.xml b/man/poweroff.xml index 2841dc7769..4abfa18bf7 100644 --- a/man/poweroff.xml +++ b/man/poweroff.xml @@ -56,13 +56,17 @@ + + Halt the machine, regardless of which one of - the three commands is invoked. + the three commands is invoked. + + @@ -71,14 +75,18 @@ Power off the machine, when either halt or poweroff is invoked. This option is ignored when - reboot is invoked. + reboot is invoked. + + Reboot the machine, regardless of which one of - the three commands is invoked. + the three commands is invoked. + + @@ -91,6 +99,8 @@ the command reboot -f is mostly equivalent to systemctl reboot -ff, instead of systemctl reboot -f. + + @@ -99,14 +109,18 @@ Only write wtmp shutdown entry, do not actually power off, reboot, or halt. - + + + - Do not write wtmp shutdown entry. + Do not write wtmp shutdown entry. + + @@ -114,13 +128,17 @@ Don't sync hard disks/storage media before power-off, reboot, or halt. - + + + - Do not send wall message before power-off, reboot, or halt. + Do not send wall message before power-off, reboot, or halt. + + diff --git a/man/pstore.conf.xml b/man/pstore.conf.xml index 64e453b4d0..f54cef9e57 100644 --- a/man/pstore.conf.xml +++ b/man/pstore.conf.xml @@ -57,6 +57,8 @@ When external (the default), files are archived into /var/lib/systemd/pstore/, and logged into the journal. When journal, pstore file contents are logged only in the journal. + + @@ -70,7 +72,9 @@ normally, but the files remain in the pstore. The default is true in order to maintain the pstore in a nearly empty state, so that the pstore has storage available for the next kernel error event. - + + + diff --git a/man/repart.d.xml b/man/repart.d.xml index ac72d0e845..b8a2e7b8b9 100644 --- a/man/repart.d.xml +++ b/man/repart.d.xml @@ -239,7 +239,9 @@ Most of the partition type UUIDs listed above are defined in the Discoverable Partitions - Specification. + Specification. + + @@ -249,7 +251,9 @@ setting is not used for matching. It is also not used when a label is already set for an existing partition. It is thus only used when a partition is newly created or when an existing one had a no label set (that is: an empty label). If not specified a label derived from the partition type is - automatically used. Simple specifier expansion is supported, see below. + automatically used. Simple specifier expansion is supported, see below. + + @@ -259,7 +263,9 @@ setting is not used for matching. It is also not used when a UUID is already set for an existing partition. It is thus only used when a partition is newly created or when an existing one had a all-zero UUID set. If set to null, the UUID is set to all zeroes. If not specified - a UUID derived from the partition type is automatically used. + a UUID derived from the partition type is automatically used. + + @@ -277,7 +283,9 @@ removed. If all partitions with a priority above 0 are removed and the partitions still do not fit on the device the operation fails. Note that this priority has no effect on ordering partitions, for that use the alphabetical order of the filenames of the partition definition files. Defaults to - 0. + 0. + + @@ -293,7 +301,9 @@ "elastic" fashion, based on the disk size and existing partitions. If a partition shall have a fixed size use both SizeMinBytes= and SizeMaxBytes= with the same value in order to fixate the size to one value, in which case the weight has no - effect. + effect. + + @@ -305,7 +315,9 @@ weight. Defaults to 0, i.e. by default no padding is applied. Padding is useful if empty space shall be left for later additions or a safety margin at the - end of the device or between partitions. + end of the device or between partitions. + + @@ -327,7 +339,9 @@ fulfill the constraints placing the partition will fail. For partitions that shall be created, depending on the setting of Priority= (see above) the partition might be dropped and the placing algorithm restarted. By default a minimum size constraint of 10M and no maximum size - constraint is set. + constraint is set. + + @@ -338,7 +352,9 @@ partition (the "padding"). Semantics are similar to SizeMinBytes= and SizeMaxBytes=, except that unlike partition sizes free space can be shrunk and can be as small as zero. By default no size constraints on padding are set, so that only - PaddingWeight= determines the size of the padding applied. + PaddingWeight= determines the size of the padding applied. + + @@ -377,7 +393,9 @@ the partition exists but is not or only partially populated. This option cannot be combined with Format= or - CopyFiles=. + CopyFiles=. + + @@ -398,7 +416,9 @@ before the partition is created, ensuring that the partition only ever exists with a fully initialized file system. - This option cannot be combined with CopyBlocks=. + This option cannot be combined with CopyBlocks=. + + @@ -446,7 +466,9 @@ systemd-repart8 is invoked with the or command line switches the source paths specified are taken relative to the specified root directory or disk image root. - + + + @@ -471,7 +493,9 @@ systemd-repart8 is invoked with the or command line switches the paths specified are taken relative to the specified root directory or disk image root. - + + + @@ -498,7 +522,9 @@ systemd-tmpfiles8 with its option to pre-create other, more complex directory hierarchies (as well as other inodes) with fine-grained control of ownership, access modes and other file - attributes. + attributes. + + @@ -513,7 +539,9 @@ btrfs. Note that due to limitations of mkfs.btrfs, this option is only supported - when running with . + when running with . + + @@ -538,7 +566,9 @@ of Format= and CopyBlocks= are increased by the space necessary for the LUKS2 superblock (see above). - This option has no effect if the partition already exists. + This option has no effect if the partition already exists. + + @@ -566,7 +596,9 @@ For each unique VerityMatchKey= value, a single verity data partition (Verity=data) and a single verity hash partition (Verity=hash) - must be defined. + must be defined. + + @@ -574,7 +606,9 @@ Takes a short, user-chosen identifier string. This setting is used to find sibling verity partitions for the current verity partition. See the description for - Verity=. + Verity=. + + @@ -583,7 +617,9 @@ Configures the data block size of the generated verity hash partition. Must be between 512 and 4096 bytes and must be a power of 2. Defaults to the sector size if configured explicitly, or the underlying block device sector size, or 4K if systemd-repart is not operating on a block device. - + + + @@ -592,7 +628,9 @@ Configures the hash block size of the generated verity hash partition. Must be between 512 and 4096 bytes and must be a power of 2. Defaults to the sector size if configured explicitly, or the underlying block device sector size, or 4K if systemd-repart is not operating on a block device. - + + + @@ -600,7 +638,9 @@ Takes a boolean argument. If specified the partition is marked for removal during a factory reset operation. This functionality is useful to implement schemes where images can be reset - into their original state by removing partitions and creating them anew. Defaults to off. + into their original state by removing partitions and creating them anew. Defaults to off. + + @@ -612,7 +652,9 @@ NoAuto=, ReadOnly= and GrowFileSystem=; see below for details on the defaults for these three flags. Specify the flags value in hexadecimal (by prefixing it with 0x), binary (prefix 0b) or decimal (no - prefix). + prefix). + + @@ -650,7 +692,9 @@ NoAuto= defaults to off. ReadOnly= defaults to on for Verity partition types, and off for all others. GrowFileSystem= defaults to on for all partition types that support it, except if the partition is marked read-only (and thus - effectively, defaults to off for Verity partitions). + effectively, defaults to off for Verity partitions). + + @@ -661,7 +705,9 @@ systemd-repart8 is used. Simple specifier expansion is supported, see below. Defaults to %t. To disable split artifact generation for a partition, set SplitName= to - -. + -. + + @@ -677,7 +723,9 @@ CopyFiles=. Note that unless the filesystem is a read-only filesystem, systemd-repart will have to populate the filesystem twice to guess the minimal required size, so enabling this option might slow down repart when populating large partitions. - + + + diff --git a/man/resolvectl.xml b/man/resolvectl.xml index c6a878cc10..5249f9b909 100644 --- a/man/resolvectl.xml +++ b/man/resolvectl.xml @@ -67,7 +67,9 @@ If an international domain name is specified, it is automatically translated according to IDNA rules when resolved via classic DNS — but not for look-ups via MulticastDNS or LLMNR. If / is used IDNA translation is turned off and domain - names are processed as specified. + names are processed as specified. + + @@ -85,7 +87,9 @@ in. In this case no TXT resource record is requested. Finally, if only one parameter is specified, it is assumed to be a domain name, that is already prefixed with an SRV type, and an SRV lookup is done - (no TXT). + (no TXT). + + @@ -94,7 +98,9 @@ Query PGP keys stored as OPENPGPKEY resource records, see RFC 7929. Specified e-mail addresses are converted to the corresponding DNS domain name, and any OPENPGPKEY - keys are printed. + keys are printed. + + @@ -108,28 +114,36 @@ (_port._family.domain). The port number may be specified after a colon (:), otherwise 443 will be used by default. The family may be specified as the first argument, - otherwise tcp will be used. + otherwise tcp will be used. + + status [LINK…] Shows the global and per-link DNS settings currently in effect. If no command is specified, - this is the implied default. + this is the implied default. + + statistics Shows general resolver statistics, including information whether DNSSEC is - enabled and available, as well as resolution and validation statistics. + enabled and available, as well as resolution and validation statistics. + + reset-statistics Resets the statistics counters shown in statistics to zero. - This operation requires root privileges. + This operation requires root privileges. + + @@ -137,7 +151,9 @@ Flushes all DNS resource record caches the service maintains locally. This is mostly equivalent to sending the SIGUSR2 to the systemd-resolved - service. + service. + + @@ -146,7 +162,9 @@ Flushes all feature level information the resolver learnt about specific servers, and ensures that the server feature probing logic is started from the beginning with the next look-up request. This is mostly equivalent to sending the SIGRTMIN+1 to the systemd-resolved - service. + service. + + @@ -196,7 +214,9 @@ domain, default-route, llmnr, mdns, dnssec, dnsovertls, nta. Note that when a network interface disappears all configuration is lost - automatically, an explicit reverting is not necessary in that case. + automatically, an explicit reverting is not necessary in that case. + + @@ -209,21 +229,27 @@ lookups may be answered from the local cache, or might result in multiple DNS transactions (for example to validate DNSSEC information). If CNAME/CNAME redirection chains are followed, a separate query will be displayed for each element of the chain. Use to enable JSON - output. + output. + + show-cache Show current cache content, per scope. Use to enable JSON - output. + output. + + show-server-state Show detailed server state information, per DNS Server. Use - to enable JSON output. + to enable JSON output. + + @@ -240,6 +266,8 @@ By default, when resolving a hostname, both IPv4 and IPv6 addresses are acquired. By specifying only IPv4 addresses are requested, by specifying only IPv6 addresses are requested. + + @@ -250,7 +278,9 @@ Specifies the network interface to execute the query on. This may either be specified as numeric interface index or as network interface string (e.g. en0). Note that this option has no effect if system-wide DNS configuration (as configured in /etc/resolv.conf or - /etc/systemd/resolved.conf) in place of per-link configuration is used. + /etc/systemd/resolved.conf) in place of per-link configuration is used. + + @@ -270,7 +300,9 @@ the service to resolve the operation with the specified protocol, as that might require a suitable network interface and configuration. The special value help may be used to list known values. - + + + @@ -292,7 +324,9 @@ i.e. specified domain names need to be fully qualified domain names. Moreover, IDNA internal domain name translation is turned off as well, i.e. international domain names should be specified in xn--… notation, unless look-up in MulticastDNS/LLMNR is desired, in which case - UTF-8 characters should be used. + UTF-8 characters should be used. + + @@ -300,7 +334,9 @@ Takes a boolean parameter. If true (the default), when doing a service lookup with the hostnames contained in the SRV - resource records are resolved as well. + resource records are resolved as well. + + @@ -308,7 +344,9 @@ Takes a boolean parameter. If true (the default), when doing a DNS-SD service lookup with the TXT service metadata record is - resolved as well. + resolved as well. + + @@ -317,7 +355,9 @@ Takes a boolean parameter. If true (the default), DNS CNAME or DNAME redirections are followed. Otherwise, if a CNAME or DNAME record is encountered while resolving, an error is - returned. + returned. + + @@ -329,7 +369,9 @@ is disabled for the specific query, regardless of whether it is enabled for the network or in the service. Note that setting this option to true does not force DNSSEC validation on systems/networks where DNSSEC is turned off. This option is only suitable to turn off such validation where otherwise - enabled, not enable validation where otherwise disabled. + enabled, not enable validation where otherwise disabled. + + @@ -342,7 +384,9 @@ /etc/hosts. If false these domains are not resolved locally, and either fail (in case of localhost, _gateway or _outbound and suchlike) or go to the network via regular DNS/mDNS/LLMNR lookups (in case of - /etc/hosts entries). + /etc/hosts entries). + + @@ -350,7 +394,9 @@ Takes a boolean parameter; used in conjunction with query. If true (the default), lookups use the local DNS resource record cache. If false, lookups are routed to the - network instead, regardless if already available in the local cache. + network instead, regardless if already available in the local cache. + + @@ -359,7 +405,9 @@ Takes a boolean parameter; used in conjunction with query. If true (the default), lookups are answered from locally registered LLMNR or mDNS resource records, if defined. If false, locally registered LLMNR/mDNS records are not considered for the lookup - request. + request. + + @@ -367,7 +415,9 @@ Takes a boolean parameter; used in conjunction with query. If true (the default), lookups for DS and DNSKEY are answered from the local DNSSEC trust anchors if - possible. If false, the local trust store is not considered for the lookup request. + possible. If false, the local trust store is not considered for the lookup request. + + @@ -377,7 +427,9 @@ (the default), lookups are answered via DNS, LLMNR or mDNS network requests if they cannot be synthesized locally, or be answered from the local cache, zone or trust anchors (see above). If false, the request is not answered from the network and will thus fail if none of the indicated sources can - answer them. + answer them. + + @@ -387,7 +439,9 @@ hostnames will be searched in the domains configured in the search domain list, if it is non-empty. Otherwise, the search domain logic is disabled. Note that this option has no effect if is used (see above), in which case the search domain logic is - unconditionally turned off. + unconditionally turned off. + + @@ -397,14 +451,18 @@ payload, the payload of the packet is exported. If the argument is packet, the whole packet is dumped in wire format, prefixed by length specified as a little-endian 64-bit number. This format allows multiple packets - to be dumped and unambiguously parsed. + to be dumped and unambiguously parsed. + + BOOL Takes a boolean parameter. If true (the default), column headers and meta information about the - query response are shown. Otherwise, this output is suppressed. + query response are shown. Otherwise, this output is suppressed. + + @@ -412,7 +470,9 @@ Takes a boolean parameter; used in conjunction with query. If true (the default), lookups are answered with stale data (expired resource records) if - possible. If false, the stale data is not considered for the lookup request. + possible. If false, the stale data is not considered for the lookup request. + + @@ -420,7 +480,9 @@ - Short for + Short for + + @@ -461,20 +523,26 @@ DNS configuration data from its standard input. Relevant fields are nameserver and domain/search. This command is mostly identical to invoking resolvectl with a combination of and - commands. + commands. + + Unregisters per-interface DNS configuration data with systemd-resolved. This - command is mostly identical to invoking resolvectl revert. + command is mostly identical to invoking resolvectl revert. + + When specified and will not complain about missing - network interfaces and will silently execute no operation in that case. + network interfaces and will silently execute no operation in that case. + + @@ -483,14 +551,18 @@ This switch for "exclusive" operation is supported only partially. It is mapped to an additional configured search domain of ~. — i.e. ensures that DNS traffic is preferably routed to the DNS servers on this interface, unless there are other, more specific domains configured on other - interfaces. + interfaces. + + - These switches are not supported and are silently ignored. + These switches are not supported and are silently ignored. + + @@ -506,7 +578,9 @@ - These switches are not supported and the command will fail if used. + These switches are not supported and the command will fail if used. + + diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml index d55d8194b3..b6178c1093 100644 --- a/man/resolved.conf.xml +++ b/man/resolved.conf.xml @@ -60,7 +60,9 @@ systemd-networkd.service8 or set at runtime by external applications. For compatibility reasons, if this setting is not specified, the DNS servers listed in /etc/resolv.conf are used instead, if that file exists and any servers - are configured in it. This setting defaults to the empty list. + are configured in it. This setting defaults to the empty list. + + @@ -70,7 +72,9 @@ systemd-networkd.service8 take precedence over this setting, as do any servers set via DNS= above or /etc/resolv.conf. This setting is hence only used if no other DNS server information is - known. If this option is not given, a compiled-in list of DNS servers is used instead. + known. If this option is not given, a compiled-in list of DNS servers is used instead. + + @@ -102,6 +106,8 @@ See "Protocols and Routing" in systemd-resolved.service8 for details of how search and route-only domains are used. + + @@ -118,7 +124,9 @@ systemd-networkd.service8 also maintains per-link LLMNR settings. LLMNR will be enabled on a link only if the per-link and the - global setting is on. + global setting is on. + + @@ -133,7 +141,9 @@ systemd-networkd.service8 also maintains per-link Multicast DNS settings. Multicast DNS will be enabled on a link only if the per-link and the - global setting is on. + global setting is on. + + @@ -209,6 +219,8 @@ logic does not work in all private zone setups. Defaults to &DEFAULT_DNSSEC_MODE;. + + @@ -249,6 +261,8 @@ it is unset in which case the global setting is used instead. Defaults to &DEFAULT_DNS_OVER_TLS_MODE;. + + @@ -261,7 +275,9 @@ when DNSSEC is used. If no-negative, only positive answers are cached. Note that caching is turned off by default for host-local DNS servers. - See CacheFromLocalhost= for details. + See CacheFromLocalhost= for details. + + @@ -269,6 +285,8 @@ Takes a boolean as argument. If no (the default), and response cames from host-local IP address (such as 127.0.0.1 or ::1), the result wouldn't be cached in order to avoid potential duplicate local caching. + + @@ -283,7 +301,9 @@ Note that the DNS stub listener is turned off implicitly when its listening address and port are already - in use. + in use. + + @@ -308,7 +328,9 @@ DNSStubListenerExtra=tcp:192.168.10.12 DNSStubListenerExtra=udp:2001:db8:0:f102::12 DNSStubListenerExtra=tcp:192.168.10.13:9953 DNSStubListenerExtra=udp:[2001:db8:0:f102::13]:9953 - + + + @@ -316,7 +338,9 @@ DNSStubListenerExtra=udp:[2001:db8:0:f102::13]:9953 Takes a boolean argument. If yes (the default), systemd-resolved will read /etc/hosts, and try to resolve hosts or address by using the entries in the file before sending query to DNS servers. - + + + @@ -333,7 +357,9 @@ DNSStubListenerExtra=udp:[2001:db8:0:f102::13]:9953 servers are not used. Forwarding single-label names to servers not under your control is not standard-conformant, see IAB - Statement, and may create a privacy and security risk. + Statement, and may create a privacy and security risk. + + StaleRetentionSec=SECONDS @@ -348,6 +374,8 @@ DNSStubListenerExtra=udp:[2001:db8:0:f102::13]:9953 systemd-resolved always attempts to reach the upstream DNS servers first, before providing the client application with any stale data. If this feature is enabled, cache will not be flushed when changing servers. + + diff --git a/man/runlevel.xml b/man/runlevel.xml index f5e1e00da4..08447e6e8f 100644 --- a/man/runlevel.xml +++ b/man/runlevel.xml @@ -146,7 +146,9 @@ /run/utmp The utmp database runlevel reads the previous and current runlevel - from. + from. + + diff --git a/man/sd-bus-errors.xml b/man/sd-bus-errors.xml index cade523763..25e3913162 100644 --- a/man/sd-bus-errors.xml +++ b/man/sd-bus-errors.xml @@ -123,135 +123,193 @@ A generic error indication. See the error message for further details. This error name should be avoided, in favor of a more expressive error - name. + name. + + SD_BUS_ERROR_NO_MEMORY A memory allocation failed, and the requested - operation could not be completed. + operation could not be completed. + + SD_BUS_ERROR_SERVICE_UNKNOWN The contacted bus service is unknown and - cannot be activated. + cannot be activated. + + SD_BUS_ERROR_NAME_HAS_NO_OWNER The specified bus service name currently has - no owner. + no owner. + + SD_BUS_ERROR_NO_REPLY A message did not receive a reply. This error - is usually generated after a timeout. + is usually generated after a timeout. + + SD_BUS_ERROR_IO_ERROR Generic input/output error, for example when - accessing a socket or other I/O context. + accessing a socket or other I/O context. + + SD_BUS_ERROR_BAD_ADDRESS The specified D-Bus bus address string is - malformed. + malformed. + + SD_BUS_ERROR_NOT_SUPPORTED The requested operation is not supported on - the local system. + the local system. + + SD_BUS_ERROR_LIMITS_EXCEEDED Some limited resource has been - exhausted. + exhausted. + + SD_BUS_ERROR_ACCESS_DENIED - Access to a resource has been denied due to security restrictions. + Access to a resource has been denied due to security restrictions. + + SD_BUS_ERROR_AUTH_FAILED - Authentication did not complete successfully. + Authentication did not complete successfully. + + SD_BUS_ERROR_NO_SERVER - Unable to connect to the specified server. + Unable to connect to the specified server. + + SD_BUS_ERROR_TIMEOUT An operation timed out. Note that method calls which timeout generate a - SD_BUS_ERROR_NO_REPLY. + SD_BUS_ERROR_NO_REPLY. + + SD_BUS_ERROR_NO_NETWORK - No network available to execute requested network operation on. + No network available to execute requested network operation on. + + SD_BUS_ERROR_ADDRESS_IN_USE - The specified network address is already being listened on. + The specified network address is already being listened on. + + SD_BUS_ERROR_DISCONNECTED - The connection has been terminated. + The connection has been terminated. + + SD_BUS_ERROR_INVALID_ARGS - One or more invalid arguments have been passed. + One or more invalid arguments have been passed. + + SD_BUS_ERROR_FILE_NOT_FOUND - The requested file could not be found. + The requested file could not be found. + + SD_BUS_ERROR_FILE_EXISTS - The requested file already exists. + The requested file already exists. + + SD_BUS_ERROR_UNKNOWN_METHOD - The requested method does not exist in the selected interface. + The requested method does not exist in the selected interface. + + SD_BUS_ERROR_UNKNOWN_OBJECT - The requested object does not exist in the selected service. + The requested object does not exist in the selected service. + + SD_BUS_ERROR_UNKNOWN_INTERFACE - The requested interface does not exist on the selected object. + The requested interface does not exist on the selected object. + + SD_BUS_ERROR_UNKNOWN_PROPERTY - The requested property does not exist in the selected interface. + The requested property does not exist in the selected interface. + + SD_BUS_ERROR_PROPERTY_READ_ONLY - A write operation was requested on a read-only property. + A write operation was requested on a read-only property. + + SD_BUS_ERROR_UNIX_PROCESS_ID_UNKNOWN - The requested PID is not known. + The requested PID is not known. + + SD_BUS_ERROR_INVALID_SIGNATURE The specified message signature is not valid. + + SD_BUS_ERROR_INCONSISTENT_MESSAGE The passed message does not validate - correctly. + correctly. + + SD_BUS_ERROR_MATCH_RULE_NOT_FOUND - The specified match rule does not exist. + The specified match rule does not exist. + + SD_BUS_ERROR_MATCH_RULE_INVALID - The specified match rule is invalid. + The specified match rule is invalid. + + SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED @@ -262,7 +320,9 @@ authorization, when interactive authorization was not enabled with the sd_bus_message_set_allow_interactive_authorization3 - for the method call message. + for the method call message. + + diff --git a/man/sd-login.xml b/man/sd-login.xml index 61b555a7ab..13035df2ff 100644 --- a/man/sd-login.xml +++ b/man/sd-login.xml @@ -99,7 +99,9 @@ character from the range [a-zA-Z0-9], _ and -. They are suitable for use as file names. Seat names may or may not be stable and may be reused if a seat becomes available again. - + + + @@ -124,6 +126,8 @@ a user name (a string). A multi-session system allows multiple user sessions on the same seat at the same time. A multi-seat system allows multiple independent seats that can be individually and simultaneously used by different users. + + @@ -160,7 +164,9 @@ as well, in which case all (current and future) devices plugged into it will also be assigned to the same seat (unless they are explicitly assigned to another seat). - + + + @@ -171,7 +177,9 @@ seat hence consists of an arbitrary number of devices marked with the seat tag, but (at least) one of these devices needs to be tagged with master-of-seat before the seat is actually - considered to be around. + considered to be around. + + @@ -187,7 +195,9 @@ need to enumerate all devices and check the ID_SEAT property manually. Again, if a device is assigned to seat0 this is visible on the device in two ways: with a property ID_SEAT=seat0 and with no property - ID_SEAT set for it at all. + ID_SEAT set for it at all. + + @@ -197,6 +207,8 @@ generates a new and independent seat, which is named after the path of the device. This is set for specialized USB hubs like the Pluggable devices, which when plugged in should create a hotplug seat without further configuration. + + @@ -207,7 +219,9 @@ device this is a good choice to name the seat after. It is created from the path of the device. This is useful in UIs for configuring seats: as soon as you create a new seat from a graphics device, read this property and prefix it with - seat- and use it as name for the seat. + seat- and use it as name for the seat. + + diff --git a/man/sd_bus_add_node_enumerator.xml b/man/sd_bus_add_node_enumerator.xml index 541fa7b06d..fd793294d8 100644 --- a/man/sd_bus_add_node_enumerator.xml +++ b/man/sd_bus_add_node_enumerator.xml @@ -99,25 +99,33 @@ One of the required parameters is NULL or path is not a valid object path. - + + + -ENOPKG - The bus cannot be resolved. + The bus cannot be resolved. + + -ECHILD - The bus was created in a different process, library or module instance. + The bus was created in a different process, library or module instance. + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + diff --git a/man/sd_bus_add_object.xml b/man/sd_bus_add_object.xml index 5a9e67abb0..702bbb0f6b 100644 --- a/man/sd_bus_add_object.xml +++ b/man/sd_bus_add_object.xml @@ -378,6 +378,8 @@ SD_BUS_METHOD_WITH_ARGS() is a shorthand for calling SD_BUS_METHOD_WITH_ARGS_OFFSET() with an offset of zero. + + @@ -405,6 +407,8 @@ SD_BUS_METHOD_WITH_ARGS() over these macros as they allow specifying argument types and names next to each other which is less error-prone than first specifying all argument types followed by specifying all argument names. + + @@ -419,7 +423,9 @@ args. If a signal has no parameters, pass SD_BUS_NO_ARGS to args. The elements at uneven indices describe the names of the signal's arguments. Parameter flags is - a combination of flags. See below for a complete example. + a combination of flags. See below for a complete example. + + @@ -440,6 +446,8 @@ Prefer using SD_BUS_SIGNAL_WITH_ARGS() over these macros as it allows specifying argument types and names next to each other which is less error-prone than first specifying all argument types followed by specifying all argument names. + + @@ -465,13 +473,17 @@ SD_BUS_PROPERTY() is used to define a read-only property. - + + + SD_BUS_PARAM() Parameter names should be wrapped in this macro, see the example below. - + + + @@ -490,7 +502,9 @@ Mark this vtable entry as deprecated using the org.freedesktop.DBus.Deprecated annotation in introspection data. If specified for SD_BUS_VTABLE_START(), the annotation is applied to the - enclosing interface. + enclosing interface. + + @@ -498,7 +512,9 @@ Make this vtable entry hidden. It will not be shown in introspection data. If specified for SD_BUS_VTABLE_START(), all entries in the array are - hidden. + hidden. + + @@ -506,7 +522,9 @@ Mark this vtable entry as a method that will not return a reply using the org.freedesktop.DBus.Method.NoReply annotation in introspection data. - + + + @@ -525,7 +543,9 @@ true and means that the signal is emitted. SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION corresponds to invalidates and means that the signal is emitted, but the value is - not included in the signal. + not included in the signal. + + @@ -536,7 +556,9 @@ cannot be combined with SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE, and will not be shown in property listings by default (e.g. busctl introspect). This corresponds to the org.freedesktop.systemd1.Explicit annotation - in introspection data. + in introspection data. + + @@ -545,7 +567,9 @@ Mark this vtable method entry as processing sensitive data. When set, incoming method call messages and their outgoing reply messages are marked as sensitive using sd_bus_message_sensitive3, - so that they are erased from memory when freed. + so that they are erased from memory when freed. + + @@ -555,7 +579,9 @@ its associated handler functions is determined slightly differently: instead of adding the offset parameter of the entry to the user data pointer specified during vtable registration, the offset is passed directly, converted to a pointer, without taking the user data pointer specified during - vtable registration into account. + vtable registration into account. + + @@ -572,6 +598,8 @@ Note that vtable entries may be marked as unprivileged and the whole bus may be marked as trusted, see the discussion of SD_BUS_VTABLE_UNPRIVILEGED below. + + @@ -597,7 +625,9 @@ additional policy that may permit or deny connections, see "CONFIGURATION FILE" in dbus-daemon1. - + + + @@ -637,25 +667,33 @@ One of the required parameters is NULL or invalid. A reserved D-Bus interface was passed as the interface parameter. - + + + -ENOPKG - The bus cannot be resolved. + The bus cannot be resolved. + + -ECHILD - The bus was created in a different process, library or module instance. + The bus was created in a different process, library or module instance. + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + @@ -663,7 +701,9 @@ sd_bus_add_object_vtable() and sd_bus_add_fallback_vtable() have been both called for the same bus - object path, which is not allowed. + object path, which is not allowed. + + @@ -671,7 +711,9 @@ This vtable has already been registered for this interface and path. - + + + diff --git a/man/sd_bus_add_object_manager.xml b/man/sd_bus_add_object_manager.xml index 6c66fd3001..e178be9966 100644 --- a/man/sd_bus_add_object_manager.xml +++ b/man/sd_bus_add_object_manager.xml @@ -78,25 +78,33 @@ One of the required parameters is NULL or path is not a valid object path. - + + + -ENOPKG - The bus cannot be resolved. + The bus cannot be resolved. + + -ECHILD - The bus was created in a different process, library or module instance. + The bus was created in a different process, library or module instance. + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + diff --git a/man/sd_bus_call.xml b/man/sd_bus_call.xml index 1f7dfc2e82..ee8104deb4 100644 --- a/man/sd_bus_call.xml +++ b/man/sd_bus_call.xml @@ -123,7 +123,9 @@ -EINVAL The input parameter m is NULL. - + + + The input parameter m is not a D-Bus method call. To create a new D-Bus method call, use @@ -142,40 +144,52 @@ -ECHILD The bus connection was allocated in a parent process and is being reused - in a child process after fork(). + in a child process after fork(). + + -ENOTCONN The input parameter bus is - NULL or the bus is not connected. + NULL or the bus is not connected. + + -ECONNRESET The bus connection was closed while waiting for the response. - + + + -ETIMEDOUT - A response was not received within the given timeout. + A response was not received within the given timeout. + + -ELOOP The message m is addressed to its own client. - + + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + diff --git a/man/sd_bus_can_send.xml b/man/sd_bus_can_send.xml index 632d9bc4ee..c7397629bb 100644 --- a/man/sd_bus_can_send.xml +++ b/man/sd_bus_can_send.xml @@ -59,6 +59,8 @@ -ENOPKG The bus object bus could not be resolved. + + @@ -66,14 +68,18 @@ -ENOTCONN The input parameter bus is - NULL or the bus is not connected. + NULL or the bus is not connected. + + -ECHILD The bus object bus was created in a different - process. + process. + + diff --git a/man/sd_bus_default.xml b/man/sd_bus_default.xml index 8be4254be1..a5f0ffb67f 100644 --- a/man/sd_bus_default.xml +++ b/man/sd_bus_default.xml @@ -306,7 +306,9 @@ The requested bus type is not available because of invalid environment (for example the user session bus is not available because $XDG_RUNTIME_DIR is not set). - + + + diff --git a/man/sd_bus_emit_signal.xml b/man/sd_bus_emit_signal.xml index ec2a7976fd..865120656e 100644 --- a/man/sd_bus_emit_signal.xml +++ b/man/sd_bus_emit_signal.xml @@ -214,25 +214,33 @@ One of the required parameters is NULL or invalid. A reserved D-Bus interface was passed as the interface parameter. - + + + -ENOPKG - The bus cannot be resolved. + The bus cannot be resolved. + + -ECHILD - The bus was created in a different process, library or module instance. + The bus was created in a different process, library or module instance. + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + @@ -243,7 +251,9 @@ sd_bus_emit_object_added() or sd_bus_emit_object_removed() was called on an object without an object manager registered on its own object path or one of its parent object paths. - + + + diff --git a/man/sd_bus_enqueue_for_read.xml b/man/sd_bus_enqueue_for_read.xml index 601edafd6a..782271ccf1 100644 --- a/man/sd_bus_enqueue_for_read.xml +++ b/man/sd_bus_enqueue_for_read.xml @@ -67,7 +67,9 @@ -ECHILD - The bus connection has been created in a different process, library or module instance. + The bus connection has been created in a different process, library or module instance. + + diff --git a/man/sd_bus_get_fd.xml b/man/sd_bus_get_fd.xml index 114b920c6c..6484761a0d 100644 --- a/man/sd_bus_get_fd.xml +++ b/man/sd_bus_get_fd.xml @@ -150,7 +150,9 @@ -ENOPKG - The bus cannot be resolved. + The bus cannot be resolved. + + diff --git a/man/sd_bus_get_name_creds.xml b/man/sd_bus_get_name_creds.xml index 5444eeddb1..7ebe58c17b 100644 --- a/man/sd_bus_get_name_creds.xml +++ b/man/sd_bus_get_name_creds.xml @@ -77,31 +77,41 @@ -EINVAL - An argument is invalid. + An argument is invalid. + + -ENOPKG - The bus cannot be resolved. + The bus cannot be resolved. + + -EPERM - The bus has already been started. + The bus has already been started. + + -ECHILD - The bus was created in a different process, library or module instance. + The bus was created in a different process, library or module instance. + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + diff --git a/man/sd_bus_get_name_machine_id.xml b/man/sd_bus_get_name_machine_id.xml index cd702e4063..f0478742bd 100644 --- a/man/sd_bus_get_name_machine_id.xml +++ b/man/sd_bus_get_name_machine_id.xml @@ -60,25 +60,33 @@ -EINVAL - An argument is invalid. + An argument is invalid. + + -ENOPKG - The bus cannot be resolved. + The bus cannot be resolved. + + -ECHILD - The bus was created in a different process, library or module instance. + The bus was created in a different process, library or module instance. + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + diff --git a/man/sd_bus_interface_name_is_valid.xml b/man/sd_bus_interface_name_is_valid.xml index 81a3fad0e2..f234ce72f6 100644 --- a/man/sd_bus_interface_name_is_valid.xml +++ b/man/sd_bus_interface_name_is_valid.xml @@ -77,7 +77,9 @@ -EINVAL The p parameter is - NULL. + NULL. + + diff --git a/man/sd_bus_list_names.xml b/man/sd_bus_list_names.xml index 998c286663..62a28045c7 100644 --- a/man/sd_bus_list_names.xml +++ b/man/sd_bus_list_names.xml @@ -67,31 +67,41 @@ bus or both acquired and activatable were NULL. - + + + -ENOPKG - The bus cannot be resolved. + The bus cannot be resolved. + + -ECHILD - The bus was created in a different process, library or module instance. + The bus was created in a different process, library or module instance. + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + -ENOTCONN - The bus is not connected. + The bus is not connected. + + diff --git a/man/sd_bus_message_at_end.xml b/man/sd_bus_message_at_end.xml index 9cff48a2ba..da3343d960 100644 --- a/man/sd_bus_message_at_end.xml +++ b/man/sd_bus_message_at_end.xml @@ -60,13 +60,17 @@ -EINVAL The m parameter is NULL. - + + + -EPERM - The message is not sealed. + The message is not sealed. + + diff --git a/man/sd_bus_message_open_container.xml b/man/sd_bus_message_open_container.xml index 0b9164e9bf..d08382edf0 100644 --- a/man/sd_bus_message_open_container.xml +++ b/man/sd_bus_message_open_container.xml @@ -118,13 +118,17 @@ -EINVAL m or contents are - NULL or type is invalid. + NULL or type is invalid. + + -EBADMSG - Message m has invalid structure. + Message m has invalid structure. + + @@ -132,32 +136,42 @@ Message m does not have a container of type type at the current position, or the contents do not match - contents. + contents. + + -EPERM - The message m is already sealed. + The message m is already sealed. + + -ESTALE - The message m is in an invalid state. + The message m is in an invalid state. + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + -EBUSY sd_bus_message_exit_container() was called but there are - unread members left in the container. + unread members left in the container. + + diff --git a/man/sd_bus_message_read.xml b/man/sd_bus_message_read.xml index aa325f39c2..9f75478e8d 100644 --- a/man/sd_bus_message_read.xml +++ b/man/sd_bus_message_read.xml @@ -185,7 +185,9 @@ -EBUSY When reading from a container, this error will be returned if unread elements - are left in the container. + are left in the container. + + diff --git a/man/sd_bus_message_read_strv.xml b/man/sd_bus_message_read_strv.xml index f034d02d8a..a88dab9fd2 100644 --- a/man/sd_bus_message_read_strv.xml +++ b/man/sd_bus_message_read_strv.xml @@ -75,26 +75,34 @@ -EINVAL m or l are NULL. - + + + -EPERM - The message is not sealed. + The message is not sealed. + + -EBADMSG - The message cannot be parsed. + The message cannot be parsed. + + -ENXIO The message "read pointer" is not right before an array of the appropriate type. - + + + diff --git a/man/sd_bus_message_seal.xml b/man/sd_bus_message_seal.xml index 53d3a218bb..ced9f9773a 100644 --- a/man/sd_bus_message_seal.xml +++ b/man/sd_bus_message_seal.xml @@ -68,14 +68,18 @@ -EINVAL The m parameter is NULL. - + + + -EBADMSG The D-Bus message m has open containers. - + + + @@ -83,7 +87,9 @@ The D-Bus message m is a reply but its type signature does not match the return type signature of its corresponding member in the - object vtable. + object vtable. + + diff --git a/man/sd_bus_message_sensitive.xml b/man/sd_bus_message_sensitive.xml index f953965983..7822ee87be 100644 --- a/man/sd_bus_message_sensitive.xml +++ b/man/sd_bus_message_sensitive.xml @@ -63,7 +63,9 @@ -EINVAL The message parameter is - NULL. + NULL. + + diff --git a/man/sd_bus_negotiate_fds.xml b/man/sd_bus_negotiate_fds.xml index 22b6817de3..e88ef4a657 100644 --- a/man/sd_bus_negotiate_fds.xml +++ b/man/sd_bus_negotiate_fds.xml @@ -125,19 +125,25 @@ -EINVAL - An argument is invalid. + An argument is invalid. + + -ENOPKG - The bus cannot be resolved. + The bus cannot be resolved. + + -ECHILD - The bus was created in a different process, library or module instance. + The bus was created in a different process, library or module instance. + + diff --git a/man/sd_bus_query_sender_creds.xml b/man/sd_bus_query_sender_creds.xml index b8fc7b3991..f6aa1d11e6 100644 --- a/man/sd_bus_query_sender_creds.xml +++ b/man/sd_bus_query_sender_creds.xml @@ -91,26 +91,34 @@ -EINVAL The message m or an output parameter is - NULL. + NULL. + + -ENOTCONN - The bus of m is not connected. + The bus of m is not connected. + + -ECHILD The bus of m was created in a different process, library or module instance. - + + + -EPERM - The message m is not sealed. + The message m is not sealed. + + diff --git a/man/sd_bus_reply_method_return.xml b/man/sd_bus_reply_method_return.xml index b9003e8293..4810413575 100644 --- a/man/sd_bus_reply_method_return.xml +++ b/man/sd_bus_reply_method_return.xml @@ -78,6 +78,8 @@ Message call is not attached to a bus. Message m is not a method reply message. + + @@ -85,20 +87,26 @@ -EPERM Message call has been sealed. - + + + -ENOTCONN The bus to which message call is attached is not - connected. + connected. + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + diff --git a/man/sd_bus_request_name.xml b/man/sd_bus_request_name.xml index 28fda406a5..64b1dcd411 100644 --- a/man/sd_bus_request_name.xml +++ b/man/sd_bus_request_name.xml @@ -78,7 +78,9 @@ After acquiring the name successfully, permit other peers to take over the name when they try to acquire it with the SD_BUS_NAME_REPLACE_EXISTING flag set. If SD_BUS_NAME_ALLOW_REPLACEMENT is not set on the original request, such a request by other - peers will be denied. + peers will be denied. + + @@ -86,13 +88,17 @@ Take over the name if it was already acquired by another peer, and that other peer has permitted takeover by setting SD_BUS_NAME_ALLOW_REPLACEMENT while acquiring - it. + it. + + SD_BUS_NAME_QUEUE - Queue the acquisition of the name when the name is already taken. + Queue the acquisition of the name when the name is already taken. + + diff --git a/man/sd_bus_send.xml b/man/sd_bus_send.xml index 315ad077ed..7088d67299 100644 --- a/man/sd_bus_send.xml +++ b/man/sd_bus_send.xml @@ -104,47 +104,61 @@ -EINVAL The input parameter m is NULL. - + + + -EOPNOTSUPP The bus connection does not support sending file descriptors. - + + + -ECHILD The bus connection was allocated in a parent process and is being reused in a child - process after fork(). + process after fork(). + + -ENOBUFS - The bus connection's write queue is full. + The bus connection's write queue is full. + + -ENOTCONN The input parameter bus is - NULL or the bus is not connected. + NULL or the bus is not connected. + + -ECONNRESET The bus connection was closed while waiting for the response. - + + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + diff --git a/man/sd_bus_set_address.xml b/man/sd_bus_set_address.xml index 21742bdf5f..615d1f5d19 100644 --- a/man/sd_bus_set_address.xml +++ b/man/sd_bus_set_address.xml @@ -134,13 +134,17 @@ -EINVAL The input parameters bus or address are NULL. - + + + -ENOPKG The bus object bus could not be resolved. + + @@ -149,6 +153,8 @@ The input parameter bus is in a wrong state (sd_bus_set_address() may only be called once on a newly-created bus object). + + @@ -157,6 +163,8 @@ The bus object bus was created in a different process. + + @@ -164,6 +172,8 @@ -ENODATA The bus object bus has no address configured. + + diff --git a/man/sd_bus_set_description.xml b/man/sd_bus_set_description.xml index 783a0b7922..dda54f4ebf 100644 --- a/man/sd_bus_set_description.xml +++ b/man/sd_bus_set_description.xml @@ -215,7 +215,9 @@ -ENODATA The bus object passed to sd_bus_get_scope() was not a - system or user session bus. + system or user session bus. + + @@ -225,7 +227,9 @@ default bus object and is not attached to an event loop. The bus object passed to sd_bus_get_description() did - not have a description. + not have a description. + + diff --git a/man/sd_bus_set_exit_on_disconnect.xml b/man/sd_bus_set_exit_on_disconnect.xml index aee5adffb3..6d2092601b 100644 --- a/man/sd_bus_set_exit_on_disconnect.xml +++ b/man/sd_bus_set_exit_on_disconnect.xml @@ -80,19 +80,25 @@ -EINVAL - A required parameter was NULL. + A required parameter was NULL. + + -ENOPKG - The bus object could not be resolved. + The bus object could not be resolved. + + -ECHILD - The bus connection was created in a different process, library or module instance. + The bus connection was created in a different process, library or module instance. + + diff --git a/man/sd_bus_set_fd.xml b/man/sd_bus_set_fd.xml index a79458a534..3479d117fb 100644 --- a/man/sd_bus_set_fd.xml +++ b/man/sd_bus_set_fd.xml @@ -72,33 +72,43 @@ -EINVAL - An invalid bus object was passed. + An invalid bus object was passed. + + -ECHILD The bus connection was allocated in a parent process and is being reused - in a child process after fork(). + in a child process after fork(). + + -EBADF An invalid file descriptor was passed to - sd_bus_set_fd(). + sd_bus_set_fd(). + + -ENOPKG - The bus cannot be resolved. + The bus cannot be resolved. + + -EPERM - The bus connection has already been started. + The bus connection has already been started. + + diff --git a/man/sd_bus_set_method_call_timeout.xml b/man/sd_bus_set_method_call_timeout.xml index 0db13e22ae..1dec4ca62a 100644 --- a/man/sd_bus_set_method_call_timeout.xml +++ b/man/sd_bus_set_method_call_timeout.xml @@ -74,13 +74,17 @@ -EINVAL The parameters bus or ret - are NULL. + are NULL. + + -ENOPKG Bus object bus could not be resolved. + + diff --git a/man/sd_bus_set_server.xml b/man/sd_bus_set_server.xml index 7c4b087628..36c4933fad 100644 --- a/man/sd_bus_set_server.xml +++ b/man/sd_bus_set_server.xml @@ -147,19 +147,25 @@ -ECHILD - The bus connection has been created in a different process, library or module instance. + The bus connection has been created in a different process, library or module instance. + + -EPERM - The bus connection has already been started. + The bus connection has already been started. + + -ENOPKG - The bus cannot be resolved. + The bus cannot be resolved. + + @@ -167,13 +173,17 @@ A required parameter was NULL or b was zero and id did not equal - SD_ID128_NULL. + SD_ID128_NULL. + + -ENOTCONN - The bus is not connected. + The bus is not connected. + + diff --git a/man/sd_bus_start.xml b/man/sd_bus_start.xml index 68fe3e0e22..824f070082 100644 --- a/man/sd_bus_start.xml +++ b/man/sd_bus_start.xml @@ -76,13 +76,17 @@ -EINVAL The input parameter bus is NULL. - + + + -ENOPKG Bus object bus could not be resolved. + + @@ -91,6 +95,8 @@ The input parameter bus is in a wrong state (sd_bus_start() may only be called once on a newly-created bus object). + + @@ -99,6 +105,8 @@ The bus object bus was created in a different process. + + diff --git a/man/sd_device_get_syspath.xml b/man/sd_device_get_syspath.xml index 54cb87a3f4..e78f5db657 100644 --- a/man/sd_device_get_syspath.xml +++ b/man/sd_device_get_syspath.xml @@ -174,13 +174,17 @@ -EINVAL - A specified parameter is invalid. + A specified parameter is invalid. + + -ENOENT - The requested field is not present in the device record. + The requested field is not present in the device record. + + diff --git a/man/sd_event_add_child.xml b/man/sd_event_add_child.xml index 31b9d76340..5977290a0b 100644 --- a/man/sd_event_add_child.xml +++ b/man/sd_event_add_child.xml @@ -302,7 +302,9 @@ -EOPNOTSUPP - A pidfd was requested but the kernel does not support this concept. + A pidfd was requested but the kernel does not support this concept. + + diff --git a/man/sd_event_add_inotify.xml b/man/sd_event_add_inotify.xml index 1f31907b0d..c8eebe6a70 100644 --- a/man/sd_event_add_inotify.xml +++ b/man/sd_event_add_inotify.xml @@ -183,14 +183,18 @@ -EBADF - The passed file descriptor is not valid. + The passed file descriptor is not valid. + + -ENOSYS sd_event_add_inotify_fd() was called without - /proc/ mounted. + /proc/ mounted. + + diff --git a/man/sd_event_add_io.xml b/man/sd_event_add_io.xml index d5495732a7..e67135edb2 100644 --- a/man/sd_event_add_io.xml +++ b/man/sd_event_add_io.xml @@ -285,7 +285,9 @@ project='man-pages'>epoll7 API, for example because it is a regular file or directory. See epoll_ctl2 - for details. + for details. + + diff --git a/man/sd_event_add_memory_pressure.xml b/man/sd_event_add_memory_pressure.xml index 08a27d15c1..20da8fdbb3 100644 --- a/man/sd_event_add_memory_pressure.xml +++ b/man/sd_event_add_memory_pressure.xml @@ -181,13 +181,17 @@ -ENOMEM - Not enough memory to allocate an object. + Not enough memory to allocate an object. + + -EINVAL - An invalid argument has been passed. + An invalid argument has been passed. + + @@ -195,28 +199,36 @@ The $MEMORY_PRESSURE_WATCH variable has been set to the literal string /dev/null, in order to explicitly disable memory pressure - handling. + handling. + + -EBADMSG The $MEMORY_PRESSURE_WATCH variable has been set to an invalid - string, for example a relative rather than an absolute path. + string, for example a relative rather than an absolute path. + + -ENOTTY The $MEMORY_PRESSURE_WATCH variable points to a regular file - outside of the procfs or cgroupfs file systems. + outside of the procfs or cgroupfs file systems. + + -EOPNOTSUPP No configuration via $MEMORY_PRESSURE_WATCH has been specified - and the local kernel does not support the PSI interface. + and the local kernel does not support the PSI interface. + + @@ -224,25 +236,33 @@ This is returned by sd_event_source_set_memory_pressure_type() and sd_event_source_set_memory_pressure_period() if invoked on event sources - at a time later than immediately after allocating them. + at a time later than immediately after allocating them. + + -ESTALE - The event loop is already terminated. + The event loop is already terminated. + + -ECHILD - The event loop has been created in a different process, library or module instance. + The event loop has been created in a different process, library or module instance. + + -EDOM - The passed event source is not a signal event source. + The passed event source is not a signal event source. + + diff --git a/man/sd_event_add_time.xml b/man/sd_event_add_time.xml index 864cf9b268..2cb48d8cea 100644 --- a/man/sd_event_add_time.xml +++ b/man/sd_event_add_time.xml @@ -291,7 +291,9 @@ -EOVERFLOW The passed relative time is outside of the allowed range for time values (i.e. the - specified value added to the current time is outside the 64 bit unsigned integer range). + specified value added to the current time is outside the 64 bit unsigned integer range). + + diff --git a/man/sd_event_set_signal_exit.xml b/man/sd_event_set_signal_exit.xml index cdf49a54f9..3a343f5f16 100644 --- a/man/sd_event_set_signal_exit.xml +++ b/man/sd_event_set_signal_exit.xml @@ -72,13 +72,17 @@ -ECHILD - The event loop has been created in a different process, library or module instance. + The event loop has been created in a different process, library or module instance. + + -EINVAL - The passed event loop object was invalid. + The passed event loop object was invalid. + + diff --git a/man/sd_event_source_set_exit_on_failure.xml b/man/sd_event_source_set_exit_on_failure.xml index 6f839cddc0..fbdb71ba73 100644 --- a/man/sd_event_source_set_exit_on_failure.xml +++ b/man/sd_event_source_set_exit_on_failure.xml @@ -74,7 +74,9 @@ -EINVAL source is not a valid pointer to an - sd_event_source object. + sd_event_source object. + + @@ -82,7 +84,9 @@ The event source refers to an exit event source (as created with sd_event_add_exit3), - for which this functionality is not supported. + for which this functionality is not supported. + + diff --git a/man/sd_event_source_set_floating.xml b/man/sd_event_source_set_floating.xml index db288094b6..1d038bd6ea 100644 --- a/man/sd_event_source_set_floating.xml +++ b/man/sd_event_source_set_floating.xml @@ -83,13 +83,17 @@ -EINVAL source is not a valid pointer to an - sd_event_source object. + sd_event_source object. + + -ECHILD - The event loop has been created in a different process, library or module instance. + The event loop has been created in a different process, library or module instance. + + diff --git a/man/sd_event_source_set_ratelimit.xml b/man/sd_event_source_set_ratelimit.xml index 89eb34fa9b..dc818bd571 100644 --- a/man/sd_event_source_set_ratelimit.xml +++ b/man/sd_event_source_set_ratelimit.xml @@ -125,27 +125,35 @@ source is not a valid pointer to an sd_event_source object. - + + + -ECHILD - The event loop has been created in a different process, library or module instance. + The event loop has been created in a different process, library or module instance. + + -EDOM It was attempted to use the rate limiting feature on an event source type that does - not support rate limiting. + not support rate limiting. + + -ENOEXEC sd_event_source_get_ratelimit() was called on an event source - that doesn't have rate limiting configured. + that doesn't have rate limiting configured. + + diff --git a/man/sd_event_wait.xml b/man/sd_event_wait.xml index dedf3c40be..6787a63f6f 100644 --- a/man/sd_event_wait.xml +++ b/man/sd_event_wait.xml @@ -145,7 +145,9 @@ before each event loop iteration. Use sd_event_prepare() to transition the event loop into the SD_EVENT_ARMED or - SD_EVENT_PENDING states. + SD_EVENT_PENDING states. + + @@ -159,7 +161,9 @@ that is invoked from the sd_event_prepare() call and is immediately followed by SD_EVENT_ARMED or - SD_EVENT_PENDING. + SD_EVENT_PENDING. + + @@ -170,7 +174,9 @@ dispatched. Use sd_event_wait() to wait for new events, and transition into SD_EVENT_PENDING or back into - SD_EVENT_INITIAL. + SD_EVENT_INITIAL. + + @@ -182,7 +188,9 @@ sd_event_dispatch() to dispatch the highest priority event source and transition back to SD_EVENT_INITIAL, or - SD_EVENT_FINISHED. + SD_EVENT_FINISHED. + + @@ -196,7 +204,9 @@ or SD_EVENT_FINISHED as soon the event source handler returns. Note that during dispatching of exit event sources the SD_EVENT_EXITING state - is seen instead. + is seen instead. + + @@ -207,7 +217,9 @@ effect while dispatching exit event sources. It is followed by SD_EVENT_INITIAL or SD_EVENT_FINISHED as soon as the event - handler returns. + handler returns. + + @@ -215,7 +227,9 @@ The event loop has exited. All exit event sources have run. If the event loop is in this state it serves - no purpose anymore, and should be freed. + no purpose anymore, and should be freed. + + diff --git a/man/sd_hwdb_get.xml b/man/sd_hwdb_get.xml index 6a6594f3f8..57e62e406c 100644 --- a/man/sd_hwdb_get.xml +++ b/man/sd_hwdb_get.xml @@ -108,21 +108,27 @@ -EINVAL - A parameter is NULL. + A parameter is NULL. + + -ENOENT An entry for the specified modalias was not found. - + + + -EAGAIN sd_hwdb_seek() was not called before - sd_hwdb_enumerate(). + sd_hwdb_enumerate(). + + diff --git a/man/sd_hwdb_new.xml b/man/sd_hwdb_new.xml index 0584add423..0c817f725c 100644 --- a/man/sd_hwdb_new.xml +++ b/man/sd_hwdb_new.xml @@ -96,6 +96,8 @@ The binary hardware database file could not be located. See systemd-hwdb8 for more information. + + @@ -103,13 +105,17 @@ -EINVAL The located binary hardware database file is in an incompatible format. - + + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + diff --git a/man/sd_id128_get_machine.xml b/man/sd_id128_get_machine.xml index ea9f999f88..40b9b6f582 100644 --- a/man/sd_id128_get_machine.xml +++ b/man/sd_id128_get_machine.xml @@ -141,7 +141,9 @@ Returned by sd_id128_get_machine() and sd_id128_get_machine_app_specific() when /etc/machine-id - is missing. + is missing. + + @@ -150,7 +152,9 @@ Returned by sd_id128_get_machine() and sd_id128_get_machine_app_specific() when /etc/machine-id is empty or all zeros. Also returned by sd_id128_get_invocation() when the - invocation ID is all zeros. + invocation ID is all zeros. + + @@ -158,7 +162,9 @@ Returned by sd_id128_get_machine() and sd_id128_get_machine_app_specific() when the content of - /etc/machine-id is uninitialized. + /etc/machine-id is uninitialized. + + @@ -166,28 +172,36 @@ Returned by sd_id128_get_boot() and sd_id128_get_boot_app_specific() when /proc/ is not - mounted. + mounted. + + -ENXIO Returned by sd_id128_get_invocation() if no invocation ID is - set. + set. + + -EUCLEAN Returned by any of the functions described here when the configured value has - invalid format. + invalid format. + + -EPERM Requested information could not be retrieved because of insufficient permissions. - + + + diff --git a/man/sd_journal_get_data.xml b/man/sd_journal_get_data.xml index 9a90f95d1a..bf64b1b088 100644 --- a/man/sd_journal_get_data.xml +++ b/man/sd_journal_get_data.xml @@ -162,13 +162,17 @@ -EINVAL One of the required parameters is NULL or invalid. - + + + -ECHILD - The journal object was created in a different process, library or module instance. + The journal object was created in a different process, library or module instance. + + @@ -176,53 +180,69 @@ The read pointer is not positioned at a valid entry; sd_journal_next3 - or a related call has not been called at least once. + or a related call has not been called at least once. + + -ENOENT The current entry does not include the specified field. + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + -ENOBUFS - A compressed entry is too large. + A compressed entry is too large. + + -E2BIG The data field is too large for this computer architecture (e.g. above 4 GB on a - 32-bit architecture). + 32-bit architecture). + + -EPROTONOSUPPORT The journal is compressed with an unsupported method or the journal uses an - unsupported feature. + unsupported feature. + + -EBADMSG The journal is corrupted (possibly just the entry being iterated over). - + + + -EIO - An I/O error was reported by the kernel. + An I/O error was reported by the kernel. + + diff --git a/man/sd_notify.xml b/man/sd_notify.xml index a286beaf45..af6863ec6b 100644 --- a/man/sd_notify.xml +++ b/man/sd_notify.xml @@ -133,7 +133,9 @@ service manager is notified about with this mechanisms are propagated in the same way as they are when originally initiated through the service manager. This message is particularly relevant for Type=notify-reload services, to inform the service manager that the request to - reload the service has been received and is now being processed. + reload the service has been received and is now being processed. + + @@ -144,7 +146,9 @@ generated by the client. This is typically used in combination with RELOADING=1, to allow the service manager to properly synchronize reload cycles. See systemd.service5 - for details, specifically Type=notify-reload. + for details, specifically Type=notify-reload. + + @@ -152,7 +156,9 @@ Tells the service manager that the service is beginning its shutdown. This is useful to allow the service manager to track the service's internal state, and present it to the - user. + user. + + @@ -162,7 +168,9 @@ the service state. This is free-form and can be used for various purposes: general state feedback, fsck-like programs could pass completion percentages and failing programs could pass a human-readable error message. Example: STATUS=Completed 66% of file system - check… + check… + + @@ -172,35 +180,45 @@ NotifyAccess= setting in the service unit file. See systemd.service5 for details, specifically NotifyAccess= for a list of accepted - values. + values. + + ERRNO=… If a service fails, the errno-style error code, formatted as string. Example: - ERRNO=2 for ENOENT. + ERRNO=2 for ENOENT. + + BUSERROR=… If a service fails, the D-Bus error-style error code. Example: - BUSERROR=org.freedesktop.DBus.Error.TimedOut + BUSERROR=org.freedesktop.DBus.Error.TimedOut + + EXIT_STATUS=… If a service exits, the return value of its main() function. - + + + MAINPID=… The main process ID (PID) of the service, in case the service manager did not fork - off the process itself. Example: MAINPID=4711 + off the process itself. Example: MAINPID=4711 + + @@ -224,7 +242,9 @@ in time. Note that WatchdogSec= does not need to be enabled for WATCHDOG=trigger to trigger the watchdog action. See systemd.service5 - for information about the watchdog behavior. + for information about the watchdog behavior. + + @@ -233,7 +253,9 @@ Reset watchdog_usec value during runtime. Notice that this is not available when using sd_event_set_watchdog() or sd_watchdog_enabled(). Example : - WATCHDOG_USEC=20000000 + WATCHDOG_USEC=20000000 + + @@ -246,7 +268,9 @@ TimeoutStartSec=, RuntimeMaxSec=, and TimeoutStopSec=. See systemd.service5 - for effects on the service timeouts. + for effects on the service timeouts. + + @@ -274,7 +298,9 @@ stopped, its file descriptor store is discarded and all file descriptors in it are closed. Use sd_pid_notify_with_fds() to send messages with FDSTORE=1, see below. The service manager will set the $FDSTORE environment variable for services - that have the file descriptor store enabled. + that have the file descriptor store enabled. + + @@ -282,7 +308,9 @@ Removes file descriptors from the file descriptor store. This field needs to be combined with FDNAME= to specify the name of the file descriptors to - remove. + remove. + + @@ -299,7 +327,9 @@ them in separate invocations of sd_pid_notify_with_fds(). The name may consist of arbitrary ASCII characters except control characters or :. It may not be longer than 255 characters. If a submitted name does not follow these restrictions, it is - ignored. + ignored. + + @@ -310,7 +340,9 @@ automatic cleanup of the stored file descriptors on EPOLLERR and EPOLLHUP, care must be taken to ensure proper manual cleanup. Use of this option is not generally recommended except for when automatic cleanup has unwanted behavior such as prematurely discarding file descriptors from the - store. + store. + + @@ -323,7 +355,9 @@ file descriptor can be used to synchronize against reception of all previous status messages. Note that this command cannot be mixed with other notifications, and has to be sent in a separate message to the service manager, otherwise all assignments will be ignored. Note that sending 0 or more than 1 - file descriptor with this command is a violation of the protocol. + file descriptor with this command is a violation of the protocol. + + diff --git a/man/sd_path_lookup.xml b/man/sd_path_lookup.xml index 4c1346712b..5c8b84b104 100644 --- a/man/sd_path_lookup.xml +++ b/man/sd_path_lookup.xml @@ -169,13 +169,17 @@ -EOPNOTSUPP - Unknown identifier type. + Unknown identifier type. + + -EINVAL - Output argument is NULL. + Output argument is NULL. + + @@ -183,13 +187,17 @@ Query failed because of an undefined environment variable (e.g. for SD_PATH_USER_RUNTIME when $XDG_RUNTIME_DIR is not - defined). + defined). + + -ENOMEM - Memory allocation failed. + Memory allocation failed. + + diff --git a/man/sd_watchdog_enabled.xml b/man/sd_watchdog_enabled.xml index 352b3606d7..644342f273 100644 --- a/man/sd_watchdog_enabled.xml +++ b/man/sd_watchdog_enabled.xml @@ -114,7 +114,9 @@ Set by the system manager for supervised process for which watchdog support is enabled, and contains the PID of that process. See above for - details. + details. + + @@ -123,7 +125,9 @@ Set by the system manager for supervised process for which watchdog support is enabled, and contains the watchdog timeout in μs. See above for - details. + details. + + diff --git a/man/shutdown.xml b/man/shutdown.xml index 24a934f45e..d973704ca0 100644 --- a/man/shutdown.xml +++ b/man/shutdown.xml @@ -122,7 +122,9 @@ Show a pending shutdown action and time if - there is any. + there is any. + + diff --git a/man/smbios-type-11.xml b/man/smbios-type-11.xml index c95dc741c9..ea7cf4c085 100644 --- a/man/smbios-type-11.xml +++ b/man/smbios-type-11.xml @@ -50,7 +50,9 @@ form. See systemd.exec5 and System and Service Credentials for - details. + details. + + @@ -58,7 +60,9 @@ This allows configuration of additional kernel command line options, and is read by the kernel UEFI stub. For details see - systemd-stub1. + systemd-stub1. + + diff --git a/man/systemctl.xml b/man/systemctl.xml index 7d114897f2..2a5597728c 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -124,6 +124,8 @@ binfmt_misc /proc/sys/fs/binfmt_misc yes 0 proc-sys-fs-binfmt_mis Also see , , and . + + @@ -144,6 +146,8 @@ PATH CONDITION UNIT Also see , , and . + + @@ -631,7 +635,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err current unit process exists. Note that the namespace mentioned here, where the bind mount will be added to, is the one where the main service process runs. Other processes (those exececuted by , , etc.) run in distinct namespaces. - + + + @@ -664,7 +670,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Example: systemctl mount-image foo.service /tmp/img.raw /var/lib/image root:ro,nosuid systemctl mount-image --mkdir bar.service /tmp/img.raw /var/lib/baz/img - + + + @@ -688,7 +696,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err org.freedesktop.LogControl15 interface. (systemctl will use the generic D-Bus protocol to access the org.freedesktop.LogControl1.LogLevel interface for the D-Bus name - destination.) + destination.) + + @@ -720,7 +730,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err org.freedesktop.LogControl15 interface. (systemctl will use the generic D-Bus protocol to access the org.freedesktop.LogControl1.LogLevel interface for the D-Bus name - destination.) + destination.) + + @@ -746,7 +758,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Returns the units the processes referenced by the given PIDs belong to (one per line). If no PID is specified returns the unit the systemctl command is invoked - in. + in. + + @@ -767,6 +781,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Unlike list-units this command will list template units in addition to explicitly instantiated units. + + @@ -861,6 +877,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err This command honors , , , and in a similar way as enable. + + @@ -872,6 +890,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err disable and enable and is useful to reset the symlinks a unit file is enabled with to the defaults configured in its [Install] section. This command expects a unit name only, it does not accept paths to unit files. + + @@ -895,6 +915,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err For more information on the preset policy format, see systemd.preset5. + + @@ -908,6 +930,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Use to control whether units shall be enabled and disabled, or only enabled, or only disabled. + + @@ -1005,6 +1029,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err + + @@ -1030,6 +1056,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err placed precisely in the two aforementioned directories). Similar restrictions apply for mode, in which case the directories are below the user's home directory however. + + @@ -1040,6 +1068,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Unmask one or more unit files, as specified on the command line. This will undo the effect of mask. This command expects valid unit names only, it does not accept unit file paths. + + @@ -1054,6 +1084,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err file system where the linked unit files are located must be accessible when systemd is started (e.g. anything underneath /home/ or /var/ is not allowed, unless those directories are located on the root file system). + + @@ -1076,6 +1108,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Effectively, this command may be used to undo all changes made with systemctl edit, systemctl set-property and systemctl mask and puts the original unit file with its settings back in effect. + + @@ -1095,6 +1129,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err in a way similar to enable. + + @@ -1138,6 +1174,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err and that you cannot temporarily edit units which are in /etc/, since they take precedence over /run/. + + @@ -1158,6 +1196,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Set the default target to boot into. This sets (symlinks) the default.target alias to the given target unit. + + @@ -1177,6 +1217,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err PATTERNs are specified, only containers matching one of them are shown. + + @@ -1197,6 +1239,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err When combined with or the list is augmented with information on which other job each job is waiting for, and which other jobs are waiting for it, see above. + + @@ -1206,6 +1250,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Cancel one or more jobs specified on the command line by their numeric job IDs. If no job ID is specified, cancel all pending jobs. + + @@ -1258,6 +1304,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Set one or more systemd manager environment variables, as specified on the command line. This command will fail if variable names and values do not conform to the rules listed above. + + @@ -1269,6 +1317,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err removed regardless of its value. If a variable and a value are specified, the variable is only removed if it has the specified value. + + @@ -1290,6 +1340,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err arguments) is deprecated. A shell will set dozens of variables which only make sense locally and are only meant for processes which are descendants of the shell. Such variables in the global environment block are confusing to other processes. + + @@ -1339,7 +1391,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err current log level of the manager to LEVEL (accepts the same values as described in systemd1). - + + + @@ -1350,7 +1404,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err current log target of the manager to TARGET (accepts the same values as , described in systemd1). - + + + @@ -1361,7 +1417,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err service runtime watchdogs () and emergency actions (e.g. or ); see systemd.service5. - The hardware watchdog is not affected by this setting. + The hardware watchdog is not affected by this setting. + + @@ -1463,6 +1521,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err + + @@ -1548,6 +1608,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err This command honors and in a similar way as halt. + + @@ -1594,6 +1656,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err This operation only reboots userspace, leaving the kernel running. See systemd-soft-reboot.service8 for details. + + @@ -1608,6 +1672,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err The service manager will exit with the specified exit code, if EXIT_CODE is passed. + + @@ -1626,6 +1692,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err omitted, equal to the empty string or identical to the path to the systemd binary, the state of the initrd's system manager process is passed to the main system manager, which allows later introspection of the state of the services involved in the initrd boot phase. + + @@ -1667,6 +1735,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err This will trigger activation of the special target unit suspend-then-hibernate.target. This command is asynchronous, and will return after the hybrid sleep operation is successfully enqueued. It will not wait for the sleep/wake-up or hibernate/thaw cycle to complete. + + @@ -1754,6 +1824,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err As a special case, if one of the arguments is , a list of allowed values will be printed and the program will exit. + + @@ -1798,6 +1870,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err value of the property without the property name or =. Note that using once will also affect all properties listed with /. + + @@ -1832,6 +1906,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err containers. Units of local containers will be prefixed with the container name, separated by a single colon character (:). + + @@ -1846,6 +1922,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err PartOf=, BoundBy=, instead of Wants= and similar. + + @@ -1888,6 +1966,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err When passed to the list-jobs command, for each printed job show which other jobs it is waiting for. May be combined with to show both the jobs waiting for each job as well as all jobs each job is waiting for. + + @@ -1904,6 +1984,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err , may be used to change what types of dependencies are shown. + + @@ -1928,6 +2010,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err When printing properties with show, only print the value, and skip the property name and =. Also see option above. + + @@ -1936,6 +2020,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err When showing sockets, show the type of the socket. + + @@ -2007,6 +2093,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err systemctl start. In this mode, dependencies of the specified unit will receive restart propagation, as if a restart job had been enqueued for the unit. + + @@ -2021,6 +2109,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err immediately part of the transaction requested. It is possible that service start-up program code run as effect of the enqueued jobs might request further jobs to be pulled in. This means that completion of the listed jobs might ultimately entail more jobs than the listed ones. + + @@ -2032,6 +2122,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err When used with the kill command, if no units were killed, the operation results in an error. + + @@ -2054,6 +2146,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err attempted. If locks are present, the operation may require additional privileges. Option provides another way to override inhibitors. + + @@ -2075,6 +2169,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err hybrid-sleep, suspend-then-hibernate, default, rescue, emergency, and exit. + + @@ -2111,6 +2207,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err + + @@ -2139,6 +2237,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err When used with is-system-running, wait until the boot process is completed before returning. + + @@ -2151,6 +2251,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err List units in failed state. This is equivalent to . + + @@ -2225,6 +2327,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err defined (which are the invocations of &MOUNT_PATH; and &UMOUNT_PATH;), but no main process is defined. If omitted, defaults to . + + @@ -2244,7 +2348,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err If this option is used the signal will only be enqueued on the control or main process of the unit, never on other processes belonging to the unit, i.e. will only - affect main and control processes but no other processes. + affect main and control processes but no other processes. + + @@ -2265,6 +2371,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err fdstore resource type is only useful if the FileDescriptorStorePreserve= option is enabled, since the file descriptor store is otherwise cleaned automatically when the unit is stopped. + + @@ -2299,6 +2407,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err When used with halt, poweroff or reboot, set a short message explaining the reason for the operation. The message will be logged together with the default shutdown message. + + @@ -2311,6 +2421,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err mask, the units will also be stopped. The start or stop operation is only carried out when the respective enable or disable operation has been successful. + + @@ -2338,7 +2450,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err table, following the Discoverable Partitions Specification. For further information on supported disk images, see systemd-nspawn1's - switch of the same name. + switch of the same name. + + @@ -2374,6 +2488,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err commands, controls whether units shall be disabled and enabled according to the preset rules, or only enabled, or only disabled. + + @@ -2408,6 +2524,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err When used with the reboot command, indicate to the system's firmware to reboot into the firmware setup interface. Note that this functionality is not available on all systems. + + @@ -2419,6 +2537,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err show the boot loader menu on the following boot. Takes a time value as parameter — indicating the menu timeout. Pass zero in order to disable the menu timeout. Note that not all boot loaders support this functionality. + + @@ -2430,6 +2550,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err boot into a specific boot loader entry on the following boot. Takes a boot loader entry identifier as argument, or help in order to list available entries. Note that not all boot loaders support this functionality. + + @@ -2440,6 +2562,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err This switch is used with reboot. The value is architecture and firmware specific. As an example, recovery might be used to trigger system recovery, and fota might be used to trigger a firmware over the air update. + + @@ -2451,6 +2575,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err list-units or list-machines, the output is printed as a list instead of a tree, and the bullet circles are omitted. + + @@ -2464,14 +2590,18 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err (this is the default) - Day YYYY-MM-DD HH:MM:SS TZ + Day YYYY-MM-DD HH:MM:SS TZ + + - @seconds-since-the-epoch + @seconds-since-the-epoch + + @@ -2486,7 +2616,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err - Day YYYY-MM-DD HH:MM:SS UTC + Day YYYY-MM-DD HH:MM:SS UTC + + @@ -2497,6 +2629,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Day YYYY-MM-DD HH:MM:SS.UUUUUU UTC + + @@ -2506,7 +2640,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err When used with bind, creates the destination file or directory before applying the bind mount. Note that even though the name of this option suggests that it is suitable only for directories, this option also creates the destination file node to mount over if the object to mount is not - a directory, but a regular file, device node, socket or FIFO. + a directory, but a regular file, device node, socket or FIFO. + + @@ -2518,13 +2654,17 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err will be queued. Those properties can be set using set-property Markers=…. Unless is used, systemctl will wait for the - queued jobs to finish. + queued jobs to finish. + + - When used with bind, creates a read-only bind mount. + When used with bind, creates a read-only bind mount. + + @@ -2533,6 +2673,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err When used with edit, use the given drop-in file name instead of override.conf. + + @@ -2546,6 +2688,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err project='man-pages'>systemd.time7 section "PARSING TIMESTAMPS". Specially, if show is given, the currently scheduled action will be shown, which can be canceled by passing an empty string or cancel. + + @@ -2631,7 +2775,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err nano1, vim1, vi1. - + + + diff --git a/man/systemd-ac-power.xml b/man/systemd-ac-power.xml index e06a88a975..58aa706f80 100644 --- a/man/systemd-ac-power.xml +++ b/man/systemd-ac-power.xml @@ -47,7 +47,9 @@ - Show result as text instead of just returning success or failure. + Show result as text instead of just returning success or failure. + + @@ -55,7 +57,9 @@ Instead of showing AC power state, show low battery state. In this case will return zero if all batteries are currently discharging and below 5% of maximum charge. Returns non-zero - otherwise. + otherwise. + + diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index 145d3f6188..d3a1de9a91 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -938,21 +938,27 @@ NR NAME SHA256 Operates on the system systemd instance. This - is the implied default. + is the implied default. + + Operates on the user systemd - instance. + instance. + + Operates on the system-wide configuration for - user systemd instance. + user systemd instance. + + @@ -969,7 +975,9 @@ NR NAME SHA256 Requisite=, Wants= and Conflicts= are shown. If neither is passed, this shows dependencies of - all these types. + all these types. + + @@ -993,7 +1001,9 @@ NR NAME SHA256 relation. In other words, patterns specified with those two options will trim the list of edges matched by the positional arguments, if any are given, and fully determine the list of - edges shown otherwise. + edges shown otherwise. + + @@ -1005,7 +1015,9 @@ NR NAME SHA256 earlier, than the latest unit in the same level. The unit of timespan is seconds unless specified with a different unit, e.g. - "50ms". + "50ms". + + @@ -1013,7 +1025,9 @@ NR NAME SHA256 Do not invoke man1 - to verify the existence of man pages listed in Documentation=. + to verify the existence of man pages listed in Documentation=. + + @@ -1022,7 +1036,9 @@ NR NAME SHA256 Invoke unit generators, see systemd.generator7. Some generators require root privileges. Under a normal user, running with - generators enabled will generally result in some warnings. + generators enabled will generally result in some warnings. + + @@ -1036,21 +1052,27 @@ NR NAME SHA256 unit. With one, return a non-zero process exit status when warnings arise during verification of either the specified unit or its immediate dependencies. If this option is not specified, zero is returned as the exit status regardless whether warnings arise during verification - or not. + or not. + + With cat-files and verify, - operate on files underneath the specified root path PATH. + operate on files underneath the specified root path PATH. + + With cat-files and verify, - operate on files inside the specified image path PATH. + operate on files inside the specified image path PATH. + + @@ -1064,7 +1086,9 @@ NR NAME SHA256 This means that can be used with and as well. If a unit's overall exposure level is above that set by (default value is 100), will return - an error. + an error. + + @@ -1073,7 +1097,9 @@ NR NAME SHA256 With security , takes into consideration the specified portable profile when assessing unit settings. The profile can be passed by name, in which case the well-known system locations will - be searched, or it can be the full path to a specific drop-in file. + be searched, or it can be the full path to a specific drop-in file. + + @@ -1083,7 +1109,9 @@ NR NAME SHA256 to compare the overall exposure level with, for the specified unit files. If a unit's overall exposure level, is greater than that set by the user, security will return an error. can be used with - as well and its default value is 100. + as well and its default value is 100. + + @@ -1345,7 +1373,9 @@ NR NAME SHA256 - See example "JSON Policy" below. + See example "JSON Policy" below. + + @@ -1371,21 +1401,27 @@ NR NAME SHA256 from when it was initially started, deactivated which is the time after startup that the service was deactivated, deactivating which is the time after startup that the service was initially told to deactivate. - + + + When used with the calendar command, show the specified number of - iterations the specified calendar expression will elapse next. Defaults to 1. + iterations the specified calendar expression will elapse next. Defaults to 1. + + When used with the calendar command, show next iterations relative - to the specified point in time. If not specified defaults to the current time. + to the specified point in time. If not specified defaults to the current time. + + @@ -1399,14 +1435,18 @@ NR NAME SHA256 compiled in set of unit load paths; see systemd.unit5. All units files present in the directory containing the specified unit will be used in preference to the - other paths. + other paths. + + When used with the plot command, the raw time data is output in a table. - + + + @@ -1414,7 +1454,9 @@ NR NAME SHA256 When used with the plot command in combination with either or , no legends or hints are included in the output. - + + + @@ -1423,7 +1465,9 @@ NR NAME SHA256 - Suppress hints and other non-essential output. + Suppress hints and other non-essential output. + + diff --git a/man/systemd-ask-password.xml b/man/systemd-ask-password.xml index ffd6c1c4d8..6484bbb8a6 100644 --- a/man/systemd-ask-password.xml +++ b/man/systemd-ask-password.xml @@ -113,7 +113,9 @@ recognition of queries by involved agents. It should include the subsystem doing the query and the specific object the query is done for. Example: - --id=cryptsetup:/dev/sda5. + --id=cryptsetup:/dev/sda5. + + @@ -135,7 +137,9 @@ passwords. Use keyctl1 to access the cached key via the kernel keyring - directly. Example: --keyname=cryptsetup + directly. Example: --keyname=cryptsetup + + @@ -146,7 +150,9 @@ systemd.exec5 for details. If not specified, defaults to password. This option has no effect if no credentials directory is passed to the program (i.e. $CREDENTIALS_DIRECTORY is not - set) or if the no credential of the specified name exists. + set) or if the no credential of the specified name exists. + + @@ -166,7 +172,9 @@ masked, an asterisk (*) is echoed for each character typed. In this mode, if the user hits the tabulator key (), echo is turned off. (Alternatively, if the user hits the backspace key () while no data has - been entered otherwise, echo is turned off, too). + been entered otherwise, echo is turned off, too). + + @@ -182,7 +190,9 @@ Controls whether or not to prefix the query with a lock and key emoji (🔐), if the TTY settings permit this. The default is auto, which defaults to yes, - unless is given. + unless is given. + + @@ -212,7 +222,9 @@ Do not print passwords to standard output. This is useful if you want to store a password in kernel keyring with but do not want it to show up on screen - or in logs. + or in logs. + + @@ -222,7 +234,9 @@ by a newline character. This may be turned off with the switch, similarly to the switch of the same name of the echo1 - command. + command. + + diff --git a/man/systemd-backlight@.service.xml b/man/systemd-backlight@.service.xml index 85609949ff..08e14ad09c 100644 --- a/man/systemd-backlight@.service.xml +++ b/man/systemd-backlight@.service.xml @@ -56,7 +56,9 @@ Takes a boolean argument. Defaults to 1. If 0, does not restore the backlight settings on boot. However, settings will - still be stored on shutdown. + still be stored on shutdown. + + diff --git a/man/systemd-battery-check.service.xml b/man/systemd-battery-check.service.xml index 6f1b0ea687..62d6bf5660 100644 --- a/man/systemd-battery-check.service.xml +++ b/man/systemd-battery-check.service.xml @@ -77,6 +77,8 @@ existence, and the service systemd-battery-check.service will succeed. This may be useful when the command wrongly detects and reports battery capacity percentage or AC power existence, or when you want to boot the system forcibly. + + diff --git a/man/systemd-binfmt.service.xml b/man/systemd-binfmt.service.xml index 25c5e6dcc2..b52b58494e 100644 --- a/man/systemd-binfmt.service.xml +++ b/man/systemd-binfmt.service.xml @@ -46,7 +46,9 @@ If passed, instead of registering configured binary formats in the kernel, the reverse operation is executed: all currently registered binary formats are unregistered from the - kernel. + kernel. + + diff --git a/man/systemd-bless-boot.service.xml b/man/systemd-bless-boot.service.xml index 3a4ff308fe..66454d18e8 100644 --- a/man/systemd-bless-boot.service.xml +++ b/man/systemd-bless-boot.service.xml @@ -65,7 +65,9 @@ command below, and "bad" conversely after the command was invoked. The string clean is returned when boot counting is currently not in effect. - This command is implied if no command argument is specified. + This command is implied if no command argument is specified. + + @@ -74,7 +76,9 @@ When invoked, the current boot loader entry file or unified kernel image file will be marked as "good", executing the file rename operation described above. This command is intended to be invoked at the end of a successful boot. The systemd-bless-boot.service unit invokes this - command. + command. + + @@ -84,7 +88,9 @@ file name is set to zero, marking the boot loader entry or kernel image as "bad", so that the boot loader won't consider it anymore on future boots (at least as long as there are other entries available that are not marked "bad" yet). This command is normally not executed, but can be used to instantly put an end to the boot counting - logic if a problem is detected and persistently mark the boot entry as bad. + logic if a problem is detected and persistently mark the boot entry as bad. + + @@ -92,7 +98,9 @@ This command undoes any marking of the current boot loader entry file or unified kernel image file as good or bad. This is implemented by renaming the boot loader entry file or unified kernel image file - back to the path encoded in the LoaderBootCountPath EFI variable. + back to the path encoded in the LoaderBootCountPath EFI variable. + + diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml index 56044281d4..fa73def8b1 100644 --- a/man/systemd-boot.xml +++ b/man/systemd-boot.xml @@ -131,50 +131,68 @@ PageDown Home End - Navigate up/down in the entry list + Navigate up/down in the entry list + + (Enter) (Right) - Boot selected entry + Boot selected entry + + d - Make selected entry the default + Make selected entry the default + + e - Edit the kernel command line for selected entry + Edit the kernel command line for selected entry + + + t - Increase the timeout before default entry is booted + Increase the timeout before default entry is booted + + - T - Decrease the timeout + Decrease the timeout + + r - Change screen resolution, skipping any unsupported modes. + Change screen resolution, skipping any unsupported modes. + + R - Reset screen resolution to firmware or configuration file default. + Reset screen resolution to firmware or configuration file default. + + p - Print status + Print status + + @@ -190,17 +208,23 @@ For compatibility with the keybindings of several firmware implementations this operation may also be reached with F2, F10, Del and - Esc. + Esc. + + Shifto - Power off the system. + Power off the system. + + Shiftb - Reboot the system. + Reboot the system. + + @@ -210,22 +234,30 @@ l - Linux + Linux + + w - Windows + Windows + + a - macOS + macOS + + s - EFI shell + EFI shell + + @@ -238,7 +270,9 @@ 7 8 9 - Boot entry number 1 … 9 + Boot entry number 1 … 9 + + @@ -262,7 +296,9 @@ (Right) Home End - Navigate left/right + Navigate left/right + + @@ -273,13 +309,17 @@ Ctrlk - Clear the command line forwards + Clear the command line forwards + + Ctrlw AltBackspace - Delete word backwards + Delete word backwards + + @@ -290,7 +330,9 @@ (Enter) - Boot entry with the edited command line + Boot entry with the edited command line + + @@ -351,7 +393,9 @@ encoded. Set by the boot loader. systemd-bless-boot.service8 uses this information to mark a boot as successful as determined by the successful activation of the - boot-complete.target target unit. + boot-complete.target target unit. + + @@ -361,7 +405,9 @@ is maintained persistently, while LoaderConfigTimeoutOneShot is a one-time override which is read once (in which case it takes precedence over LoaderConfigTimeout) and then removed. LoaderConfigTimeout may be manipulated with the - t/T keys, see above. + t/T keys, see above. + + @@ -371,14 +417,18 @@ the boot loader. systemd-gpt-auto-generator8 uses this information to automatically find the disk booted from, in order to discover various other partitions - on the same disk automatically. + on the same disk automatically. + + LoaderEntries A list of the identifiers of all discovered boot loader entries. Set by the boot - loader. + loader. + + @@ -391,14 +441,18 @@ boots. bootctl1's and commands make use of these variables. The boot loader modifies LoaderEntryDefault on request, when the d key is used, see - above. + above. + + LoaderEntrySelected The identifier of the boot loader entry currently being booted. Set by the boot - loader. + loader. + + @@ -406,7 +460,9 @@ A set of flags indicating the features the boot loader supports. Set by the boot loader. Use bootctl1 to view this - data. + data. + + @@ -415,7 +471,9 @@ Brief firmware information. Set by the boot loader. Use bootctl1 to view this - data. + data. + + @@ -424,7 +482,9 @@ The path of executable of the boot loader used for the current boot, relative to the EFI System Partition's root directory. Set by the boot loader. Use bootctl1 to view this - data. + data. + + @@ -432,7 +492,9 @@ Brief information about the boot loader. Set by the boot loader. Use bootctl1 to view this - data. + data. + + @@ -442,7 +504,9 @@ Information about the time spent in various parts of the boot loader. Set by the boot loader. Use systemd-analyze1 - to view this data. + to view this data. + + @@ -450,7 +514,9 @@ A binary random data field, that is used for generating the random seed to pass to the OS (see above). Note that this random data is generally only generated once, during OS - installation, and is then never updated again. + installation, and is then never updated again. + + diff --git a/man/systemd-bsod.service.xml b/man/systemd-bsod.service.xml index 8530468d1d..9f54b40359 100644 --- a/man/systemd-bsod.service.xml +++ b/man/systemd-bsod.service.xml @@ -51,7 +51,9 @@ When specified, systemd-bsod waits continuously for changes in the - journal if it doesn't find any emergency messages on the initial attempt. + journal if it doesn't find any emergency messages on the initial attempt. + + diff --git a/man/systemd-cat.xml b/man/systemd-cat.xml index a4b6139a8c..8d59ce2d69 100644 --- a/man/systemd-cat.xml +++ b/man/systemd-cat.xml @@ -109,7 +109,9 @@ because one channel is used for both. When the default priority differs, two channels are used, and so stdout messages will not be strictly ordered with respect to stderr messages - though - they will tend to be approximately ordered. + they will tend to be approximately ordered. + + diff --git a/man/systemd-cgls.xml b/man/systemd-cgls.xml index 794ff868f9..8b72b9d06d 100644 --- a/man/systemd-cgls.xml +++ b/man/systemd-cgls.xml @@ -79,6 +79,8 @@ Show cgroup subtrees for the specified units. + + @@ -86,6 +88,8 @@ Show cgroup subtrees for the specified user units. + + diff --git a/man/systemd-cgtop.xml b/man/systemd-cgtop.xml index f08304d300..9be6701191 100644 --- a/man/systemd-cgtop.xml +++ b/man/systemd-cgtop.xml @@ -116,7 +116,9 @@ is exhausted or until killed. This mode could be useful for sending output from systemd-cgtop to other programs or to a - file. + file. + + @@ -125,7 +127,9 @@ Format byte counts (as in memory usage and I/O metrics) and CPU time with raw numeric values rather than human-readable - numbers. + numbers. + + @@ -135,7 +139,9 @@ Controls whether the CPU usage is shown as percentage or time. By default, the CPU usage is shown as percentage. This setting may also be toggled at runtime by - pressing the % key. + pressing the % key. + + @@ -149,7 +155,9 @@ threads it consists of. This setting may also be toggled at runtime by pressing the P key. This option may not be combined with - . + . + + @@ -163,7 +171,9 @@ regardless how many threads it consists of. This setting may also be toggled at runtime by pressing the k key. This option may not be combined with - . + . + + @@ -180,7 +190,9 @@ only applies to process counting, i.e. when the or options are used. It has not effect if all tasks are counted, in which - case the counting is always recursive. + case the counting is always recursive. + + @@ -189,13 +201,17 @@ Perform only this many iterations. A value of 0 indicates that the program should run - indefinitely. + indefinitely. + + - A shortcut for . + A shortcut for . + + @@ -228,7 +244,9 @@ Limit control groups shown to the part corresponding to the container MACHINE. - This option may not be used when a control group path is specified. + This option may not be used when a control group path is specified. + + @@ -253,7 +271,9 @@ - Immediately refresh output. + Immediately refresh output. + + @@ -281,7 +301,9 @@ Toggle between showing CPU time as time or percentage. This setting may also be controlled using the - command line switch. + command line switch. + + @@ -300,7 +322,9 @@ Toggle between counting all tasks, or only userspace processes. This setting may also be controlled using the command line switch (see - above). + above). + + @@ -309,7 +333,9 @@ Toggle between counting all tasks, or only userspace processes and kernel threads. This setting may also be controlled using the command line - switch (see above). + switch (see above). + + @@ -322,7 +348,9 @@ not available if all tasks are counted, it is only available if processes are counted, as enabled with the P or k - keys. + keys. + + diff --git a/man/systemd-coredump.xml b/man/systemd-coredump.xml index 4c98c6771a..14fd217429 100644 --- a/man/systemd-coredump.xml +++ b/man/systemd-coredump.xml @@ -187,12 +187,16 @@ COREDUMP_FILENAME=/var/lib/systemd/coredump/core.Web….552351.….zst When the crashed process was part of a container (or in a process or user namespace in general), those are the values as seen outside, in the namespace where systemd-coredump is running. + + COREDUMP_TIMESTAMP= The time of the crash as reported by the kernel (in μs since the epoch). + + @@ -200,7 +204,9 @@ COREDUMP_FILENAME=/var/lib/systemd/coredump/core.Web….552351.….zst COREDUMP_RLIMIT= The core file size soft resource limit, see getrlimit2. - + + + @@ -210,6 +216,8 @@ COREDUMP_FILENAME=/var/lib/systemd/coredump/core.Web….552351.….zst When the crashed process was in container, those are the units names outside, in the main system manager. + + @@ -222,6 +230,8 @@ COREDUMP_FILENAME=/var/lib/systemd/coredump/core.Web….552351.….zst When the crashed process was in a container, this is the full path, as seen outside of the container. + + @@ -234,6 +244,8 @@ COREDUMP_FILENAME=/var/lib/systemd/coredump/core.Web….552351.….zst When the crashed process was in container, those are the values outside, in the main system. + + @@ -249,6 +261,8 @@ COREDUMP_FILENAME=/var/lib/systemd/coredump/core.Web….552351.….zst the prefix; all systemd tools accept signal names both with and without the prefix. ) and numerical value. (Both are included because signal numbers vary by architecture.) + + @@ -260,6 +274,8 @@ COREDUMP_FILENAME=/var/lib/systemd/coredump/core.Web….552351.….zst When the crashed process is in a container, those paths are relative to the root of the container's mount namespace. + + @@ -281,7 +297,9 @@ flags: ... The first line contains the file descriptor number fd and the path, while subsequent lines show the contents of /proc/pid/fdinfo/fd. - + + + @@ -291,7 +309,9 @@ flags: ... symlink. When the crashed process is in a container, that path is relative to the root of the - container's mount namespace. + container's mount namespace. + + @@ -315,7 +335,9 @@ flags: ... See proc5 - for more information. + for more information. + + @@ -324,6 +346,8 @@ flags: ... The system hostname. When the crashed process was in container, this is the container hostname. + + @@ -331,13 +355,17 @@ flags: ... COREDUMP_CONTAINER_CMDLINE= For processes running in a container, the commandline of the process spawning the - container (the first parent process with a different mount namespace). + container (the first parent process with a different mount namespace). + + COREDUMP= When the core is stored in the journal, the core image itself. + + @@ -345,6 +373,8 @@ flags: ... COREDUMP_FILENAME= When the core is stored externally, the path to the core file. + + @@ -353,7 +383,9 @@ flags: ... Set to 1 when the saved coredump was truncated. (A partial core image may still be processed by some tools, though obviously not all information is available.) - + + + @@ -367,6 +399,8 @@ flags: ... JSON-formatted content of all modules will be appended as a single JSON object, each with the module name as the key. For more information about this metadata format and content, see the coredump metadata spec. + + @@ -375,7 +409,9 @@ flags: ... The message generated by systemd-coredump that includes the backtrace if it was successfully generated. When systemd-coredump is invoked with - , this field is provided by the caller. + , this field is provided by the caller. + + @@ -404,7 +440,9 @@ flags: ... COREDUMP_SIGNAL=, COREDUMP_TIMESTAMP=, COREDUMP_RLIMIT=, COREDUMP_HOSTNAME=, COREDUMP_COMM=, and COREDUMP_EXE=, described above. - + + + diff --git a/man/systemd-creds.xml b/man/systemd-creds.xml index a5cfe0901a..f2dff10ff1 100644 --- a/man/systemd-creds.xml +++ b/man/systemd-creds.xml @@ -65,7 +65,9 @@ secure (in case the credential is backed by unswappable memory, i.e. ramfs), weak (in case it is backed by any other type of memory), or insecure (if having any access mode that is not 0400, i.e. if readable - by anyone but the owner). + by anyone but the owner). + + @@ -76,7 +78,9 @@ output. When combined with or the output is - transcoded in simple ways before outputting. + transcoded in simple ways before outputting. + + @@ -88,7 +92,9 @@ credentials with encrypt or decrypt, and is only accessible to the root user. Note that there's typically no need to invoke this command explicitly as it is implicitly called when encrypt is invoked, and credential host key encryption - selected. + selected. + + @@ -141,6 +147,8 @@ The credential data is encrypted using AES256-GCM, i.e. providing both confidentiality and integrity, keyed by a SHA256 hash of one or both of the secret keys described above. + + @@ -164,7 +172,9 @@ Decrypting credentials requires access to the original TPM2 chip and/or credentials host key, see above. Information about which keys are required is embedded in the encrypted credential data, - and thus decryption is entirely automatic. + and thus decryption is entirely automatic. + + @@ -178,7 +188,9 @@ exits with non-zero exit status. It also shows four lines indicating separately whether firmware, drivers, the system and the kernel discovered/support/use TPM2. - Combine with to suppress the output. + Combine with to suppress the output. + + @@ -197,7 +209,9 @@ When specified with the list and cat commands operates on the credentials passed to system as a whole instead of on those passed to the current execution context. This is useful in container environments where credentials may be passed in from - the container manager. + the container manager. + + @@ -209,7 +223,9 @@ to encode/decode the credential data with Base64 or as series of hexadecimal values. Note that this has no effect on the encrypt command, as encrypted - credentials are unconditionally encoded in Base64. + credentials are unconditionally encoded in Base64. + + @@ -219,7 +235,9 @@ whether to add a trailing newline character to the end of the output if it doesn't end in one, anyway. Takes one of auto, yes or no. The default mode of auto will suffix the output with a single newline character only - when writing credential data to a TTY. + when writing credential data to a TTY. + + @@ -229,7 +247,9 @@ When specified with encrypt controls whether to show the encrypted credential as SetCredentialEncrypted= setting that may be pasted directly into a unit file. Has effect only when used together with and - - as the output file. + as the output file. + + @@ -250,7 +270,9 @@ Embedding the credential name in the encrypted credential is done in order to protect against reuse of credentials for purposes they weren't originally intended for, under the assumption the - credential name is chosen carefully to encode its intended purpose. + credential name is chosen carefully to encode its intended purpose. + + @@ -263,7 +285,9 @@ When specified with the decrypt command controls the timestamp to use to validate the "not-after" timestamp that was configured with during - encryption. If not specified defaults to the current system time. + encryption. If not specified defaults to the current system time. + + @@ -274,7 +298,9 @@ credential. During decryption the timestamp is checked against the current system clock, and if the timestamp is in the past the decryption will fail. By default no such timestamp is set. Takes a timestamp specification in the format described in - systemd.time7. + systemd.time7. + + @@ -310,7 +336,9 @@ mode, to disable binding against the host secret. This switch has no effect on the decrypt command, as information on which - key to use for decryption is included in the encrypted credential already. + key to use for decryption is included in the encrypted credential already. + + @@ -320,7 +348,9 @@ chip (e.g. /dev/tpmrm0). Alternatively the special value auto may be specified, in order to automatically determine the device node of a suitable TPM2 device (of which there must be exactly one). The special value list may be used to enumerate - all suitable TPM2 devices currently discovered. + all suitable TPM2 devices currently discovered. + + @@ -330,7 +360,9 @@ key to. Takes a + separated list of numeric PCR indexes in the range 0…23. If not used, defaults to PCR 7 only. If an empty string is specified, binds the encryption key to no PCRs at all. For details about the PCRs available, see the documentation of the switch of the same name for - systemd-cryptenroll1. + systemd-cryptenroll1. + + @@ -351,7 +383,9 @@ : the former binds decryption to the current, specific PCR values; the latter binds decryption to any set of PCR values for which a signature by the specified public key can be provided. The latter is hence more useful in scenarios where software updates shall - be possible without losing access to all previously encrypted secrets. + be possible without losing access to all previously encrypted secrets. + + @@ -364,7 +398,9 @@ with a signed PCR policy is attempted to be decrypted, a suitable signature file tpm2-pcr-signature.json is searched for in /etc/systemd/, /run/systemd/, /usr/lib/systemd/ (in this order) and - used. + used. + + @@ -372,7 +408,9 @@ When used with has-tpm2 suppresses the output, and only returns an - exit status indicating support for TPM2. + exit status indicating support for TPM2. + + diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml index a959217ebb..27b072cbdb 100644 --- a/man/systemd-cryptenroll.xml +++ b/man/systemd-cryptenroll.xml @@ -244,7 +244,9 @@ Enroll a regular password/passphrase. This command is mostly equivalent to cryptsetup luksAddKey, however may be combined with - in one call, see below. + in one call, see below. + + @@ -253,7 +255,9 @@ Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The key uses a character set that is easy to type in, and may be scanned off screen via a QR code. - + + + @@ -262,7 +266,9 @@ Use a file instead of a password/passphrase read from stdin to unlock the volume. Expects the PATH to the file containing your key to unlock the volume. Currently there is nothing like or so this file has to only - contain the full key. + contain the full key. + + @@ -273,7 +279,9 @@ /dev/hidraw1). Alternatively the special value auto may be specified, in order to automatically determine the device node of a currently plugged in security token (of which there must be exactly one). This automatic discovery is unsupported if - option is also specified. + option is also specified. + + @@ -295,7 +303,9 @@ See crypttab5 for a more comprehensive example of a systemd-cryptenroll invocation and its matching - /etc/crypttab line. + /etc/crypttab line. + + @@ -308,7 +318,9 @@ denotes 2048-bit RSA with PKCS#1.5 padding and SHA-256. eddsa denotes EDDSA over Curve25519 with SHA-512. - Note that your authenticator may not support some algorithms. + Note that your authenticator may not support some algorithms. + + @@ -332,7 +344,9 @@ See crypttab5 for a more comprehensive example of a systemd-cryptenroll invocation and its matching - /etc/crypttab line. + /etc/crypttab line. + + @@ -342,7 +356,9 @@ a PIN when unlocking the volume (the FIDO2 clientPin feature). Defaults to yes. (Note: this setting is without effect if the security token does not support the clientPin feature at all, or does not allow enabling or disabling - it.) + it.) + + @@ -352,7 +368,9 @@ verify presence (tap the token, the FIDO2 up feature) when unlocking the volume. Defaults to yes. (Note: this setting is without effect if the security token does not support the up feature at all, or does not allow enabling or disabling it.) - + + + @@ -361,7 +379,9 @@ When enrolling a FIDO2 security token, controls whether to require user verification when unlocking the volume (the FIDO2 uv feature). Defaults to no. (Note: this setting is without effect if the security token does not support - the uv feature at all, or does not allow enabling or disabling it.) + the uv feature at all, or does not allow enabling or disabling it.) + + @@ -384,7 +404,9 @@ /etc/crypttab line. Use (see below) to configure which TPM2 PCR indexes to bind the - enrollment to. + enrollment to. + + @@ -407,6 +429,8 @@ specifies that PCR register 4 from the SHA1 bank should be used, and a hash digest value of 3a3f780f11a4b49969fcaa80cd6e3957c33b2275 will be used instead of reading the current PCR value. + + @@ -426,7 +450,9 @@ project='mankier'>tpm2_getcap1 and tpm2_dictionarylockout1 - commands, respectively. + commands, respectively. + + @@ -464,7 +490,9 @@ to ensure that access to a volume is not lost if a public key is enrolled for which no valid signature for the current PCR state is available. If the supplied signature does not unlock the current PCR state and public key combination, no slot is enrolled and the operation will fail. If no - signature file is specified or found no such safety verification is done. + signature file is specified or found no such safety verification is done. + + @@ -500,6 +528,8 @@ Or for replacing an enrolled empty password by TPM2: systemd-cryptenroll /dev/sda1 --wipe-slot=empty --tpm2-device=auto + + diff --git a/man/systemd-cryptsetup-generator.xml b/man/systemd-cryptsetup-generator.xml index b803c268df..43f636388f 100644 --- a/man/systemd-cryptsetup-generator.xml +++ b/man/systemd-cryptsetup-generator.xml @@ -53,7 +53,9 @@ Takes a boolean argument. Defaults to yes. If no, disables the generator entirely. rd.luks= is honored only in the initrd while luks= is honored by both the main system and in the initrd. - + + + @@ -65,7 +67,9 @@ /etc/crypttab (luks.uuid= will still work however). rd.luks.crypttab= is honored only in initrd while luks.crypttab= is honored by both the main system and in the initrd. - + + + @@ -84,6 +88,8 @@ If /etc/crypttab exists, only those UUIDs specified on the kernel command line will be activated in the initrd or the real root. + + @@ -103,6 +109,8 @@ rd.luks.name= is honored only in the initrd, while luks.name= is honored by both the main system and in the initrd. + + @@ -131,6 +139,8 @@ rd.luks.data= is honored only in the initrd, while luks.data= is honored by both the main system and in the initrd. + + @@ -167,6 +177,8 @@ rd.luks.key= is honored only in the initrd, while luks.key= is honored by both the main system and in the initrd. + + @@ -205,6 +217,8 @@ rd.luks.options= is honored only by initial RAM disk (initrd) while luks.options= is honored by both the main system and in the initrd. + + diff --git a/man/systemd-delta.xml b/man/systemd-delta.xml index 7a83bc9fca..dd72061c79 100644 --- a/man/systemd-delta.xml +++ b/man/systemd-delta.xml @@ -116,7 +116,9 @@ extended Show *.conf files - in drop-in directories for units. + in drop-in directories for units. + + diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml index 29d234ad93..cc0238dd2d 100644 --- a/man/systemd-detect-virt.xml +++ b/man/systemd-detect-virt.xml @@ -244,7 +244,9 @@ environment. In this mode, no output is written, but the return value indicates whether the process was invoked in a chroot() - environment or not. + environment or not. + + @@ -254,7 +256,9 @@ output is written, but the return value indicates whether the process was invoked inside of a user namespace or not. See user_namespaces7 - for more information. + for more information. + + @@ -264,7 +268,9 @@ The result of this detection may be used to disable features that should not be used in confidential VMs. It must not be used to release security sensitive information. The latter must only be released after attestation - of the confidential environment. + of the confidential environment. + + @@ -278,13 +284,17 @@ - Output all currently known and detectable container and VM environments. + Output all currently known and detectable container and VM environments. + + - Output all currently known and detectable confidential virtualization technologies. + Output all currently known and detectable confidential virtualization technologies. + + diff --git a/man/systemd-dissect.xml b/man/systemd-dissect.xml index 29f19af7cc..078ee50857 100644 --- a/man/systemd-dissect.xml +++ b/man/systemd-dissect.xml @@ -153,13 +153,17 @@ project='man-pages'>mount8 via a command such as mount -t ddi myimage.raw targetdir/, as well as in fstab5. For - details, see below. + details, see below. + + - This is a shortcut for . + This is a shortcut for . + + @@ -170,13 +174,17 @@ a directory where an OS image was mounted. All mounted partitions will be recursively unmounted, and the underlying loop device will be - removed, along with all its partition sub-devices. + removed, along with all its partition sub-devices. + + - This is a shortcut for . + This is a shortcut for . + + @@ -186,7 +194,9 @@ and print the path to the loopback block device to standard output. This is similar to an invocation of losetup --find --show, but will validate the image as DDI before attaching, and derive the correct sector size to use automatically. Moreover, it ensures the per-partition block - devices are created before returning. Takes a path to a disk image file. + devices are created before returning. Takes a path to a disk image file. + + @@ -195,7 +205,9 @@ Detach the specified disk image from a loopback block device. This undoes the effect of above. This expects either a path to a loopback block device as an argument, or the path to the backing image file. In the latter case it will automatically determine - the right device to detach. + the right device to detach. + + @@ -203,7 +215,9 @@ Prints the paths of all the files and directories in the specified OS image or - directory to standard output. + directory to standard output. + + @@ -222,7 +236,9 @@ subvolume information, and various other file metadata. File content information is shown via a SHA256 digest. Additional fields might be added in future. Note that inode information such as link counts, inode numbers and timestamps is excluded from the output on purpose, as it typically - complicates reproducibility. + complicates reproducibility. + + @@ -236,7 +252,9 @@ $SYSTEMD_DISSECT_ROOT environment variable set, containing the absolute path name of the temporary mount point, i.e. the same directory that is set as the current working directory. It will also have the $SYSTEMD_DISSECT_DEVICE environment variable set, - containing the absolute path name of the loop device the image was attached to. + containing the absolute path name of the loop device the image was attached to. + + @@ -252,7 +270,9 @@ the destination path. In this case access mode, extended attributes and timestamps are copied as well, but file ownership is not. If the source path in the image refers to a directory, it is copied to the destination path, recursively with all containing files and directories. In this case the file - ownership is copied too. + ownership is copied too. + + @@ -271,7 +291,9 @@ ownership is copied too. As with file system checks are implicitly run before the copy - operation begins. + operation begins. + + @@ -282,7 +304,9 @@ /usr/lib/machines/, /usr/lib/portables/, /usr/lib/confexts/, /var/lib/machines/, /var/lib/portables/, /var/lib/extensions/ and so - on. + on. + + @@ -296,7 +320,9 @@ unlike all other commands implemented by this tool – requires no privileges other than the ability to access the specified file. Prints "OK" and returns zero if the image appears to be in order and matches the specified image dissection policy. Otherwise prints an error message and returns - non-zero. + non-zero. + + @@ -317,7 +343,9 @@ Operate in read-only mode. By default will establish writable mount points. If this option is specified they are established in read-only mode - instead. + instead. + + @@ -328,7 +356,9 @@ OS image are automatically checked using the appropriate fsck8 command, in automatic fixing mode. This behavior may be switched off using - . + . + + @@ -350,6 +380,8 @@ Bit 59 of the GPT partition flags for this partition is set, as per specification The option is not passed. + + @@ -358,14 +390,18 @@ If combined with the directory to mount the OS image to is created if it is missing. Note that the directory is not automatically removed when the disk image is - unmounted again. + unmounted again. + + If combined with the specified directory where the OS image - is mounted is removed after unmounting the OS image. + is mounted is removed after unmounting the OS image. + + @@ -375,7 +411,9 @@ all, crypto. If disabled the image is accessed with empty block discarding turned off. If loop discarding is enabled if operating on a regular file. If crypt discarding is enabled even on encrypted file - systems. If all discarding is unconditionally enabled. + systems. If all discarding is unconditionally enabled. + + @@ -384,7 +422,9 @@ If specified an in-memory copy of the specified disk image is used. This may be used to operate with write-access on a (possibly read-only) image, without actually modifying the original file. This may also be used in order to operate on a disk image without keeping the originating file - system busy, in order to allow it to be unmounted. + system busy, in order to allow it to be unmounted. + + @@ -401,7 +441,9 @@ image, in case it is stored in a detached file. It is recommended to embed the Verity data directly in the image, using the Verity mechanisms in the Discoverable Partitions Specification. - + + + @@ -421,7 +463,9 @@ /dev/disk/by-loop-ref/… symlinks. Example: first, set up the loopback device via systemd-dissect attach --loop-ref=quux foo.raw, and then reference it in a command via the specified filename: cfdisk /dev/disk/by-loop-ref/quux. - + + + @@ -429,7 +473,9 @@ If combined with , turns off inclusion of file hashes in the mtree output. This makes the faster when operating on large images. - + + + diff --git a/man/systemd-escape.xml b/man/systemd-escape.xml index f5d78be488..6a5f31a2e3 100644 --- a/man/systemd-escape.xml +++ b/man/systemd-escape.xml @@ -65,7 +65,9 @@ systemd, such as service or mount. May not be used in conjunction with , or - . + . + + @@ -79,7 +81,9 @@ part. May not be used in conjunction with , or - . + . + + @@ -91,7 +95,9 @@ .. path components. This is particularly useful for generating strings suitable for unescaping with the %f specifier in unit files, see systemd.unit5. - + + + @@ -126,7 +132,9 @@ like ssh.service. Must be used in conjunction with and may not be used in conjunction with - . + . + + diff --git a/man/systemd-firstboot.xml b/man/systemd-firstboot.xml index 192b91c296..bada361933 100644 --- a/man/systemd-firstboot.xml +++ b/man/systemd-firstboot.xml @@ -95,7 +95,9 @@ root path, including config search paths. This is useful to operate on a system image mounted to the specified directory instead of the host system itself. - + + + @@ -107,7 +109,9 @@ Discoverable Partitions Specification. For further information on supported disk images, see systemd-nspawn1's - switch of the same name. + switch of the same name. + + @@ -119,7 +123,9 @@ settings. The argument should be a valid locale identifier, such as de_DE.UTF-8. This controls the locale.conf5 - configuration file. + configuration file. + + @@ -128,7 +134,9 @@ Sets the system keyboard layout. The argument should be a valid keyboard map, such as de-latin1. This controls the KEYMAP entry in the vconsole.conf5 - configuration file. + configuration file. + + @@ -138,7 +146,9 @@ be a valid time zone identifier, such as Europe/Berlin. This controls the localtime5 - symlink. + symlink. + + @@ -147,7 +157,9 @@ Sets the system hostname. The argument should be a hostname, compatible with DNS. This controls the hostname5 - configuration file. + configuration file. + + @@ -161,14 +173,18 @@ . On a running system, machine-id is written by the manager with help from systemd-machine-id-commit.service8. - + + + Set the system's machine ID to the specified value. The same restrictions apply - as to . + as to . + + @@ -194,7 +210,9 @@ Sets the shell of the system's root user. This creates/modifies the passwd5 - file. + file. + + @@ -203,7 +221,9 @@ Sets the system's kernel command line. This controls the /etc/kernel/cmdline file which is used by kernel-install8. - + + + @@ -231,6 +251,8 @@ , , in combination. + + @@ -256,6 +278,8 @@ , , in combination. + + @@ -266,7 +290,9 @@ systemd-firstboot doesn't modify or replace existing files. Note that when configuring the root account, even with this option, systemd-firstboot only modifies the entry of the root user, leaving other entries in - /etc/passwd and /etc/shadow intact. + /etc/passwd and /etc/shadow intact. + + @@ -276,7 +302,9 @@ systemd-firstboot are removed. Note that the files are removed regardless of whether they'll be configured with a new value or not. This operation ensures that the next boot of the image will be considered a first boot, and systemd-firstboot will prompt again - to configure each of the removed files. + to configure each of the removed files. + + @@ -284,7 +312,9 @@ Removes the password of the system's root user, enabling login as root without a password unless the root account is locked. Note that this is extremely insecure and hence this - option should not be used lightly. + option should not be used lightly. + + @@ -292,7 +322,9 @@ Takes a boolean argument. By default when prompting the user for configuration options a brief welcome text is shown before the first question is asked. Pass false to this option - to turn off the welcome text. + to turn off the welcome text. + + @@ -316,7 +348,9 @@ A hashed or plaintext version of the root password to use, in place of prompting the user. These credentials are equivalent to the same ones defined for the systemd-sysusers.service8 - service. + service. + + @@ -325,7 +359,9 @@ Specifies the shell binary to use for the specified account. Equivalent to the credential of the same name defined for the systemd-sysusers.service8 - service. + service. + + @@ -333,7 +369,9 @@ firstboot.locale-messages These credentials specify the locale settings to set during first boot, in place of - prompting the user. + prompting the user. + + @@ -348,14 +386,18 @@ /etc/vconsole.conf on first boot (if not already configured), and then read from there by systemd-vconsole-setup, while vconsole.keymap is read on every boot, and is not persisted to disk (but any configuration in - vconsole.conf will take precedence if present). + vconsole.conf will take precedence if present). + + firstboot.timezone This credential specifies the system timezone setting to set during first boot, in - place of prompting the user. + place of prompting the user. + + @@ -387,7 +429,9 @@ Takes a boolean argument, defaults to on. If off, systemd-firstboot.service won't interactively query the user for basic settings at first boot, even if those settings are not - initialized yet. + initialized yet. + + diff --git a/man/systemd-fsck@.service.xml b/man/systemd-fsck@.service.xml index 5eaef91009..22aa876878 100644 --- a/man/systemd-fsck@.service.xml +++ b/man/systemd-fsck@.service.xml @@ -84,7 +84,9 @@ system checker deems them necessary. force unconditionally results in full file system checks. skip skips any file system - checks. + checks. + + @@ -96,7 +98,9 @@ and will automatically repair problems that can be safely fixed. yes will answer yes to all questions by fsck and no will answer no to - all questions. + all questions. + + diff --git a/man/systemd-fstab-generator.xml b/man/systemd-fstab-generator.xml index a1174530a0..b046e382e7 100644 --- a/man/systemd-fstab-generator.xml +++ b/man/systemd-fstab-generator.xml @@ -73,7 +73,9 @@ Takes a boolean argument. Defaults to yes. If no, causes the generator to ignore any mounts or swap devices configured in /etc/fstab. rd.fstab= is honored only in the initrd, while - fstab= is honored by both the main system and the initrd. + fstab= is honored by both the main system and the initrd. + + @@ -95,7 +97,9 @@ system as root file system of the OS. This is useful in combination with mount.usr= (see below) in order to combine a volatile root file system with a separate, immutable /usr/ file system. Also see - systemd.volatile= below. + systemd.volatile= below. + + @@ -103,7 +107,9 @@ Takes the root filesystem type that will be passed to the mount command. rootfstype= is - honored by the initrd. + honored by the initrd. + + @@ -115,7 +121,9 @@ Note that unlike most kernel command line options this setting does not override settings made in configuration files (specifically: the mount option string in /etc/fstab). See - systemd-remount-fs.service8. + systemd-remount-fs.service8. + + @@ -133,7 +141,9 @@ /etc/fstab on the root filesystem. mount.usr= is honored by the initrd. - + + + @@ -151,7 +161,9 @@ /etc/fstab on the root filesystem. mount.usrfstype= is honored by the - initrd. + initrd. + + @@ -168,7 +180,9 @@ /etc/fstab on the root filesystem. mount.usrflags= is honored by the - initrd. + initrd. + + @@ -180,7 +194,9 @@ set this indicates that the root file system (or /usr/) shall be mounted from Verity volumes with the specified hashes. If these kernel command line options are set the root (or /usr/) file system is thus mounted from a device mapper volume - /dev/mapper/root (or /dev/mapper/usr). + /dev/mapper/root (or /dev/mapper/usr). + + @@ -228,7 +244,9 @@ mount.usr= is that the former operates on top of a regular root file system and temporarily obstructs the files and directories above its /usr/ subdirectory, while the latter does not hide any files, but simply mounts a unpopulated tmpfs as root file system - and combines it with a user picked /usr/ file system. + and combines it with a user picked /usr/ file system. + + @@ -237,7 +255,9 @@ Takes a boolean argument or enables the option if specified without an argument. If disabled, causes the generator to ignore any swap devices configured in /etc/fstab. - Defaults to enabled. + Defaults to enabled. + + @@ -255,6 +275,8 @@ systemd.mount-extra=/dev/sda1:/mount-point:ext4:rw,noatime + + @@ -271,6 +293,8 @@ systemd.mount-extra=/dev/sda1:/mount-point:ext4:rw,noatime systemd.swap=/dev/sda2:x-systemd.makefs + + @@ -286,7 +310,9 @@ systemd.swap=/dev/sda2:x-systemd.makefs This credential may contain addition mounts to establish, in the same format as fstab5, with - one mount per line. It is read in addition to /etc/fstab. + one mount per line. It is read in addition to /etc/fstab. + + diff --git a/man/systemd-getty-generator.xml b/man/systemd-getty-generator.xml index 3728b7f5e7..91751c3e5b 100644 --- a/man/systemd-getty-generator.xml +++ b/man/systemd-getty-generator.xml @@ -66,7 +66,9 @@ this options take an optional boolean argument, and default to yes. The generator is enabled by default, and a false value may be used to disable it. - + + + @@ -80,7 +82,9 @@ This variable takes an optional boolean argument, and default to yes. The generator is enabled by default, and a false value may be used to disable it. - + + + @@ -97,7 +101,9 @@ TTYs. The two credentials should contain a newline-separated list of TTY names to spawn instances of serial-getty@.service (in case of getty.ttys.serial) and container-getty@.service (in case of getty.ttys.container) - on. + on. + + diff --git a/man/systemd-gpt-auto-generator.xml b/man/systemd-gpt-auto-generator.xml index 69620feff4..c6bbbfa0b0 100644 --- a/man/systemd-gpt-auto-generator.xml +++ b/man/systemd-gpt-auto-generator.xml @@ -251,7 +251,9 @@ Those options take an optional boolean argument, and default to yes. The generator is enabled by default, and a false value may be used to disable it (e.g. systemd.gpt_auto=0). - + + + @@ -261,7 +263,9 @@ Takes an image dissection policy string as argument (as per systemd.image-policy7), and allows enforcing a policy on dissection and use of the automatically discovered GPT partition - table entries. + table entries. + + @@ -287,7 +291,9 @@ Note that unlike most kernel command line options these settings do not override configuration in the file system, and the file system may be remounted later. See systemd-remount-fs.service8. - + + + @@ -295,7 +301,9 @@ Takes a boolean argument or enables the option if specified without an argument. If disabled, automatic discovery of swap partition(s) based on GPT partition type is disabled. - Defaults to enabled. + Defaults to enabled. + + diff --git a/man/systemd-hibernate-resume-generator.xml b/man/systemd-hibernate-resume-generator.xml index 8bc61c7dfb..9771350643 100644 --- a/man/systemd-hibernate-resume-generator.xml +++ b/man/systemd-hibernate-resume-generator.xml @@ -54,28 +54,36 @@ /dev/disk/by-foo/bar and fstab5-style specifiers like FOO=bar are - supported. + supported. + + resume_offset= Takes the page offset of the swap space from the resume device. - Defaults to 0. + Defaults to 0. + + resumeflags= Takes the resume device mount options to - use. Defaults rootflags= if not specified. + use. Defaults rootflags= if not specified. + + noresume Do not try to resume from hibernation. If this parameter is - present, resume= is ignored. + present, resume= is ignored. + + diff --git a/man/systemd-homed.service.xml b/man/systemd-homed.service.xml index 9564cec6f5..e14752b662 100644 --- a/man/systemd-homed.service.xml +++ b/man/systemd-homed.service.xml @@ -63,14 +63,18 @@ /var/lib/systemd/home/local.private The private key of the public/private key pair used for local records. Currently, - only a single such key may be installed. + only a single such key may be installed. + + /var/lib/systemd/home/local.public The public key of the public/private key pair used for local records. Currently, - only a single such key may be installed. + only a single such key may be installed. + + @@ -78,7 +82,9 @@ Additional public keys. Any users whose user records are signed with any of these keys are permitted to log in locally. An arbitrary number of keys may be installed this - way. + way. + + diff --git a/man/systemd-hwdb.xml b/man/systemd-hwdb.xml index 70c052ef8d..de71f1d302 100644 --- a/man/systemd-hwdb.xml +++ b/man/systemd-hwdb.xml @@ -40,6 +40,8 @@ Generate in /usr/lib/udev instead of /etc/udev. + + @@ -47,6 +49,8 @@ Alternate root path in the filesystem. + + @@ -54,6 +58,8 @@ When updating, return non-zero exit value on any parsing error. + + diff --git a/man/systemd-id128.xml b/man/systemd-id128.xml index 8d558251aa..2211550451 100644 --- a/man/systemd-id128.xml +++ b/man/systemd-id128.xml @@ -91,7 +91,9 @@ - Generate output as programming language snippets. + Generate output as programming language snippets. + + @@ -102,6 +104,8 @@ application identifier app-id and the machine identifier will be printed. The app-id argument must be a valid sd-id128 string identifying the application. + + @@ -112,7 +116,9 @@ Generate output as a UUID formatted in the "canonical representation", with five groups of digits separated by hyphens. See the wikipedia - for more discussion. + for more discussion. + + diff --git a/man/systemd-integritysetup@.service.xml b/man/systemd-integritysetup@.service.xml index 8906511aff..5a37858532 100644 --- a/man/systemd-integritysetup@.service.xml +++ b/man/systemd-integritysetup@.service.xml @@ -63,7 +63,9 @@ and Kernel dm-integrity documentation for details. - + + + @@ -73,7 +75,9 @@ Detach (destroy) the block device - volume. + volume. + + @@ -81,7 +85,9 @@ - Print short information about command syntax. + Print short information about command syntax. + + diff --git a/man/systemd-journal-gatewayd.service.xml b/man/systemd-journal-gatewayd.service.xml index 609d05037f..800bf6e430 100644 --- a/man/systemd-journal-gatewayd.service.xml +++ b/man/systemd-journal-gatewayd.service.xml @@ -61,7 +61,9 @@ Specify the path to a file or AF_UNIX stream socket to read the server certificate from. The certificate must be in PEM format. This option switches systemd-journal-gatewayd into HTTPS mode and must be used together with - . + . + + @@ -69,14 +71,18 @@ Specify the path to a file or AF_UNIX stream socket to read the secret server key corresponding to the certificate specified with from. The - key must be in PEM format. + key must be in PEM format. + + Specify the path to a file or AF_UNIX stream socket to read a CA - certificate from. The certificate must be in PEM format. + certificate from. The certificate must be in PEM format. + + @@ -90,7 +96,9 @@ for journalctl1. If neither is specified, all accessible entries are served. - + + + @@ -100,7 +108,9 @@ Serve entries interleaved from all available journals, including other machines. This has the same meaning as option for - journalctl1. + journalctl1. + + @@ -110,7 +120,9 @@ Takes a directory path as argument. If specified, systemd-journal-gatewayd will serve the specified journal directory DIR instead of - the default runtime and system journal paths. + the default runtime and system journal paths. + + @@ -123,7 +135,9 @@ which case files will be suitably interleaved. This has the same meaning as option for journalctl1. - + + + @@ -140,7 +154,9 @@ /browse - Interactive browsing. + Interactive browsing. + + @@ -159,6 +175,8 @@ GET parameters can be used to modify what events are returned. Supported parameters are described below. + + @@ -175,6 +193,8 @@ "virtualization" : "kvm", …} + + @@ -182,6 +202,8 @@ /fields/FIELD_NAME Return a list of values of this field present in the logs. + + @@ -203,6 +225,8 @@ The default. Plaintext syslog-like output, one line per journal entry (like journalctl --output short). + + @@ -214,6 +238,8 @@ (like journalctl --output json). See Journal JSON Format for more information. + + @@ -226,6 +252,8 @@ Server-Sent Events (like journalctl --output json-sse). + + @@ -236,6 +264,8 @@ backups and network transfer (like journalctl --output export). See Journal Export Format for more information. + + @@ -269,6 +299,8 @@ wait for new events (like journalctl --follow, except that the number of events returned is not limited). + + @@ -277,6 +309,8 @@ Test that the specified cursor refers to an entry in the journal. Returns just this entry. + + @@ -284,7 +318,9 @@ boot Limit events to the current boot of the system - (like journalctl -b). + (like journalctl -b). + + @@ -292,6 +328,8 @@ Match journal fields. See systemd.journal-fields7. + + diff --git a/man/systemd-journal-remote.service.xml b/man/systemd-journal-remote.service.xml index c8a702ad58..beb0574211 100644 --- a/man/systemd-journal-remote.service.xml +++ b/man/systemd-journal-remote.service.xml @@ -92,7 +92,9 @@ When is given as a positional argument, events will be read from standard input. Other positional arguments will be treated as filenames - to open and read from. + to open and read from. + + @@ -105,7 +107,9 @@ root of a remote systemd-journal-gatewayd8 instance, e.g. http://some.host:19531/ or - https://some.host:19531/. + https://some.host:19531/. + + @@ -119,6 +123,8 @@ --getter='curl "-HAccept: application/vnd.fdo.journal" https://some.host:19531/' --getter='wget --header="Accept: application/vnd.fdo.journal" -O- https://some.host:19531/' + + @@ -136,6 +142,8 @@ systemd-journal-remote will listen on this socket for connections. Each connection is expected to be a stream of journal events. + + @@ -156,6 +164,8 @@ . Currently, only POST requests to /upload with Content-Type: application/vnd.fdo.journal are supported. + + @@ -174,6 +184,8 @@ above. In the latter case, an HTTP or HTTPS server will be spawned using this descriptor and connections must be made over the HTTP protocol. + + @@ -183,7 +195,9 @@ Takes a path to a SSL secret key file in PEM format. Defaults to &CERTIFICATE_ROOT;/private/journal-remote.pem. This option can be used with . If the path refers to an AF_UNIX stream socket - in the file system a connection is made to it and the key read from it. + in the file system a connection is made to it and the key read from it. + + @@ -192,7 +206,9 @@ Takes a path to a SSL certificate file in PEM format. Defaults to &CERTIFICATE_ROOT;/certs/journal-remote.pem. This option can be used with . If the path refers to an AF_UNIX stream socket - in the file system a connection is made to it and the certificate read from it. + in the file system a connection is made to it and the certificate read from it. + + @@ -202,7 +218,9 @@ is set, then certificate checking will be disabled. Defaults to &CERTIFICATE_ROOT;/ca/trusted.pem. This option can be used with . If the path refers to an AF_UNIX stream socket - in the file system a connection is made to it and the certificate read from it. + in the file system a connection is made to it and the certificate read from it. + + @@ -212,7 +230,9 @@ Takes a comma separated list of gnutls logging categories. This option can be used with or . - + + + @@ -284,7 +304,9 @@ In the case that "active" sources are given by the positional arguments or option, the output file name must always be given explicitly and only none - is allowed. + is allowed. + + @@ -292,7 +314,9 @@ If this is set to yes then compress the data in the journal using XZ. The default is yes. - + + + @@ -300,7 +324,9 @@ If this is set to yes then periodically sign the data in the journal using Forward Secure Sealing. - The default is no. + The default is no. + + diff --git a/man/systemd-journal-upload.service.xml b/man/systemd-journal-upload.service.xml index 57d72af96b..fead24c6b6 100644 --- a/man/systemd-journal-upload.service.xml +++ b/man/systemd-journal-upload.service.xml @@ -71,7 +71,9 @@ hostname. https is the default. The port number may be specified after a colon (:), otherwise 19532 will be used by default. - + + + @@ -85,7 +87,9 @@ for journalctl1. If neither is specified, all accessible entries are uploaded. - + + + @@ -95,7 +99,9 @@ Upload entries interleaved from all available journals, including other machines. This has the same meaning as option for - journalctl1. + journalctl1. + + @@ -106,7 +112,9 @@ NAMESPACE instead of the default namespace. This has the same meaning as option for journalctl1. - + + + @@ -119,7 +127,9 @@ and system journal paths. This has the same meaning as option for journalctl1. - + + + @@ -132,7 +142,9 @@ which case files will be suitably interleaved. This has the same meaning as option for journalctl1. - + + + @@ -141,7 +153,9 @@ Upload entries from the location in the journal specified by the passed cursor. This has the same meaning as option for - journalctl1. + journalctl1. + + @@ -152,7 +166,9 @@ the this cursor. This has the same meaning as option for journalctl1. - + + + @@ -164,7 +180,9 @@ (/var/lib/systemd/journal-upload/state by default). After an entry is successfully uploaded, update this file with the cursor of that entry. - + + + @@ -172,7 +190,9 @@ If set to yes, then systemd-journal-upload waits for input. - + + + @@ -183,7 +203,9 @@ If is set, then client certificate authentication checking will be disabled. Defaults to &CERTIFICATE_ROOT;/private/journal-upload.pem. - + + + @@ -194,7 +216,9 @@ If is set, then client certificate authentication checking will be disabled. Defaults to &CERTIFICATE_ROOT;/certs/journal-upload.pem. - + + + @@ -204,7 +228,9 @@ Takes a path to a SSL CA certificate file in PEM format, or /. If / is set, then certificate checking will be disabled. Defaults to &CERTIFICATE_ROOT;/ca/trusted.pem. - + + + diff --git a/man/systemd-journald.service.xml b/man/systemd-journald.service.xml index 55e7d1669a..1a2dc18bbf 100644 --- a/man/systemd-journald.service.xml +++ b/man/systemd-journald.service.xml @@ -191,7 +191,9 @@ systemd-tmpfiles --create --prefix /var/log/journal journalctl --flush command to request flushing of the journal files, and wait for the operation to complete. See journalctl1 for - details. + details. + + @@ -199,7 +201,9 @@ systemd-tmpfiles --create --prefix /var/log/journal Request immediate rotation of the journal files. Use the journalctl --rotate command to request journal file rotation, and wait for the operation to - complete. + complete. + + @@ -207,7 +211,9 @@ systemd-tmpfiles --create --prefix /var/log/journal Request that all unwritten log data is written to disk. Use the journalctl --sync command to trigger journal synchronization, and wait for the operation to - complete. + complete. + + @@ -282,7 +288,9 @@ systemd-tmpfiles --create --prefix /var/log/journal Configure systemd-journald behavior. See journald.conf5. - + + + @@ -320,7 +328,9 @@ systemd-tmpfiles --create --prefix /var/log/journal archived journal files to limit disk use. See SystemMaxUse= and related settings in journald.conf5. - + + + @@ -335,7 +345,9 @@ systemd-tmpfiles --create --prefix /var/log/journal systemd-journald can listen for audit events using netlink7, depending on whether systemd-journald-audit.socket is enabled or - not. + not. + + diff --git a/man/systemd-machine-id-setup.xml b/man/systemd-machine-id-setup.xml index c07a853418..8ad8389cb8 100644 --- a/man/systemd-machine-id-setup.xml +++ b/man/systemd-machine-id-setup.xml @@ -85,14 +85,18 @@ Takes a directory path as argument. All paths operated on will be prefixed with the given alternate root path, including the path for - /etc/machine-id itself. + /etc/machine-id itself. + + Takes a path to a device node or regular file as argument. This is similar to as described above, but operates on a disk image instead of a directory - tree. + tree. + + @@ -120,13 +124,17 @@ This command is primarily used by the systemd-machine-id-commit.service8 - early boot service. + early boot service. + + - Print the machine ID generated or committed after the operation is complete. + Print the machine ID generated or committed after the operation is complete. + + diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml index 7279df8d08..8db34b2300 100644 --- a/man/systemd-measure.xml +++ b/man/systemd-measure.xml @@ -64,7 +64,9 @@ This is the default command if none is specified. This queries the local system's TPM2 PCR 11+12+13 values and displays them. The data is written in a similar format as the calculate command below, and may be used to quickly compare expectation with - reality. + reality. + + @@ -76,6 +78,8 @@ , , , see below. Only is mandatory. (Alternatively, specify to use the current values of PCR register 11 instead.) + + @@ -95,7 +99,9 @@ provided. Note that a TPM2 device must be available for this signing to take place, even though the - result is not tied to any TPM2 device or its state. + result is not tied to any TPM2 device or its state. + + @@ -128,7 +134,9 @@ When used with the calculate or sign verb, takes the PCR 11 values currently in effect for the system (which should typically reflect the hashes of the currently booted kernel). This can be used in place of and the other - switches listed above. + switches listed above. + + @@ -138,7 +146,9 @@ calculate or sign is invoked –, or the banks to show in the status output. May be used more then once to specify multiple banks. If not specified, defaults to the four banks sha1, sha256, - sha384, sha512. + sha384, sha512. + + @@ -156,7 +166,9 @@ same PEM key should be supplied in both cases. If the is not specified but is - specified the public key is automatically derived from the private key. + specified the public key is automatically derived from the private key. + + @@ -166,7 +178,9 @@ chip (e.g. /dev/tpmrm0). Alternatively the special value auto may be specified, in order to automatically determine the device node of a suitable TPM2 device (of which there must be exactly one). The special value list may be used to enumerate - all suitable TPM2 devices currently discovered. + all suitable TPM2 devices currently discovered. + + @@ -189,7 +203,9 @@ parts of the boot process. For further details about PCR boot phases, see - systemd-pcrphase.service8. + systemd-pcrphase.service8. + + @@ -202,7 +218,9 @@ resulting object is written to standard output. Use this to generate a single JSON object consisting from signatures made with a number of signing keys (for example, to have one key per boot phase). The command will suppress duplicates: if a specific signature is already included in a JSON signature - object it is not added a second time. + object it is not added a second time. + + diff --git a/man/systemd-modules-load.service.xml b/man/systemd-modules-load.service.xml index 69b9629c10..ab32c1852e 100644 --- a/man/systemd-modules-load.service.xml +++ b/man/systemd-modules-load.service.xml @@ -54,7 +54,9 @@ rd.modules_load= Takes a comma-separated list of kernel modules to statically load during early boot. - The option prefixed with rd. is read in the initrd only. + The option prefixed with rd. is read in the initrd only. + + diff --git a/man/systemd-mount.xml b/man/systemd-mount.xml index dfa4a95cb1..854a2812e7 100644 --- a/man/systemd-mount.xml +++ b/man/systemd-mount.xml @@ -102,6 +102,8 @@ Do not synchronously wait for the requested operation to finish. If this is not specified, the job will be verified, enqueued and systemd-mount will wait until the mount or automount unit's start-up is completed. By passing this argument, it is only verified and enqueued. + + @@ -111,6 +113,8 @@ Do not ellipsize the output when is specified. + + @@ -122,7 +126,9 @@ - Suppresses additional informational output while running. + Suppresses additional informational output while running. + + @@ -133,7 +139,9 @@ example, a descriptive string for the transient units is generated from the file system label and device model. Moreover if a removable block device (e.g. USB stick) is detected an automount unit instead of a regular mount unit is created, with a short idle timeout, in order to ensure the file-system is placed in a clean - state quickly after each access. + state quickly after each access. + + @@ -142,14 +150,18 @@ Specifies the file system type to mount (e.g. vfat or ext4). If omitted or set to auto, the file system type is - determined automatically. + determined automatically. + + - Additional mount options for the mount point. + Additional mount options for the mount point. + + @@ -157,7 +169,9 @@ Let the specified user USER own the mounted file system. This is done by appending and options to the list - of mount options. Only certain file systems support this option. + of mount options. Only certain file systems support this option. + + @@ -166,7 +180,9 @@ Takes a boolean argument, defaults to on. Controls whether to run a file system check immediately before the mount operation. In the automount case (see below) the check will be run the moment the first access to the device is made, which might slightly delay the - access. + access. + + @@ -174,7 +190,9 @@ Provide a description for the mount or automount unit. See Description= in systemd.unit5. - + + + @@ -184,6 +202,8 @@ Sets a unit property for the mount unit that is created. This takes an assignment in the same format as systemctl1's set-property command. + + @@ -200,13 +220,17 @@ If this switch is not specified it defaults to false. If not specified and is used (or only a single argument passed, which implies , see above), and the file system block device is detected to be removable, it is set to true, in order to increase the chance that the - file system is in a fully clean state if the device is unplugged abruptly. + file system is in a fully clean state if the device is unplugged abruptly. + + - Equivalent to . + Equivalent to . + + @@ -221,14 +245,18 @@ Note that if is used (or only a single argument passed, which implies , see above), and the file system block device is detected to be removable, - is implied. + is implied. + + Similar to , but applies additional properties to the automount - unit created, instead of the mount unit. + unit created, instead of the mount unit. + + @@ -242,7 +270,9 @@ Note that if is used (or only a single argument passed, which implies , see above), and the file system block device is detected to be removable, this - option is implied. + option is implied. + + @@ -250,7 +280,9 @@ Instead of establishing a mount or automount point, print a terse list of block devices containing file systems that may be mounted with systemd-mount, along with useful metadata - such as labels, etc. + such as labels, etc. + + @@ -264,7 +296,9 @@ corresponding to loop devices, like systemd-mount --umount /path/to/umount /dev/sda1 UUID=xxxxxx-xxxx LABEL=xxxxx /path/to/disk.img. Note that when or is specified, only absolute paths to mount points are - supported. + supported. + + @@ -279,7 +313,9 @@ --property=CollectMode=inactive-or-failed, see the explanation for CollectMode= in systemd.unit5 for further - information. + information. + + @@ -298,6 +334,8 @@ mkdir1 does, but is different from the kernel default of rwxrwxrwxt, i.e. a world-writable directory with the sticky bit set. + + @@ -329,14 +367,18 @@ SYSTEMD_MOUNT_OPTIONS= - The mount options to use, if is not used. + The mount options to use, if is not used. + + SYSTEMD_MOUNT_WHERE= The file system path to place the mount point at, instead of the automatically generated - one. + one. + + diff --git a/man/systemd-network-generator.service.xml b/man/systemd-network-generator.service.xml index d1584b89cc..776daec05a 100644 --- a/man/systemd-network-generator.service.xml +++ b/man/systemd-network-generator.service.xml @@ -61,6 +61,8 @@ — translated into systemd.network5 files. + + @@ -81,6 +83,8 @@ — translated into systemd.netdev5 files. + + diff --git a/man/systemd-networkd-wait-online.service.xml b/man/systemd-networkd-wait-online.service.xml index a3a70db209..c53f7213a0 100644 --- a/man/systemd-networkd-wait-online.service.xml +++ b/man/systemd-networkd-wait-online.service.xml @@ -74,7 +74,9 @@ for possible operational states. If the operational state is not specified here, then the value from RequiredForOnline= in the corresponding .network file is used if present, and degraded otherwise. - + + + @@ -83,7 +85,9 @@ Network interfaces to be ignored when deciding if the system is online. By default, only the loopback interface is ignored. This option may be used more than once - to ignore multiple network interfaces. + to ignore multiple network interfaces. + + @@ -95,7 +99,9 @@ for possible operational states. If set, the specified value overrides RequiredForOnline= settings in .network files. But this does not override operational states specified in option. - + + + @@ -113,7 +119,9 @@ If neither nor is specified, then the value from RequiredFamilyForOnline= in the corresponding .network - file is used if present. + file is used if present. + + @@ -131,7 +139,9 @@ If neither nor is specified, then the value from RequiredFamilyForOnline= in the corresponding .network - file is used if present. + file is used if present. + + @@ -142,7 +152,9 @@ becomes online. When this option is specified with , then systemd-networkd-wait-online waits for one of the specified interfaces to be online. This option is useful when some interfaces may not have carrier on boot. - + + + @@ -150,14 +162,18 @@ Fail the service if the network is not online by the time the timeout elapses. A timeout of 0 disables the - timeout. Defaults to 120 seconds. + timeout. Defaults to 120 seconds. + + - Suppress log messages. + Suppress log messages. + + diff --git a/man/systemd-notify.xml b/man/systemd-notify.xml index 8554f39e48..77ce2b5b6d 100644 --- a/man/systemd-notify.xml +++ b/man/systemd-notify.xml @@ -100,7 +100,9 @@ services, see systemd.service5 for details). For details about the semantics of this option see - sd_notify3. + sd_notify3. + + @@ -109,7 +111,9 @@ Inform the invoking service manager about the beginning of the shutdown phase of the service. This is equivalent to systemd-notify STOPPING=1. For details about the semantics of this option see - sd_notify3. + sd_notify3. + + @@ -139,7 +143,9 @@ Set the user ID to send the notification from. Takes a UNIX user name or numeric UID. When specified the notification message will be sent with the specified UID as sender, in place of the user the command was invoked as. This option requires sufficient privileges in order to be able manipulate the user - identity of the process. + identity of the process. + + @@ -174,7 +180,9 @@ is only recommended when systemd-notify is spawned by the service manager, or when the invoking process is directly spawned by the service manager and has enough privileges to allow systemd-notify to send the notification on its behalf. Sending notifications with - this option set is prone to race conditions in all other cases. + this option set is prone to race conditions in all other cases. + + @@ -188,7 +196,9 @@ Note that many shells interpret ; as their own separator for command lines, hence when systemd-notify is invoked from a shell the semicolon must usually be - escaped as \;. + escaped as \;. + + @@ -202,7 +212,9 @@ notification message. To use this functionality from a bash shell, use an expression like the following: - systemd-notify --fd=4 --fd=5 4</some/file 5</some/other/file + systemd-notify --fd=4 --fd=5 4</some/file 5</some/other/file + + @@ -211,7 +223,9 @@ Set a name to assign to the file descriptors passed via (see above). This controls the FDNAME= field. This setting may only be specified once, and applies to all file descriptors passed. Invoke this tool multiple times in case multiple file - descriptors with different file descriptor names shall be submitted. + descriptors with different file descriptor names shall be submitted. + + diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index e4537a5c13..aa96186173 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -140,7 +140,9 @@ Turns off any status output by the tool itself. When this switch is used, the only output from nspawn will be the console output of the container OS - itself. + itself. + + @@ -191,7 +193,9 @@ If disabled, no .nspawn file is read and no settings except the ones on the command line are in - effect. + effect. + + @@ -318,7 +322,9 @@ policy is enforced when operating on the disk image specified via , see above. If not specified defaults to root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:esp=unprotected+absent:xbootldr=unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent, - i.e. all recognized file systems in the image are used, but not the swap partition. + i.e. all recognized file systems in the image are used, but not the swap partition. + + @@ -327,7 +333,9 @@ Takes the path to an OCI runtime bundle to invoke, as specified in the OCI Runtime Specification. In this case no .nspawn file is loaded, and the root directory and various settings are read - from the OCI runtime JSON data (but data passed on the command line takes precedence). + from the OCI runtime JSON data (but data passed on the command line takes precedence). + + @@ -429,7 +437,9 @@ Takes a PKCS7 signature of the option. The semantics are the same as for the RootHashSignature= option, see systemd.exec5. - + + + @@ -440,7 +450,9 @@ The integrity data must be matched by the root hash. If this option is not specified, but a file with the .verity suffix is found next to the image file, bearing otherwise the same name (except if the image has the .raw suffix, in which case the verity data file must not have it in its name), - the verity data is read from it and automatically used. + the verity data is read from it and automatically used. + + @@ -545,7 +557,9 @@ may be used to override the default variables or to set additional variables. It may be used more than once to set multiple variables. When = and VALUE are omitted, the value of the variable with the same name in the program environment will be used. - + + + @@ -597,7 +611,9 @@ container runtime performance – as long as these guarantees are not required or desirable, for example because any data written by the container is of temporary, redundant nature, or just an intermediary artifact that will be further processed and finalized by a later step in a - pipeline. Defaults to false. + pipeline. Defaults to false. + + @@ -806,7 +822,9 @@ The option is implied if is used. This option has no effect if user namespacing is not - used. + used. + + @@ -1121,7 +1139,9 @@ After=sys-subsystem-net-devices-ens1.device If the special value of help is passed, the program will print known capability names and - exit. + exit. + + @@ -1467,7 +1487,9 @@ After=sys-subsystem-net-devices-ens1.device not detect existing accounts in other databases. This operation is only supported in combination with - /. + /. + + @@ -1477,7 +1499,9 @@ After=sys-subsystem-net-devices-ens1.device (which must exist in the container) with a file node of the same type that is empty and has the most restrictive access mode supported. This is an effective way to mask files, directories and other file system objects from the container payload. This option may be used more than once in case all specified paths are - masked. + masked. + + @@ -1582,14 +1606,18 @@ After=sys-subsystem-net-devices-ens1.device passed file descriptor refers to a TTY of some form, APIs such as TIOCSTI may be used to synthesize input that might be used for escaping the container. Hence mode should only be used if the payload is sufficiently trusted or when the standard - input/output/error output file descriptors are known safe, for example pipes. + input/output/error output file descriptors are known safe, for example pipes. + + - Equivalent to . + Equivalent to . + + @@ -1641,6 +1669,8 @@ After=sys-subsystem-net-devices-ens1.device container payload will recognize this as a first boot, and will invoke systemd-firstboot.service, which then reads the two passed credentials to configure the system's initial locale and root password. + + diff --git a/man/systemd-oomd.service.xml b/man/systemd-oomd.service.xml index 45c791b831..d8ecfde8eb 100644 --- a/man/systemd-oomd.service.xml +++ b/man/systemd-oomd.service.xml @@ -111,7 +111,9 @@ Do a dry run of systemd-oomd: when a kill is triggered, print it - to the log instead of killing the cgroup. + to the log instead of killing the cgroup. + + diff --git a/man/systemd-path.xml b/man/systemd-path.xml index f2ca87d368..81ce31d608 100644 --- a/man/systemd-path.xml +++ b/man/systemd-path.xml @@ -54,7 +54,9 @@ - Printed paths are suffixed by the specified string. + Printed paths are suffixed by the specified string. + + diff --git a/man/systemd-pcrphase.service.xml b/man/systemd-pcrphase.service.xml index fad9d8247a..f6e7bba9d1 100644 --- a/man/systemd-pcrphase.service.xml +++ b/man/systemd-pcrphase.service.xml @@ -143,7 +143,9 @@ Takes the PCR banks to extend the specified word into. If not specified the tool automatically determines all enabled PCR banks and measures the word into all of - them. + them. + + @@ -153,7 +155,9 @@ chip (e.g. /dev/tpmrm0). Alternatively the special value auto may be specified, in order to automatically determine the device node of a suitable TPM2 device (of which there must be exactly one). The special value list may be used to enumerate - all suitable TPM2 devices currently discovered. + all suitable TPM2 devices currently discovered. + + @@ -161,14 +165,18 @@ If no TPM2 firmware, kernel subsystem, kernel driver or device support is found, exit with exit status 0 (i.e. indicate success). If this is not specified any attempt to measure without a - TPM2 device will cause the invocation to fail. + TPM2 device will cause the invocation to fail. + + Instead of measuring a word specified on the command line into PCR 11, measure the - host's machine ID into PCR 15. + host's machine ID into PCR 15. + + @@ -176,7 +184,9 @@ Instead of measuring a word specified on the command line into PCR 11, measure identity information of the specified file system into PCR 15. The parameter must be the path to the - established mount point of the file system to measure. + established mount point of the file system to measure. + + diff --git a/man/systemd-quotacheck.service.xml b/man/systemd-quotacheck.service.xml index 8d80f272bf..7d9ff0e1a8 100644 --- a/man/systemd-quotacheck.service.xml +++ b/man/systemd-quotacheck.service.xml @@ -53,7 +53,9 @@ file system quota checker deems them necessary. force unconditionally results in full file system quota checks. skip skips any file - system quota checks. + system quota checks. + + diff --git a/man/systemd-random-seed.service.xml b/man/systemd-random-seed.service.xml index 4dda01487f..48928edb12 100644 --- a/man/systemd-random-seed.service.xml +++ b/man/systemd-random-seed.service.xml @@ -76,7 +76,9 @@ a boolean parameter or the special string force. Defaults to false, in which case no entropy is credited. If true, entropy is credited if the random seed file and system state pass various superficial concisistency checks. If set to force entropy is credited, - regardless of these checks, as long as the random seed file exists. + regardless of these checks, as long as the random seed file exists. + + diff --git a/man/systemd-repart.xml b/man/systemd-repart.xml index 9f2c08d2dd..89d7f2c285 100644 --- a/man/systemd-repart.xml +++ b/man/systemd-repart.xml @@ -172,7 +172,9 @@ the implied default. Controls whether systemd-repart executes the requested re-partition operations or whether it should only show what it would do. Unless is specified systemd-repart will not actually - touch the device's partition table. + touch the device's partition table. + + @@ -191,7 +193,9 @@ force no existing partitions will be taken into account or survive the operation. Hence: use with care, this is a great way to lose all your data. If create a new loopback file is create under the path passed via the device node - parameter, of the size indicated with , see below. + parameter, of the size indicated with , see below. + + @@ -202,7 +206,9 @@ command on the space taken up by any added partitions or on the space in between them. Usually, it's a good idea to issue this request since it tells the underlying hardware that the covered blocks shall be considered empty, improving performance. If operating on a regular file instead of a block - device node, a sparse file is generated. + device node, a sparse file is generated. + + @@ -227,7 +233,9 @@ Also note that the automatic size determination does not take files or directories specified with into account: operation might fail if the specified files or directories require more disk space then the configured per-partition minimal size - limit. + limit. + + @@ -240,7 +248,9 @@ your data. Note that partition files need to explicitly turn FactoryReset= on, as the option defaults to off. If no partitions are marked for factory reset this switch has no effect. Note that there are two other methods to request factory reset operation: via the kernel - command line and via an EFI variable, see above. + command line and via an EFI variable, see above. + + @@ -250,7 +260,9 @@ if any existing partitions are marked with FactoryReset=. If there are the tool will exit with exit status zero, otherwise non-zero. This switch may be used to quickly determine whether the running system supports a factory reset mechanism built on - systemd-repart. + systemd-repart. + + @@ -262,14 +274,18 @@ default when invoked on the regular system this defaults to the host's root file system /. If invoked from the initrd this defaults to /sysroot/, so that the tool operates on the configuration and machine ID stored in the root file system later - transitioned into itself. + transitioned into itself. + + Takes a path to a disk image file or device to mount and use in a similar fashion to - , see above. + , see above. + + @@ -283,7 +299,9 @@ (or more precisely, the root directory configured via ) and use it as seed instead, falling back to a randomized seed otherwise. Use to force a randomized seed. Explicitly specifying the seed may be used to generated strictly reproducible - partition tables. + partition tables. + + @@ -291,7 +309,9 @@ Takes a boolean argument. If this switch is not specified, it defaults to on when called from an interactive terminal and off otherwise. Controls whether to show a user friendly table - and graphic illustrating the changes applied. + and graphic illustrating the changes applied. + + @@ -302,7 +322,9 @@ /etc/repart.d/*.conf, /run/repart.d/*.conf. - This parameter can be specified multiple times. + This parameter can be specified multiple times. + + @@ -314,7 +336,9 @@ file system. In the latter case a connection is made to it and the key read from it. If this switch is not specified the empty key (i.e. zero length key) is used. This behaviour is useful for setting up encrypted partitions during early first boot that receive their user-supplied password only in a - later setup step. + later setup step. + + @@ -322,7 +346,9 @@ Takes a file system path. Configures the signing key to use when creating verity signature partitions with the Verity=signature setting in partition files. - + + + @@ -330,7 +356,9 @@ Takes a file system path. Configures the PEM encoded X.509 certificate to use when creating verity signature partitions with the Verity=signature setting in - partition files. + partition files. + + @@ -341,7 +369,9 @@ the Encrypt=tpm2 option. These options take the same parameters as the identically named options to systemd-cryptenroll1 - and have the same effect on partitions where TPM2 enrollment is requested. + and have the same effect on partitions where TPM2 enrollment is requested. + + @@ -350,7 +380,9 @@ Configures a TPM2 signed PCR policy to bind encryption to. See systemd-cryptenroll1 - for details on these two options. + for details on these two options. + + @@ -365,7 +397,9 @@ Note that is independent from . Even if is enabled, split artifacts will still be generated from an existing image - if is enabled. + if is enabled. + + @@ -378,7 +412,9 @@ are excluded. Both options take a comma separated list of GPT partition type UUIDs or identifiers (see Type= in repart.d5). - + + + @@ -389,7 +425,9 @@ calculating the sizes and offsets of other partitions, but aren't actually written to the disk image. The net effect of this option is that if you run systemd-repart again without this option, the missing partitions will be added as if they had not been deferred the first time - systemd-repart was executed. + systemd-repart was executed. + + @@ -398,7 +436,9 @@ This option allows configuring the sector size of the image produced by systemd-repart. It takes a value that is a power of 2 between 512 and 4096. This option is useful when building images for - disks that use a different sector size as the disk on which the image is produced. + disks that use a different sector size as the disk on which the image is produced. + + @@ -426,7 +466,9 @@ s390x, tilegx, x86 or - x86-64. + x86-64. + + @@ -438,7 +480,9 @@ are not available. If disabled, the image is always built using loop devices. If auto, systemd-repart will build the image online if possible and fall back to building the image offline if loop devices are not available or cannot be accessed - due to missing permissions. + due to missing permissions. + + @@ -451,7 +495,9 @@ but might have a different partition number and might be located at a different offset in the destination partition table. These definitions can be combined with partition definitions read from regular partition definition files. The synthesized definitions take precedence over the definitions - read from partition definition files. + read from partition definition files. + + diff --git a/man/systemd-resolved.service.xml b/man/systemd-resolved.service.xml index 4fba1964a0..3f2512a285 100644 --- a/man/systemd-resolved.service.xml +++ b/man/systemd-resolved.service.xml @@ -368,7 +368,9 @@ search foobar.com barbar.com Upon reception of the SIGUSR1 process signal systemd-resolved will dump the contents of all DNS resource record caches it maintains, as well as all feature level information it learnt about configured DNS servers into the - system logs. + system logs. + + @@ -380,7 +382,9 @@ search foobar.com barbar.com systemd-resolved flushes the caches automatically anyway any time the host's network configuration changes. Sending this signal to systemd-resolved is equivalent to the resolvectl flush-caches command, however the latter is - recommended since it operates in a synchronous way. + recommended since it operates in a synchronous way. + + @@ -395,7 +399,9 @@ search foobar.com barbar.com any time the DNS server configuration changes. Sending this signal to systemd-resolved is equivalent to the resolvectl reset-server-features command, however the latter is recommended since it operates in a - synchronous way. + synchronous way. + + @@ -416,7 +422,9 @@ search foobar.com barbar.com May contain a space separated list of DNS server IP addresses and DNS search domains. This information is only used when no explicit configuration via /etc/systemd/resolved.conf, /etc/resolv.conf or the kernel - command line has been provided. + command line has been provided. + + @@ -438,7 +446,9 @@ search foobar.com barbar.com Domains= settings of resolved.conf5 will be ignored. These two kernel command line options hence override system - configuration. + configuration. + + diff --git a/man/systemd-rfkill.service.xml b/man/systemd-rfkill.service.xml index 7aa965284d..f2ff4869ec 100644 --- a/man/systemd-rfkill.service.xml +++ b/man/systemd-rfkill.service.xml @@ -51,7 +51,9 @@ Takes a boolean argument. Defaults to 1. If 0, does not restore the rfkill settings on boot. However, settings will - still be stored on shutdown. + still be stored on shutdown. + + diff --git a/man/systemd-run.xml b/man/systemd-run.xml index fecedda25c..a8026df84d 100644 --- a/man/systemd-run.xml +++ b/man/systemd-run.xml @@ -109,7 +109,9 @@ Do not query the user for authentication for - privileged operations. + privileged operations. + + @@ -119,6 +121,8 @@ Create a transient .scope unit instead of the default transient .service unit (see above). + + @@ -138,6 +142,8 @@ in the same format as systemctl1's set-property command. + + @@ -147,7 +153,9 @@ Provide a description for the service, scope, path, socket, or timer unit. If not specified, the command itself will be used as a description. See Description= in systemd.unit5. - + + + @@ -157,6 +165,8 @@ of the specified slice, instead of system.slice (when running in mode) or the root slice (when running in mode). + + @@ -171,6 +181,8 @@ argument is bar, the unit will be placed under the foo-bar.slice. + + @@ -194,6 +206,8 @@ systemd.service5 for a description of variable expansion. Disabling variable expansion is useful if the specified command includes or may include a $ sign. + + @@ -217,6 +231,8 @@ SendSIGHUP= in systemd.kill5. + + @@ -229,6 +245,8 @@ option has no effect in conjunction with . Defaults to simple. + + @@ -239,6 +257,8 @@ Runs the service process under the specified UNIX user and group. Also see User= and Group= in systemd.exec5. + + @@ -248,6 +268,8 @@ Runs the service process with the specified nice level. Also see Nice= in systemd.exec5. + + @@ -257,6 +279,8 @@ Runs the service process with the specified working directory. Also see WorkingDirectory= in systemd.exec5. + + @@ -265,7 +289,9 @@ Similar to , but uses the current working - directory of the caller for the service to execute. + directory of the caller for the service to execute. + + @@ -279,6 +305,8 @@ Also see Environment= in systemd.exec5. + + @@ -295,7 +323,9 @@ shell command is usually a better alternative for requesting a new, interactive login session on the local host or a local container. - See below for details on how this switch combines with . + See below for details on how this switch combines with . + + @@ -319,7 +349,9 @@ descriptors, due to normal file descriptor access restrictions. If the invoked process is a shell script that uses the echo "hello" >/dev/stderr construct for writing messages to stderr, this might cause problems, as this only works if stderr can be re-opened. To mitigate this use the construct echo - "hello" >&2 instead, which is mostly equivalent and avoids this pitfall. + "hello" >&2 instead, which is mostly equivalent and avoids this pitfall. + + @@ -328,7 +360,9 @@ A shortcut for --pty --same-dir --wait --collect --service-type=exec $SHELL, i.e. requests an interactive shell in the current working directory, running in service context, accessible - with a single switch. + with a single switch. + + @@ -338,7 +372,9 @@ Suppresses additional informational output while running. This is particularly useful in combination with when it will suppress the initial - message explaining how to terminate the TTY connection. + message explaining how to terminate the TTY connection. + + @@ -354,6 +390,8 @@ systemd.timer5 for details. These options are shortcuts for --timer-property= with the relevant properties. These options may not be combined with or . + + @@ -364,6 +402,8 @@ in systemd.timer5. This option is a shortcut for --timer-property=OnCalendar=. This option may not be combined with or . + + @@ -376,7 +416,9 @@ systemd.timer5. These options are shortcuts for --timer-property=OnClockChange=yes and --timer-property=OnTimezoneChange=yes. These options may not be combined with - or . + or . + + @@ -401,6 +443,8 @@ start request for the transient unit will be verified, enqueued and systemd-run will wait until the unit's start-up is completed. By passing this argument, it is only verified and enqueued. This option may not be combined with . + + @@ -413,7 +457,9 @@ completed). On exit, terse information about the unit's runtime is shown, including total runtime (as well as CPU usage, if was set) and the exit code and status of the main process. This output may be suppressed with . This option may not be combined with - , or the various path, socket, or timer options. + , or the various path, socket, or timer options. + + @@ -428,7 +474,9 @@ --property=CollectMode=inactive-or-failed, see the explanation for CollectMode= in systemd.unit5 for further - information. + information. + + diff --git a/man/systemd-sleep.conf.xml b/man/systemd-sleep.conf.xml index bdc4c3c193..67933ebaf2 100644 --- a/man/systemd-sleep.conf.xml +++ b/man/systemd-sleep.conf.xml @@ -45,7 +45,9 @@ enter and exit. This corresponds to suspend, standby, or freeze states as understood by the kernel. - + + + @@ -58,7 +60,9 @@ be slow to enter and exit. This corresponds to the hibernation as understood by the kernel. - + + + @@ -71,7 +75,9 @@ lost data but might be slower to exit in that case. This mode is called suspend-to-both by the kernel. - + + + @@ -86,6 +92,8 @@ RTC alarm and hibernated. The estimated timespan is calculated from the change of the battery capacity level after the time specified by SuspendEstimationSec= or when the system is woken up from the suspend. + + @@ -130,7 +138,9 @@ AllowHybridSleep=no, since those methods use both suspend and hibernation internally. AllowSuspendThenHibernate=yes and AllowHybridSleep=yes can be used to override and enable those specific - modes. + modes. + + @@ -155,7 +165,9 @@ systemd-suspend-then-hibernate.service8 uses the value of SuspendMode= when suspending and the value of - HibernateMode= when hibernating. + HibernateMode= when hibernating. + + @@ -181,7 +193,9 @@ systemd-suspend-then-hibernate.service8 uses the value of SuspendState= when suspending and the value of - HibernateState= when hibernating. + HibernateState= when hibernating. + + @@ -193,6 +207,8 @@ systemd-suspend-then-hibernate.service8. If the system has a battery, then defaults to the estimated timespan until the system battery charge level goes down to 5%. If the system has no battery, then defaults to 2h. + + @@ -204,7 +220,9 @@ capacity level and estimate battery discharging rate, which is used for estimating timespan until the system battery charge level goes down to 5%. Only used by systemd-suspend-then-hibernate.service8. - Defaults to 1h. + Defaults to 1h. + + diff --git a/man/systemd-socket-activate.xml b/man/systemd-socket-activate.xml index a9d00dce21..2b850c5e18 100644 --- a/man/systemd-socket-activate.xml +++ b/man/systemd-socket-activate.xml @@ -62,6 +62,8 @@ Listen on this address. Takes a string like 2000 or 127.0.0.1:2001. + + @@ -70,7 +72,9 @@ Launch an instance of the service program for each connection and pass the connection - socket. + socket. + + @@ -78,7 +82,9 @@ Listen on a datagram socket (SOCK_DGRAM), instead of a stream socket - (SOCK_STREAM). May not be combined with . + (SOCK_STREAM). May not be combined with . + + @@ -86,7 +92,9 @@ Listen on a sequential packet socket (SOCK_SEQPACKET), instead of a stream socket (SOCK_STREAM). May not be combined with - . + . + + @@ -94,7 +102,9 @@ Use the inetd protocol for passing file descriptors, i.e. as standard input and standard output, instead of the new-style protocol for passing file descriptors using $LISTEN_FDS - (see above). + (see above). + + @@ -106,7 +116,9 @@ followed by =, assume that it is a variable–value pair. Otherwise, obtain the value from the environment of systemd-socket-activate itself. - + + + @@ -118,7 +130,9 @@ Multiple entries may be specifies using separate options or by separating names with colons (:) in one option. In case more names are given than descriptors, superfluous ones will be ignored. In case less names are given than descriptors, the remaining file descriptors will be unnamed. - + + + @@ -135,7 +149,9 @@ $LISTEN_FDNAMES See - sd_listen_fds3. + sd_listen_fds3. + + diff --git a/man/systemd-socket-proxyd.xml b/man/systemd-socket-proxyd.xml index bf51c0558c..57a6827ff4 100644 --- a/man/systemd-socket-proxyd.xml +++ b/man/systemd-socket-proxyd.xml @@ -65,14 +65,18 @@ Sets the maximum number of simultaneous connections, defaults to 256. - If the limit of concurrent connections is reached further connections will be refused. + If the limit of concurrent connections is reached further connections will be refused. + + Sets the time before exiting when there are no connections, defaults to infinity. Takes a unit-less value in seconds, or a time span value such - as 5min 20s. + as 5min 20s. + + diff --git a/man/systemd-stdio-bridge.xml b/man/systemd-stdio-bridge.xml index 0dce5659d7..f96dbf8eeb 100644 --- a/man/systemd-stdio-bridge.xml +++ b/man/systemd-stdio-bridge.xml @@ -64,7 +64,9 @@ Path to the bus address. Default: unix:path=/run/dbus/system_bus_socket - + + + diff --git a/man/systemd-stub.xml b/man/systemd-stub.xml index f172de447c..06a71bc4fb 100644 --- a/man/systemd-stub.xml +++ b/man/systemd-stub.xml @@ -296,7 +296,9 @@ Contains the partition UUID of the EFI System Partition the EFI image was run from. systemd-gpt-auto-generator8 uses this information to automatically find the disk booted from, in order to discover various other - partitions on the same disk automatically. + partitions on the same disk automatically. + + @@ -305,7 +307,9 @@ Brief firmware information. Use bootctl1 to view this - data. + data. + + @@ -314,7 +318,9 @@ The path of EFI executable, relative to the EFI System Partition's root directory. Use bootctl1 to view - this data. + this data. + + @@ -322,7 +328,9 @@ Brief stub information. Use bootctl1 to view - this data. + this data. + + @@ -331,7 +339,9 @@ The PCR register index the kernel image, initrd image, boot splash, devicetree database, and the embedded command line are measured into, formatted as decimal ASCII string (e.g. 11). This variable is set if a measurement was successfully completed, and remains - unset otherwise. + unset otherwise. + + @@ -339,7 +349,9 @@ The PCR register index the kernel command line and credentials are measured into, formatted as decimal ASCII string (e.g. 12). This variable is set if a measurement - was successfully completed, and remains unset otherwise. + was successfully completed, and remains unset otherwise. + + @@ -348,7 +360,9 @@ The PCR register index the systemd extensions for the initrd, which are picked up from the file system the kernel image is located on. Formatted as decimal ASCII string (e.g. 13). This variable is set if a measurement was successfully completed, and remains - unset otherwise. + unset otherwise. + + @@ -367,7 +381,9 @@ / - The main initrd from the .initrd PE section of the unified kernel image. + The main initrd from the .initrd PE section of the unified kernel image. + + @@ -375,7 +391,9 @@ Credential files (suffix .cred) that are placed next to the unified kernel image (as described above) are copied into the /.extra/credentials/ directory in the initrd execution - environment. + environment. + + @@ -383,14 +401,18 @@ Similar, credential files in the /loader/credentials/ directory in the file system the unified kernel image is placed in are copied into the /.extra/global_credentials/ directory in the initrd execution - environment. + environment. + + /.extra/sysext/*.raw System extension image files (suffix .raw) that are placed next to the unified kernel image (as described above) are copied into the - /.extra/sysext/ directory in the initrd execution environment. + /.extra/sysext/ directory in the initrd execution environment. + + @@ -398,14 +420,18 @@ The TPM2 PCR signature JSON object included in the .pcrsig PE section of the unified kernel image is copied into the /.extra/tpm2-pcr-signature.json file in the initrd execution - environment. + environment. + + /.extra/tpm2-pcr-pkey.pem The PEM public key included in the .pcrpkey PE section of the unified kernel image is copied into the /.extra/tpm2-pcr-public-key.pem file in - the initrd execution environment. + the initrd execution environment. + + @@ -429,7 +455,9 @@ io.systemd.stub.kernel-cmdline-extra If set, the value of this string is added to the list of kernel command line - arguments that are measured in PCR12 and passed to the kernel. + arguments that are measured in PCR12 and passed to the kernel. + + diff --git a/man/systemd-sysctl.service.xml b/man/systemd-sysctl.service.xml index 975ffadefa..7a66e59e6e 100644 --- a/man/systemd-sysctl.service.xml +++ b/man/systemd-sysctl.service.xml @@ -62,6 +62,8 @@ Only apply rules with the specified prefix. + + @@ -70,6 +72,8 @@ Always return non-zero exit code on failure (including invalid sysctl variable name and insufficient permissions), unless the sysctl variable name is prefixed with a "-" character. + + @@ -97,7 +101,9 @@ credential contents should follow the same format as any other sysctl.d/ drop-in configuration file. If this credential is passed it is processed after all of the drop-in files read from the file system. The settings configured in the credential hence take precedence over those in - the file system. + the file system. + + diff --git a/man/systemd-sysext.xml b/man/systemd-sysext.xml index 08540feab2..8227b972b9 100644 --- a/man/systemd-sysext.xml +++ b/man/systemd-sysext.xml @@ -215,7 +215,9 @@ When invoked without any command verb, or when is specified the current merge status is shown, separately (for both /usr/ and - /opt/ of sysext and for /etc/ of confext). + /opt/ of sysext and for /etc/ of confext). + + @@ -224,7 +226,9 @@ /usr/ and /opt/, by overmounting these hierarchies with an overlayfs file system combining the underlying hierarchies with those included in the extension images. This command will fail if the hierarchies are already merged. For confext, the merge - happens into the /etc/ directory instead. + happens into the /etc/ directory instead. + + @@ -232,7 +236,9 @@ Unmerges all currently installed system extension images from /usr/ and /opt/ for sysext and /etc/, for confext, by unmounting the overlayfs file systems created by - prior. + prior. + + @@ -245,13 +251,17 @@ without establishing any new overlayfs instance. Note that currently there's a brief moment where neither the old nor the new overlayfs file system is mounted. This implies that all resources supplied by a system extension will briefly - disappear — even if it exists continuously during the refresh operation. + disappear — even if it exists continuously during the refresh operation. + + - A brief list of installed extension images is shown. + A brief list of installed extension images is shown. + + @@ -269,7 +279,9 @@ Operate relative to the specified root directory, i.e. establish the overlayfs mount not on the top-level host /usr/ and /opt/ hierarchies for sysext or /etc/ for confext, - but below some specified root directory. + but below some specified root directory. + + @@ -278,7 +290,9 @@ When merging system extensions into /usr/ and /opt/ for sysext and /etc/ for confext, ignore version incompatibilities, i.e. force merging regardless of - whether the version information included in the images matches the host or not. + whether the version information included in the images matches the host or not. + + @@ -293,7 +307,9 @@ root=verity+signed+encrypted+unprotected+absent. When run in the initrd and operating on a system extension image stored in the /.extra/sysext/ directory a slightly stricter policy is used by default: root=signed+absent:usr=signed+absent, - see above for details. + see above for details. + + @@ -301,7 +317,9 @@ When merging configuration extensions into /etc/ the MS_NOEXEC mount flag is used by default. This option can be used to disable - it. + it. + + @@ -312,6 +330,8 @@ unmerge or refresh, do not reload daemon after executing the changes even if an extension that is applied requires a reload via the EXTENSION_RELOAD_MANAGER= set to 1. + + diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml index e106dabaf4..2ae91ab5c1 100644 --- a/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml @@ -93,7 +93,9 @@ reboot-immediate, poweroff-immediate or disabled with none. Defaults to reboot-force. - + + + @@ -106,7 +108,9 @@ merged. If the empty string is assigned, the mask is reset, all assignments prior to this will have no effect. Individual services may override the CPU affinity for their processes with the CPUAffinity= setting in unit files, see - systemd.exec5. + systemd.exec5. + + @@ -115,7 +119,9 @@ Configures the NUMA memory policy for the service manager and the default NUMA memory policy for all forked off processes. Individual services may override the default policy with the NUMAPolicy= setting in unit files, see - systemd.exec5. + systemd.exec5. + + @@ -125,7 +131,9 @@ and NUMA policies don't require explicit NUMA node mask and value of the option can be empty. Similarly to NUMAPolicy=, value can be overridden by individual services in unit files, see - systemd.exec5. + systemd.exec5. + + @@ -201,7 +209,9 @@ must be smaller than the timeout value for RuntimeWatchdogSec=. This setting has no effect if a hardware watchdog is not available or the hardware watchdog does not support a pre-timeout and will be ignored by the - kernel if the setting is greater than the actual watchdog timeout. + kernel if the setting is greater than the actual watchdog timeout. + + @@ -218,7 +228,9 @@ in use. If the pretimeout_available_governors sysfs file is empty, the governor might be built as a kernel module and might need to be manually loaded (e.g. pretimeout_noop.ko), or the watchdog device might not support - pre-timeouts. + pre-timeouts. + + @@ -227,7 +239,9 @@ Configure the hardware watchdog device that the runtime and shutdown watchdog timers will open and use. Defaults to /dev/watchdog0. This setting has no - effect if a hardware watchdog is not available. + effect if a hardware watchdog is not available. + + @@ -249,7 +263,9 @@ using the CapabilityBoundingSet= directive for units, but note that capabilities dropped for PID 1 cannot be regained in individual units, they are lost for - good. + good. + + @@ -264,7 +280,9 @@ function properly with this option enabled. Individual units cannot disable this option. Also see No New Privileges Flag. - + + + @@ -292,7 +310,9 @@ prohibit execution of any non-native binaries. When a binary executes a system call of an architecture that is not listed in this setting, it will be immediately terminated with the - SIGSYS signal. + SIGSYS signal. + + @@ -310,7 +330,9 @@ for more information. Note that in contrast to most other time span definitions this parameter takes an integer value in nano-seconds if no unit is specified. The usual time units are - understood too. + understood too. + + @@ -326,7 +348,9 @@ See systemd.unit5 for - details about unit names and Description=. + details about unit names and Description=. + + @@ -340,7 +364,9 @@ units override the global default for the specific unit. Defaults to 1min. Note that the accuracy of timer units is also affected by the configured timer slack for PID 1, see - TimerSlackNSec= above. + TimerSlackNSec= above. + + @@ -374,7 +400,9 @@ systemd.mount5, crypttab5). Defaults to &DEFAULT_TIMEOUT; in the system manager and &DEFAULT_USER_TIMEOUT; in the user manager. - + + + @@ -410,7 +438,9 @@ Sets three variables VAR1, VAR2, - VAR3. + VAR3. + + @@ -428,6 +458,8 @@ Simple %-specifier expansion is supported, see below for a list of supported specifiers. + + @@ -463,7 +495,9 @@ and root cgroup pids.max. Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. For example, with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, - but might be greater in other systems or smaller in OS containers. + but might be greater in other systems or smaller in OS containers. + + @@ -509,6 +543,8 @@ Note that the service manager internally in PID 1 bumps RLIMIT_NOFILE and RLIMIT_MEMLOCK to higher values, however the limit is reverted to the mentioned defaults for all child processes forked off. + + @@ -520,7 +556,9 @@ OOMPolicy= setting. See systemd.service5 for details. Note that this default is not used for services that have Delegate= - turned on. + turned on. + + @@ -534,7 +572,9 @@ pick a global default for the per-unit OOMScoreAdjust= setting. See systemd.exec5 for details. Note that this setting has no effect on the OOM score adjustment value of the service - manager process itself, it retains the original value set during its invocation. + manager process itself, it retains the original value set during its invocation. + + @@ -546,7 +586,9 @@ for the details. If the value is /, only labels specified with SmackProcessLabel= - are assigned and the compile-time default is ignored. + are assigned and the compile-time default is ignored. + + @@ -556,7 +598,9 @@ Rate limiting for daemon-reload requests. Default to unset, and any number of daemon-reload operations can be requested at any time. ReloadLimitIntervalSec= takes a value in seconds to configure the rate limit window, and ReloadLimitBurst= takes a positive integer to - configure the maximum allowed number of reloads within the configured time window. + configure the maximum allowed number of reloads within the configured time window. + + @@ -568,7 +612,9 @@ settings. See systemd.resource-control5 for details. Defaults to auto and 200ms, respectively. This - also sets the memory pressure monitoring threshold for the service manager itself. + also sets the memory pressure monitoring threshold for the service manager itself. + + @@ -649,7 +695,9 @@ systemd 252 Option DefaultBlockIOAccounting= was deprecated. Please switch - to the unified cgroup hierarchy. + to the unified cgroup hierarchy. + + diff --git a/man/systemd-sysupdate.xml b/man/systemd-sysupdate.xml index 409281c19f..65848b85fe 100644 --- a/man/systemd-sysupdate.xml +++ b/man/systemd-sysupdate.xml @@ -101,7 +101,9 @@ about the specific version, including the individual files that need to be transferred to acquire the version. - If no command is explicitly specified this command is implied. + If no command is explicitly specified this command is implied. + + @@ -110,7 +112,9 @@ Checks if there's a new version available. This internally enumerates downloadable and installed versions and returns exit status 0 if there's a new version to update to, non-zero otherwise. If there is a new version to update to, its version identifier is written to standard - output. + output. + + @@ -124,7 +128,9 @@ least one new version can be installed, as configured via InstanceMax= in sysupdate.d5, or via the available partition slots of the right type. This implicit operation can also be invoked - explicitly via the vacuum command described below. + explicitly via the vacuum command described below. + + @@ -134,7 +140,9 @@ InstanceMax= in sysupdate.d5 are met again. Normally, it should not be necessary to invoke this command explicitly, since it is - implicitly invoked whenever a new update is initiated. + implicitly invoked whenever a new update is initiated. + + @@ -144,7 +152,9 @@ running. Returns zero if so, non-zero otherwise. This compares the newest installed version's identifier with the OS image version as reported by the IMAGE_VERSION= field in /etc/os-release. If the former is newer than the latter, an update was - apparently completed but not activated (i.e. rebooted into) yet. + apparently completed but not activated (i.e. rebooted into) yet. + + @@ -154,7 +164,9 @@ newer version of the OS has been installed than the one currently running. This operation can be done implicitly together with the update command, after a completed update via the switch, see below. This command will execute no operation (and return - success) if no update has been installed, and thus the system was not rebooted. + success) if no update has been installed, and thus the system was not rebooted. + + @@ -163,7 +175,9 @@ Lists components that can be updated. This enumerates the /etc/sysupdate.*.d/, /run/sysupdate.*.d/ and /usr/lib/sysupdate.*.d/ directories that contain transfer files. This command is - useful to list possible parameters for (see below). + useful to list possible parameters for (see below). + + @@ -201,7 +215,9 @@ updated together in a synchronous fashion. Simply define multiple transfer files within the same sysupdate.d/ directory for these cases. - This option may not be combined with . + This option may not be combined with . + + @@ -211,14 +227,18 @@ are read from this directory instead of /usr/lib/sysupdate.d/*.conf, /etc/sysupdate.d/*.conf, and /run/sysupdate.d/*.conf. - This option may not be combined with . + This option may not be combined with . + + Takes a path to a directory to use as root file system when searching for - sysupdate.d/*.conf files. + sysupdate.d/*.conf files. + + @@ -226,7 +246,9 @@ Takes a path to a disk image file or device to mount and use in a similar fashion to , see above. If this is used and partition resources are updated this is done - inside the specified disk image. + inside the specified disk image. + + @@ -239,7 +261,9 @@ keep at any time. This option may also be configured inside the transfer files, via the InstancesMax= setting, see sysupdate.d5 for - details. + details. + + @@ -248,21 +272,27 @@ Takes a boolean argument, defaults to yes. This may be used to specify whether the newly updated resource versions shall be synchronized to disk when appropriate (i.e. after the download is complete, before it is finalized, and again after finalization). This should not be - turned off, except to improve runtime performance in testing environments. + turned off, except to improve runtime performance in testing environments. + + Takes a boolean argument, defaults to yes. Controls whether to cryptographically - verify downloads. Do not turn this off, except in testing environments. + verify downloads. Do not turn this off, except in testing environments. + + When used in combination with the update command and a new version is - installed, automatically reboots the system immediately afterwards. + installed, automatically reboots the system immediately afterwards. + + diff --git a/man/systemd-sysusers.xml b/man/systemd-sysusers.xml index 49f634b180..b8b811bb5e 100644 --- a/man/systemd-sysusers.xml +++ b/man/systemd-sysusers.xml @@ -64,7 +64,9 @@ Takes a directory path as an argument. All paths will be prefixed with the given alternate root path, including config search - paths. + paths. + + @@ -77,7 +79,9 @@ Discoverable Partitions Specification. For further information on supported disk images, see systemd-nspawn1's - switch of the same name. + switch of the same name. + + @@ -113,19 +117,25 @@ would be written using a macro with "radvd" and a file containing the configuration line as arguments. + + Process the configuration and figure out what entries would be created, but don't - actually write anything. + actually write anything. + + Treat each positional argument as a separate configuration - line instead of a file name. + line instead of a file name. + + @@ -151,7 +161,9 @@ the default root password to use via a unit file drop-in or from a container manager passing in this credential. Note that setting this credential has no effect if the specified user account already exists. This credential is hence primarily useful in first boot scenarios or systems that are fully - stateless and come up with an empty /etc/ on every boot. + stateless and come up with an empty /etc/ on every boot. + + @@ -162,13 +174,17 @@ account. If both the hashed and the plaintext credential are specified for the same user the former takes precedence. It's generally recommended to specify the hashed version; however in test environments with weaker requirements on security it might be easier to pass passwords in plaintext - instead. + instead. + + passwd.shell.user - Specifies the shell binary to use for the specified account when creating it. + Specifies the shell binary to use for the specified account when creating it. + + @@ -177,7 +193,9 @@ The contents of this credential may contain additional lines to operate on. The credential contents should follow the same format as any other sysusers.d/ drop-in. If this credential is passed it is processed after all of the drop-in files read from the - file system. + file system. + + diff --git a/man/systemd-time-wait-sync.service.xml b/man/systemd-time-wait-sync.service.xml index 887a9e306b..fe7ef17796 100644 --- a/man/systemd-time-wait-sync.service.xml +++ b/man/systemd-time-wait-sync.service.xml @@ -52,6 +52,8 @@ The presence of this file indicates to this service that the system clock has been synchronized. + + diff --git a/man/systemd-timesyncd.service.xml b/man/systemd-timesyncd.service.xml index ac6aae6a33..56cf4bce2f 100644 --- a/man/systemd-timesyncd.service.xml +++ b/man/systemd-timesyncd.service.xml @@ -86,6 +86,8 @@ if it exists – or to a time derived from the source tree at build time. This mechanism is used to ensure that the system clock remains somewhat reasonably initialized and roughly monotonic across reboots, in case no battery-buffered local RTC is available. + + @@ -94,7 +96,9 @@ The modification time ("mtime") of this file is used for advancing the system clock in case /var/lib/systemd/timesync/clock does not exist yet, see - above. + above. + + @@ -104,6 +108,8 @@ A file that is touched on each successful synchronization, to assist systemd-time-wait-sync and other applications to detecting synchronization with accurate reference clocks. + + diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml index 0db2a4b03b..1e88046237 100644 --- a/man/systemd-tmpfiles.xml +++ b/man/systemd-tmpfiles.xml @@ -142,7 +142,9 @@ Execute "user" configuration, i.e. tmpfiles.d - files in user configuration directories. + files in user configuration directories. + + @@ -150,27 +152,35 @@ Also execute lines with an exclamation mark. Lines that are not safe to be executed on a running system may be marked in this way. systemd-tmpfiles is executed in early boot with specified and will execute those lines. When invoked again - later, it should be called without . + later, it should be called without . + + Ignore configuration lines pertaining to unknown users or groups. This option is - intended to be used in early boot before all users or groups have been created. + intended to be used in early boot before all users or groups have been created. + + Only apply rules with paths that start with the specified prefix. This option can be specified multiple - times. + times. + + Ignore rules with paths that start with the specified prefix. This option can be specified multiple - times. + times. + + @@ -180,7 +190,9 @@ by virtual or memory file systems. This is useful in combination with , if the specified directory tree contains an OS tree without these virtual/memory file systems mounted in, as it is typically not desirable to create any files and directories below these subdirectories - if they are supposed to be overmounted during runtime. + if they are supposed to be overmounted during runtime. + + @@ -195,7 +207,9 @@ Consider combining this with to ensure the invocation does not create files or directories below mount points in the OS image operated on that are typically overmounted during - runtime. + runtime. + + @@ -210,7 +224,9 @@ systemd-nspawn1's switch of the same name. - Implies . + Implies . + + @@ -228,7 +244,9 @@ are running and files belonging to that package are not yet available on disk, so their contents must be given on the command line, but the admin configuration might already exist and should be given higher priority. - + + + @@ -261,7 +279,9 @@ credential contents should follow the same format as any other tmpfiles.d/ drop-in configuration file. If this credential is passed it is processed after all of the drop-in files read from the file system. The lines in the credential can hence augment existing lines of the - OS, but not override them. + OS, but not override them. + + diff --git a/man/systemd-tty-ask-password-agent.xml b/man/systemd-tty-ask-password-agent.xml index 5c0011ec43..e3925b923e 100644 --- a/man/systemd-tty-ask-password-agent.xml +++ b/man/systemd-tty-ask-password-agent.xml @@ -55,7 +55,9 @@ - Lists all currently pending system password requests. + Lists all currently pending system password requests. + + @@ -63,14 +65,18 @@ Process all currently pending system password requests by querying the user on the calling - TTY. + TTY. + + Continuously process password - requests. + requests. + + @@ -79,7 +85,9 @@ Forward password requests to wall1 instead of querying the user on the calling - TTY. + TTY. + + @@ -88,7 +96,9 @@ Ask question with plymouth8 instead of querying the user on the calling - TTY. + TTY. + + @@ -96,7 +106,9 @@ Ask question on TTY DEVICE instead of querying the user on the calling TTY. If DEVICE is not specified, - /dev/console will be used. + /dev/console will be used. + + diff --git a/man/systemd-udevd.service.xml b/man/systemd-udevd.service.xml index 3107fb7ce9..853fed15bc 100644 --- a/man/systemd-udevd.service.xml +++ b/man/systemd-udevd.service.xml @@ -117,6 +117,8 @@ SIGKILL. Note that setting the option on the command line overrides the setting from the configuration file. + + @@ -147,6 +149,8 @@ rd.udev.log_level= Set the log level. + + @@ -154,6 +158,8 @@ rd.udev.children_max= Limit the number of events executed in parallel. + + @@ -164,6 +170,8 @@ number of seconds. This option might be useful when debugging system crashes during coldplug caused by loading non-working kernel modules. + + @@ -173,6 +181,8 @@ Wait for events to finish up to the given number of seconds. This option might be useful if events are terminated due to kernel drivers taking too long to initialize. + + @@ -182,6 +192,8 @@ Specifies a signal that systemd-udevd will send to workers on timeout. Note that kernel command line option overrides both the setting in the configuration file and the one on the program command line. + + @@ -198,6 +210,8 @@ --setrw command, see blockdev8 for details. + + @@ -205,6 +219,8 @@ Network interfaces are renamed to give them predictable names when possible. It is enabled by default; specifying 0 disables it. + + @@ -222,6 +238,8 @@ the naming is generally derived from driver attributes exposed by the kernel. As the kernel is updated, previously missing attributes systemd-udevd.service is checking might appear, which affects older name derivation algorithms, too. + + @@ -262,6 +280,8 @@ OriginalName=* NamePolicy=keep kernel path slot onboard mac AlternativeNamePolicy=path slot onboard mac + + diff --git a/man/systemd-vconsole-setup.service.xml b/man/systemd-vconsole-setup.service.xml index 72196d2d90..665f894363 100644 --- a/man/systemd-vconsole-setup.service.xml +++ b/man/systemd-vconsole-setup.service.xml @@ -76,7 +76,9 @@ /etc/vconsole.conf on first boot (if not already configured), and then read from there by systemd-vconsole-setup, while vconsole.keymap is read on every boot, and is not persisted to disk (but any configuration in - vconsole.conf will take precedence if present). + vconsole.conf will take precedence if present). + + @@ -86,7 +88,9 @@ The console font settings to apply. The matching options in vconsole.conf and on the kernel command line take precedence over these - credentials. + credentials. + + diff --git a/man/systemd-veritysetup-generator.xml b/man/systemd-veritysetup-generator.xml index 6e6f52839b..b1efed5f1d 100644 --- a/man/systemd-veritysetup-generator.xml +++ b/man/systemd-veritysetup-generator.xml @@ -55,7 +55,9 @@ Takes a boolean argument. Defaults to yes. If no, disables the generator entirely. rd.systemd.verity= is honored only by the initrd while systemd.verity= is honored by both the host - system and the initrd. + system and the initrd. + + @@ -69,6 +71,8 @@ partition device is looked for under a GPT partition UUID derived from the last 128-bit of the root hash. Hence it is usually sufficient to specify the root hash to boot from a verity protected root file system, as device paths are automatically determined from it — as long as the partition table is properly set up. + + @@ -79,7 +83,9 @@ These two settings take block device paths as arguments and may be used to explicitly configure the data partition and hash partition to use for setting up the verity protection for the root file system. If not specified, these paths are automatically derived from the roothash= argument - (see above). + (see above). + + @@ -99,7 +105,9 @@ , and . See veritysetup8 for more - details. + details. + + @@ -109,7 +117,9 @@ systemd.verity_usr_options= Equivalent to their counterparts for the root file system as described above, but - apply to the /usr/ file system instead. + apply to the /usr/ file system instead. + + diff --git a/man/systemd-veritysetup@.service.xml b/man/systemd-veritysetup@.service.xml index ed91bd288f..d6131a889c 100644 --- a/man/systemd-veritysetup@.service.xml +++ b/man/systemd-veritysetup@.service.xml @@ -63,7 +63,9 @@ hashdevice. See Kernel dm-verity documentation for details. - + + + @@ -73,7 +75,9 @@ Detach (destroy) the block device - volume. + volume. + + @@ -81,7 +85,9 @@ - Print short information about command syntax. + Print short information about command syntax. + + diff --git a/man/systemd.automount.xml b/man/systemd.automount.xml index 67c59e132c..0bbd4e8ae7 100644 --- a/man/systemd.automount.xml +++ b/man/systemd.automount.xml @@ -149,7 +149,9 @@ mountpoint. This takes a comma-separated list of options. This setting is optional. Note that the usual specifier expansion is applied to this setting, literal percent characters should hence be written as - %%. + %%. + + @@ -167,7 +169,9 @@ idle for the specified time, systemd will attempt to unmount. Takes a unit-less value in seconds, or a time span value such as "5min 20s". Pass 0 to disable the timeout logic. The timeout is disabled by - default. + default. + + diff --git a/man/systemd.dnssd.xml b/man/systemd.dnssd.xml index c7d781b568..5bf93753e4 100644 --- a/man/systemd.dnssd.xml +++ b/man/systemd.dnssd.xml @@ -104,6 +104,8 @@ + + @@ -112,12 +114,16 @@ A type of the network service as defined in the section 4.1.2 of RFC 6763, e.g. _http._tcp. + + Port= An IP port number of the network service. + + @@ -125,6 +131,8 @@ A priority number set in SRV resource records corresponding to the network service. + + @@ -132,6 +140,8 @@ A weight number set in SRV resource records corresponding to the network service. + + @@ -146,6 +156,8 @@ case multiple TXT resource records will be created for the service. If the empty string is assigned to this option, the list is reset and all prior assignments will have no effect. + + @@ -161,6 +173,8 @@ case multiple TXT resource records will be created for the service. If the empty string is assigned to this option, the list is reset and all prior assignments will have no effect. + + diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 643dcd662e..18928a4e85 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -100,7 +100,9 @@ PassEnvironment=. Assigning an empty string removes previous assignments and setting ExecSearchPath= to a value multiple times will append to the previous setting. - + + + @@ -209,7 +211,9 @@ esp, xbootldr, tmp, var. - + + + @@ -229,7 +233,9 @@ snapshot to make the ephemeral copy. For root images, a filesystem with support for reflinks should be used to ensure an efficient ephemeral copy. - + + + @@ -254,7 +260,9 @@ image. There's currently no option to configure the root hash for the /usr/ file system via the unit file directly. - + + + @@ -275,7 +283,9 @@ configure the root hash signature for the /usr/ via the unit file directly. - + + + @@ -293,7 +303,9 @@ root file system and matching Verity data in the same image, implementing the Discoverable Partitions Specification. - + + + @@ -317,7 +329,9 @@ The default policy for ExtensionImagePolicy= is: root=verity+signed+encrypted+unprotected+absent: \ - usr=verity+signed+encrypted+unprotected+absent + usr=verity+signed+encrypted+unprotected+absent + + @@ -367,7 +381,9 @@ setting remains without effect, and the unit's processes will be able to access and see other process as if the option was not used. - + + + @@ -388,7 +404,9 @@ disables mount propagation to the host mount table, and it implies MountAPIVFS=. Also, like ProtectProc= this setting is gracefully disabled if the used kernel does not support the subset= mount option of - procfs. + procfs. + + @@ -465,7 +483,9 @@ PrivateDevices= below, as it may change the setting of DevicePolicy=. - + + + @@ -517,7 +537,9 @@ PrivateDevices= below, as it may change the setting of DevicePolicy=. - + + + @@ -550,7 +572,9 @@ Note that usage from user units requires overlayfs support in unprivileged user namespaces, which was first introduced in kernel v5.11. - + + + @@ -1100,6 +1124,8 @@ CapabilityBoundingSet=~CAP_B CAP_C CoredumpFilter=default private-dax shared-dax + + @@ -1250,7 +1276,9 @@ CapabilityBoundingSet=~CAP_B CAP_C set_mempolicy2. For overall overview of NUMA support in Linux see, numa7. - + + + @@ -1260,7 +1288,9 @@ CapabilityBoundingSet=~CAP_B CAP_C Takes a list of NUMA nodes and has the same syntax as a list of CPUs for CPUAffinity= option or special "all" value which will include all available NUMA nodes in the mask. Note that the list of NUMA nodes is not required for and - policies and for policy we expect a single NUMA node. + policies and for policy we expect a single NUMA node. + + @@ -1538,7 +1568,9 @@ StateDirectory=aaa/bbb ccc systemctl1 for details. Takes the usual time values and defaults to infinity, i.e. by default no timeout is applied. If a timeout is configured the clean operation will be aborted forcibly when - the timeout is reached, potentially leaving resources on disk. + the timeout is reached, potentially leaving resources on disk. + + @@ -1636,7 +1668,9 @@ BindReadOnlyPaths=/var/lib/systemd then the invoked processes by the unit cannot see any files or directories under /var/ except for /var/lib/systemd or its contents. - + + + @@ -1759,7 +1793,9 @@ BindReadOnlyPaths=/var/lib/systemd When this option is used on a socket unit any sockets bound on behalf of this unit will be bound within the specified network namespace. - + + + @@ -1790,7 +1826,9 @@ BindReadOnlyPaths=/var/lib/systemd not available), and the unit should be written in a way that does not solely rely on this setting for security. - + + + @@ -1806,7 +1844,9 @@ BindReadOnlyPaths=/var/lib/systemd IPCNamespacePath= configured, as otherwise the network namespace of those units is reused. - + + + @@ -1822,6 +1862,8 @@ BindReadOnlyPaths=/var/lib/systemd Note that this functionality might not be available, for example if KSM is disabled in the kernel, or the kernel doesn't support controlling KSM at the process level through prctl(). + + @@ -1876,7 +1918,9 @@ BindReadOnlyPaths=/var/lib/systemd capability (e.g. services for which User= is set), NoNewPrivileges=yes is implied. - + + + @@ -1898,7 +1942,9 @@ BindReadOnlyPaths=/var/lib/systemd It is recommended to turn this on for most services that do not need modify the clock or check its state. - + + + @@ -1962,7 +2008,9 @@ BindReadOnlyPaths=/var/lib/systemd capability (e.g. services for which User= is set), NoNewPrivileges=yes is implied. - + + + @@ -2106,7 +2154,9 @@ RestrictFileSystems=ext4 not enabled in the underlying kernel or if not using the unified control group hierarchy). In that case this setting has no effect. - + + + @@ -2221,7 +2271,9 @@ RestrictNamespaces=~cgroup net programs that actually require them. Note that this restricts marking of any type of file system object with these bits, including both regular files and directories (where the SGID is a different meaning than for files, see documentation). This option is implied if DynamicUser= - is enabled. Defaults to off. + is enabled. Defaults to off. + + @@ -2270,7 +2322,9 @@ RestrictNamespaces=~cgroup net option. Hence it is primarily useful to explicitly request this behaviour if none of the other settings are used. - + + + @@ -2592,7 +2646,9 @@ SystemCallErrorNumber=EPERM Mode 2 interfaces of the kernel ('seccomp filtering') and is useful for auditing or setting up a minimal sandboxing environment. This option may be specified more than once, in which case the filter masks are merged. If the empty string is assigned, the filter is reset, all prior assignments will - have no effect. This does not affect commands prefixed with +. + have no effect. This does not affect commands prefixed with +. + + @@ -2972,7 +3028,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX dSB1cApOZXZlciBnb25uYSBsZXQgeW91IGRvd24KTmV2ZXIgZ29ubmEgcnVuIGFyb3VuZCBhbmQg \ ZGVzZXJ0IHlvdQpOZXZlciBnb25uYSBtYWtlIHlvdSBjcnkKTmV2ZXIgZ29ubmEgc2F5IGdvb2Ri \ eWUKTmV2ZXIgZ29ubmEgdGVsbCBhIGxpZSBhbmQgaHVydCB5b3UK -… +… + + @@ -2995,7 +3053,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX subsystem. For example, MaxLevelStore= configured in journald.conf5 might prohibit messages of higher log levels to be stored on disk, even though the per-unit - LogLevelMax= permitted it to be processed. + LogLevelMax= permitted it to be processed. + + @@ -3011,7 +3071,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX The usual specifiers are expanded in all assignments (see below). Note that this setting is not only useful for attaching additional metadata to log records of a unit, but given that all fields and values are indexed may also be used to implement cross-unit log record matching. Assign an empty - string to reset the list. + string to reset the list. + + @@ -3034,7 +3096,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX StandardOutput=file:… or a similar setting, the rate limiting will not be applied to messages written that way (but it will be enforced for messages generated via syslog3 - and similar functions). + and similar functions). + + @@ -3062,7 +3126,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX systemd1 about the unit are not taken into account. Filtered log messages won't be forwarded to traditional syslog daemons, the kernel log buffer (kmsg), the systemd console, or sent as wall messages to all logged-in - users. + users. + + @@ -3094,7 +3160,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX journalctl1 output, unless the option is used. - + + + @@ -3183,7 +3251,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX TTYColumns= Configure the size of the TTY specified with TTYPath=. If unset or - set to the empty string, the kernel default is used. + set to the empty string, the kernel default is used. + + @@ -3347,7 +3417,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX When multiple credentials of the same name are found, credentials found by LoadCredential= and LoadCredentialEncrypted= take priority over - credentials found by ImportCredential=. + credentials found by ImportCredential=. + + @@ -3613,7 +3685,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX whether the process is directly invoked by the service manager or indirectly as a child of another process by comparing this value with the current PID (similarly to the scheme used in sd_listen_fds3 - with $LISTEN_PID and $LISTEN_FDS). + with $LISTEN_PID and $LISTEN_FDS). + + @@ -3865,7 +3939,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX not be passed. Consider using a template handler unit for that case instead: OnFailure=handler@%n.service for non-templated units, or OnFailure=handler@%p-%i.service for templated - units. + units. + + @@ -3885,7 +3961,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX If this is a unit started via per-connection socket activation (i.e. via a socket unit with Accept=yes), these environment variables contain the IP address and - port number of the remote peer of the socket connection. + port number of the remote peer of the socket connection. + + @@ -3900,7 +3978,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX another will be coalesced and only one will be reported, with no guarantee as to which one it will be. Because of this, in most cases this variable will be primarily informational, i.e. useful for debugging purposes, is lossy, and should not be relied upon to propagate a comprehensive reason for activation. - + + + @@ -3910,7 +3990,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX If memory pressure monitoring is enabled for this service unit, the path to watch and the data to write into it. See Memory Pressure Handling for details about these variables and the service protocol data they - convey. + convey. + + @@ -3923,7 +4005,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX per the setting. Applications may check this environment variable before sending file descriptors to the service manager via sd_pid_notify_with_fds() (see sd_notify3 for - details). + details). + + diff --git a/man/systemd.generator.xml b/man/systemd.generator.xml index 3af240b6d8..b216ef96d0 100644 --- a/man/systemd.generator.xml +++ b/man/systemd.generator.xml @@ -147,7 +147,9 @@ If the generator is invoked from the system service manager this variable is set to system; if invoked from the per-user service manager it is set to - user. + user. + + @@ -155,7 +157,9 @@ If the generator is run as part of an initrd this is set to 1. If it is run from the regular host (i.e. after the transition from initrd to host) it is set to - 0. This environment variable is only set for system generators. + 0. This environment variable is only set for system generators. + + @@ -165,7 +169,9 @@ 1; if it is a subsequent, regular boot it is set to 0. For details see the documentation of ConditionFirstBoot= in systemd.unit5. This - environment variable is only set for system generators. + environment variable is only set for system generators. + + @@ -179,7 +185,9 @@ what systemd-detect-virt1 detects and reports, and uses the same vocabulary of virtualization implementation - identifiers. + identifiers. + + @@ -188,7 +196,9 @@ This variable is set to a short identifier of the reported architecture of the system. For details about defined values, see documentation of ConditionArchitecture= in - systemd.unit5. + systemd.unit5. + + @@ -201,7 +211,9 @@ $ENCRYPTED_CREDENTIALS_DIRECTORY. Use the systemd-creds1 command to automatically decrypt/authenticate credentials passed in, if needed. Specifically, use the - systemd-creds --system cat command. + systemd-creds --system cat command. + + @@ -213,7 +225,9 @@ detected this variable will not be set. This data is identical to what systemd-detect-virt1 detects and reports, and uses the same vocabulary of confidential virtualization - technology identifiers. + technology identifiers. + + diff --git a/man/systemd.journal-fields.xml b/man/systemd.journal-fields.xml index 9971c7f64b..04d661e82c 100644 --- a/man/systemd.journal-fields.xml +++ b/man/systemd.journal-fields.xml @@ -95,6 +95,8 @@ any. Contains the numeric value of errno3 formatted as a decimal string. + + @@ -105,6 +107,8 @@ A randomized, unique 128-bit ID identifying each runtime cycle of the unit. This is different from _SYSTEMD_INVOCATION_ID in that it is only used for messages coming from systemd code (e.g. logs from the system/user manager or from forked processes performing systemd-related setup). + + @@ -144,6 +148,8 @@ based on the stored priority and facility, timestamp, identifier, and the message payload in MESSAGE=. + + @@ -154,6 +160,8 @@ as journalctl will include a hyperlink to a URL specified this way in their output. Should be an http://, https://, file:/, man: or info: URL. + + @@ -161,6 +169,8 @@ TID= The numeric thread ID (TID) the log message originates from. + + @@ -176,6 +186,8 @@ journalctl1, a match pattern that includes UNIT=name.service or USER_UNIT=name.service will be generated. + + @@ -218,6 +230,8 @@ The effective capabilities7 of the process the journal entry originates from. + + @@ -291,6 +305,8 @@ the message was generated in, as available to processes of the unit in $INVOCATION_ID (see systemd.exec5). + + @@ -315,6 +331,8 @@ for those read from the kernel audit subsystem + + @@ -325,6 +343,8 @@ for internally generated messages + + @@ -336,6 +356,8 @@ for those received via the local syslog socket with the syslog protocol + + @@ -347,6 +369,8 @@ for those received via the native journal protocol + + @@ -358,6 +382,8 @@ for those read from a service's standard output or error output + + @@ -368,6 +394,8 @@ for those read from the kernel + + @@ -379,6 +407,8 @@ Only applies to _TRANSPORT=stdout records: specifies a randomized 128-bit ID assigned to the stream connection when it was first created. This ID is useful to reconstruct individual log streams from the log records: all log records carrying the same stream ID originate from the same stream. + + @@ -394,6 +424,8 @@ final newline character), or (if the process which generated the log output changed in the middle of a line). Note that this record is not generated when a normal newline character was used for marking the log line end. + + @@ -403,6 +435,8 @@ journal namespace that is not the default, this field contains the namespace identifier. See systemd-journald.service8 for details about journal namespaces. + + @@ -411,7 +445,9 @@ A string field that specifies the runtime scope in which the message was logged. If initrd, the log message was processed while the system was running inside the initrd. If system, the log message was generated after the system switched - execution to the host root filesystem. + execution to the host root filesystem. + + @@ -432,12 +468,16 @@ network devices, this is the interface index prefixed by n. For all other devices, this is the subsystem name prefixed by +, followed by :, followed by the kernel device name. + + _KERNEL_SUBSYSTEM= The kernel subsystem name. + + @@ -445,6 +485,8 @@ The kernel device name as it shows up in the device tree below /sys/. + + @@ -452,6 +494,8 @@ The device node path of this device in /dev/. + + @@ -460,6 +504,8 @@ Additional symlink names pointing to the device node in /dev/. This field is frequently set more than once per entry. + + @@ -500,6 +546,8 @@ PID of the program that this message pertains to. + + @@ -535,6 +583,8 @@ as described above, except that the process identified by PID is described, instead of the process which logged the message. + + @@ -604,7 +654,9 @@ The sequence number (and associated sequence number ID) of this journal entry in the journal file it originates from. See sd_journal_get_seqnum3 - for details. + for details. + + diff --git a/man/systemd.kill.xml b/man/systemd.kill.xml index 862e228427..c23c5db8a3 100644 --- a/man/systemd.kill.xml +++ b/man/systemd.kill.xml @@ -98,7 +98,9 @@ option). See kill2 for more information. - Defaults to . + Defaults to . + + @@ -111,6 +113,8 @@ Note that, right after sending the signal specified in this setting, systemd will always send SIGCONT, to ensure that even suspended tasks can be terminated cleanly. + + @@ -119,6 +123,8 @@ Specifies which signal to use when restarting a service. The same as KillSignal= described above, with the exception that this setting is used in a restart job. Not set by default, and the value of KillSignal= is used. + + @@ -130,7 +136,9 @@ KillSignal=. This is useful to indicate to shells and shell-like programs that their connection has been severed. Takes a boolean value. Defaults to "no". - + + + @@ -144,7 +152,9 @@ or mixed service will not restart if processes from prior services exist within the control group. Takes a boolean value. Defaults to "yes". - + + + @@ -160,7 +170,9 @@ and setting FinalKillSignal= to either SIGQUIT or SIGABRT. Defaults to SIGKILL. - + + + @@ -168,7 +180,9 @@ Specifies which signal to use to terminate the service when the watchdog timeout expires (enabled through WatchdogSec=). Defaults to SIGABRT. - + + + diff --git a/man/systemd.link.xml b/man/systemd.link.xml index 39117f5706..cbc812c1e4 100644 --- a/man/systemd.link.xml +++ b/man/systemd.link.xml @@ -102,33 +102,43 @@ Each field must be one byte. E.g. 12:34:56:78:90:ab or AA:BB:CC:DD:EE:FF. - + + + Each field must be one byte. E.g. 12-34-56-78-90-ab or AA-BB-CC-DD-EE-FF. - + + + Each field must be two bytes. E.g. 1234.5678.90ab or AABB.CCDD.EEFF. - + + + E.g. 127.0.0.1 or 192.168.0.1. - + + + E.g. 2001:0db8:85a3::8a2e:0370:7334 or ::1. - + + + @@ -149,6 +159,8 @@ appear more than once, in which case the lists are merged. If the empty string is assigned to this option, the list of hardware addresses defined prior to this is reset. Defaults to unset. + + @@ -194,6 +206,8 @@ veth. Valid kinds are given by netlink's IFLA_INFO_KIND attribute, so this is not comprehensive. + + @@ -210,6 +224,8 @@ Property=ID_MODEL_ID=9999 "ID_VENDOR_FROM_DATABASE=vendor name" "KEY=with \"quotation\"" then, the .link file matches only when an interface has all the above three properties. + + @@ -220,6 +236,8 @@ udev property "INTERFACE". This cannot be used to match on names that have already been changed from userspace. Caution is advised when matching on kernel-assigned names, as they are known to be unstable between reboots. + + @@ -267,6 +285,8 @@ details. When prefixed with an exclamation mark (!), the result is negated. If an empty string is assigned, the previously assigned value is cleared. + + @@ -279,6 +299,8 @@ prefixed with an exclamation mark (!), the result is negated. If an empty string is assigned, the previously assigned value is cleared. + + @@ -303,6 +325,8 @@ for details. When prefixed with an exclamation mark (!), the result is negated. If an empty string is assigned, the previously assigned value is cleared. + + @@ -366,6 +390,8 @@ Keeps the MAC address assigned by the kernel. Or use the MAC address specified in MACAddress=. + + @@ -379,6 +405,8 @@ The interface MAC address to use. For this setting to take effect, MACAddressPolicy= must either be unset, empty, or none. + + @@ -400,6 +428,8 @@ If the kernel claims that the name it has set for a device is predictable, then no renaming is performed. + + @@ -456,6 +486,8 @@ If the device already had a name given by userspace (as part of creation of the device or a rename), keep it. + + @@ -496,6 +528,8 @@ slot, path, and mac. If the kernel does not support the alternative names, then this setting will be ignored. + + @@ -511,6 +545,8 @@ alternative names referring to the same interface. Alternative names may have a maximum length of 127 characters, in contrast to the 15 allowed for the primary interface name, but otherwise are subject to the same naming constraints. + + @@ -518,6 +554,8 @@ Specifies the device's number of transmit queues. An integer in the range 1…4096. When unset, the kernel's default will be used. + + @@ -525,6 +563,8 @@ Specifies the device's number of receive queues. An integer in the range 1…4096. When unset, the kernel's default will be used. + + @@ -532,6 +572,8 @@ Specifies the transmit queue length of the device in number of packets. An unsigned integer in the range 0…4294967294. When unset, the kernel's default will be used. + + @@ -568,6 +610,8 @@ Note that if autonegotiation is enabled, speed and duplex settings are read-only. If autonegotiation is disabled, speed and duplex settings are writable if the driver supports multiple link modes. + + @@ -588,24 +632,32 @@ Wake on unicast messages. + + Wake on multicast messages. + + Wake on broadcast messages. + + Wake on ARP. + + @@ -629,6 +681,8 @@ for details. The password in the credential, must be 6 bytes in hex format with each byte separated by a colon (:) like an Ethernet MAC address, e.g., aa:bb:cc:dd:ee:ff. + + @@ -649,6 +703,8 @@ by a colon (:) like an Ethernet MAC address, e.g., aa:bb:cc:dd:ee:ff. This implies WakeOnLan=secureon. Defaults to unset, and the current value will not be changed. + + @@ -662,6 +718,8 @@ An Ethernet interface using Twisted-Pair cable as the medium. + + @@ -669,27 +727,37 @@ Attachment Unit Interface (AUI). Normally used with hubs. + + An Ethernet interface using BNC connectors and co-axial cable. + + An Ethernet interface using a Media Independent Interface (MII). + + An Ethernet interface using Optical Fibre as the medium. + + + + @@ -718,6 +786,8 @@ This option may be specified more than once, in which case all specified speeds and modes are advertised. If the empty string is assigned to this option, the list is reset, and all prior assignments have no effect. + + @@ -725,6 +795,8 @@ Takes a boolean. If set to true, hardware offload for checksumming of ingress network packets is enabled. When unset, the kernel's default will be used. + + @@ -732,6 +804,8 @@ Takes a boolean. If set to true, hardware offload for checksumming of egress network packets is enabled. When unset, the kernel's default will be used. + + @@ -739,6 +813,8 @@ Takes a boolean. If set to true, TCP Segmentation Offload (TSO) is enabled. When unset, the kernel's default will be used. + + @@ -746,6 +822,8 @@ Takes a boolean. If set to true, TCP6 Segmentation Offload (tx-tcp6-segmentation) is enabled. When unset, the kernel's default will be used. + + @@ -753,6 +831,8 @@ Takes a boolean. If set to true, Generic Segmentation Offload (GSO) is enabled. When unset, the kernel's default will be used. + + @@ -760,6 +840,8 @@ Takes a boolean. If set to true, Generic Receive Offload (GRO) is enabled. When unset, the kernel's default will be used. + + @@ -767,6 +849,8 @@ Takes a boolean. If set to true, hardware accelerated Generic Receive Offload (GRO) is enabled. When unset, the kernel's default will be used. + + @@ -774,6 +858,8 @@ Takes a boolean. If set to true, Large Receive Offload (LRO) is enabled. When unset, the kernel's default will be used. + + @@ -781,6 +867,8 @@ Takes a boolean. If set to true, receive VLAN CTAG hardware acceleration is enabled. When unset, the kernel's default will be used. + + @@ -788,6 +876,8 @@ Takes a boolean. If set to true, transmit VLAN CTAG hardware acceleration is enabled. When unset, the kernel's default will be used. + + @@ -795,6 +885,8 @@ Takes a boolean. If set to true, receive filtering on VLAN CTAGs is enabled. When unset, the kernel's default will be used. + + @@ -802,6 +894,8 @@ Takes a boolean. If set to true, transmit VLAN STAG hardware acceleration is enabled. When unset, the kernel's default will be used. + + @@ -809,6 +903,8 @@ Takes a boolean. If set to true, receive N-tuple filters and actions are enabled. When unset, the kernel's default will be used. + + @@ -842,6 +938,8 @@ Takes a boolean. When set, enables receive flow control, also known as the ethernet receive PAUSE message (generate and send ethernet PAUSE frames). When unset, the kernel's default will be used. + + @@ -850,6 +948,8 @@ Takes a boolean. When set, enables transmit flow control, also known as the ethernet transmit PAUSE message (respond to received ethernet PAUSE frames). When unset, the kernel's default will be used. + + @@ -858,6 +958,8 @@ Takes a boolean. When set, auto negotiation enables the interface to exchange state advertisements with the connected peer so that the two devices can agree on the ethernet PAUSE configuration. When unset, the kernel's default will be used. + + @@ -867,6 +969,8 @@ device should accept. The usual suffixes K, M, G are supported and are understood to the base of 1024. An unsigned integer in the range 1…65536. Defaults to unset. + + @@ -874,6 +978,8 @@ Specifies the maximum number of Generic Segment Offload (GSO) segments the device should accept. An unsigned integer in the range 1…65535. Defaults to unset. + + @@ -882,6 +988,8 @@ Boolean properties that, when set, enable/disable adaptive Rx/Tx coalescing if the hardware supports it. When unset, the kernel's default will be used. + + @@ -900,6 +1008,8 @@ packet rate drops below the low packet rate threshold or exceeds the high packet rate threshold respectively if adaptive Rx/Tx coalescing is enabled. When unset, the kernel's defaults will be used. + + @@ -918,6 +1028,8 @@ effect when the packet rate drops below the low packet rate threshold or exceeds the high packet rate threshold respectively if adaptive Rx/Tx coalescing is enabled. When unset, the kernel's defaults will be used. + + @@ -928,6 +1040,8 @@ threshold respectively and are used to determine when the corresponding coalescing settings for low and high packet rates come into effect if adaptive Rx/Tx coalescing is enabled. If unset, the kernel's defaults will be used. + + @@ -937,6 +1051,8 @@ property cannot be zero. This lowest time granularity supported by this property is seconds. Partial seconds will be rounded up before being passed to the kernel. If unset, the kernel's default will be used. + + @@ -945,6 +1061,8 @@ How long to delay driver in-memory statistics block updates. If the driver does not have an in-memory statistic block, this property is ignored. This property cannot be zero. If unset, the kernel's default will be used. + + @@ -960,6 +1078,8 @@ crossover, the MDI crossover (MDI-X) mode will be used. When auto, the MDI status is automatically detected. Defaults to unset, and the kernel's default will be used. + + @@ -969,6 +1089,8 @@ Specifies the number of SR-IOV virtual functions. Takes an integer in the range 0…2147483647. Defaults to unset, and automatically determined from the values specified in the VirtualFunction= settings in the [SR-IOV] sections. + + @@ -990,6 +1112,8 @@ Specifies a Virtual Function (VF), lightweight PCIe function designed solely to move data in and out. Takes an integer in the range 0…2147483646. This option is compulsory. + + @@ -997,6 +1121,8 @@ VLANId= Specifies VLAN ID of the virtual function. Takes an integer in the range 1…4095. + + @@ -1005,6 +1131,8 @@ Specifies quality of service of the virtual function. Takes an integer in the range 1…4294967294. + + @@ -1013,6 +1141,8 @@ Specifies VLAN protocol of the virtual function. Takes 802.1Q or 802.1ad. + + @@ -1021,6 +1151,8 @@ Takes a boolean. Controls the MAC spoof checking. When unset, the kernel's default will be used. + + @@ -1031,6 +1163,8 @@ configuration of the virtual function (VF). The VF RSS information like RSS hash key may be considered sensitive on some devices where this information is shared between VF and the physical function (PF). When unset, the kernel's default will be used. + + @@ -1040,6 +1174,8 @@ Takes a boolean. Allows one to set trust mode of the virtual function (VF). When set, VF users can set a specific feature which may impact security and/or performance. When unset, the kernel's default will be used. + + @@ -1052,6 +1188,8 @@ communicate with other VFs on this host even if the PF link state is down, no causes the hardware to drop any packets sent by the VF. When unset, the kernel's default will be used. + + @@ -1059,6 +1197,8 @@ MACAddress= Specifies the MAC address for the virtual function. + + diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml index 0d14d702a8..f1e43f2a40 100644 --- a/man/systemd.mount.xml +++ b/man/systemd.mount.xml @@ -207,7 +207,9 @@ Note that this option always applies to the created mount unit only regardless whether has been - specified. + specified. + + @@ -230,7 +232,9 @@ Note that these options always apply to the created mount unit only regardless whether has been - specified. + specified. + + @@ -245,7 +249,9 @@ local-fs.target, are not automatically created. See WantedBy= and RequiredBy= in systemd.unit5 - for details. + for details. + + @@ -257,7 +263,9 @@ an absolute path. This option may be specified more than once. See RequiresMountsFor= in systemd.unit5 - for details. + for details. + + @@ -270,7 +278,9 @@ as the default dependency in this case is Requires=. This option is already implied by entries in /etc/fstab or by mount units. - + + + @@ -288,7 +298,9 @@ Configures the idle timeout of the automount unit. See TimeoutIdleSec= in systemd.automount5 - for details. + for details. + + @@ -325,6 +337,8 @@ See TimeoutSec= below for details. + + @@ -347,6 +361,8 @@ wipefs8 may be used to remove any signatures from a block device to force to reinitialize the device. + + @@ -363,7 +379,9 @@ Note that this option can only be used in /etc/fstab, and will be ignored when part of the - Options= setting in a unit file. + Options= setting in a unit file. + + @@ -377,7 +395,9 @@ Note that this option can only be used in /etc/fstab, and will be ignored when part of the Options= setting in a unit file. It is also implied for the root and /usr/ partitions discovered by - systemd-gpt-auto-generator8. + systemd-gpt-auto-generator8. + + @@ -388,6 +408,8 @@ This option disables that behaviour, and causes the mount to fail immediately instead. This option is translated into the ReadWriteOnly= setting in a unit file. + + @@ -404,6 +426,8 @@ local-fs-pre.target and local-fs.target. They also pull in network-online.target and are ordered after it and network.target. + + @@ -524,7 +548,9 @@ corresponds with mount8's -s switch. Defaults to - off. + off. + + @@ -537,7 +563,9 @@ This corresponds with umount8's -l switch. Defaults to - off. + off. + + @@ -550,7 +578,9 @@ not succeed. This corresponds with mount8's -w switch. Defaults to - off. + off. + + @@ -561,7 +591,9 @@ This corresponds with umount8's -f switch. Defaults to - off. + off. + + diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml index c8df10b128..d8ac09c7cb 100644 --- a/man/systemd.net-naming-scheme.xml +++ b/man/systemd.net-naming-scheme.xml @@ -139,6 +139,8 @@ devices. The name consists of the prefix concatenated with the label. This is only available for PCI devices. + + @@ -149,6 +151,8 @@ digits of the MAC address. It is available if the device has a fixed MAC address. Because this name is based on an attribute of the card itself, it remains "stable" when the device is moved (even between machines), but will change when the hardware is replaced. + + @@ -322,7 +326,9 @@ v238 - This is the naming scheme that was implemented in systemd 238. + This is the naming scheme that was implemented in systemd 238. + + @@ -343,6 +349,8 @@ Names are also generated for PCI devices where the PCI network controller device does not have an associated slot number itself, but one of its parents does. Previously those devices were not renamed and the kernel default was used. + + @@ -362,7 +370,9 @@ configuration, even if they have been renamed already, if keep is not specified as the naming policy in the .link file. See systemd.link5 - for a description of NamePolicy=. + for a description of NamePolicy=. + + @@ -377,7 +387,9 @@ Note: when userspace does not set a MAC address for a bridge device, the kernel will initially assign a random address, and then change it when the first device is enslaved to the bridge. With this naming policy change, bridges get a persistent MAC address based on the bridge - name instead of the first enslaved device. + name instead of the first enslaved device. + + @@ -387,7 +399,9 @@ those devices were not renamed. Previously two-letter interface type prefix was prepended to - ID_NET_LABEL_ONBOARD=. This is not done anymore. + ID_NET_LABEL_ONBOARD=. This is not done anymore. + + @@ -401,7 +415,9 @@ on, for any interface name that would be longer than 15 characters the last 4 characters are set to a 24bit hash value of the full interface name. This way network interface name collisions between multiple similarly named containers (who only differ in container name suffix) should be less - likely (but still possible, since the 24bit hash value is very small). + likely (but still possible, since the 24bit hash value is very small). + + @@ -411,7 +427,9 @@ controllers, the same value of the ID_NET_NAME_SLOT property might be derived for those controllers. This would cause a naming conflict if the property is selected as the device name. Now, we detect this situation and don't produce the ID_NET_NAME_SLOT - property. + property. + + @@ -431,6 +449,8 @@ The udev rule NAME= replaces :, /, and % with an underscore (_), and refuses strings which contain only numerics. + + @@ -439,6 +459,8 @@ Added naming scheme for Xen netfront "vif" interfaces based on the guest side VIF number set from the Xen config (or the interface index in AWS EC2). + + @@ -451,6 +473,8 @@ this is relaxed and we will use slot information to generate the name based on it but only if the PCI device has multiple functions. This is safe because distinct function number is a part of the device name for multifunction devices. + + @@ -458,6 +482,8 @@ v252 Added naming scheme for platform devices with devicetree aliases. + + @@ -465,6 +491,8 @@ v253 Set ID_NET_NAME_PATH for usb devices not connected via a PCI bus. + + @@ -476,6 +504,8 @@ The rslot suffix was added to differentiate SR-IOV virtual device representors attached to a single physical device interface. + + diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index da70796ff6..26b0e40861 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -234,6 +234,8 @@ Description= A free-form description of the netdev. + + @@ -261,6 +263,8 @@ corresponding systemd.network5 files. + + @@ -282,6 +286,8 @@ will assign the persistent MAC address for the device, as 99-default.link has MACAddressPolicy=persistent. So, it is also necessary to create a custom .link file for the device, if the MAC address assignment is not desired. + + @@ -302,6 +308,8 @@ sent out by the root bridge and the designated bridges. Hello packets are used to communicate information about the topology throughout the entire bridged local area network. + + @@ -311,6 +319,8 @@ If the last seen (received) hello packet is more than this number of seconds old, the bridge in question will start the takeover procedure in attempt to become the Root Bridge itself. + + @@ -318,6 +328,8 @@ ForwardDelaySec specifies the number of seconds spent in each of the Listening and Learning states before the Forwarding state is entered. + + @@ -325,6 +337,8 @@ This specifies the number of seconds a MAC Address will be kept in the forwarding database after having a packet received from this MAC Address. + + @@ -332,6 +346,8 @@ The priority of the bridge. An integer between 0 and 65535. A lower value means higher priority. The bridge having the lowest priority will be elected as root bridge. + + @@ -342,6 +358,8 @@ is performed between the specified bitmask and the exponentiation of 2^X, the lower nibble of the last octet of the MAC address. For example, a value of 8 would allow forwarding of frames addressed to 01:80:C2:00:00:03 (802.1X PAE). + + @@ -349,6 +367,8 @@ This specifies the default port VLAN ID of a newly attached bridge port. Set this to an integer in the range 1…4094 or none to disable the PVID. + + @@ -360,6 +380,8 @@ multicast-aware switches to misbehave and disrupt forwarding of multicast packets. When unset, the kernel's default will be used. + + @@ -369,6 +391,8 @@ If enabled, IGMP snooping monitors the Internet Group Management Protocol (IGMP) traffic between hosts and multicast routers. When unset, the kernel's default will be used. + + @@ -377,6 +401,8 @@ Takes a boolean. This setting controls the IFLA_BR_VLAN_FILTERING option in the kernel. If enabled, the bridge will be started in VLAN-filtering mode. When unset, the kernel's default will be used. + + @@ -386,6 +412,8 @@ or, , and defaults to unset and kernel's default is used. + + @@ -394,6 +422,8 @@ Takes a boolean. This enables the bridge's Spanning Tree Protocol (STP). When unset, the kernel's default will be used. + + @@ -402,6 +432,8 @@ Allows changing bridge's multicast Internet Group Management Protocol (IGMP) version. Takes an integer 2 or 3. When unset, the kernel's default will be used. + + @@ -427,6 +459,8 @@ Allows setting the protocol used for the VLAN interface. Takes 802.1q or, 802.1ad, and defaults to unset and kernel's default is used. + + @@ -436,6 +470,8 @@ allows automatic learning of VLANs on a network. When unset, the kernel's default will be used. + + @@ -446,6 +482,8 @@ for automatic configuration of VLAN information on switches. It was defined in the 802.1ak amendment to 802.1Q-2005. When unset, the kernel's default will be used. + + @@ -454,6 +492,8 @@ Takes a boolean. The VLAN loose binding mode, in which only the operational state is passed from the parent to the associated VLANs, but the VLAN device state is not changed. When unset, the kernel's default will be used. + + @@ -461,6 +501,8 @@ Takes a boolean. When enabled, the VLAN reorder header is used and VLAN interfaces behave like physical interfaces. When unset, the kernel's default will be used. + + @@ -506,6 +548,8 @@ hexadecimal. This option may appear more than once, in which case the lists are merged. If the empty string is assigned to this option, the list of hardware addresses defined prior to this is reset. Defaults to unset. + + @@ -513,6 +557,8 @@ Specifies the length of the receive queue for broadcast/multicast packets. An unsigned integer in the range 0…4294967294. Defaults to unset. + + @@ -539,6 +585,8 @@ The IPVLAN mode to use. The supported options are L2,L3 and L3S. + + @@ -547,6 +595,8 @@ The IPVLAN flags to use. The supported options are bridge,private and vepa. + + @@ -571,12 +621,16 @@ VNI= The VXLAN Network Identifier (or VXLAN Segment ID). Takes a number in the range 1…16777215. + + Remote= Configures destination IP address. + + @@ -587,6 +641,8 @@ ipv6_link_local, dhcp4, dhcp6, and slaac. If one of the special values is specified, an address which matches the corresponding type on the underlying interface will be used. Defaults to unset. + + @@ -594,12 +650,16 @@ Configures VXLAN multicast group IP address. All members of a VXLAN must use the same multicast group address. + + TOS= The Type Of Service byte value for a vxlan interface. + + @@ -609,6 +669,8 @@ Takes inherit or a number in the range 0…255. 0 is a special value meaning inherit the inner protocol's TTL value. inherit means that it will inherit the outer protocol's TTL value. + + @@ -616,6 +678,8 @@ Takes a boolean. When true, enables dynamic MAC learning to discover remote MAC addresses. + + @@ -623,12 +687,16 @@ The lifetime of Forwarding Database entry learnt by the kernel, in seconds. + + MaximumFDBEntries= Configures maximum number of FDB entries. + + @@ -639,6 +707,8 @@ of remote Distributed Overlay Virtual Ethernet (DOVE) clients. Defaults to false. + + @@ -646,12 +716,16 @@ Takes a boolean. When true, enables netlink LLADDR miss notifications. + + L3MissNotification= Takes a boolean. When true, enables netlink IP address miss notifications. + + @@ -659,36 +733,48 @@ Takes a boolean. When true, route short circuiting is turned on. + + UDPChecksum= Takes a boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on. + + UDP6ZeroChecksumTx= Takes a boolean. When true, sending zero checksums in VXLAN/IPv6 is turned on. + + UDP6ZeroChecksumRx= Takes a boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on. + + RemoteChecksumTx= Takes a boolean. When true, remote transmit checksum offload of VXLAN is turned on. + + RemoteChecksumRx= Takes a boolean. When true, remote receive checksum offload in VXLAN is turned on. + + @@ -698,6 +784,8 @@ across network peers based on VXLAN. For details about the Group Policy VXLAN, see the VXLAN Group Policy document. Defaults to false. + + @@ -708,6 +796,8 @@ Header, see the Generic Protocol Extension for VXLAN document. If destination port is not specified and Generic Protocol Extension is set then default port of 4790 is used. Defaults to false. + + @@ -715,6 +805,8 @@ Configures the default destination UDP port. If the destination port is not specified then Linux kernel default will be used. Set to 4789 to get the IANA assigned value. + + @@ -723,6 +815,8 @@ Configures the source port range for the VXLAN. The kernel assigns the source UDP port based on the flow to help the receiver to do load balancing. When this option is not set, the normal range of local UDP ports is used. + + @@ -731,6 +825,8 @@ Specifies the flow label to use in outgoing packets. The valid range is 0-1048575. + + @@ -740,6 +836,8 @@ value from the IPv4 inner header. Takes a boolean value, or inherit. Set to inherit if the encapsulated protocol is IPv6. When unset, the kernel's default will be used. + + @@ -772,12 +870,16 @@ Remote= Specifies the unicast destination IP address to use in outgoing packets. + + TOS= Specifies the TOS value to use in outgoing packets. Takes a number between 1 and 255. + + @@ -786,6 +888,8 @@ Accepts the same values as in the [VXLAN] section, except that when unset or set to 0, the kernel's default will be used, meaning that packet TTL will be set from /proc/sys/net/ipv4/ip_default_ttl. + + @@ -793,18 +897,24 @@ Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets over IPv4. + + UDP6ZeroChecksumTx= Takes a boolean. When true, skip UDP checksum calculation for transmitted packets over IPv6. + + UDP6ZeroChecksumRx= Takes a boolean. When true, allows incoming UDP packets over IPv6 with zero checksum field. + + @@ -812,18 +922,24 @@ Specifies destination port. Defaults to 6081. If not set or assigned the empty string, the default port of 6081 is used. + + FlowLabel= Specifies the flow label to use in outgoing packets. + + IPDoNotFragment= Accepts the same key as in [VXLAN] section. + + @@ -831,6 +947,8 @@ Takes a boolean. When true, inner Layer 3 protocol is set as Protocol Type in the GENEVE header instead of Ethernet. Defaults to false. + + @@ -848,6 +966,8 @@ DestinationPort= Specifies the destination UDP port (in range 1…65535). This is mandatory. + + @@ -856,6 +976,8 @@ Specifies the L3 protocol. Takes one of ipv4, ipv6, mpls-uc or mpls-mc. This is mandatory. + + @@ -875,6 +997,8 @@ Specifies the tunnel identifier. Takes an number in the range 1…4294967295. The value used must match the PeerTunnelId= value being used at the peer. This setting is compulsory. + + @@ -883,12 +1007,16 @@ Specifies the peer tunnel id. Takes a number in the range 1…4294967295. The value used must match the TunnelId= value being used at the peer. This setting is compulsory. + + Remote= Specifies the IP address of the remote peer. This setting is compulsory. + + @@ -903,6 +1031,8 @@ addresses on a local or specified interface which is accessible to the remote address will be used. Similarly, if static or dynamic is set, then one of the static or dynamic addresses will be used. Defaults to auto. + + @@ -910,6 +1040,8 @@ Specifies the encapsulation type of the tunnel. Takes one of udp or ip. + + @@ -917,6 +1049,8 @@ Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected it's mandatory. Ignored when IP encapsulation is selected. + + @@ -924,6 +1058,8 @@ Specifies destination port. When UDP encapsulation is selected it's mandatory. Ignored when IP encapsulation is selected. + + @@ -931,18 +1067,24 @@ Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets over IPv4. + + UDP6ZeroChecksumTx= Takes a boolean. When true, skip UDP checksum calculation for transmitted packets over IPv6. + + UDP6ZeroChecksumRx= Takes a boolean. When true, allows incoming UDP packets over IPv6 with zero checksum field. + + @@ -959,6 +1101,8 @@ Name= Specifies the name of the session. This setting is compulsory. + + @@ -967,6 +1111,8 @@ Specifies the session identifier. Takes an number in the range 1…4294967295. The value used must match the SessionId= value being used at the peer. This setting is compulsory. + + @@ -975,12 +1121,16 @@ Specifies the peer session identifier. Takes an number in the range 1…4294967295. The value used must match the PeerSessionId= value being used at the peer. This setting is compulsory. + + Layer2SpecificHeader= Specifies layer2specific header type of the session. One of none or default. Defaults to default. + + @@ -999,12 +1149,16 @@ Specifies the port to be used for the MACsec transmit channel. The port is used to make secure channel identifier (SCI). Takes a value between 1 and 65535. Defaults to unset. + + Encrypt= Takes a boolean. When true, enable encryption. Defaults to unset. + + @@ -1022,6 +1176,8 @@ Specifies the port to be used for the MACsec receive channel. The port is used to make secure channel identifier (SCI). Takes a value between 1 and 65535. This option is compulsory, and is not set by default. + + @@ -1030,6 +1186,8 @@ Specifies the MAC address to be used for the MACsec receive channel. The MAC address used to make secure channel identifier (SCI). This setting is compulsory, and is not set by default. + + @@ -1049,6 +1207,8 @@ the initialization vector (along with the secure channel identifier [SCI]). Takes a value between 1-4,294,967,295. Defaults to unset. + + @@ -1056,6 +1216,8 @@ Specifies the identification for the key. Takes a number between 0-255. This option is compulsory, and is not set by default. + + @@ -1065,6 +1227,8 @@ configured on the peer’s matching receive channel. This setting is compulsory, and is not set by default. Takes a 128-bit key encoded in a hexadecimal string, for example dffafc8d7b9a43d5b9a3dfbbf6a30c16. + + @@ -1077,6 +1241,8 @@ root:systemd-network with a 0640 file mode. If the path refers to an AF_UNIX stream socket in the file system a connection is made to it and the key read from it. + + @@ -1084,6 +1250,8 @@ Takes a boolean. If enabled, then the security association is activated. Defaults to unset. + + @@ -1092,6 +1260,8 @@ Takes a boolean. If enabled, then the security association is used for encoding. Only one [MACsecTransmitAssociation] section can enable this option. When enabled, Activate=yes is implied. Defaults to unset. + + @@ -1109,42 +1279,56 @@ Port= Accepts the same key as in [MACsecReceiveChannel] section. + + MACAddress= Accepts the same key as in [MACsecReceiveChannel] section. + + PacketNumber= Accepts the same key as in [MACsecTransmitAssociation] section. + + KeyId= Accepts the same key as in [MACsecTransmitAssociation] section. + + Key= Accepts the same key as in [MACsecTransmitAssociation] section. + + KeyFile= Accepts the same key as in [MACsecTransmitAssociation] section. + + Activate= Accepts the same key as in [MACsecTransmitAssociation] section. + + @@ -1175,6 +1359,8 @@ also known as collect metadata mode, and most settings below like Local= or Remote= are ignored. This implies Independent=. Defaults to false. + + @@ -1187,6 +1373,8 @@ of the special values except for any is specified, an address which matches the corresponding type on the underlying interface will be used. Defaults to any. + + @@ -1194,6 +1382,8 @@ The remote endpoint of the tunnel. Takes an IP address or the special value any. + + @@ -1204,6 +1394,8 @@ Type of Service in the Internet Protocol Suite document. + + @@ -1214,6 +1406,8 @@ packets inherit the TTL value. The default value for IPv4 tunnels is 0 (inherit). The default value for IPv6 tunnels is 64. + + @@ -1223,6 +1417,8 @@ the tunnel. When IgnoreDontFragment= is enabled, defaults to false. Otherwise, defaults to true. + + @@ -1233,6 +1429,8 @@ Note that if IgnoreDontFragment= is set to true, DiscoverPathMTU= cannot be set to true. Only applicable to GRE, GRETAP, and ERSPAN tunnels. + + @@ -1246,6 +1444,8 @@ not been labeled. It can be configured to a value in the range 0…0xFFFFF, or be set to inherit, in which case the original flowlabel is used. + + @@ -1258,6 +1458,8 @@ levels of service to be assigned to network traffic. Defaults to no. + + @@ -1271,6 +1473,8 @@ (see RFC 2473). The valid range is 0…255 and none. Defaults to 4. + + @@ -1284,6 +1488,8 @@ See ip-xfrm — transform configuration for details. It is only used for VTI/VTI6, GRE, GRETAP, and ERSPAN tunnels. + + @@ -1292,6 +1498,8 @@ The InputKey= parameter specifies the key to use for input. The format is same as Key=. It is only used for VTI/VTI6, GRE, GRETAP, and ERSPAN tunnels. + + @@ -1300,6 +1508,8 @@ The OutputKey= parameter specifies the key to use for output. The format is same as Key=. It is only used for VTI/VTI6, GRE, GRETAP, and ERSPAN tunnels. + + @@ -1311,6 +1521,8 @@ ipip6 for IPv4 over IPv6 or any for either. + + @@ -1320,6 +1532,8 @@ device, and a .network file that requests this tunnel using Tunnel= is required for the tunnel to be created. When true, the tunnel is created independently of any network as "tunnel@NONE". + + @@ -1327,6 +1541,8 @@ Takes a boolean. If set to yes, the loopback interface lo is used as the underlying device of the tunnel interface. Defaults to no. + + @@ -1335,6 +1551,8 @@ Takes a boolean. When true allows tunnel traffic on ip6tnl devices where the remote endpoint is a local host address. When unset, the kernel's default will be used. + + @@ -1344,6 +1562,8 @@ Defaults to false. This takes effects only for IPIP, SIT, GRE, and GRETAP tunnels. For more detail information see Foo over UDP + + @@ -1351,6 +1571,8 @@ This setting specifies the UDP destination port for encapsulation. This field is mandatory when FooOverUDP=yes, and is not set by default. + + @@ -1358,12 +1580,16 @@ This setting specifies the UDP source port for encapsulation. Defaults to 0 — that is, the source port for packets is left to the network stack to decide. + + Encapsulation= Accepts the same key as in the [FooOverUDP] section. + + @@ -1372,6 +1598,8 @@ Reconfigure the tunnel for IPv6 Rapid Deployment, also known as 6rd. The value is an ISP-specific IPv6 prefix with a non-zero length. Only applicable to SIT tunnels. + + @@ -1379,6 +1607,8 @@ Takes a boolean. If set, configures the tunnel as Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnel. Only applicable to SIT tunnels. When unset, the kernel's default will be used. + + @@ -1387,6 +1617,8 @@ Takes a boolean. If set to yes, then packets are serialized. Only applies for GRE, GRETAP, and ERSPAN tunnels. When unset, the kernel's default will be used. + + @@ -1394,6 +1626,8 @@ Specifies the ERSPAN version number. Takes 0 for version 0 (a.k.a. type I), 1 for version 1 (a.k.a. type II), or 2 for version 2 (a.k.a. type III). Defaults to 1. + + @@ -1402,6 +1636,8 @@ Specifies the ERSPAN v1 index field for the interface. Takes an integer in the range 0…1048575, which is associated with the ERSPAN traffic's source port and direction. Only used when ERSPANVersion=1. Defaults to 0. + + @@ -1410,6 +1646,8 @@ Specifies the ERSPAN v2 mirrored traffic's direction. Takes ingress or egress. Only used when ERSPANVersion=2. Defaults to ingress. + + @@ -1417,6 +1655,8 @@ Specifies an unique identifier of the ERSPAN v2 engine. Takes an integer in the range 0…63. Only used when ERSPANVersion=2. Defaults to 0. + + @@ -1443,6 +1683,8 @@ url="https://lwn.net/Articles/615044">Generic UDP Encapsulation. Defaults to FooOverUDP. + + @@ -1451,6 +1693,8 @@ Specifies the port number where the encapsulated packets will arrive. Those packets will be removed and manually fed back into the network stack with the encapsulation removed to be sent to the real destination. This option is mandatory. + + @@ -1458,6 +1702,8 @@ Specifies the peer port number. Defaults to unset. Note that when peer port is set Peer= address is mandatory. + + @@ -1468,6 +1714,8 @@ and is not set by default. Takes an IP protocol name such as gre or ipip, or an integer within the range 1…255. When Encapsulation=GenericUDPEncapsulation, this must not be specified. + + @@ -1475,12 +1723,16 @@ Configures peer IP address. Note that when peer address is set PeerPort= is mandatory. + + Local= Configures local IP address. + + @@ -1499,6 +1751,8 @@ The interface name used when creating the netdev. This setting is compulsory. + + @@ -1507,6 +1761,8 @@ The peer MACAddress, if not set, it is generated in the same way as the MAC address of the main interface. + + @@ -1525,6 +1781,8 @@ The peer interface name used when creating the netdev. This setting is compulsory. + + @@ -1544,6 +1802,8 @@ to use multiple file descriptors (queues) to parallelize packets sending and receiving. Defaults to no. + + @@ -1553,6 +1813,8 @@ bytes and two protocol bytes). If disabled, it indicates that the packets will be pure IP packets. Defaults to no. + + @@ -1563,18 +1825,24 @@ packets. This may increase throughput significantly. Defaults to no. + + User= User to grant access to the /dev/net/tun device. + + Group= Group to grant access to the /dev/net/tun device. + + @@ -1584,6 +1852,8 @@ descriptor of the interface is kept open. This may be useful to keep the interface in running state, for example while the backing process is temporarily shutdown. Defaults to no. + + @@ -1614,6 +1884,8 @@ Note that because this information is secret, you may want to set the permissions of the .netdev file to be owned by root:systemd-network with a 0640 file mode. + + @@ -1625,6 +1897,8 @@ e.g., owned by root:systemd-network with a 0640 file mode. If the path refers to an AF_UNIX stream socket in the file system a connection is made to it and the key read from it. + + @@ -1634,12 +1908,16 @@ or auto. If auto is specified, the port is automatically generated based on interface name. Defaults to auto. + + FirewallMark= Sets a firewall mark on outgoing WireGuard packets from this interface. Takes a number between 1 and 4294967295. + + @@ -1654,6 +1932,8 @@ addresses specified in the AllowedIPs= setting will not be configured. Defaults to false. This setting will be ignored when the same setting is specified in the [WireGuardPeer] section. + + @@ -1663,6 +1943,8 @@ AllowedIPs=. Takes an integer in the range 0…4294967295. Defaults to 0 for IPv4 addresses, and 1024 for IPv6 addresses. This setting will be ignored when the same setting is specified in the [WireGuardPeer] section. + + @@ -1683,6 +1965,8 @@ from a private key, and usually transmitted out of band to the author of the configuration file. This option is mandatory for this section. + + @@ -1696,6 +1980,8 @@ Note that because this information is secret, you may want to set the permissions of the .netdev file to be owned by root:systemd-network with a 0640 file mode. + + @@ -1707,6 +1993,8 @@ owned by root:systemd-network with a 0640 file mode. If the path refers to an AF_UNIX stream socket in the file system a connection is made to it and the key read from it. + + @@ -1725,6 +2013,8 @@ the first place, an appropriate route needs to be added as well — either in the [Routes] section on the .network matching the wireguard interface, or externally to systemd-networkd. + + @@ -1736,6 +2026,8 @@ for IPv6 address. This endpoint will be updated automatically once to the most recent source IP address and port of correctly authenticated packets from the peer at configuration time. + + @@ -1750,6 +2042,8 @@ interval of 25 seconds. If set to 0 or "off", this option is disabled. By default or when unspecified, this option is off. Most users will not need this. + + @@ -1762,6 +2056,8 @@ networkd.conf5, or a number in the range 1…4294967295. Defaults to unset, and the value specified in the same setting in the [WireGuard] section will be used. + + @@ -1771,6 +2067,8 @@ AllowedIPs=. Takes an integer in the range 0…4294967295. Defaults to unset, and the value specified in the same setting in the [WireGuard] section will be used. + + @@ -1796,6 +2094,8 @@ balance-tlb, and balance-alb. + + @@ -1811,6 +2111,8 @@ encap2+3, and encap3+4. + + @@ -1824,6 +2126,8 @@ and fast, which requests partner to transmit LACPDUs every second. The default value is slow. + + @@ -1834,6 +2138,8 @@ Interface link monitoring will occur. A value of zero disables MII link monitoring. This value is rounded down to the nearest millisecond. The default value is 0. + + @@ -1844,6 +2150,8 @@ link up status has been detected. This value is rounded down to a multiple of MIIMonitorSec=. The default value is 0. + + @@ -1854,6 +2162,8 @@ link down status has been detected. This value is rounded down to a multiple of MIIMonitorSec=. The default value is 0. + + @@ -1864,6 +2174,8 @@ driver sends learning packets to each slave peer switch. The valid range is 1…0x7fffffff; the default value is 1. This option has an effect only for the balance-tlb and balance-alb modes. + + @@ -1875,6 +2187,8 @@ bandwidth and count. + + @@ -1882,6 +2196,8 @@ AdActorSystemPriority= Specifies the 802.3ad actor system priority. Takes a number in the range 1…65535. + + @@ -1890,6 +2206,8 @@ Specifies the 802.3ad user defined portion of the port key. Takes a number in the range 0…1023. + + @@ -1898,6 +2216,8 @@ Specifies the 802.3ad system MAC address. This cannot be a null or multicast address. + + @@ -1912,6 +2232,8 @@ active and follow. + + @@ -1927,6 +2249,8 @@ backup and all. + + @@ -1936,6 +2260,8 @@ Specifies the ARP link monitoring frequency. A value of 0 disables ARP monitoring. The default value is 0, and the default unit seconds. + + @@ -1950,6 +2276,8 @@ maximum number of targets that can be specified is 16. The default value is no IP addresses. + + @@ -1963,6 +2291,8 @@ any and all. + + @@ -1978,6 +2308,8 @@ better and failure. + + @@ -1991,6 +2323,8 @@ prevents the IGMP membership report from being issued in response to the failover event. + + @@ -2002,6 +2336,8 @@ random. The valid range is 0…65535. Defaults to 1. This option only has effect when in balance-rr mode. + + @@ -2017,6 +2353,8 @@ greater than 1. The valid range is 0…255. The default value is 1. These options affect only the active-backup mode. + + @@ -2030,6 +2368,8 @@ frames to be delivered. The default value is false (drop duplicate frames received on inactive ports). + + @@ -2039,6 +2379,8 @@ Takes a boolean. Specifies if dynamic shuffling of flows is enabled. Applies only for balance-tlb mode. Defaults to unset. + + @@ -2048,6 +2390,8 @@ Specifies the minimum number of links that must be active before asserting carrier. The default value is 0. + + @@ -2069,6 +2413,8 @@ Sets the ID/key of the xfrm interface which needs to be associated with a SA/policy. Can be decimal or hexadecimal, valid range is 1-0xffffffff. This is mandatory. + + @@ -2076,6 +2422,8 @@ Takes a boolean. If false (the default), the xfrm interface must have an underlying device which can be used for hardware offloading. + + @@ -2095,6 +2443,8 @@ Table= The numeric routing table identifier. This setting is compulsory. + + @@ -2115,6 +2465,8 @@ connection with the mesh) or in client mode (searching for the most suitable internet connection in the mesh) or having the gateway support turned off entirely (which is the default setting). + + @@ -2123,6 +2475,8 @@ Takes a boolean value. Enables or disables aggregation of originator messages. Defaults to true. + + @@ -2130,18 +2484,24 @@ Takes a boolean value. Enables or disables avoidance of loops on bridges. Defaults to true. + + DistributedArpTable= Takes a boolean value. Enables or disables the distributed ARP table. Defaults to true. + + Fragmentation= Takes a boolean value. Enables or disables fragmentation. Defaults to true. + + @@ -2158,6 +2518,8 @@ choose a value of 255 (maximum value) to avoid being chosen as a router by other nodes. The minimum value is 0. + + @@ -2167,6 +2529,8 @@ batman-adv floods the network with its protocol information. See systemd.time7 for more information. + + @@ -2177,6 +2541,8 @@ this node's internet connection download bandwidth in bits per second. Just enter any number suffixed with K, M, G or T (base 1000) and the batman-adv module will propagate the entered value in the mesh. + + @@ -2187,6 +2553,8 @@ this node's internet connection upload bandwidth in bits per second. Just enter any number suffixed with K, M, G or T (base 1000) and the batman-adv module will propagate the entered value in the mesh. + + @@ -2196,6 +2564,8 @@ of batctl8 to use. The algorithm cannot be changed after interface creation. Defaults to batman-v. + + @@ -2212,6 +2582,8 @@ Takes an integer in the range 1…0xffff, except for 0x8000. Defaults to unset, and the kernel's default is used. + + @@ -2231,6 +2603,8 @@ an MTU up to the maximal IP packet size of 64K, which reduces the number of IP packets needed for handling large UDP datagrams, TCP segments, etc and increases the performance for large messages. + + @@ -2239,6 +2613,8 @@ Takes an boolean value. When true, the kernel ignores multicast groups handled by userspace. Defaults to unset, and the kernel's default is used. + + @@ -2255,6 +2631,8 @@ Specifies the name or index of the physical WLAN device (e.g. 0 or phy0). The list of the physical WLAN devices that exist on the host can be obtained by iw phy command. This option is mandatory. + + @@ -2266,6 +2644,8 @@ wds, monitor, mesh-point, p2p-client, p2p-go, p2p-device, ocb, and nan. This option is mandatory. + + @@ -2275,6 +2655,8 @@ Enables the Wireless Distribution System (WDS) mode on the interface. The mode is also known as the 4 address mode. Takes a boolean value. Defaults to unset, and the kernel's default will be used. + + diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 87c6c60e29..8456eb71b6 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -110,6 +110,8 @@ mesh-point, p2p-client, p2p-go, p2p-device, ocb, and nan. If the list is prefixed with a "!", the test is inverted. + + @@ -118,6 +120,8 @@ A whitespace-separated list of shell-style globs matching the SSID of the currently connected wireless LAN. If the list is prefixed with a "!", the test is inverted. + + @@ -128,6 +132,8 @@ LAN. Use full colon-, hyphen- or dot-delimited hexadecimal. See the example in MACAddress=. This option may appear more than once, in which case the lists are merged. If the empty string is assigned to this option, the list is reset. + + @@ -161,6 +167,8 @@ G, are supported and are understood to the base of 1024. Note that if IPv6 is enabled on the interface, and the MTU is chosen below 1280 (the minimum MTU for IPv6) it will automatically be increased to this value. + + @@ -173,6 +181,8 @@ interfaces atop a single lower-level physical interface, which will then only serve as a link/"bridge" device aggregating traffic to the same physical link and not participate in the network otherwise. Defaults to unset. + + @@ -181,6 +191,8 @@ Takes a boolean. If set to true, the multicast flag on the device is enabled. Defaults to unset. + + @@ -189,6 +201,8 @@ Takes a boolean. If set to true, the driver retrieves all multicast packets from the network. This happens when multicast routing is enabled. Defaults to unset. + + @@ -200,6 +214,8 @@ If this is set to false for the underlying link of a passthru mode MACVLAN/MACVTAP, the virtual interface will be created with the nopromisc flag set. + + @@ -211,6 +227,8 @@ no. This is useful for preventing later matching network files from interfering with certain interfaces that are fully controlled by other applications. + + @@ -221,6 +239,8 @@ interfaces are added to a numbered group, operations on all the interfaces from that group can be performed at once. Takes an unsigned integer in the range 0…2147483647. Defaults to unset. + + @@ -250,6 +270,8 @@ assigned by DHCP or the cable is not plugged in, the link will simply remain offline and be skipped automatically by systemd-networkd-wait-online if RequiredForOnline=no. + + @@ -263,6 +285,8 @@ any. Note that this option has no effect if RequiredForOnline=no, or if RequiredForOnline= specifies a minimum operational state below degraded. + + @@ -301,6 +325,8 @@ depends on both the administrative state as well as the network device's physical connection. However, to avoid reconfiguration failures, when using always-up, IgnoreCarrierLoss= is forced to true. + + @@ -348,6 +374,8 @@ Takes a boolean. If set to yes, DHCPv4 server will be started. Defaults to no. Further settings for the DHCP server may be set in the [DHCPServer] section described below. + + @@ -366,6 +394,8 @@ Bridge= is set or when the specified MACVLAN=/MACVTAP= has Mode=passthru, or otherwise. + + @@ -382,6 +412,8 @@ LinkLocalAddressing= is yes or ipv6, setting IPv6LinkLocalAddressGenerationMode=none disables to configure an IPv6 link-local address. + + @@ -396,6 +428,8 @@ IPv6LinkLocalAddressGenerationMode=, then a stable secret address will be generated from the local machine ID and the interface name. + + @@ -407,6 +441,8 @@ 169.254.255.0/24. This setting may be useful if the device should always have the same address as long as there is no address conflict. When unset, a random address will be automatically selected. Defaults to unset. + + @@ -415,6 +451,8 @@ Takes a boolean. If set to true, sets up the route needed for non-IPv4LL hosts to communicate with IPv4LL-only hosts. Defaults to false. + + @@ -439,6 +477,8 @@ Table=1234 [Route] Gateway=:: Table=1234 + + @@ -451,6 +491,8 @@ Table=1234 registration and announcement. Defaults to true. This setting is read by systemd-resolved.service8. + + @@ -463,6 +505,8 @@ Table=1234 registration and announcement. Defaults to false. This setting is read by systemd-resolved.service8. + + @@ -479,6 +523,8 @@ Table=1234 be used. This setting is read by systemd-resolved.service8. + + @@ -495,6 +541,8 @@ Table=1234 used. This setting is read by systemd-resolved.service8. + + @@ -509,6 +557,8 @@ Table=1234 read by systemd-resolved.service8. + + @@ -527,6 +577,8 @@ Table=1234 to query the collected neighbor data. LLDP is only available on Ethernet links. See EmitLLDP= below for enabling LLDP packet emission from the local system. + + @@ -555,6 +607,8 @@ Table=1234 Note that configuring this setting to true is equivalent to nearest-bridge, the recommended and most restricted level of propagation. See LLDP= above for an option to enable LLDP reception. + + @@ -567,6 +621,8 @@ Table=1234 This forces ActivationPolicy= to be set to bound. + + @@ -652,6 +708,8 @@ Table=1234 resolv.conf5. Domain name routing has no equivalent in the traditional glibc API, which has no concept of domain name servers limited to a specific link. + + @@ -665,6 +723,8 @@ Table=1234 this link. If not specified defaults to an automatic mode: queries not matching any link's configured domains will be routed to this link if it has no routing-only domains configured. + + @@ -675,6 +735,8 @@ Table=1234 specified more than once. This setting is read by systemd-timesyncd.service8. + + @@ -697,6 +759,8 @@ Table=1234 To allow IP packet forwarding only between specific network interfaces use a firewall. + + @@ -711,6 +775,8 @@ Table=1234 yes. Note. Any positive boolean values such as yes or true are now deprecated. Please use one of the values in the above. + + @@ -728,6 +794,8 @@ Table=1234 the value specified in the same setting in networkd.conf5, which defaults to no, will be used. + + @@ -756,6 +824,8 @@ Table=1234 systemd-networkd needs to know all details supplied in the advertisements, and these are not available from the kernel if the kernel's own implementation is used. + + @@ -764,6 +834,8 @@ Table=1234 Configures the amount of IPv6 Duplicate Address Detection (DAD) probes to send. When unset, the kernel's default will be used. + + @@ -773,6 +845,8 @@ Table=1234 Configures IPv6 Hop Limit. For each router that forwards the packet, the hop limit is decremented by 1. When the hop limit field reaches zero, the packet is discarded. When unset, the kernel's default will be used. + + @@ -789,6 +863,8 @@ Table=1234 only if the source address is not reachable via any interface on that router. See RFC 3704. When unset, the kernel's default will be used. + + @@ -798,6 +874,8 @@ Table=1234 Takes a boolean. Accept packets with local source addresses. In combination with suitable routing, this can be used to direct packets between two local interfaces over the wire and have them accepted properly. When unset, the kernel's default will be used. + + @@ -807,6 +885,8 @@ Table=1234 Takes a boolean. When true, the kernel does not consider loopback addresses as martian source or destination while routing. This enables the use of 127.0.0.0/8 for local routing purposes. When unset, the kernel's default will be used. + + @@ -818,6 +898,8 @@ Table=1234 identity, the router accepts responsibility for routing packets to the "real" destination. See RFC 1027. When unset, the kernel's default will be used. + + @@ -833,6 +915,8 @@ Table=1234 also be shown by ip -6 neighbour show proxy. systemd-networkd will control the per-interface `proxy_ndp` switch for each configured interface depending on this option. When unset, the kernel's default will be used. + + @@ -845,6 +929,8 @@ Table=1234 This setting implies IPv6ProxyNDP=yes but has no effect if IPv6ProxyNDP= has been set to false. When unset, the kernel's default will be used. + + @@ -858,6 +944,8 @@ Table=1234 distributed. See DCHPPrefixDelegation= setting and the [IPv6SendRA], [IPv6Prefix], [IPv6RoutePrefix], and [DHCPPrefixDelegation] sections for more configuration options. + + @@ -869,6 +957,8 @@ Table=1234 be assigned, and the prefixes will be announced through IPv6 Router Advertisement if IPv6SendRA= is enabled. This behaviour can be configured in the [DHCPPrefixDelegation] section. Defaults to disabled. + + @@ -877,6 +967,8 @@ Table=1234 Configures IPv6 maximum transmission unit (MTU). An integer greater than or equal to 1280 bytes. When unset, the kernel's default will be used. + + @@ -889,6 +981,8 @@ Table=1234 useful when a netdev with a master interface is created by another program, e.g. systemd-nspawn1. Defaults to false. + + @@ -930,6 +1024,8 @@ Table=1234 Takes a boolean. Specifies the new active slave. The ActiveSlave= option is only valid for following modes: active-backup, balance-alb, and balance-tlb. Defaults to false. + + @@ -942,6 +1038,8 @@ Table=1234 when one slave has higher throughput than another. The PrimarySlave= option is only valid for following modes: active-backup, balance-alb, and balance-tlb. Defaults to false. + + @@ -951,6 +1049,8 @@ Table=1234 Takes a boolean. Allows networkd to configure a specific link even if it has no carrier. Defaults to false. If enabled, and the IgnoreCarrierLoss= setting is not explicitly set, then it is enabled as well. + + @@ -987,6 +1087,8 @@ Table=1234 ConfigureWithoutCarrier=. When ActivationPolicy= is set to always-up, this is forced to yes, and ignored any user specified values. + + @@ -1006,6 +1108,8 @@ Table=1234 dhcp-on-stop when systemd-networkd is running in initrd, yes when the root filesystem is a network filesystem, and no otherwise. + + @@ -1023,6 +1127,8 @@ Table=1234 As in the [Network] section. This setting is mandatory. Each [Address] section can contain one Address= setting. + + @@ -1031,6 +1137,8 @@ Table=1234 The peer address in a point-to-point connection. Accepts the same format as the Address= setting. + + @@ -1063,6 +1171,8 @@ Table=1234 requested. A setting of is useful for addresses which are added to be used only by a specific application, which is then configured to use them explicitly. + + @@ -1074,6 +1184,8 @@ Table=1234 will not traverse a gateway) or host (only valid within the device itself, e.g. 127.0.0.1) or an integer in the range 0…255. Defaults to global. + + @@ -1093,6 +1205,8 @@ Table=1234 Takes a boolean. Designates this address the "home address" as defined in RFC 6275. Supported only on IPv6. Defaults to false. + + @@ -1106,6 +1220,8 @@ Table=1234 RFC 4862. Defaults to ipv4 for IPv4 link-local addresses, ipv6 for IPv6 addresses, and none otherwise. + + @@ -1119,6 +1235,8 @@ Table=1234 needs to have a prefix length of 64. This flag allows using privacy extensions in a manually configured network, just like if stateless auto-configuration was active. Defaults to false. + + @@ -1127,6 +1245,8 @@ Table=1234 Takes a boolean. When true, the prefix route for the address is automatically added. Defaults to true. + + @@ -1142,6 +1262,8 @@ Table=1234 with option autojoin we can get similar functionality for openvswitch (OVS) vxlan interfaces as well as other tunneling mechanisms that need to receive multicast traffic. Defaults to no. + + @@ -1198,6 +1320,8 @@ allow my_server_t localnet_peer_t:peer recv; to only allow my_server_t (and nothing else) to receive data from local subnet 10.0.0.0/8 of interface eth0. + + @@ -1216,6 +1340,8 @@ allow my_server_t localnet_peer_t:peer recv; Address= The IP address of the neighbor. + + @@ -1223,6 +1349,8 @@ allow my_server_t localnet_peer_t:peer recv; LinkLayerAddress= The link layer address (MAC address or IP address) of the neighbor. + + @@ -1242,6 +1370,8 @@ allow my_server_t localnet_peer_t:peer recv; The label for the prefix, an unsigned integer in the range 0…4294967294. 0xffffffff is reserved. This setting is mandatory. + + @@ -1250,6 +1380,8 @@ allow my_server_t localnet_peer_t:peer recv; IPv6 prefix is an address with a prefix length, separated by a slash / character. This setting is mandatory. + + @@ -1275,6 +1407,8 @@ allow my_server_t localnet_peer_t:peer recv; and Differentiated services for more details. + + @@ -1283,6 +1417,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies the source address prefix to match. Possibly followed by a slash and the prefix length. + + @@ -1291,6 +1427,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies the destination address prefix to match. Possibly followed by a slash and the prefix length. + + @@ -1300,6 +1438,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies the iptables firewall mark value to match (a number in the range 1…4294967295). Optionally, the firewall mask (also a number between 1…4294967295) can be suffixed with a slash (/), e.g., 7/255. + + @@ -1311,6 +1451,8 @@ allow my_server_t localnet_peer_t:peer recv; local, and names defined in RouteTable= in networkd.conf5, or a number between 1 and 4294967295. Defaults to main. + + @@ -1320,6 +1462,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies the priority of this rule. Priority= is an integer in the range 0…4294967295. Higher number means lower priority, and rules get processed in order of increasing number. Defaults to unset, and the kernel will pick a value dynamically. + + @@ -1328,6 +1472,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies incoming device to match. If the interface is loopback, the rule only matches packets originating from this host. + + @@ -1336,6 +1482,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies the outgoing device to match. The outgoing interface is only available for packets originating from local sockets that are bound to a device. + + @@ -1345,6 +1493,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies the source IP port or IP port range match in forwarding information base (FIB) rules. A port range is specified by the lower and upper port separated by a dash. Defaults to unset. + + @@ -1354,6 +1504,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies the destination IP port or IP port range match in forwarding information base (FIB) rules. A port range is specified by the lower and upper port separated by a dash. Defaults to unset. + + @@ -1365,6 +1517,8 @@ allow my_server_t localnet_peer_t:peer recv; sctp, or IP protocol number such as 6 for tcp or 17 for udp. Defaults to unset. + + @@ -1372,6 +1526,8 @@ allow my_server_t localnet_peer_t:peer recv; InvertRule= A boolean. Specifies whether the rule is to be inverted. Defaults to false. + + @@ -1383,6 +1539,8 @@ allow my_server_t localnet_peer_t:peer recv; specified in To= or From=. If neither To= nor From= are specified, then defaults to ipv4. + + @@ -1391,6 +1549,8 @@ allow my_server_t localnet_peer_t:peer recv; Takes a username, a user ID, or a range of user IDs separated by a dash. Defaults to unset. + + @@ -1400,6 +1560,8 @@ allow my_server_t localnet_peer_t:peer recv; Takes a number N in the range 0…128 and rejects routing decisions that have a prefix length of N or less. Defaults to unset. + + @@ -1409,6 +1571,8 @@ allow my_server_t localnet_peer_t:peer recv; Takes an integer in the range 0…2147483647 and rejects routing decisions that have an interface with the same group id. It has the same meaning as in ip rule. Defaults to unset. + + @@ -1418,6 +1582,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies Routing Policy Database (RPDB) rule type. Takes one of blackhole, unreachable or prohibit. + + @@ -1436,6 +1602,8 @@ allow my_server_t localnet_peer_t:peer recv; The id of the next hop. Takes an integer in the range 1…4294967295. If unspecified, then automatically chosen by kernel. + + @@ -1443,6 +1611,8 @@ allow my_server_t localnet_peer_t:peer recv; Gateway= As in the [Network] section. + + @@ -1453,6 +1623,8 @@ allow my_server_t localnet_peer_t:peer recv; By default, the family is determined by the address specified in Gateway=. If Gateway= is not specified, then defaults to ipv4. + + @@ -1463,6 +1635,8 @@ allow my_server_t localnet_peer_t:peer recv; reachable directly by the current machine (i.e., attached to the local network), so that we can insert the nexthop in the kernel table without it being complained about. Defaults to no. + + @@ -1472,6 +1646,8 @@ allow my_server_t localnet_peer_t:peer recv; Takes a boolean. If enabled, packets to the corresponding routes are discarded silently, and Gateway= cannot be specified. Defaults to no. + + @@ -1486,6 +1662,8 @@ allow my_server_t localnet_peer_t:peer recv; Family=, Blackhole=. This setting can be specified multiple times. If an empty string is assigned, then the all previous assignments are cleared. Defaults to unset. + + @@ -1504,6 +1682,8 @@ allow my_server_t localnet_peer_t:peer recv; Takes the gateway address or the special values _dhcp4 and _ipv6ra. If _dhcp4 or _ipv6ra is set, then the gateway address provided by DHCPv4 or IPv6 RA is used. + + @@ -1514,6 +1694,8 @@ allow my_server_t localnet_peer_t:peer recv; reachable directly by the current machine (i.e., attached to the local network), so that we can insert the route in the kernel table without it being complained about. Defaults to no. + + @@ -1530,6 +1712,8 @@ allow my_server_t localnet_peer_t:peer recv; The source prefix of the route. Possibly followed by a slash and the prefix length. If omitted, a full-length host route is assumed. + + @@ -1538,6 +1722,8 @@ allow my_server_t localnet_peer_t:peer recv; The metric of the route. Takes an unsigned integer in the range 0…4294967295. Defaults to unset, and the kernel's default will be used. + + @@ -1549,6 +1735,8 @@ allow my_server_t localnet_peer_t:peer recv; messages. Which can be one of low the route has a lowest priority, medium the route has a default priority or high the route has a highest priority. + + @@ -1589,6 +1777,8 @@ allow my_server_t localnet_peer_t:peer recv; Type= is broadcast, multicast, anycast, or unicast. In other cases, defaults to global. The value is not used for IPv6. + + @@ -1599,6 +1789,8 @@ allow my_server_t localnet_peer_t:peer recv; in inet_pton3. + + @@ -1614,6 +1806,8 @@ allow my_server_t localnet_peer_t:peer recv; Type= is local, broadcast, anycast, or nat, then local is used. In other cases, defaults to main. + + @@ -1622,6 +1816,8 @@ allow my_server_t localnet_peer_t:peer recv; Configures per route hop limit. Takes an integer in the range 1…255. See also IPv6HopLimit=. + + @@ -1632,6 +1828,8 @@ allow my_server_t localnet_peer_t:peer recv; values kernel, boot, static, ra and dhcp. Defaults to static. + + @@ -1663,6 +1861,8 @@ allow my_server_t localnet_peer_t:peer recv; without waiting for acknowledgement. Takes a number between 1 and 1023. Note that 100 is considered an extremely large value for this option. When unset, the kernel's default (typically 10) will be used. + + @@ -1674,6 +1874,8 @@ allow my_server_t localnet_peer_t:peer recv; that amount of data before waiting for an acknowledgment and window update from the receiving host. Takes a number between 1 and 1023. Note that 100 is considered an extremely large value for this option. When unset, the kernel's default will be used. + + @@ -1682,6 +1884,8 @@ allow my_server_t localnet_peer_t:peer recv; Takes a boolean. When true, the TCP quick ACK mode for the route is enabled. When unset, the kernel's default will be used. + + @@ -1690,6 +1894,8 @@ allow my_server_t localnet_peer_t:peer recv; Takes a boolean. When true enables TCP fastopen without a cookie on a per-route basis. When unset, the kernel's default will be used. + + @@ -1698,6 +1904,8 @@ allow my_server_t localnet_peer_t:peer recv; Takes a boolean. When true enables TTL propagation at Label Switched Path (LSP) egress. When unset, the kernel's default will be used. + + @@ -1706,6 +1914,8 @@ allow my_server_t localnet_peer_t:peer recv; The maximum transmission unit in bytes to set for the route. The usual suffixes K, M, G, are supported and are understood to the base of 1024. + + @@ -1715,6 +1925,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies the Path MSS (in bytes) hints given on TCP layer. The usual suffixes K, M, G, are supported and are understood to the base of 1024. An unsigned integer in the range 1…4294967294. When unset, the kernel's default will be used. + + @@ -1724,6 +1936,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies the TCP congestion control algorithm for the route. Takes a name of the algorithm, e.g. bbr, dctcp, or vegas. When unset, the kernel's default will be used. + + @@ -1733,6 +1947,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies the TCP Retransmission Timeout (RTO) for the route. Takes time values in seconds. This value specifies the timeout of an alive TCP connection, when retransmissions remain unacknowledged. When unset, the kernel's default will be used. + + @@ -1744,6 +1960,8 @@ allow my_server_t localnet_peer_t:peer recv; interface name or index separated with @, and a weight in 1..256 for this multipath route separated with whitespace. This setting can be specified multiple times. If an empty string is assigned, then the all previous assignments are cleared. + + @@ -1752,6 +1970,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies the nexthop id. Takes an unsigned integer in the range 1…4294967295. If set, the corresponding [NextHop] section must be configured. Defaults to unset. + + @@ -1800,6 +2020,8 @@ allow my_server_t localnet_peer_t:peer recv; to advertise device specifications, including the intended communication patterns for their device when it connects to the network. The network can then use this to author a context-specific access policy, so the device functions only within those parameters. + + @@ -1888,6 +2110,8 @@ allow my_server_t localnet_peer_t:peer recv; Sets request options to be sent to the server in the DHCPv4 request options list. A whitespace-separated list of integers in the range 1…254. Defaults to unset. + + @@ -1904,6 +2128,8 @@ allow my_server_t localnet_peer_t:peer recv; C-style escapes. This setting can be specified multiple times. If an empty string is specified, then all options specified earlier are cleared. Defaults to unset. + + @@ -1920,6 +2146,8 @@ allow my_server_t localnet_peer_t:peer recv; C-style escapes. This setting can be specified multiple times. If an empty string is specified, then all options specified earlier are cleared. Defaults to unset. + + @@ -1945,6 +2173,8 @@ allow my_server_t localnet_peer_t:peer recv; file to set the 802.1Q VLAN ethernet tagged header priority, see systemd.netdev5. + + @@ -1955,6 +2185,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies the label for the IPv4 address received from the DHCP server. The label must be a 7-bit ASCII string with a length of 1…15 characters. Defaults to unset. + + @@ -1976,6 +2208,8 @@ allow my_server_t localnet_peer_t:peer recv; When true, the routes to the DNS servers received from the DHCP server will be configured. When UseDNS= is disabled, this setting is ignored. Defaults to true. + + @@ -1993,6 +2227,8 @@ allow my_server_t localnet_peer_t:peer recv; When true, the routes to the NTP servers received from the DHCP server will be configured. When UseNTP= is disabled, this setting is ignored. Defaults to true. + + @@ -2001,6 +2237,8 @@ allow my_server_t localnet_peer_t:peer recv; When true (the default), the SIP servers received from the DHCP server will be collected and made available to client programs. + + @@ -2009,6 +2247,8 @@ allow my_server_t localnet_peer_t:peer recv; When true (the default), the captive portal advertised by the DHCP server will be recorded and made available to client programs and displayed in the networkctl status output per-link. + + @@ -2095,6 +2335,8 @@ allow my_server_t localnet_peer_t:peer recv; Specifies the MTU for the DHCP routes. Please see the [Route] section for further details. + + @@ -2103,6 +2345,8 @@ allow my_server_t localnet_peer_t:peer recv; Takes a boolean. When true, the TCP quick ACK mode is enabled for the routes configured by the acquired DHCPv4 lease. When unset, the kernel's default will be used. + + @@ -2110,6 +2354,8 @@ allow my_server_t localnet_peer_t:peer recv; InitialCongestionWindow= As in the [Route] section. + + @@ -2117,6 +2363,8 @@ allow my_server_t localnet_peer_t:peer recv; InitialAdvertisedReceiveWindow= As in the [Route] section. + + @@ -2126,6 +2374,8 @@ allow my_server_t localnet_peer_t:peer recv; When true, the gateway will be requested from the DHCP server and added to the routing table with a metric of 1024, and a scope of . When unset, the value specified with UseRoutes= is used. + + @@ -2143,6 +2393,8 @@ allow my_server_t localnet_peer_t:peer recv; DHCPPrefixDelegation= in the [Network] section, the [DHCPPrefixDelegation] section, and RFC 5969. Defaults to false. + + @@ -2152,6 +2404,8 @@ allow my_server_t localnet_peer_t:peer recv; Allows one to set DHCPv4 lease lifetime when DHCPv4 server does not send the lease lifetime. Takes one of forever or infinity. If specified, the acquired address never expires. Defaults to unset. + + @@ -2175,6 +2429,8 @@ allow my_server_t localnet_peer_t:peer recv; time between retries is increased exponentially, up to approximately one per minute, so the network will not be overloaded even if this number is high. The default is suitable in most circumstances. + + @@ -2192,6 +2448,8 @@ allow my_server_t localnet_peer_t:peer recv; prefix length after /. DHCP offers from servers in the list are rejected. Note that if AllowList= is configured then DenyList= is ignored. + + @@ -2201,6 +2459,8 @@ allow my_server_t localnet_peer_t:peer recv; A whitespace-separated list of IPv4 addresses. Each address can optionally take a prefix length after /. DHCP offers from servers in the list are accepted. + + @@ -2209,6 +2469,8 @@ allow my_server_t localnet_peer_t:peer recv; When true, the DHCPv4 client sends a DHCP release packet when it stops. Defaults to true. + + @@ -2220,6 +2482,8 @@ allow my_server_t localnet_peer_t:peer recv; the DHCPv4 client rejects the address by sending a DHCPDECLINE packet to the DHCP server, and tries to obtain an IP address again. See RFC 5227. Defaults to false. + + @@ -2229,6 +2493,8 @@ allow my_server_t localnet_peer_t:peer recv; This applies the NetLabel for the addresses received with DHCP, like NetLabel= in [Address] section applies it to statically configured addresses. See NetLabel= in [Address] section for more details. + + @@ -2261,6 +2527,8 @@ allow my_server_t localnet_peer_t:peer recv; As in the [DHCPv4] section, however because DHCPv6 uses 16-bit fields to store option numbers, the option number is an integer in the range 1…65536. + + @@ -2278,6 +2546,8 @@ allow my_server_t localnet_peer_t:peer recv; C-style escapes. This setting can be specified multiple times. If an empty string is specified, then all options specified earlier are cleared. Defaults to unset. + + @@ -2293,6 +2563,8 @@ allow my_server_t localnet_peer_t:peer recv; escapes. This setting can be specified multiple times. If an empty string is specified, then all options specified earlier are cleared. Takes a whitespace-separated list of strings. Note that currently NUL bytes are not allowed. + + @@ -2303,6 +2575,8 @@ allow my_server_t localnet_peer_t:peer recv; hardware on which the client is running. The information contained in the data area of this option is contained in one or more opaque fields that identify details of the hardware configuration. Takes a whitespace-separated list of strings. + + @@ -2313,6 +2587,8 @@ allow my_server_t localnet_peer_t:peer recv; Address= in the [Network] section. The DHCPv6 client will include a prefix hint in the DHCPv6 solicitation sent to the server. The prefix length must be in the range 1…128. Defaults to unset. + + @@ -2326,6 +2602,8 @@ allow my_server_t localnet_peer_t:peer recv; provides faster client configuration. See RFC 3315 for details. Defaults to true, and the two-message exchange will be used if the server support it. + + @@ -2336,6 +2614,8 @@ allow my_server_t localnet_peer_t:peer recv; When true (the default), the IP addresses provided by the DHCPv6 server will be assigned. + + @@ -2344,6 +2624,8 @@ allow my_server_t localnet_peer_t:peer recv; When true (the default), the captive portal advertised by the DHCPv6 server will be recorded and made available to client programs and displayed in the networkctl status output per-link. + + @@ -2357,6 +2639,8 @@ allow my_server_t localnet_peer_t:peer recv; settings in the [DHCPPrefixDelegation] section, and RFC 8415. + + @@ -2386,6 +2670,8 @@ allow my_server_t localnet_peer_t:peer recv; section. Otherwise, defaults to no, and the DHCPv6 client will be started when an RA is received. See also the DHCPv6Client= setting in the [IPv6AcceptRA] section. + + @@ -2408,6 +2694,8 @@ allow my_server_t localnet_peer_t:peer recv; WithoutRA=solicit is implied if the setting is not explicitly specified. When :auto, the first link which acquired prefixes to be delegated from the DHCPv6 or DHCPv4 server is selected. Defaults to :auto. + + @@ -2475,6 +2763,8 @@ allow my_server_t localnet_peer_t:peer recv; This applies the NetLabel for the addresses received with DHCP, like NetLabel= in [Address] section applies it to statically configured addresses. See NetLabel= in [Address] section for more details. + + @@ -2500,6 +2790,8 @@ allow my_server_t localnet_peer_t:peer recv; The EUI-64 algorithm will be used to generate an address for that prefix. Only supported by Ethernet or InfiniBand interfaces. + + @@ -2518,6 +2810,8 @@ allow my_server_t localnet_peer_t:peer recv; for that prefix. If an IPv6 address without mode is specified, then static mode is assumed. + + @@ -2551,6 +2845,8 @@ allow my_server_t localnet_peer_t:peer recv; will be changed, even if the prefix received in the RA message has not been changed. + + @@ -2570,6 +2866,8 @@ Token=::1a:2b:3c:4d Token=static:::1a:2b:3c:4d Token=prefixstable Token=prefixstable:2002:da8:1:: + + @@ -2614,6 +2912,8 @@ Token=prefixstable:2002:da8:1:: When used in combination with VRF=, the VRF's routing table is used when this parameter is not specified. + + @@ -2626,6 +2926,8 @@ Token=prefixstable:2002:da8:1:: preference, and the last is for low preference (high:medium:low). Defaults to 512:1024:2048. + + @@ -2634,6 +2936,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. When true, the TCP quick ACK mode is enabled for the routes configured by the received RAs. When unset, the kernel's default will be used. + + @@ -2642,6 +2946,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. When true, the MTU received in the Router Advertisement will be used. Defaults to true. + + @@ -2650,6 +2956,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. When true, the hop limit received in the Router Advertisement will be set to routes configured based on the advertisement. See also IPv6HopLimit=. Defaults to true. + + @@ -2658,6 +2966,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. When true, the ICMP6 rate limit received in the Router Advertisement will be set to ICMP6 rate limit based on the advertisement. Defaults to true. + + @@ -2666,6 +2976,8 @@ Token=prefixstable:2002:da8:1:: When true (the default), the router address will be configured as the default gateway. + + @@ -2674,6 +2986,8 @@ Token=prefixstable:2002:da8:1:: When true (the default), the routes corresponding to the route prefixes received in the Router Advertisement will be configured. + + @@ -2682,6 +2996,8 @@ Token=prefixstable:2002:da8:1:: When true (the default), the captive portal received in the Router Advertisement will be recorded and made available to client programs and displayed in the networkctl status output per-link. + + @@ -2690,6 +3006,8 @@ Token=prefixstable:2002:da8:1:: When true (the default), the autonomous prefix received in the Router Advertisement will be used and take precedence over any statically configured ones. + + @@ -2698,6 +3016,8 @@ Token=prefixstable:2002:da8:1:: When true (the default), the onlink prefix received in the Router Advertisement will be used and takes precedence over any statically configured ones. + + @@ -2707,6 +3027,8 @@ Token=prefixstable:2002:da8:1:: A whitespace-separated list of IPv6 router addresses. Each address can optionally take a prefix length after /. Any information advertised by the listed router is ignored. + + @@ -2717,6 +3039,8 @@ Token=prefixstable:2002:da8:1:: take a prefix length after /. Only information advertised by the listed router is accepted. Note that if RouterAllowList= is configured then RouterDenyList= is ignored. + + @@ -2726,6 +3050,8 @@ Token=prefixstable:2002:da8:1:: A whitespace-separated list of IPv6 prefixes. Each prefix can optionally take its prefix length after /. IPv6 prefixes supplied via router advertisements in the list are ignored. + + @@ -2736,6 +3062,8 @@ Token=prefixstable:2002:da8:1:: prefix length after /. IPv6 prefixes supplied via router advertisements in the list are allowed. Note that if PrefixAllowList= is configured then PrefixDenyList= is ignored. + + @@ -2745,6 +3073,8 @@ Token=prefixstable:2002:da8:1:: A whitespace-separated list of IPv6 route prefixes. Each prefix can optionally take its prefix length after /. IPv6 route prefixes supplied via router advertisements in the list are ignored. + + @@ -2755,6 +3085,8 @@ Token=prefixstable:2002:da8:1:: its prefix length after /. IPv6 route prefixes supplied via router advertisements in the list are allowed. Note that if RouteAllowList= is configured then RouteDenyList= is ignored. + + @@ -2772,6 +3104,8 @@ Token=prefixstable:2002:da8:1:: WithoutRA= in the [DHCPv6] section is enabled, or UplinkInterface=:self in the [DHCPPrefixDelegation] section is specified. Defaults to true. + + @@ -2781,6 +3115,8 @@ Token=prefixstable:2002:da8:1:: This applies the NetLabel for the addresses received with RA, like NetLabel= in [Address] section applies it to statically configured addresses. See NetLabel= in [Address] section for more details. + + @@ -2798,7 +3134,9 @@ Token=prefixstable:2002:da8:1:: Specifies server address for the DHCP server. Takes an IPv4 address with prefix length, for example 192.168.0.1/24. This setting may be useful when the link on which the DHCP server is running has multiple static addresses. When unset, one of static addresses - in the link will be automatically selected. Defaults to unset. + in the link will be automatically selected. Defaults to unset. + + @@ -2815,7 +3153,9 @@ Token=prefixstable:2002:da8:1:: the first address after the subnet address and takes up the rest of the subnet, excluding the broadcast address. If the pool includes the server address (the default), this is reserved and not handed - out to clients. + out to clients. + + @@ -2833,7 +3173,9 @@ Token=prefixstable:2002:da8:1:: if the configuration data in DHCP leases changes frequently and clients shall learn the new settings with shorter latencies. Longer lease times reduce the generated DHCP - network traffic. + network traffic. + + @@ -2843,7 +3185,9 @@ Token=prefixstable:2002:da8:1:: servers is enabled but no servers are specified, the servers configured in the uplink interface will be emitted. When :auto, the link which has a default gateway with the highest priority will be automatically selected. When :none, no uplink - interface will be selected. Defaults to :auto. + interface will be selected. Defaults to :auto. + + @@ -2868,7 +3212,9 @@ Token=prefixstable:2002:da8:1:: MaxLeaseTimeSec= described above. This setting can be specified multiple times. If an empty string is specified, then all - DNS servers specified earlier are cleared. + DNS servers specified earlier are cleared. + + @@ -2914,7 +3260,9 @@ Token=prefixstable:2002:da8:1:: UTC) to pass to clients. If no explicit timezone is set, the system timezone of the local host is propagated, as determined by the - /etc/localtime symlink. + /etc/localtime symlink. + + @@ -2925,6 +3273,8 @@ Token=prefixstable:2002:da8:1:: address is sent in the field of the DHCP message header. See RFC 2131 for more details. Defaults to unset. + + @@ -2939,6 +3289,8 @@ Token=prefixstable:2002:da8:1:: Note that typically setting one of BootServerName= or BootServerAddress= is sufficient, but both can be set too, if desired. + + @@ -2950,6 +3302,8 @@ Token=prefixstable:2002:da8:1:: sent in the DHCP option 67 ("Bootfile name"). See RFC 2132 for more details. Defaults to unset. + + @@ -2964,6 +3318,8 @@ Token=prefixstable:2002:da8:1:: C-style escapes. This setting can be specified multiple times. If an empty string is specified, then all options specified earlier are cleared. Defaults to unset. + + @@ -2978,6 +3334,8 @@ Token=prefixstable:2002:da8:1:: C-style escapes. This setting can be specified multiple times. If an empty string is specified, then all options specified earlier are cleared. Defaults to unset. + + @@ -2987,6 +3345,8 @@ Token=prefixstable:2002:da8:1:: to its network interface and all socket communication will be restricted to this interface. Defaults to yes, except if RelayTarget= is used (see below), in which case it defaults to no. + + @@ -2996,6 +3356,8 @@ Token=prefixstable:2002:da8:1:: inet_pton3. Turns this DHCP server into a DHCP relay agent. See RFC 1542. The address is the address of DHCP server or another relay agent to forward DHCP messages to and from. + + @@ -3006,6 +3368,8 @@ Token=prefixstable:2002:da8:1:: where value should be replaced with the value of the suboption. Defaults to unset (means no Agent Circuit ID suboption is generated). Ignored if RelayTarget= is not specified. + + @@ -3016,6 +3380,8 @@ Token=prefixstable:2002:da8:1:: where value should be replaced with the value of the suboption. Defaults to unset (means no Agent Remote ID suboption is generated). Ignored if RelayTarget= is not specified. + + @@ -3039,7 +3405,9 @@ Token=prefixstable:2002:da8:1:: Address= The IPv4 address that should be assigned to the device that was matched with - MACAddress=. This key is mandatory. + MACAddress=. This key is mandatory. + + @@ -3082,6 +3450,8 @@ Token=prefixstable:2002:da8:1:: Takes a timespan. Configures the retransmit time, used by clients to retransmit Neighbor Solicitation messages on address resolution and the Neighbor Unreachability Detection algorithm. An integer the default unit of seconds, in the range 0…4294967295 msec. Defaults to 0. + + @@ -3103,6 +3473,8 @@ Token=prefixstable:2002:da8:1:: Configures hop limit. Takes an integer in the range 0…255. See also IPv6HopLimit=. + + @@ -3115,7 +3487,9 @@ Token=prefixstable:2002:da8:1:: setting in the [DHCPPrefixDelegation] section will be used if DHCPPrefixDelegation= is enabled, otherwise the link which has a default gateway with the highest priority will be automatically selected. When :none, - no uplink interface will be selected. Defaults to :auto. + no uplink interface will be selected. Defaults to :auto. + + @@ -3172,7 +3546,9 @@ Token=prefixstable:2002:da8:1:: autoconfigured with this prefix and whether the prefix can be used for onlink determination. Both settings default to true in order to ease configuration. - + + + @@ -3182,7 +3558,9 @@ Token=prefixstable:2002:da8:1:: IPv6 addresses, the setting is configured as an IPv6 prefix and its prefix length, separated by a / character. Use multiple [IPv6Prefix] sections to configure multiple IPv6 prefixes since prefix lifetimes, address autoconfiguration and onlink status may differ from one - prefix to another. + prefix to another. + + @@ -3191,13 +3569,17 @@ Token=prefixstable:2002:da8:1:: Preferred and valid lifetimes for the prefix measured in seconds. PreferredLifetimeSec= defaults to 1800 seconds (30 minutes) and - ValidLifetimeSec= defaults to 3600 seconds (one hour). + ValidLifetimeSec= defaults to 3600 seconds (one hour). + + Assign= Takes a boolean. When true, adds an address from the prefix. Default to false. - + + + @@ -3207,6 +3589,8 @@ Token=prefixstable:2002:da8:1:: prefix. This accepts the same syntax as Token= in the [IPv6AcceptRA] section. If Assign= is set to false, then this setting will be ignored. Defaults to unset, which means the EUI-64 algorithm will be used. + + @@ -3216,6 +3600,8 @@ Token=prefixstable:2002:da8:1:: The metric of the prefix route. Takes an unsigned integer in the range 0…4294967295. When unset or set to 0, the kernel's default value is used. This setting is ignored when Assign= is false. + + @@ -3236,14 +3622,18 @@ Token=prefixstable:2002:da8:1:: The IPv6 route that is to be distributed to hosts. Similarly to configuring static IPv6 routes, the setting is configured as an IPv6 prefix routes and its prefix route length, separated by a / character. Use multiple [IPv6RoutePrefix] sections to configure - multiple IPv6 prefix routes. + multiple IPv6 prefix routes. + + LifetimeSec= Lifetime for the route prefix measured in seconds. - LifetimeSec= defaults to 3600 seconds (one hour). + LifetimeSec= defaults to 3600 seconds (one hour). + + @@ -3264,12 +3654,16 @@ Token=prefixstable:2002:da8:1:: an IPv6 prefix that should be set up for NAT64 translation (PLAT) to allow 464XLAT on the network segment. Use multiple [IPv6PREF64Prefix] sections to configure multiple IPv6 prefixes since prefix lifetime may differ from one prefix to another. The prefix is an address with a prefix length, separated by a slash - / character. Valid NAT64 prefix length are 96, 64, 56, 48, 40, and 32 bits. + / character. Valid NAT64 prefix length are 96, 64, 56, 48, 40, and 32 bits. + + LifetimeSec= Lifetime for the prefix measured in seconds. Should be greater than or equal to RouterLifetimeSec=. - LifetimeSec= defaults to 1800 seconds. + LifetimeSec= defaults to 1800 seconds. + + @@ -3285,6 +3679,8 @@ Token=prefixstable:2002:da8:1:: traffic for which an FDB entry is missing and the destination is unknown through this port. When unset, the kernel's default will be used. + + @@ -3294,6 +3690,8 @@ Token=prefixstable:2002:da8:1:: traffic for which an MDB entry is missing and the destination is unknown through this port. When unset, the kernel's default will be used. + + @@ -3303,6 +3701,8 @@ Token=prefixstable:2002:da8:1:: the bridge. Which means unicast copies are only delivered to hosts which are interested in it. When unset, the kernel's default will be used. + + @@ -3311,6 +3711,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. Configures whether ARP and ND neighbor suppression is enabled for this port. When unset, the kernel's default will be used. + + @@ -3319,6 +3721,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. Configures whether MAC address learning is enabled for this port. When unset, the kernel's default will be used. + + @@ -3327,6 +3731,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. Configures whether traffic may be sent back out of the port on which it was received. When this flag is false, then the bridge will not forward traffic back out of the receiving port. When unset, the kernel's default will be used. + + @@ -3336,6 +3742,8 @@ Token=prefixstable:2002:da8:1:: isolated ports can only communicate with non-isolated ports. When set to true, this port can only communicate with other ports whose Isolated setting is false. When set to false, this port can communicate with any other ports. When unset, the kernel's default will be used. + + @@ -3343,6 +3751,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. Configures whether STP Bridge Protocol Data Units will be processed by the bridge port. When unset, the kernel's default will be used. + + @@ -3351,6 +3761,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. This flag allows the bridge to immediately stop multicast traffic on a port that receives an IGMP Leave message. It is only used with IGMP snooping if enabled on the bridge. When unset, the kernel's default will be used. + + @@ -3359,6 +3771,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. Configures whether a given port is allowed to become a root port. Only used when STP is enabled on the bridge. When unset, the kernel's default will be used. + + @@ -3366,6 +3780,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. Configures whether proxy ARP to be enabled on this port. When unset, the kernel's default will be used. + + @@ -3374,6 +3790,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. Configures whether proxy ARP to be enabled on this port which meets extended requirements by IEEE 802.11 and Hotspot 2.0 specifications. When unset, the kernel's default will be used. + + @@ -3385,6 +3803,8 @@ Token=prefixstable:2002:da8:1:: the presence of routers, permanent to permanently enable multicast traffic forwarding on this port, or temporary to enable multicast routers temporarily on this port, not depending on incoming queries. When unset, the kernel's default will be used. + + @@ -3395,6 +3815,8 @@ Token=prefixstable:2002:da8:1:: is used to decide which link to use. Faster interfaces should have lower costs. It is an integer value between 1 and 65535. + + @@ -3405,6 +3827,8 @@ Token=prefixstable:2002:da8:1:: to decide which link to use. Lower value means higher priority. It is an integer value between 0 to 63. Networkd does not set any default, meaning the kernel default value of 32 is used. + + @@ -3425,6 +3849,8 @@ Token=prefixstable:2002:da8:1:: Destination= Takes an IP address of the destination VXLAN tunnel endpoint. + + @@ -3433,6 +3859,8 @@ Token=prefixstable:2002:da8:1:: The VLAN ID for the new static MAC table entry. If omitted, no VLAN ID information is appended to the new static MAC table entry. + + @@ -3441,6 +3869,8 @@ Token=prefixstable:2002:da8:1:: The VXLAN Network Identifier (or VXLAN Segment ID) to use to connect to the remote VXLAN tunnel endpoint. Takes a number in the range 1…16777215. Defaults to unset. + + @@ -3454,6 +3884,8 @@ Token=prefixstable:2002:da8:1:: means the address is associated with master devices fdb. router means the destination address is associated with a router. Note that it's valid if the referenced device is a VXLAN type device and has route shortcircuit enabled. Defaults to self. + + @@ -3461,6 +3893,8 @@ Token=prefixstable:2002:da8:1:: Specifies the name or index of the outgoing interface for the VXLAN device driver to reach the remote VXLAN tunnel endpoint. Defaults to unset. + + @@ -3475,6 +3909,8 @@ Token=prefixstable:2002:da8:1:: MulticastGroupAddress= Specifies the IPv4 or IPv6 multicast group address to add. This setting is mandatory. + + @@ -3500,6 +3936,8 @@ Token=prefixstable:2002:da8:1:: The MUD URLs received via LLDP packets are saved and can be read using the sd_lldp_neighbor_get_mud_url() function. + + @@ -3515,6 +3953,8 @@ Token=prefixstable:2002:da8:1:: The bitrate of CAN device in bits per second. The usual SI prefixes (K, M) with the base of 1000 can be used here. Takes a number in the range 1…4294967295. + + @@ -3523,6 +3963,8 @@ Token=prefixstable:2002:da8:1:: Optional sample point in percent with one decimal (e.g. 75%, 87.5%) or permille (e.g. 875‰). This will be ignored when BitRate= is unspecified. + + @@ -3542,6 +3984,8 @@ Token=prefixstable:2002:da8:1:: integer in the range 0…4294967295. These settings except for SyncJumpWidth= will be ignored when BitRate= is specified. + + @@ -3550,6 +3994,8 @@ Token=prefixstable:2002:da8:1:: The bitrate and sample point for the data phase, if CAN-FD is used. These settings are analogous to the BitRate= and SamplePoint= keys. + + @@ -3562,6 +4008,8 @@ Token=prefixstable:2002:da8:1:: Specifies the time quanta, propagation segment, phase buffer segment 1 and 2, and the synchronization jump width for the data phase, if CAN-FD is used. These settings are analogous to the TimeQuantaNSec= or related settings. + + @@ -3571,6 +4019,8 @@ Token=prefixstable:2002:da8:1:: Note, that a bitrate and optional sample point should also be set for the CAN-FD data phase using the DataBitRate= and DataSamplePoint= keys, or DataTimeQuanta= and related settings. + + @@ -3578,6 +4028,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. When yes, non-ISO CAN-FD mode is enabled for the interface. When unset, the kernel's default will be used. + + @@ -3588,6 +4040,8 @@ Token=prefixstable:2002:da8:1:: be specified using decimals (e.g. 0.1s) or a ms or us postfix. Using infinity or 0 will turn the automatic restart off. By default automatic restart is disabled. + + @@ -3597,6 +4051,8 @@ Token=prefixstable:2002:da8:1:: yes, the termination resistor is set to 120 ohm. When no or 0 is set, the termination resistor is disabled. When unset, the kernel's default will be used. + + @@ -3604,6 +4060,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. When yes, three samples (instead of one) are used to determine the value of a received bit by majority rule. When unset, the kernel's default will be used. + + @@ -3614,6 +4072,8 @@ Token=prefixstable:2002:da8:1:: unable to send recessive bit, bus overload, active error announcement, error occurred on transmission). When unset, the kernel's default will be used. Note: in case of a CAN bus with a single CAN device, sending a CAN frame may result in a huge number of CAN bus errors. + + @@ -3624,6 +4084,8 @@ Token=prefixstable:2002:da8:1:: bit. Listen-only mode is important to debug CAN networks without interfering with the communication or acknowledge the CAN frame. When unset, the kernel's default will be used. + + @@ -3633,6 +4095,8 @@ Token=prefixstable:2002:da8:1:: loopback mode is enabled, the interface treats messages transmitted by itself as received messages. The loopback mode is important to debug CAN networks. When unset, the kernel's default will be used. + + @@ -3640,6 +4104,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. When yes, one-shot mode is enabled. When unset, the kernel's default will be used. + + @@ -3647,6 +4113,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. When yes, the interface will ignore missing CAN ACKs. When unset, the kernel's default will be used. + + @@ -3654,6 +4122,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. When yes, the interface will handle the 4bit data length code (DLC). When unset, the kernel's default will be used. + + @@ -3701,6 +4171,8 @@ Token=prefixstable:2002:da8:1:: Specifies the fixed amount of delay to be added to all packets going out of the interface. Defaults to unset. + + @@ -3709,6 +4181,8 @@ Token=prefixstable:2002:da8:1:: Specifies the chosen delay to be added to the packets outgoing to the network interface. Defaults to unset. + + @@ -3717,6 +4191,8 @@ Token=prefixstable:2002:da8:1:: Specifies the maximum number of packets the qdisc may hold queued at a time. An unsigned integer in the range 0…4294967294. Defaults to 1000. + + @@ -3725,6 +4201,8 @@ Token=prefixstable:2002:da8:1:: Specifies an independent loss probability to be added to the packets outgoing from the network interface. Takes a percentage value, suffixed with "%". Defaults to unset. + + @@ -3733,6 +4211,8 @@ Token=prefixstable:2002:da8:1:: Specifies that the chosen percent of packets is duplicated before queuing them. Takes a percentage value, suffixed with "%". Defaults to unset. + + @@ -3752,6 +4232,8 @@ Token=prefixstable:2002:da8:1:: Specifies the latency parameter, which specifies the maximum amount of time a packet can sit in the Token Bucket Filter (TBF). Defaults to unset. + + @@ -3761,6 +4243,8 @@ Token=prefixstable:2002:da8:1:: Takes the number of bytes that can be queued waiting for tokens to become available. When the size is suffixed with K, M, or G, it is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset. + + @@ -3771,6 +4255,8 @@ Token=prefixstable:2002:da8:1:: can be available for instantaneous transfer. When the size is suffixed with K, M, or G, it is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset. + + @@ -3780,6 +4266,8 @@ Token=prefixstable:2002:da8:1:: Specifies the device specific bandwidth. When suffixed with K, M, or G, the specified bandwidth is parsed as Kilobits, Megabits, or Gigabits, respectively, to the base of 1000. Defaults to unset. + + @@ -3789,6 +4277,8 @@ Token=prefixstable:2002:da8:1:: The Minimum Packet Unit (MPU) determines the minimal token usage (specified in bytes) for a packet. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to zero. + + @@ -3798,6 +4288,8 @@ Token=prefixstable:2002:da8:1:: Takes the maximum depletion rate of the bucket. When suffixed with K, M, or G, the specified size is parsed as Kilobits, Megabits, or Gigabits, respectively, to the base of 1000. Defaults to unset. + + @@ -3807,6 +4299,8 @@ Token=prefixstable:2002:da8:1:: Specifies the size of the peakrate bucket. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset. + + @@ -3827,6 +4321,8 @@ Token=prefixstable:2002:da8:1:: Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are dropped. An unsigned integer in the range 1…4294967294. Defaults to unset and kernel's default is used. + + @@ -3847,6 +4343,8 @@ Token=prefixstable:2002:da8:1:: Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are dropped. An unsigned integer ranges 1 to 4294967294. Defaults to unset and kernel's default is used. + + @@ -3867,6 +4365,8 @@ Token=prefixstable:2002:da8:1:: Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are dropped. An unsigned integer in the range 0…4294967294. Defaults to unset and kernel's default is used. + + @@ -3885,6 +4385,8 @@ Token=prefixstable:2002:da8:1:: PerturbPeriodSec= Specifies the interval in seconds for queue algorithm perturbation. Defaults to unset. + + @@ -3907,6 +4409,8 @@ Token=prefixstable:2002:da8:1:: reached, incoming packets are dropped. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and kernel default is used. + + @@ -3928,6 +4432,8 @@ Token=prefixstable:2002:da8:1:: overflow in case the kernel is unable to dequeue packets as quickly as it receives them. When this limit is reached, incoming packets are dropped. An unsigned integer in the range 0…4294967294. Defaults to unset and kernel's default is used. + + @@ -3945,7 +4451,9 @@ Token=prefixstable:2002:da8:1:: PacketLimit= - As in [PFIFO] section. + As in [PFIFO] section. + + @@ -3976,6 +4484,8 @@ Token=prefixstable:2002:da8:1:: Specifies the shaper bandwidth. When suffixed with K, M, or G, the specified size is parsed as Kilobits, Megabits, or Gigabits, respectively, to the base of 1000. Defaults to unset and kernel's default is used. + + @@ -3986,6 +4496,8 @@ Token=prefixstable:2002:da8:1:: at this qdisc. This is most likely to be useful with cellular links, which tend to change quality randomly. If this setting is enabled, the Bandwidth= setting is used as an initial estimate. Defaults to unset, and the kernel's default is used. + + @@ -3995,6 +4507,8 @@ Token=prefixstable:2002:da8:1:: Specifies that bytes to be addeded to the size of each packet. Bytes may be negative. Takes an integer in the range -64…256. Defaults to unset and kernel's default is used. + + @@ -4003,6 +4517,8 @@ Token=prefixstable:2002:da8:1:: Rounds each packet (including overhead) up to the specified bytes. Takes an integer in the range 1…256. Defaults to unset and kernel's default is used. + + @@ -4015,6 +4531,8 @@ Token=prefixstable:2002:da8:1:: ATM cell framing, which is normally found on ADSL links. When ptm, enables the compensation for PTM encoding, which is normally found on VDSL2 links and uses a 64b/65b encoding scheme. Defaults to unset and the kernel's default is used. + + @@ -4024,6 +4542,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean value. When true, the packet size reported by the Linux kernel will be used, instead of the underlying IP packet size. Defaults to unset, and the kernel's default is used. + + @@ -4040,7 +4560,9 @@ Token=prefixstable:2002:da8:1:: The flow isolation is disabled, and all traffic passes through a single queue. - + + + @@ -4048,7 +4570,9 @@ Token=prefixstable:2002:da8:1:: Flows are defined only by source address. Equivalent to the srchost option for tc qdisc command. See also tc-cake8. - + + + @@ -4056,7 +4580,9 @@ Token=prefixstable:2002:da8:1:: Flows are defined only by destination address. Equivalent to the dsthost option for tc qdisc command. See also tc-cake8. - + + + @@ -4064,7 +4590,9 @@ Token=prefixstable:2002:da8:1:: Flows are defined by source-destination host pairs. Equivalent to the same option for tc qdisc command. See also tc-cake8. - + + + @@ -4073,7 +4601,9 @@ Token=prefixstable:2002:da8:1:: transport protocol, source port and destination port. Equivalent to the same option for tc qdisc command. See also tc-cake8. - + + + @@ -4083,7 +4613,9 @@ Token=prefixstable:2002:da8:1:: to the dual-srchost option for tc qdisc command. See also tc-cake8. - + + + @@ -4093,7 +4625,9 @@ Token=prefixstable:2002:da8:1:: Equivalent to the dual-dsthost option for tc qdisc command. See also tc-cake8. - + + + @@ -4103,11 +4637,15 @@ Token=prefixstable:2002:da8:1:: Equivalent to the triple-isolate option for tc qdisc command. See also tc-cake8. - + + + Defaults to unset and the kernel's default is used. + + @@ -4120,6 +4658,8 @@ Token=prefixstable:2002:da8:1:: FlowIsolationMode= is none or flows, or if NAT is performed on a different host. Defaults to unset, and the kernel's default is used. + + @@ -4135,7 +4675,9 @@ Token=prefixstable:2002:da8:1:: Disables priority queueing by placing all traffic in one tin. - + + + @@ -4143,7 +4685,9 @@ Token=prefixstable:2002:da8:1:: Enables priority queueing based on the legacy interpretation of TOS Precedence field. Use of this preset on the modern Internet is firmly discouraged. - + + + @@ -4152,7 +4696,9 @@ Token=prefixstable:2002:da8:1:: (DiffServ) field with eight tins: Background Traffic, High Throughput, Best Effort, Video Streaming, Low Latency Transactions, Interactive Shell, Minimum Latency, and Network Control. - + + + @@ -4160,7 +4706,9 @@ Token=prefixstable:2002:da8:1:: Enables priority queueing based on the Differentiated Service (DiffServ) field with four tins: Background Traffic, Best Effort, Streaming Media, and Latency Sensitive. - + + + @@ -4168,11 +4716,15 @@ Token=prefixstable:2002:da8:1:: Enables priority queueing based on the Differentiated Service (DiffServ) field with three tins: Background Traffic, Best Effort, and Latency Sensitive. - + + + Defaults to unset, and the kernel's default is used. + + @@ -4182,6 +4734,8 @@ Token=prefixstable:2002:da8:1:: Takes an integer in the range 1…4294967295. When specified, firewall-mark-based overriding of CAKE's tin selection is enabled. Defaults to unset, and the kernel's default is used. + + @@ -4190,6 +4744,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean value. When true, CAKE clears the DSCP fields, except for ECN bits, of any packet passing through CAKE. Defaults to unset, and the kernel's default is used. + + @@ -4199,6 +4755,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean value. When true, CAKE will split General Segmentation Offload (GSO) super-packets into their on-the-wire components and dequeue them individually. Defaults to unset, and the kernel's default is used. + + @@ -4209,6 +4767,8 @@ Token=prefixstable:2002:da8:1:: extremely high-performance 10GigE+ networks like datacentre, 1ms for non-WiFi LAN connections, 100ms for typical internet connections. Defaults to unset, and the kernel's default will be used. + + @@ -4220,6 +4780,8 @@ Token=prefixstable:2002:da8:1:: keep at least two redundant ACKs in the queue, while in aggressive mode, it will filter down to a single ACK. This may improve download throughput on links with very asymmetrical rate limits. Defaults to unset, and the kernel's default will be used. + + @@ -4241,6 +4803,8 @@ Token=prefixstable:2002:da8:1:: Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are dropped. An unsigned integer in the range 0…4294967294. Defaults to unset and kernel's default is used. + + @@ -4249,6 +4813,8 @@ Token=prefixstable:2002:da8:1:: Takes a timespan. Specifies the acceptable minimum standing/persistent queue delay. Defaults to unset and kernel's default is used. + + @@ -4257,6 +4823,8 @@ Token=prefixstable:2002:da8:1:: Takes a timespan. This is used to ensure that the measured minimum delay does not become too stale. Defaults to unset and kernel's default is used. + + @@ -4265,6 +4833,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. This can be used to mark packets instead of dropping them. Defaults to unset and kernel's default is used. + + @@ -4273,6 +4843,8 @@ Token=prefixstable:2002:da8:1:: Takes a timespan. This sets a threshold above which all packets are marked with ECN Congestion Experienced (CE). Defaults to unset and kernel's default is used. + + @@ -4305,6 +4877,8 @@ Token=prefixstable:2002:da8:1:: to the next class. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to the MTU of the interface. + + @@ -4326,6 +4900,8 @@ Token=prefixstable:2002:da8:1:: Specifies the number of bands. An unsigned integer in the range 1…16. This value has to be at least large enough to cover the strict bands specified through the StrictBands= and bandwidth-sharing bands specified in QuantumBytes=. + + @@ -4334,6 +4910,8 @@ Token=prefixstable:2002:da8:1:: Specifies the number of bands that should be created in strict mode. An unsigned integer in the range 1…16. + + @@ -4344,6 +4922,8 @@ Token=prefixstable:2002:da8:1:: suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. This setting can be specified multiple times. If an empty string is assigned, then the all previous assignments are cleared. + + @@ -4356,6 +4936,8 @@ Token=prefixstable:2002:da8:1:: there are fewer, the default band that traffic with one of the unmentioned priorities goes to is the last one. Each band number must be in the range 0…255. This setting can be specified multiple times. If an empty string is assigned, then the all previous assignments are cleared. + + @@ -4375,6 +4957,8 @@ Token=prefixstable:2002:da8:1:: Specifies the number of virtual queues. Takes an integer in the range 1…16. Defaults to unset and kernel's default is used. + + @@ -4383,6 +4967,8 @@ Token=prefixstable:2002:da8:1:: Specifies the number of default virtual queue. This must be less than VirtualQueue=. Defaults to unset and kernel's default is used. + + @@ -4391,6 +4977,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. It turns on the RIO-like buffering scheme. Defaults to unset and kernel's default is used. + + @@ -4410,6 +4998,8 @@ Token=prefixstable:2002:da8:1:: Specifies the hard limit on the real queue size. When this limit is reached, incoming packets are dropped. Defaults to unset and kernel's default is used. + + @@ -4419,6 +5009,8 @@ Token=prefixstable:2002:da8:1:: Specifies the limit on the total number of bytes that can be queued in this FQ-CoDel instance. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and kernel's default is used. + + @@ -4427,6 +5019,8 @@ Token=prefixstable:2002:da8:1:: Specifies the number of flows into which the incoming packets are classified. Defaults to unset and kernel's default is used. + + @@ -4435,6 +5029,8 @@ Token=prefixstable:2002:da8:1:: Takes a timespan. Specifies the acceptable minimum standing/persistent queue delay. Defaults to unset and kernel's default is used. + + @@ -4443,6 +5039,8 @@ Token=prefixstable:2002:da8:1:: Takes a timespan. This is used to ensure that the measured minimum delay does not become too stale. Defaults to unset and kernel's default is used. + + @@ -4452,6 +5050,8 @@ Token=prefixstable:2002:da8:1:: Specifies the number of bytes used as the "deficit" in the fair queuing algorithm timespan. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and kernel's default is used. + + @@ -4460,6 +5060,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean. This can be used to mark packets instead of dropping them. Defaults to unset and kernel's default is used. + + @@ -4468,6 +5070,8 @@ Token=prefixstable:2002:da8:1:: Takes a timespan. This sets a threshold above which all packets are marked with ECN Congestion Experienced (CE). Defaults to unset and kernel's default is used. + + @@ -4487,6 +5091,8 @@ Token=prefixstable:2002:da8:1:: Specifies the hard limit on the real queue size. When this limit is reached, incoming packets are dropped. Defaults to unset and kernel's default is used. + + @@ -4495,6 +5101,8 @@ Token=prefixstable:2002:da8:1:: Specifies the hard limit on the maximum number of packets queued per flow. Defaults to unset and kernel's default is used. + + @@ -4505,6 +5113,8 @@ Token=prefixstable:2002:da8:1:: to dequeue at once. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and kernel's default is used. + + @@ -4515,6 +5125,8 @@ Token=prefixstable:2002:da8:1:: allowed to dequeue initially. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and kernel's default is used. + + @@ -4524,6 +5136,8 @@ Token=prefixstable:2002:da8:1:: Specifies the maximum sending rate of a flow. When suffixed with K, M, or G, the specified size is parsed as Kilobits, Megabits, or Gigabits, respectively, to the base of 1000. Defaults to unset and kernel's default is used. + + @@ -4532,6 +5146,8 @@ Token=prefixstable:2002:da8:1:: Specifies the size of the hash table used for flow lookups. Defaults to unset and kernel's default is used. + + @@ -4541,6 +5157,8 @@ Token=prefixstable:2002:da8:1:: Takes an unsigned integer. For packets not owned by a socket, fq is able to mask a part of hash and reduce number of buckets associated with the traffic. Defaults to unset and kernel's default is used. + + @@ -4549,6 +5167,8 @@ Token=prefixstable:2002:da8:1:: Takes a boolean, and enables or disables flow pacing. Defaults to unset and kernel's default is used. + + @@ -4557,6 +5177,8 @@ Token=prefixstable:2002:da8:1:: Takes a timespan. This sets a threshold above which all packets are marked with ECN Congestion Experienced (CE). Defaults to unset and kernel's default is used. + + @@ -4578,6 +5200,8 @@ Token=prefixstable:2002:da8:1:: Note that when teql is used, currently, the module sch_teql with max_equalizers=N+1 option must be loaded before systemd-networkd is started. + + @@ -4597,6 +5221,8 @@ Token=prefixstable:2002:da8:1:: Takes the minor id in hexadecimal of the default class. Unclassified traffic gets sent to the class. Defaults to unset. + + @@ -4605,6 +5231,8 @@ Token=prefixstable:2002:da8:1:: Takes an unsigned integer. The DRR quantums are calculated by dividing the value configured in Rate= by RateToQuantum=. + + @@ -4624,6 +5252,8 @@ Token=prefixstable:2002:da8:1:: Specifies the priority of the class. In the round-robin process, classes with the lowest priority field are tried for packets first. + + @@ -4633,6 +5263,8 @@ Token=prefixstable:2002:da8:1:: Specifies how many bytes to serve from leaf at once. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. + + @@ -4641,6 +5273,8 @@ Token=prefixstable:2002:da8:1:: Specifies the maximum packet size we create. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. + + @@ -4650,6 +5284,8 @@ Token=prefixstable:2002:da8:1:: Takes an unsigned integer which specifies per-packet size overhead used in rate computations. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. + + @@ -4659,6 +5295,8 @@ Token=prefixstable:2002:da8:1:: Specifies the maximum rate this class and all its children are guaranteed. When suffixed with K, M, or G, the specified size is parsed as Kilobits, Megabits, or Gigabits, respectively, to the base of 1000. This setting is mandatory. + + @@ -4669,6 +5307,8 @@ Token=prefixstable:2002:da8:1:: When suffixed with K, M, or G, the specified size is parsed as Kilobits, Megabits, or Gigabits, respectively, to the base of 1000. When unset, the value specified with Rate= is used. + + @@ -4678,6 +5318,8 @@ Token=prefixstable:2002:da8:1:: Specifies the maximum bytes burst which can be accumulated during idle period. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. + + @@ -4687,6 +5329,8 @@ Token=prefixstable:2002:da8:1:: Specifies the maximum bytes burst for ceil which can be accumulated during idle period. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. + + @@ -4707,6 +5351,8 @@ Token=prefixstable:2002:da8:1:: Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are dropped. An unsigned integer in the range 0…4294967294. Defaults to unset and kernel's default is used. + + @@ -4737,6 +5383,8 @@ Token=prefixstable:2002:da8:1:: Specifies the weight of the class. Takes an integer in the range 1…1023. Defaults to unset in which case the kernel default is used. + + @@ -4746,6 +5394,8 @@ Token=prefixstable:2002:da8:1:: Specifies the maximum packet size in bytes for the class. When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. When unset, the kernel default is used. + + @@ -4772,6 +5422,8 @@ Token=prefixstable:2002:da8:1:: The VLAN ID specified here will be used to untag frames on egress. Configuring EgressUntagged= implicates the use of VLAN= above and will enable the VLAN ID for ingress as well. This can be either a single ID or a range M-N. + + @@ -4780,6 +5432,8 @@ Token=prefixstable:2002:da8:1:: The Port VLAN ID specified here is assigned to all untagged frames at ingress. PVID= can be used only once. Configuring PVID= implicates the use of VLAN= above and will enable the VLAN ID for ingress as well. + + diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml index 0540b85dc6..79806199e5 100644 --- a/man/systemd.nspawn.xml +++ b/man/systemd.nspawn.xml @@ -94,7 +94,9 @@ init process. This setting corresponds to the switch on the systemd-nspawn command line. This option may not be combined with ProcessTwo=yes. This option is specified by default in the - systemd-nspawn@.service template unit. + systemd-nspawn@.service template unit. + + @@ -104,7 +106,9 @@ a temporary snapshot of its file system that is removed immediately when the container terminates. This is equivalent to the command line switch. See systemd-nspawn1 for details - about the specific options supported. + about the specific options supported. + + @@ -113,7 +117,9 @@ Takes a boolean argument, which defaults to off. If enabled, the specified program is run as PID 2. A stub init process is run as PID 1. This setting corresponds to the switch on the systemd-nspawn command line. This option may not be combined with - Boot=yes. + Boot=yes. + + @@ -127,7 +133,9 @@ Note: , is the same as systemd-nspawn a b "c c", and , - is the same as systemd-nspawn --boot b 'c c'. + is the same as systemd-nspawn --boot b 'c c'. + + @@ -139,7 +147,9 @@ main process invoked in the container. This setting may be used multiple times to set multiple environment variables. It corresponds to the command line - switch. + switch. + + @@ -149,7 +159,9 @@ name to invoke the main process of the container as. This user must be known in the container's user database. This corresponds to the command line - switch. + switch. + + @@ -157,7 +169,9 @@ Selects the working directory for the process invoked in the container. Expects an absolute path in the container's file system namespace. This corresponds to the command line - switch. + switch. + + @@ -166,7 +180,9 @@ Selects a directory to pivot to / inside the container when starting up. Takes a single path, or a pair of two paths separated by a colon. Both paths must be absolute, and are resolved in the container's file system namespace. This corresponds to the command line - switch. + switch. + + @@ -193,7 +209,9 @@ capabilities are retained (or dropped). These settings change the bounding set of capabilities which also limits the ambient capabilities as given with the - AmbientCapability=. + AmbientCapability=. + + @@ -217,7 +235,9 @@ Note that AmbientCapability= is a privileged - setting (see above). + setting (see above). + + @@ -228,6 +248,8 @@ command line switch. See systemd-nspawn1 for details. + + @@ -240,7 +262,9 @@ Defaults to SIGRTMIN+3 if is used (on systemd-compatible init systems SIGRTMIN+3 triggers an orderly shutdown). For a list of valid signals, see - signal7. + signal7. + + @@ -248,7 +272,9 @@ Configures the kernel personality for the container. This is equivalent to the - switch. + switch. + + @@ -257,7 +283,9 @@ Configures the 128-bit machine ID (UUID) to pass to the container. This is equivalent to the command line switch. This option is - privileged (see above). + privileged (see above). + + @@ -266,7 +294,9 @@ Configures support for usernamespacing. This is equivalent to the command line switch, and takes the same options. This option is privileged (see above). This option is the default if the systemd-nspawn@.service template unit file - is used. + is used. + + @@ -275,7 +305,9 @@ Configures support for notifications from the container's init process. This is equivalent to the command line switch, and takes the same parameters. See systemd-nspawn1 for details - about the specific options supported. + about the specific options supported. + + @@ -284,7 +316,9 @@ Configures the system call filter applied to containers. This is equivalent to the command line switch, and takes the same list parameter. See systemd-nspawn1 for - details. + details. + + @@ -308,7 +342,9 @@ Configures various types of resource limits applied to containers. This is equivalent to the command line switch, and takes the same arguments. See systemd-nspawn1 for - details. + details. + + @@ -317,7 +353,9 @@ Configures the OOM score adjustment value. This is equivalent to the command line switch, and takes the same argument. See systemd-nspawn1 for - details. + details. + + @@ -326,7 +364,9 @@ Configures the CPU affinity. This is equivalent to the command line switch, and takes the same argument. See systemd-nspawn1 for - details. + details. + + @@ -335,7 +375,9 @@ Configures the kernel hostname set for the container. This is equivalent to the command line switch, and takes the same argument. See systemd-nspawn1 for - details. + details. + + @@ -344,7 +386,9 @@ Configures how /etc/resolv.conf in the container shall be handled. This is equivalent to the command line switch, and takes the same argument. See systemd-nspawn1 for - details. + details. + + @@ -353,7 +397,9 @@ Configures how /etc/localtime in the container shall be handled. This is equivalent to the command line switch, and takes the same argument. See systemd-nspawn1 for - details. + details. + + @@ -362,7 +408,9 @@ Configures how to link host and container journal setups. This is equivalent to the command line switch, and takes the same parameter. See systemd-nspawn1 for - details. + details. + + @@ -372,7 +420,9 @@ is equivalent to the command line switch, and takes the same parameter. See systemd-nspawn1 - for details. + for details. + + @@ -394,7 +444,9 @@ specified, the container will be run with a read-only file system. This setting corresponds to the command line - switch. + switch. + + @@ -406,7 +458,9 @@ option is equivalent to , see systemd-nspawn1 for details about the specific options - supported. + supported. + + @@ -422,7 +476,9 @@ , see systemd-nspawn1 for details about the specific options supported. This setting - is privileged (see above). + is privileged (see above). + + @@ -432,7 +488,9 @@ command line switch , see systemd-nspawn1 for details about the specific options supported. This setting is privileged (see - above). + above). + + @@ -446,7 +504,9 @@ , see systemd-nspawn1 for details about the specific options supported. This setting - is privileged (see above). + is privileged (see above). + + @@ -457,7 +517,9 @@ may be used multiple times to mask multiple files or directories. This option is equivalent to the command line switch , see systemd-nspawn1 for details - about the specific options supported. This setting is privileged (see above). + about the specific options supported. This setting is privileged (see above). + + @@ -468,7 +530,9 @@ multiple times to configure multiple overlay mounts. This option is equivalent to the command line switches and , see systemd-nspawn1 for details - about the specific options supported. This setting is privileged (see above). + about the specific options supported. This setting is privileged (see above). + + @@ -477,7 +541,9 @@ Configures whether the ownership of the files and directories in the container tree shall be adjusted to the UID/GID range used, if necessary and user namespacing is enabled. This is equivalent to the command line switch. This option is - privileged (see above). + privileged (see above). + + @@ -500,7 +566,9 @@ and not share network interfaces and configuration with the host. This setting corresponds to the command line - switch. + switch. + + @@ -510,7 +578,9 @@ (veth) between host and the container. This setting implies Private=yes. This setting corresponds to the command line switch. This option is privileged (see above). This option is the default if the - systemd-nspawn@.service template unit file is used. + systemd-nspawn@.service template unit file is used. + + @@ -525,7 +595,9 @@ independent of VirtualEthernet=. Note that this option is unrelated to the Bridge= setting below, and thus any connections created this way are not automatically added to any bridge device on the host side. This option is privileged (see - above). + above). + + @@ -538,7 +610,9 @@ This option corresponds to the command line switch and implies Private=yes. This option is - privileged (see above). + privileged (see above). + + @@ -553,7 +627,9 @@ and command line switches and imply Private=yes. These options are - privileged (see above). + privileged (see above). + + @@ -565,7 +641,9 @@ host side of the created virtual Ethernet link is connected to the specified bridge interface. This option corresponds to the command line switch. This - option is privileged (see above). + option is privileged (see above). + + @@ -575,7 +653,9 @@ Private=yes and has the effect that the host side of the created virtual Ethernet link is connected to an automatically managed bridge interface named after the passed argument, prefixed with vz-. This option corresponds to the command line - switch. This option is privileged (see above). + switch. This option is privileged (see above). + + @@ -586,7 +666,9 @@ command line switch, see systemd-nspawn1 for the precise syntax of the argument this option takes. This - option is privileged (see above). + option is privileged (see above). + + diff --git a/man/systemd.path.xml b/man/systemd.path.xml index 7ea88d0b98..70374658d8 100644 --- a/man/systemd.path.xml +++ b/man/systemd.path.xml @@ -199,7 +199,9 @@ a positive integer value and specifies the number of permitted activations per time interval, and defaults to 200. Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the unit is placed into a failure mode, and will not watch the paths anymore until restarted. Note - that this limit is enforced before the service activation is enqueued. + that this limit is enforced before the service activation is enqueued. + + diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index 57ebb8e1ea..9ee4ded0d9 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -1257,6 +1257,8 @@ DeviceAllow=/dev/loop-control has been started. Since no processes should live in inner nodes of the control group tree it's almost always necessary to run the main ("supervising") process of a unit that has delegation turned on in a subgroup. + + @@ -1404,7 +1406,9 @@ DeviceAllow=/dev/loop-control to watch for and handle memory pressure events. If not explicit set, defaults to the DefaultMemoryPressureWatch= setting in - systemd-system.conf5. + systemd-system.conf5. + + @@ -1418,7 +1422,9 @@ DeviceAllow=/dev/loop-control (which in turn defaults to 200ms). The specified value expects a time unit such as ms or μs, see systemd.time7 for - details on the permitted syntax. + details on the permitted syntax. + + @@ -1444,7 +1450,9 @@ DeviceAllow=/dev/loop-control BlockIOReadBandwidth=device bytes, BlockIOWriteBandwidth=device bytes. - Please switch to the unified cgroup hierarchy. + Please switch to the unified cgroup hierarchy. + + diff --git a/man/systemd.scope.xml b/man/systemd.scope.xml index 95969bf097..ae9bc2b339 100644 --- a/man/systemd.scope.xml +++ b/man/systemd.scope.xml @@ -112,7 +112,9 @@ Configures a maximum time for the scope to run. If this is used and the scope has been active for longer than the specified time it is terminated and put into a failure state. Pass - infinity (the default) to configure no runtime limit. + infinity (the default) to configure no runtime limit. + + @@ -121,7 +123,9 @@ This option modifies RuntimeMaxSec= by increasing the maximum runtime by an evenly distributed duration between 0 and the specified value (in seconds). If RuntimeMaxSec= is unspecified, then this feature will be disabled. - + + + diff --git a/man/systemd.service.xml b/man/systemd.service.xml index e9c431bd68..10e6da5837 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -321,6 +321,8 @@ is meant for applications whose forking model is not known ahead of time and which might not have a specific main process. It is well suited for transient or automatically generated services, such as graphical applications inside of a desktop environment. + + @@ -465,6 +467,8 @@ also applies to ExecCondition=. ExecCondition= will also run the commands in ExecStopPost=, as part of stopping the service, in the case of any non-zero or abnormal exits, like the ones described above. + + @@ -579,7 +583,9 @@ of auto-restarts from RestartSec= to RestartMaxDelaySec=. Takes a positive integer or 0 to disable it. Defaults to 0. - This setting is effective only if RestartMaxDelaySec= is also set. + This setting is effective only if RestartMaxDelaySec= is also set. + + @@ -589,7 +595,9 @@ in the same format as RestartSec=, or infinity to disable the setting. Defaults to infinity. - This setting is effective only if RestartSteps= is also set. + This setting is effective only if RestartSteps= is also set. + + @@ -612,7 +620,9 @@ provided the service repeats EXTEND_TIMEOUT_USEC=… within the interval specified until the service startup status is finished by READY=1. (see sd_notify3). - + + + @@ -641,7 +651,9 @@ provided the service repeats EXTEND_TIMEOUT_USEC=… within the interval specified, or terminates itself (see sd_notify3). - + + + @@ -672,7 +684,9 @@ provided the service repeats EXTEND_TIMEOUT_USEC=… within the interval specified, or terminates itself (see sd_notify3). - + + + @@ -702,7 +716,9 @@ By using the service is immediately terminated by sending FinalKillSignal= without any further timeout. This setting can be used to expedite the shutdown of failing services. - + + + @@ -722,7 +738,9 @@ provided the service repeats EXTEND_TIMEOUT_USEC=… within the interval specified until the service shutdown is achieved by STOPPING=1 (or termination). (see sd_notify3). - + + + @@ -731,7 +749,9 @@ This option modifies RuntimeMaxSec= by increasing the maximum runtime by an evenly distributed duration between 0 and the specified value (in seconds). If RuntimeMaxSec= is unspecified, then this feature will be disabled. - + + + @@ -942,6 +962,8 @@ This option is useful in cases where a dependency can fail temporarily but we don't want these temporary failures to make the dependent units fail. When this option is set to , dependent units are not notified of these temporary failures. + + @@ -981,7 +1003,9 @@ Note: systemd-analyze exit-status may be used to list exit statuses and - translate between numerical status values and names. + translate between numerical status values and names. + + @@ -1005,7 +1029,9 @@ ExecStopPost= or ExecReload=, but only on the main service process, i.e. either the one invoked by ExecStart= or (depending on Type=, PIDFile=, …) the otherwise configured main - process. + process. + + @@ -1015,7 +1041,9 @@ service restarts, regardless of the restart setting configured with Restart=. The argument format is similar to - RestartPreventExitStatus=. + RestartPreventExitStatus=. + + @@ -1142,7 +1170,9 @@ If this option is set to a non-zero value the $FDSTORE environment variable will be set for processes invoked for this service. See systemd.exec5 for - details. + details. + + @@ -1158,7 +1188,9 @@ file descriptor store pinned until the service manager exits. Use systemctl clean --what=fdstore … to release the file descriptor store - explicitly. + explicitly. + + @@ -1171,7 +1203,9 @@ socket unit with ListenUSBFunction= configured. The contents of this file are written to the ep0 file after it is - opened. + opened. + + @@ -1179,7 +1213,9 @@ Configure the location of a file containing USB FunctionFS strings. Behavior is similar to USBFunctionDescriptors= - above. + above. + + @@ -1217,7 +1253,9 @@ This setting also applies to systemd-oomd.service8. Similarly to the kernel OOM kills performed by the kernel, this setting determines the state of the - unit after systemd-oomd kills a cgroup associated with it. + unit after systemd-oomd kills a cgroup associated with it. + + @@ -1248,7 +1286,9 @@ (due to running in a separate mount namespace, not having privileges, ...). This setting can be specified multiple times, in which case all the specified paths are opened and the file descriptors passed to the service. - If the empty string is assigned, the entire list of open files defined prior to this is reset. + If the empty string is assigned, the entire list of open files defined prior to this is reset. + + @@ -1256,7 +1296,9 @@ Configures the UNIX process signal to send to the service's main process when asked to reload the service's configuration. Defaults to SIGHUP. This option has no effect unless Type= is used, see - above. + above. + + diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index 45555302f1..f260c4ed26 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -309,7 +309,9 @@ activated service has to have the USBFunctionDescriptors= and USBFunctionStrings= options set. - + + + @@ -318,6 +320,8 @@ or . The socket will use the UDP-Lite (IPPROTO_UDPLITE) or SCTP (IPPROTO_SCTP) protocol, respectively. + + @@ -371,7 +375,9 @@ sockets and FIFO nodes in the file system are owned by the specified user and group. If unset (the default), the nodes are owned by the root user/group (if run in system context) or the invoking user/group (if run in user context). If only a user is specified but no group, then the group is - derived from the user's default group. + derived from the user's default group. + + @@ -431,7 +437,9 @@ Takes a boolean argument. May only be used in conjunction with ListenSpecial=. If true, the specified special file is opened in read-write mode, if - false, in read-only mode. Defaults to false. + false, in read-only mode. Defaults to false. + + @@ -443,7 +451,9 @@ socket's buffers won't be cleared, permitting the service to handle any pending connections after restart, which is the usually expected behaviour. Defaults to . - + + + @@ -463,6 +473,8 @@ The maximum number of connections for a service per source IP address. This is very similar to the MaxConnections= directive above. Disabled by default. + + @@ -486,7 +498,9 @@ and the TCP Keepalive HOWTO for details.) - Default value is 7200 seconds (2 hours). + Default value is 7200 seconds (2 hours). + + @@ -496,7 +510,9 @@ TCP_KEEPINTVL socket option (see socket7 and the TCP Keepalive - HOWTO for details.) Default value is 75 seconds. + HOWTO for details.) Default value is 75 seconds. + + @@ -509,7 +525,9 @@ and the TCP Keepalive HOWTO for details.) Default value is - 9. + 9. + + @@ -519,7 +537,9 @@ messages, and sending them all at once. This controls the TCP_NODELAY socket option (see tcp7). - Defaults to . + Defaults to . + + @@ -557,6 +577,8 @@ third packet in the "three-way handshake"). Disabled by default. + + @@ -607,7 +629,9 @@ bind2s to this TCP or UDP port. This controls the SO_REUSEPORT socket option. See socket7 for - details. + details. + + @@ -622,7 +646,9 @@ incoming or outgoing connections of the socket, respectively. See Smack - for details. + for details. + + @@ -641,7 +667,9 @@ services triggered by exactly one socket unit. Also note that this option is useful only when MLS/MCS SELinux policy is deployed. Defaults to - false. + false. + + @@ -709,7 +737,9 @@ PACKET_AUXDATA socket options, which enable reception of additional per-packet metadata as ancillary message, on AF_INET, AF_INET6, AF_UNIX and AF_PACKET sockets. Defaults to - . + . + + @@ -718,7 +748,9 @@ usec, μs) or ns (alias: nsec). This controls the SO_TIMESTAMP or SO_TIMESTAMPNS socket options, and enables whether ingress network traffic shall - carry timestamping metadata. Defaults to . + carry timestamping metadata. Defaults to . + + @@ -796,7 +828,9 @@ Symlinks=. Normally, it should not be necessary to use this option, and is not recommended as services might continue to run after the socket unit has been terminated and it should still be possible to communicate with them via their file system node. Defaults to - off. + off. + + @@ -807,7 +841,9 @@ this option to manage one or more symlinked alias names for a socket, binding their lifecycle together. Note that if creation of a symlink fails this is not considered fatal for the socket unit, and the socket unit may still start. If an empty string is assigned, the list of paths is reset. Defaults to an empty - list. + list. + + @@ -823,7 +859,9 @@ be at most 255 characters in length. If this setting is not used, the file descriptor name defaults to the name of the socket unit, including its .socket - suffix. + suffix. + + @@ -840,7 +878,9 @@ Accept=yes sockets (thus by default permitting 200 activations per 2s), and 20 otherwise (20 activations per 2s). Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the socket unit is placed into a failure mode, and will not be connectible anymore until restarted. Note that this - limit is enforced before the service activation is enqueued. + limit is enforced before the service activation is enqueued. + + diff --git a/man/systemd.special.xml b/man/systemd.special.xml index 4b5e54b27d..f13c279133 100644 --- a/man/systemd.special.xml +++ b/man/systemd.special.xml @@ -199,6 +199,8 @@ A target that pulls in setup services for all verity integrity protected block devices. + + @@ -287,6 +289,8 @@ factory-reset.target A special target to trigger a factory reset. + + @@ -429,6 +433,8 @@ the file system backing /usr/ is mounted, though possibly at two different locations, either below the /sysusr/ or the /sysroot/ hierarchies. + + @@ -595,6 +601,8 @@ integrity protected devices which are accessed over the network. It is used for veritytab8 entries marked with . + + @@ -725,6 +733,8 @@ See systemd-soft-reboot.service8 for further details of the operation this target pulls in. + + @@ -955,6 +965,8 @@ between units, this target is particularly useful to ensure that a service is shut down only after all verity integrity protected block devices are fully stopped. + + @@ -966,6 +978,8 @@ be committed to disk, marking the first boot as completed. If the boot is aborted at any time before that, the next boot will re-run any units with ConditionFirstBoot=yes. + + @@ -1338,6 +1352,8 @@ PartOf=graphical-session.target for the XDG desktop files in autostart directories. Desktop Environments can opt-in to use this service by adding a Wants= dependency on xdg-desktop-autostart.target. + + @@ -1359,6 +1375,8 @@ PartOf=graphical-session.target The root slice is the root of the user's slice hierarchy. It usually does not contain units directly, but may be used to set defaults for the whole tree. + + @@ -1369,6 +1387,8 @@ PartOf=graphical-session.target systemd are found in this slice. All interactively launched applications like web browsers and text editors as well as non-critical services should be placed into this slice. + + @@ -1382,6 +1402,8 @@ PartOf=graphical-session.target This includes the display server, screen readers and other services such as DBus or XDG portals. Such services should be configured to be part of this slice by adding Slice=session.slice to their unit files. + + @@ -1392,6 +1414,8 @@ PartOf=graphical-session.target This permits resources to be preferentially assigned to the other slices. Examples include non-interactive tasks like file indexing or backup operations where latency is not important. + + diff --git a/man/systemd.swap.xml b/man/systemd.swap.xml index 8287382eb6..6cd5c9f118 100644 --- a/man/systemd.swap.xml +++ b/man/systemd.swap.xml @@ -128,6 +128,8 @@ be activated automatically during boot, unless it is pulled in by some other unit. The option has the opposite meaning and is the default. + + @@ -159,7 +161,9 @@ and the discussion of wipefs8 in systemd.mount5. - + + + @@ -214,7 +218,9 @@ options among other functionality, if the swap backing device supports the discard or trim operation. (See swapon8 for more information.) Note that the usual specifier expansion is applied to this setting, literal percent - characters should hence be written as %%. + characters should hence be written as %%. + + diff --git a/man/systemd.system-credentials.xml b/man/systemd.system-credentials.xml index b190ba5109..a450ae07df 100644 --- a/man/systemd.system-credentials.xml +++ b/man/systemd.system-credentials.xml @@ -47,6 +47,8 @@ The console key mapping to set (e.g. de). Read by systemd-firstboot1, and only honoured if no console keymap has been configured before. + + @@ -68,6 +70,8 @@ The system timezone to set (e.g. Europe/Berlin). Read by systemd-firstboot1, and only honoured if no system timezone has been configured before. + + @@ -83,6 +87,8 @@ Consumed by /usr/lib/tmpfiles.d/provision.conf, see tmpfiles.d5. + + @@ -98,6 +104,8 @@ Consumed by /usr/lib/tmpfiles.d/provision.conf, see tmpfiles.d5. + + @@ -111,6 +119,8 @@ Consumed by /usr/lib/tmpfiles.d/provision.conf, see tmpfiles.d5. + + @@ -120,6 +130,8 @@ DNS server information and search domains. Read by systemd-resolved.service8. + + @@ -133,6 +145,8 @@ and systemd-sysusers1, and only honoured if no root password has been configured before. + + @@ -145,6 +159,8 @@ and systemd-sysusers1, and only honoured if no root shell has been configured before. + + @@ -156,6 +172,8 @@ Consumed by /usr/lib/tmpfiles.d/provision.conf, see tmpfiles.d5. + + @@ -165,6 +183,8 @@ Additional sysusers.d5 lines to process during boot. + + @@ -174,6 +194,8 @@ Additional sysctl.d5 lines to process during boot. + + @@ -183,6 +205,8 @@ Additional tmpfiles.d5 lines to process during boot. + + @@ -192,6 +216,8 @@ Additional mounts to establish at boot. For details, see systemd-fstab-generator8. + + @@ -204,6 +230,8 @@ Console settings to apply, see systemd-vconsole-setup.service8 for details. + + @@ -212,7 +240,9 @@ getty.ttys.container Used for spawning additional login prompts, see - systemd-getty-generator8 for details. + systemd-getty-generator8 for details. + + @@ -223,6 +253,8 @@ compatible AF_VSOCK socket the service manager will report status information, ready notification and exit status on. For details see systemd1. + + @@ -232,6 +264,8 @@ Takes a 128bit ID to initialize the machine ID from (if it is not set yet). Interpreted by the service manager (PID 1). For details see systemd1. + + diff --git a/man/systemd.timer.xml b/man/systemd.timer.xml index 577978c8e6..59215dc72a 100644 --- a/man/systemd.timer.xml +++ b/man/systemd.timer.xml @@ -218,7 +218,9 @@ the system was continuously sleeping the timer will only result in a single service activation. If WakeSystem= (see below) is enabled a calendar time event elapsing while the system is suspended will cause the system to wake up (under the condition the system's hardware supports - time-triggered wake-up functionality). + time-triggered wake-up functionality). + + @@ -252,7 +254,9 @@ wake-ups. It should not be confused with RandomizedDelaySec= (see below) which adds a random value to the time the timer shall elapse next and whose purpose is the opposite: to stretch elapsing of timer events over a longer period to reduce workload spikes. For further details - and explanations and how both settings play together, see below. + and explanations and how both settings play together, see below. + + @@ -278,7 +282,9 @@ RandomizedDelaySec= to 0, thus encouraging coalescing of timer events. In order to optimally stretch timer events over a certain range of time, set AccuracySec=1us and RandomizedDelaySec= to some higher value. - + + + @@ -292,7 +298,9 @@ other similarly configured timers. This setting has no effect if RandomizedDelaySec= is set to 0. Defaults to - . + . + + @@ -303,7 +311,9 @@ when the system clock (CLOCK_REALTIME) jumps relative to the monotonic clock (CLOCK_MONOTONIC), or when the local system timezone is modified. These options can be used alone or in combination with other timer expressions (see above) within the same timer - unit. These options default to . + unit. These options default to . + + @@ -334,7 +344,9 @@ file maintained by this option from disk. In particular, use this command before uninstalling a timer unit. See systemctl1 for - details. + details. + + @@ -356,7 +368,9 @@ (CLOCK_MONOTONIC), if true a different monotonic clock is used that continues advancing during system suspend (CLOCK_BOOTTIME), see clock_getres2 for - details. + details. + + @@ -370,7 +384,9 @@ RemainAfterElapse= is on, starting the timer a second time has no effect. However, if RemainAfterElapse= is off and the timer unit was already unloaded, it can be started again, and thus the service can be triggered multiple times. Defaults to - . + . + + diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 915f5680ea..8fd731add8 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -750,6 +750,8 @@ When Upholds=b.service is used on a.service, this dependency will show as UpheldBy=a.service in the property listing of b.service. + + @@ -829,7 +831,9 @@ OnSuccess= A space-separated list of one or more units that are activated when this unit enters - the inactive state. + the inactive state. + + @@ -849,7 +853,9 @@ A space-separated list of one or more units to which stop requests from this unit shall be propagated to, or units from which stop requests shall be propagated to this unit, respectively. Issuing a stop request on a unit will automatically also enqueue stop requests on all - units that are linked to it using these two settings. + units that are linked to it using these two settings. + + @@ -993,6 +999,8 @@ not necessary. Note that if this mode is used unit results (such as exit codes, exit signals, consumed resources, …) are flushed out immediately after the unit completed, except for what is stored in the logging subsystem. Defaults to . + + @@ -1031,7 +1039,9 @@ FailureActionExitStatus=/SuccessActionExitStatus=, see below. will trigger a userspace reboot operation. does that too, but does not go through the shutdown transaction - beforehand. + beforehand. + + @@ -1043,7 +1053,9 @@ FailureAction=/SuccessAction= are set to or and the action is triggered. By default the exit status of the main process of the triggering unit (if this applies) is propagated. Takes a value in the range 0…255 or the empty string to - request default behaviour. + request default behaviour. + + @@ -1082,7 +1094,9 @@ JobTimeoutRebootArgument= configures an optional reboot string to pass to the reboot2 system - call. + call. + + @@ -1122,7 +1136,9 @@ referenced continuously has no effect. This setting does not apply to slice, target, device, and scope units, since they are unit - types whose activation may either never fail, or may succeed only a single time. + types whose activation may either never fail, or may succeed only a single time. + + @@ -1132,7 +1148,9 @@ StartLimitIntervalSec= and StartLimitBurst= is hit. Takes the same values as the FailureAction=/SuccessAction= settings. If is set, hitting the rate limit will trigger no action except that - the start will not be permitted. Defaults to . + the start will not be permitted. Defaults to . + + @@ -1140,7 +1158,9 @@ Configure the optional argument for the reboot2 system call if StartLimitAction= or FailureAction= is a reboot action. This - works just like the optional argument to systemctl reboot command. + works just like the optional argument to systemctl reboot command. + + @@ -1272,7 +1292,9 @@ value is the expected value of the SMBIOS field value (possibly containing shell style globs in case $=/!$= is used). - + + + @@ -1315,6 +1337,8 @@ for a full list of known virtualization technologies and their identifiers. If multiple virtualization technologies are nested, only the innermost is considered. The test may be negated by prepending an exclamation mark. + + @@ -1328,6 +1352,8 @@ a machine ID formatted as string (see machine-id5). The test may be negated by prepending an exclamation mark. + + @@ -1343,6 +1369,8 @@ communicated to userspace via /proc/cmdline, except when the service manager is invoked as payload of a container manager, in which case the command line of PID 1 is used instead (i.e. /proc/1/cmdline). + + @@ -1363,6 +1391,8 @@ fixes from newer upstream kernels into older versions provided by distributions. Hence, this check is inherently unportable and should not be used for units which may be used on different distributions. + + @@ -1376,7 +1406,9 @@ services based on system credentials passed in. If used in services for the per-user service manager this may be used to conditionalize services based on credentials passed into the unit@.service service instance belonging to the user. The argument must be a - valid credential name. + valid credential name. + + @@ -1394,6 +1426,8 @@ EnvironmentFile=, as described above. This is particularly useful when the service manager runs inside a containerized environment or as per-user service manager, in order to check for variables passed in by the enclosing container manager or PAM. + + @@ -1406,6 +1440,8 @@ ima, smack, audit, uefi-secureboot, tpm2 and cvm. The test may be negated by prepending an exclamation mark. + + @@ -1418,6 +1454,8 @@ capabilities7 for details). Pass a capability name such as CAP_MKNOD, possibly prefixed with an exclamation mark to negate the check. + + @@ -1430,6 +1468,8 @@ source, or if no AC connectors are known. Conversely, if set to false, the condition will hold only if there is at least one AC connector known and all AC connectors are disconnected from a power source. + + @@ -1466,7 +1506,9 @@ packaging scheme, packages will do any required update steps as part of the installation or upgrade, to make package contents immediately usable. ConditionNeedsUpdate= should be used with other update mechanisms where such an immediate update does not - happen. + happen. + + @@ -1490,6 +1532,8 @@ If the systemd.condition-first-boot= option is specified on the kernel command line (taking a boolean), it will override the result of this condition check, taking precedence over /etc/machine-id existence checks. + + @@ -1501,6 +1545,8 @@ ConditionPathExists= is prefixed with an exclamation mark (!), the test is negated, and the unit is only started if the path does not exist. + + @@ -1510,6 +1556,8 @@ ConditionPathExistsGlob= is similar to ConditionPathExists=, but checks for the existence of at least one file or directory matching the specified globbing pattern. + + @@ -1519,6 +1567,8 @@ ConditionPathIsDirectory= is similar to ConditionPathExists= but verifies that a certain path exists and is a directory. + + @@ -1528,6 +1578,8 @@ ConditionPathIsSymbolicLink= is similar to ConditionPathExists= but verifies that a certain path exists and is a symbolic link. + + @@ -1537,6 +1589,8 @@ ConditionPathIsMountPoint= is similar to ConditionPathExists= but verifies that a certain path exists and is a mount point. + + @@ -1546,6 +1600,8 @@ ConditionPathIsReadWrite= is similar to ConditionPathExists= but verifies that the underlying file system is readable and writable (i.e. not mounted read-only). + + @@ -1558,6 +1614,8 @@ per-directory encryption, and only detects block level encryption. Moreover, if the specified path resides on a file system on top of a loopback block device, only encryption above the loopback device is detected. It is not detected whether the file system backing the loopback block device is encrypted. + + @@ -1567,6 +1625,8 @@ ConditionDirectoryNotEmpty= is similar to ConditionPathExists= but verifies that a certain path exists and is a non-empty directory. + + @@ -1576,6 +1636,8 @@ ConditionFileNotEmpty= is similar to ConditionPathExists= but verifies that a certain path exists and refers to a regular file with a non-zero size. + + @@ -1585,6 +1647,8 @@ ConditionFileIsExecutable= is similar to ConditionPathExists= but verifies that a certain path exists, is a regular file, and marked executable. + + @@ -1597,6 +1661,8 @@ @system can be used to check if the user id is within the system user range. This option is not useful for system services, as the system manager exclusively runs as the root user, and thus the test result is constant. + + @@ -1607,6 +1673,8 @@ but verifies that the service manager's real or effective group, or any of its auxiliary groups, match the specified group or GID. This setting does not support the special value @system. + + @@ -1630,6 +1698,8 @@ hierarchy are used. Note that legacy or hybrid hierarchies have been deprecated. See systemd1 for more information. + + @@ -1643,6 +1713,8 @@ >. On bare-metal systems compares the amount of physical memory in the system with the specified size, adhering to the specified comparison operator. In containers compares the amount of memory assigned to the container instead. + + @@ -1658,7 +1730,9 @@ physical systems the number of CPUs in the affinity mask of the service manager usually matches the number of physical CPUs, but in special and virtual environments might differ. In particular, in containers the affinity mask usually matches the number of CPUs assigned to the container and not - the physically available ones. + the physically available ones. + + @@ -1720,6 +1794,8 @@ lahf_lm, abm, constant_tsc. + + @@ -1735,6 +1811,8 @@ <>, >=, >), and shell-style wildcard comparisons (*, ?, []) are supported with the $= (match) and !$= (non-match). + + @@ -1758,6 +1836,8 @@ Optionally, the threshold value can be prefixed with the slice unit under which the pressure will be checked, followed by a :. If the slice unit is not specified, the overall system pressure will be measured, instead of a particular cgroup's. + + @@ -2015,7 +2095,9 @@ which instance the unit shall be enabled if the template is enabled without any explicitly set instance. This option has no effect in non-template unit files. The specified string - must be usable as instance identifier. + must be usable as instance identifier. + + diff --git a/man/systemd.xml b/man/systemd.xml index 218ab7e6f3..3bedfe4175 100644 --- a/man/systemd.xml +++ b/man/systemd.xml @@ -525,6 +525,8 @@ Reboots userspace, starts the soft-reboot.target unit. This is mostly equivalent to systemctl start soft-reboot.target --job-mode=replace-irreversibly. + + @@ -555,7 +557,9 @@ SIGRTMIN+17 - Immediately reboots the userspace. + Immediately reboots the userspace. + + @@ -591,14 +595,18 @@ Restores the log level to its configured value. The configured value is derived from – in order of priority – the value specified with systemd.log-level= on the kernel command line, or the value specified with in the configuration file, or the built-in default of - info. + info. + + SIGRTMIN+24 Immediately exits the manager (only available - for --user instances). + for --user instances). + + @@ -609,7 +617,9 @@ done asynchronously. The systemd system manager treats this signal the same way as - SIGTERM. + SIGTERM. + + @@ -618,7 +628,9 @@ Restores the log target to its configured value. The configured value is derived from – in order of priority – the value specified with systemd.log-target= on the kernel command line, or the value specified with in the configuration file, or the built-in - default. + default. + + @@ -673,7 +685,9 @@ $SYSTEMD_LOG_TIME - This can be overridden with . + This can be overridden with . + + @@ -685,7 +699,9 @@ $SYSTEMD_LOG_TID - + + + @@ -697,7 +713,9 @@ $SYSTEMD_LOG_RATELIMIT_KMSG - + + + @@ -794,6 +812,8 @@ Takes a boolean argument or enables the option if specified without an argument. If enabled, the systemd manager (PID 1) dumps core when it crashes. Otherwise, no core dump is created. Defaults to enabled. + + @@ -804,7 +824,9 @@ argument, with the same effect as a positive boolean. If a positive integer (in the range 1–63) is specified, the system manager (PID 1) will activate the specified virtual terminal when it crashes. Defaults to disabled, meaning that no such switch is attempted. If set to enabled, the virtual - terminal the kernel messages are written to is used instead. + terminal the kernel messages are written to is used instead. + + @@ -814,7 +836,9 @@ without an argument. If enabled, the system manager (PID 1) spawns a shell when it crashes, after a 10s delay. Otherwise, no shell is spawned. Defaults to disabled, for security reasons, as the shell is not protected by password - authentication. + authentication. + + @@ -825,7 +849,9 @@ machine automatically when it crashes, after a 10s delay. Otherwise, the system will hang indefinitely. Defaults to disabled, in order to avoid a reboot loop. If combined with systemd.crash_shell, the - system is rebooted after the shell exits. + system is rebooted after the shell exits. + + @@ -838,7 +864,9 @@ using . If a path or a console name (such as ttyS0) is provided, the virtual console pointed to by this path or described by the give name will be used instead. Defaults to disabled. - + + + @@ -851,7 +879,9 @@ systemd.service5. Defaults to enabled, i.e. watchdogs and failure actions are processed normally. The hardware watchdog is not affected by this - option. + option. + + @@ -866,7 +896,9 @@ command line option, in which case it defaults to error. If specified overrides the system manager configuration file option , see systemd-system.conf5. - + + + @@ -878,7 +910,9 @@ description in status messages. When specified, overrides the system manager configuration file option , see systemd-system.conf5. - + + + @@ -930,7 +964,9 @@ Takes a 32 character hex value to be used for setting the machine-id. Intended mostly for network booting where the same machine-id is desired - for every boot. + for every boot. + + @@ -957,7 +993,9 @@ Takes a boolean argument. If false disables importing credentials from the kernel command line, the DMI/SMBIOS OEM string table, the qemu_fw_cfg subsystem or the EFI kernel - stub. + stub. + + @@ -968,7 +1006,9 @@ this option is also read by the kernel itself and disables kernel log output. Passing this option hence turns off the usual output from both the system manager and the kernel. - + + + @@ -979,7 +1019,9 @@ option is also read by the kernel itself and enables kernel debug output. Passing this option hence turns on the debug output from both the system manager and the - kernel. + kernel. + + @@ -1020,7 +1062,9 @@ systemd.unit=runlevel4.target, and systemd.unit=runlevel5.target, respectively, and provided for compatibility reasons and to be - easier to type. + easier to type. + + @@ -1045,7 +1089,9 @@ locale.conf5 and locale7. - + + + @@ -1106,6 +1152,8 @@ This feature is useful for hypervisors/VMMs or other processes on the host to receive a notification via VSOCK when a virtual machine has finished booting. + + @@ -1116,6 +1164,8 @@ file is not set up yet. See machine-id5 for details. + + @@ -1248,14 +1298,18 @@ Show terse unit status information on the console during boot-up and shutdown. See - systemd.show_status above. + systemd.show_status above. + + Highlight important log messages. See systemd.log_color above. - + + + @@ -1268,7 +1322,9 @@ Include code location in log messages. See systemd.log_location - above. + above. + + @@ -1281,7 +1337,9 @@ Prefix console messages with timestamp. See systemd.log_time above. - + + + @@ -1295,7 +1353,9 @@ Globally enable/disable all service watchdog timeouts and emergency actions. See - systemd.service_watchdogs above. + systemd.service_watchdogs above. + + @@ -1356,7 +1416,9 @@ systemd 252 Kernel command-line arguments systemd.unified_cgroup_hierarchy and systemd.legacy_systemd_cgroup_controller were deprecated. Please switch to - the unified cgroup hierarchy. + the unified cgroup hierarchy. + + diff --git a/man/sysupdate.d.xml b/man/sysupdate.d.xml index 1987e649ae..60685aa12f 100644 --- a/man/sysupdate.d.xml +++ b/man/sysupdate.d.xml @@ -440,7 +440,9 @@ Specifies the minimum version to require for this transfer to take place. If the source or target patterns in this transfer definition match files older than this version they will - be considered obsolete, and never be considered for the update operation. + be considered obsolete, and never be considered for the update operation. + + @@ -454,7 +456,9 @@ Like many of the settings in these configuration files this setting supports specifier expansion. It's particularly useful to set this setting to one of the %A, %B or %w specifiers to automatically refer to the current OS - version of the running system. See below for details on supported specifiers. + version of the running system. See below for details on supported specifiers. + + @@ -476,7 +480,9 @@ This option only has an effect if the source resource type is selected as url-file or url-tar, as integrity and authentication - checking is only available for transfers from remote sources. + checking is only available for transfers from remote sources. + + @@ -498,7 +504,9 @@ mandatory. Note that only certain combinations of source and target resource types are supported, see - above. + above. + + @@ -516,7 +524,9 @@ downloaded. For all other source resource types this must be a local path in the file system, referring to - a local directory to find the versions of this resource in. + a local directory to find the versions of this resource in. + + @@ -527,7 +537,9 @@ This option is mandatory. Any pattern listed must contain at least the @v wildcard, so that a version identifier may be extracted from the filename. All other wildcards are - optional. + optional. + + @@ -547,7 +559,9 @@ mandatory. Note that only certain combinations of source and target resource types are supported, see - above. + above. + + @@ -566,7 +580,9 @@ Type= is set to partition. Partitions must exist already, and a special partition label _empty is used to indicate empty partitions. To automatically generate suitable partitions on first boot, use a tool such as - systemd-repart8. + systemd-repart8. + + @@ -583,7 +599,9 @@ The values esp, xbootldr, and boot are only supported when Type= is set to - regular-file or directory. + regular-file or directory. + + @@ -599,7 +617,9 @@ This pattern is both used for matching existing installed versions and for determining the name of new versions to install. If multiple patterns are specified, the first specified is used for - naming newly installed versions. + naming newly installed versions. + + @@ -610,7 +630,9 @@ partitions are ignored. If not specified, the GPT partition type linux-generic is used. Accepts either a literal type UUID or a symbolic type identifier. For a list of supported type identifiers, see the Type= setting in - repart.d5. + repart.d5. + + @@ -632,7 +654,9 @@ Partitions Specification for details about these flags. Note that these settings are not used for matching, they only have effect on newly written - partitions in case a transfer takes place. + partitions in case a transfer takes place. + + @@ -648,7 +672,9 @@ whole. Finally, if the target Type= is selected as directory, the "immutable" file attribute is set, see chattr1 for - details. + details. + + @@ -660,7 +686,9 @@ (i.e. @t), the value from the pattern is used. Note that this setting is not used for matching, it only has an effect on newly written - files when a transfer takes place. + files when a transfer takes place. + + @@ -671,7 +699,9 @@ done and left for this file. These settings are useful for managing kernel images, following the scheme defined in Automatic Boot Assessment, and only have an effect if the target pattern includes the @d - or @l wildcards. + or @l wildcards. + + @@ -695,7 +725,9 @@ of concurrent versions to keep is additionally restricted by the number of partition slots of the right type in the partition table. I.e. if there are only 2 partition slots for the selected partition type, setting this value larger than 2 is without effect, since no more than 2 concurrent - versions could be stored in the image anyway. + versions could be stored in the image anyway. + + @@ -705,7 +737,9 @@ initiating an update, all left-over, incomplete updates from a previous attempt are removed from the target directory. This only has an effect if the target resource Type= is selected as regular-file, directory or - subvolume. + subvolume. + + @@ -716,7 +750,9 @@ is useful in to provide a stable name always pointing to the newest version of the resource. This is only supported if the target resource Type= is selected as regular-file, directory or - subvolume. + subvolume. + + diff --git a/man/timedatectl.xml b/man/timedatectl.xml index 974431f53b..b1f33c64b2 100644 --- a/man/timedatectl.xml +++ b/man/timedatectl.xml @@ -68,7 +68,9 @@ This command is intended to be used whenever computer-parsable output is required. Use if you are looking for formatted human-readable output. By default, empty properties are suppressed. Use to show those too. - To select specific properties to show, use . + To select specific properties to show, use . + + @@ -146,7 +148,9 @@ Show current status of systemd-timesyncd.service8. - If is specified, then this will monitor the status updates. + If is specified, then this will monitor the status updates. + + @@ -156,21 +160,27 @@ This command is intended to be used whenever computer-parsable output is required. Use if you are looking for formatted human-readable output. By default, empty properties are suppressed. Use to show those too. - To select specific properties to show, use . + To select specific properties to show, use . + + ntp-servers INTERFACE SERVER Set the interface specific NTP servers. This command can be used only when the - interface is managed by systemd-networkd. + interface is managed by systemd-networkd. + + revert INTERFACE Revert the interface specific NTP servers. This command can be used only when - the interface is managed by systemd-networkd. + the interface is managed by systemd-networkd. + + @@ -188,7 +198,9 @@ Do not query the user for authentication for - privileged operations. + privileged operations. + + @@ -198,7 +210,9 @@ and this option is passed, the system clock is synchronized from the RTC again, taking the new setting into account. Otherwise, the RTC is synchronized from the system - clock. + clock. + + @@ -208,7 +222,9 @@ timedatectl monitors the status of systemd-timesyncd.service8 and updates the outputs. Use CtrlC to terminate the - monitoring. + monitoring. + + @@ -228,7 +244,9 @@ systemd-timesyncd.service8, limit display to certain properties as specified as argument. If not specified, all set properties are shown. The argument should be a property name, such as ServerName. If specified more than once, - all properties with the specified names are shown. + all properties with the specified names are shown. + + @@ -236,7 +254,9 @@ When printing properties with show-timesync, only print the value, and skip the - property name and =. + property name and =. + + diff --git a/man/timesyncd.conf.xml b/man/timesyncd.conf.xml index 07472cdb39..e804f5fb84 100644 --- a/man/timesyncd.conf.xml +++ b/man/timesyncd.conf.xml @@ -52,7 +52,9 @@ systemd-networkd.service8. systemd-timesyncd will contact all configured system or per-interface servers in turn, until one responds. When the empty string is assigned, the list of NTP servers is reset, and - all prior assignments will have no effect. This setting defaults to an empty list. + all prior assignments will have no effect. This setting defaults to an empty list. + + @@ -63,7 +65,9 @@ take precedence over this setting, as do any servers set via NTP= above. This setting is hence only relevant if no other NTP server information is known. When the empty string is assigned, the list of NTP servers is reset, and all prior assignments will have no effect. If this - option is not given, a compiled-in list of NTP servers is used. + option is not given, a compiled-in list of NTP servers is used. + + @@ -75,7 +79,9 @@ Takes a time span value. The default unit is seconds, but other units may be specified, see systemd.time5. - Defaults to 5 seconds. + Defaults to 5 seconds. + + @@ -90,7 +96,9 @@ systemd.time5. PollIntervalMinSec= defaults to 32 seconds and must not be smaller than 16 seconds. PollIntervalMaxSec= defaults to 34 min 8 s (2048 seconds) and must be - larger than PollIntervalMinSec=. + larger than PollIntervalMinSec=. + + @@ -100,7 +108,9 @@ Takes a time span value. The default unit is seconds, but other units may be specified, see systemd.time5. - Defaults to 30 seconds and must not be smaller than 1 second. + Defaults to 30 seconds and must not be smaller than 1 second. + + @@ -112,7 +122,9 @@ Takes a time interval value. The default unit is seconds, but other units may be specified, see systemd.time5. - Defaults to 60 seconds. + Defaults to 60 seconds. + + diff --git a/man/udev.conf.xml b/man/udev.conf.xml index f4d573ddc6..26c3ae52d4 100644 --- a/man/udev.conf.xml +++ b/man/udev.conf.xml @@ -46,6 +46,8 @@ syslog priorities or their textual representations: , and . + + @@ -57,6 +59,8 @@ specified, the maximum is determined based on the system resources. This is the same as the option. + + @@ -71,6 +75,8 @@ modules. This is the same as the option. + + @@ -82,6 +88,8 @@ this time, the event will be terminated. The default is 180 seconds. This is the same as the option. + + @@ -96,6 +104,8 @@ root. This is the same as the option. + + @@ -106,6 +116,8 @@ Specifies a signal that systemd-udevd will send on worker timeouts. Note that both workers and spawned processes will be killed using this signal. Defaults to . + + diff --git a/man/udev.xml b/man/udev.xml index 3bfa355b6f..f5eaba23de 100644 --- a/man/udev.xml +++ b/man/udev.xml @@ -118,6 +118,8 @@ := Assign a value to a key finally; disallow any later changes. + + @@ -285,6 +287,8 @@ System's confidential virtualization technology. See systemd-detect-virt1 for possible values. + + @@ -681,6 +685,8 @@ Example for debugging uevent processing for network interfaces: # /etc/udev/rules.d/00-debug-net.rules SUBSYSTEM=="net", OPTIONS="log_level=debug" + + diff --git a/man/udevadm.xml b/man/udevadm.xml index 1c339a6b6d..e8e5bda290 100644 --- a/man/udevadm.xml +++ b/man/udevadm.xml @@ -116,6 +116,8 @@ option, limit display to properties specified in the argument. The argument should be a comma-separated list of property names. If not specified, all known properties are shown. + + @@ -125,6 +127,8 @@ option, print only their values, and skip the property name and =. Cannot be used together with or . + + @@ -172,6 +176,8 @@ Display a sysfs tree. This recursively iterates through the sysfs hierarchy and displays it in a tree structure. If a path is specified only the subtree below and its parent directories are shown. This will show both device and subsystem items. + + @@ -219,6 +225,8 @@ Wait for device to be initialized. If argument SECONDS is not specified, the default is to wait forever. + + @@ -327,6 +335,8 @@ Suppress error logging in triggering events. + + @@ -361,6 +371,8 @@ multiple times, and in that case the lists of the subsystems will be merged. That is, is equivalent to . + + @@ -469,6 +481,8 @@ udev7 for more details), the final state of the device becomes easily unstable with this option. + + @@ -489,6 +503,8 @@ are printed to standard output, one line for each event. These UUIDs are included in the uevent environment block (in the SYNTH_UUID= property) and may be used to track delivery of the generated events. + + @@ -497,6 +513,8 @@ Before triggering uevents, wait for systemd-udevd daemon to be initialized. Optionally takes timeout value. Default timeout is 5 seconds. This is equivalent to invoking udevadm control --ping before udevadm trigger. + + @@ -616,6 +634,8 @@ Send a ping message to systemd-udevd and wait for the reply. This may be useful to check that systemd-udevd daemon is running. + + @@ -770,6 +790,8 @@ default), names will be resolved when the rules are parsed. When set to never, names will never be resolved. + + @@ -778,6 +800,8 @@ When looking for udev rules files located in udev/rules.d directories, operate on files underneath the specified root path PATH. + + @@ -785,6 +809,8 @@ Do not show summary. + + @@ -793,6 +819,8 @@ Ignore style issues. When specified, even if style issues are found in udev rules files, the exit status is 0 if no syntactic or semantic errors are found. + + @@ -823,6 +851,8 @@ Maximum number of seconds to wait for the specified devices or device symlinks being created, initialized, or removed. The default value is infinity. + + @@ -833,6 +863,8 @@ false, the command only checks if the specified devices exist. Set false to this setting if there is no udev rules for the specified devices, as the devices will never be considered as initialized in that case. See Initialized Devices section below for more details. + + @@ -841,6 +873,8 @@ When specified, the command wait for devices being removed instead of created or initialized. If this is specified, will be ignored. + + @@ -849,6 +883,8 @@ When specified, also watches the udev event queue, and wait for all queued events being processed by systemd-udevd. + + @@ -893,7 +929,9 @@ in order. This switch must be used at least once, to specify at least one device to - lock. (Alternatively, use , see below.) + lock. (Alternatively, use , see below.) + + @@ -904,7 +942,9 @@ . However, this switch alternatively accepts a path to a regular file or directory, in which case the block device of the file system the file/directory resides on is automatically determined and used as if it was specified with - . + . + + @@ -917,7 +957,9 @@ specified as zero the lock is attempted and if not successful the invocation will immediately fail. If passed as infinity (the default) the invocation will wait indefinitely until the lock can be acquired. If the lock cannot be taken in the specified time the specified - command will not be executed and the invocation will fail. + command will not be executed and the invocation will fail. + + @@ -931,7 +973,9 @@ ordering key (i.e. they are shown in the order they'd be locked). Note that the number of lines printed here can be less than the number of and switches specified in case these resolve to the same "whole" - devices. + devices. + + diff --git a/man/ukify.xml b/man/ukify.xml index 5755cf8fa4..4c1ccca6b9 100644 --- a/man/ukify.xml +++ b/man/ukify.xml @@ -163,7 +163,9 @@ Load configuration from the given config file. In general, settings specified in the config file have lower precedence than the settings specified via options. In cases where the commandline option does not fully override the config file setting are explicitly mentioned in the - descriptions of individual options. + descriptions of individual options. + + @@ -193,6 +195,8 @@ Note that the name is used as-is, and if the section name should start with a dot, it must be included in NAME. + + @@ -217,19 +221,25 @@ Print a summary of loaded config and exit. This is useful to check how the options - form the configuration file and the commandline are combined. + form the configuration file and the commandline are combined. + + - Print all sections (with inspect verb). + Print all sections (with inspect verb). + + - Generate JSON output (with inspect verb). + Generate JSON output (with inspect verb). + + @@ -245,7 +255,9 @@ Linux=LINUX - A path to the kernel binary. + A path to the kernel binary. + + @@ -254,7 +266,9 @@ Zero or more initrd paths. In the configuration file, items are separated by whitespace. The initrds are combined in the order of specification, with the initrds specified in - the config file first. + the config file first. + + @@ -331,7 +345,9 @@ Whether to use sbsign or pesign. Depending on this choice, different parameters are required in order to sign an image. - Defaults to sbsign. + Defaults to sbsign. + + @@ -360,7 +376,9 @@ A path to a nss certificate database directory to use for signing of the resulting binary. Takes effect when SecureBootSigningTool=pesign/ is used. - Defaults to /etc/pki/pesign. + Defaults to /etc/pki/pesign. + + @@ -368,7 +386,9 @@ The name of the nss certificate database entry to use for signing of the resulting binary. - This option is required by SecureBootSigningTool=pesign/. + This option is required by SecureBootSigningTool=pesign/. + + @@ -376,7 +396,9 @@ Period of validity (in days) for a certificate created by - genkey. Defaults to 3650, i.e. 10 years. + genkey. Defaults to 3650, i.e. 10 years. + + @@ -413,7 +435,9 @@ uki,1,UKI,uki,1,https://www.freedesktop.org/software/systemd/man/systemd-stub.html will be used, to ensure it is always possible to revoke UKIs and addons. For more information on SBAT see Shim's documentation. - + + + diff --git a/man/userdbctl.xml b/man/userdbctl.xml index fbab8102c9..837b0c5ff6 100644 --- a/man/userdbctl.xml +++ b/man/userdbctl.xml @@ -68,6 +68,8 @@ classic and table show only the most important fields. Various modes also do not show password hashes. Use json to view all fields, including any authentication fields. + + @@ -78,7 +80,9 @@ precise display mode. Takes one of pretty or short. If pretty, human-friendly whitespace and newlines are inserted in the output to make the JSON data more readable. If short, all superfluous whitespace is - suppressed. + suppressed. + + @@ -87,7 +91,9 @@ Controls which services to query for users/groups. Takes a list of one or more service names, separated by :. See below for a list of well-known service - names. If not specified all available services are queried at once. + names. If not specified all available services are queried at once. + + @@ -96,7 +102,9 @@ Controls whether to include classic glibc/NSS user/group lookups in the output. If is used any attempts to resolve or enumerate users/groups provided only via glibc NSS is suppressed. If is specified such users/groups - are included in the output (which is the default). + are included in the output (which is the default). + + @@ -106,7 +114,9 @@ via the User/Group Record Lookup API via Varlink. If is used any attempts to resolve or enumerate users/groups provided only via Varlink are suppressed. If is - specified such users/groups are included in the output (which is the default). + specified such users/groups are included in the output (which is the default). + + @@ -117,7 +127,9 @@ /run/host/userdb/, /usr/lib/userdb/. If is used these records are suppressed. If is specified such users/groups are included in the output (which - is the default). + is the default). + + @@ -126,7 +138,9 @@ Controls whether to synthesize records for the root and nobody users/groups if they aren't defined otherwise. By default (or yes) such records are implicitly synthesized if otherwise missing since they have special significance to the OS. When - no this synthesizing is turned off. + no this synthesizing is turned off. + + @@ -135,7 +149,9 @@ This option is short for . Use this option to show only records that are natively defined as JSON user or group records, with all NSS/glibc compatibility and all implicit synthesis turned - off. + off. + + @@ -143,7 +159,9 @@ Controls whether to do lookups via the multiplexer service (if specified as true, the default) or do lookups in the client (if specified as false). Using the multiplexer service is - typically preferable, since it runs in a locked down sandbox. + typically preferable, since it runs in a locked down sandbox. + + @@ -151,7 +169,9 @@ When used with the ssh-authorized-keys command, this will allow passing an additional command line after the user name that is chain executed after the lookup - completed. This allows chaining multiple tools that show SSH authorized keys. + completed. This allows chaining multiple tools that show SSH authorized keys. + + @@ -172,14 +192,18 @@ user USER List all known users records or show details of one or more specified user - records. Use to tweak output mode. + records. Use to tweak output mode. + + group GROUP List all known group records or show details of one or more specified group - records. Use to tweak output mode. + records. Use to tweak output mode. + + @@ -187,7 +211,9 @@ List users that are members of the specified groups. If no groups are specified list all user/group memberships defined. Use to tweak output - mode. + mode. + + @@ -196,21 +222,27 @@ List groups that the specified users are members of. If no users are specified list all user/group memberships defined (in this case groups-of-user and users-in-group are equivalent). Use to tweak output - mode. + mode. + + services List all services currently providing user/group definitions to the system. See below - for a list of well-known services providing user information. + for a list of well-known services providing user information. + + ssh-authorized-keys Show SSH authorized keys for this account. This command is intended to be used to - allow the SSH daemon to pick up authorized keys from user records, see below. + allow the SSH daemon to pick up authorized keys from user records, see below. + + @@ -230,7 +262,9 @@ makes all users (and their groups) synthesized through the DynamicUser= setting in service unit files available to the system (see systemd.exec5 for - details about this setting). + details about this setting). + + @@ -239,7 +273,9 @@ This service is provided by systemd-homed.service8 and makes all users (and their groups) belonging to home directories managed by that service - available to the system. + available to the system. + + @@ -248,7 +284,9 @@ This service is provided by systemd-machined.service8 and synthesizes records for all users/groups used by a container that employs user - namespacing. + namespacing. + + @@ -261,7 +299,9 @@ can ask a single service for lookups instead of asking all running services in parallel. userdbctl uses this service preferably, too, unless or are used, in which case finer control over the services to talk to is - required. + required. + + @@ -276,7 +316,9 @@ automatically synthesize classic NSS/glibc user/group records from all JSON user/group records provided to the system, thus using both APIs is mostly equivalent and provides access to the same data, however the NSS/glibc APIs necessarily expose a more reduced set of fields - only. + only. + + @@ -286,7 +328,9 @@ systemd-userdbd.service8 and picks up JSON user/group records from /etc/userdb/, /run/userdb/, /run/host/userdb/, - /usr/lib/userdb/. + /usr/lib/userdb/. + + diff --git a/man/vconsole.conf.xml b/man/vconsole.conf.xml index 07959d837a..48001d3fb9 100644 --- a/man/vconsole.conf.xml +++ b/man/vconsole.conf.xml @@ -106,7 +106,9 @@ vconsole.keymap_toggle= Overrides KEYMAP= and KEYMAP_TOGGLE=. - + + + @@ -115,7 +117,9 @@ vconsole.font_unimap= Overrides FONT=, FONT_MAP=, and - FONT_UNIMAP=. + FONT_UNIMAP=. + + diff --git a/man/veritytab.xml b/man/veritytab.xml index 557d13e1ed..55b3458257 100644 --- a/man/veritytab.xml +++ b/man/veritytab.xml @@ -63,56 +63,72 @@ This is based on crypttab(5). - Use dm-verity with or without permanent on-disk superblock. + Use dm-verity with or without permanent on-disk superblock. + + Specifies the hash version type. Format type 0 is original Chrome OS version. Format type 1 is - modern version. + modern version. + + Used block size for the data device. (Note kernel supports only page-size as maximum - here; Multiples of 512 bytes.) + here; Multiples of 512 bytes.) + + Used block size for the hash device. (Note kernel supports only page-size as maximum - here; Multiples of 512 bytes.) + here; Multiples of 512 bytes.) + + Number of blocks of data device used in verification. If not specified, the whole device is - used. + used. + + Offset of hash area/superblock on hash-device. (Multiples of 512 bytes.) - + + + Salt used for format or verification. Format is a hexadecimal string; 256 bytes long maximum; - -is the special value for empty. + -is the special value for empty. + + Use the provided UUID for format command instead of generating new one. The UUID must be - provided in standard UUID format, e.g. 12345678-1234-1234-1234-123456789abc. + provided in standard UUID format, e.g. 12345678-1234-1234-1234-123456789abc. + + @@ -126,7 +142,9 @@ This is based on crypttab(5). corruption is only logged. With --restart-on-corruption or --panic-on-corruption the kernel is restarted (panicked) immediately. - (You have to provide way how to avoid restart loops.) + (You have to provide way how to avoid restart loops.) + + @@ -136,7 +154,9 @@ This is based on crypttab(5). return zeroes instead. WARNING: Use this option only in very specific cases. This option is available since Linux kernel version 4.5. - + + + @@ -147,14 +167,18 @@ This is based on crypttab(5). WARNING: It provides a reduced level of security because only offline tampering of the data device's content will be detected, not online tampering. This option is available since Linux kernel version 4.17. - + + + Hash algorithm for dm-verity. This should be the name of the algorithm, like "sha1". For default - see veritysetup --help. + see veritysetup --help. + + @@ -163,14 +187,18 @@ This is based on crypttab(5). Use forward error correction (FEC) to recover from corruption if hash verification fails. Use encoding data from the specified device. The fec device argument can be block device or file image. For format, if fec device path doesn't exist, it will be created as file. Note: block sizes for data and hash devices must - match. Also, if the verity data_device is encrypted the fec_device should be too. + match. Also, if the verity data_device is encrypted the fec_device should be too. + + This is the offset, in bytes, from the start of the FEC device to the beginning of the encoding - data. (Aligned on 512 bytes.) + data. (Aligned on 512 bytes.) + + @@ -178,6 +206,8 @@ This is based on crypttab(5). Number of generator roots. This equals to the number of parity bytes in the encoding data. In RS(M, N) encoding, the number of roots is M-N. M is 255 and M-N is between 2 and 24 (including). + + @@ -186,7 +216,9 @@ This is based on crypttab(5). A base64 string encoding the root hash signature prefixed by base64: or a path to roothash signature file used to verify the root hash (in kernel). This feature requires Linux kernel - version 5.4 or more recent. + version 5.4 or more recent. + + @@ -208,6 +240,8 @@ This is based on crypttab(5). will be pulled in by local-fs.target, while the service to configure the network is usually only started after the local file system has been mounted. + + @@ -218,7 +252,9 @@ This is based on crypttab(5). This means that it will not be automatically enabled on boot, unless something else pulls it in. In particular, if the device is used for a mount point, it'll be enabled automatically during boot, unless the mount point itself is also disabled with - . + . + + @@ -230,7 +266,9 @@ This is based on crypttab(5). unsuccessful. Note that other units that depend on the enabled device may still fail. In particular, if the device is used for a mount point, the mount point itself also needs to have the option, or the boot will fail if the device is not enabled - successfully. + successfully. + + @@ -249,6 +287,8 @@ This is based on crypttab(5). All other verity protected block devices that contain file systems mounted in the initrd should use this option. + + diff --git a/man/version-info.xml b/man/version-info.xml new file mode 100644 index 0000000000..836d47e95b --- /dev/null +++ b/man/version-info.xml @@ -0,0 +1,80 @@ + + + + + + Added in version 183. + Added in version 184. + Added in version 185. + Added in version 186. + Added in version 187. + Added in version 188. + Added in version 189. + Added in version 190. + Added in version 191. + Added in version 192. + Added in version 193. + Added in version 194. + Added in version 195. + Added in version 196. + Added in version 197. + Added in version 198. + Added in version 199. + Added in version 200. + Added in version 201. + Added in version 202. + Added in version 203. + Added in version 204. + Added in version 205. + Added in version 206. + Added in version 207. + Added in version 208. + Added in version 209. + Added in version 210. + Added in version 211. + Added in version 212. + Added in version 213. + Added in version 214. + Added in version 215. + Added in version 216. + Added in version 217. + Added in version 218. + Added in version 219. + Added in version 220. + Added in version 221. + Added in version 222. + Added in version 223. + Added in version 224. + Added in version 225. + Added in version 226. + Added in version 227. + Added in version 228. + Added in version 229. + Added in version 230. + Added in version 231. + Added in version 232. + Added in version 233. + Added in version 234. + Added in version 235. + Added in version 236. + Added in version 237. + Added in version 238. + Added in version 239. + Added in version 240. + Added in version 241. + Added in version 242. + Added in version 243. + Added in version 244. + Added in version 245. + Added in version 246. + Added in version 247. + Added in version 248. + Added in version 249. + Added in version 250. + Added in version 251. + Added in version 252. + Added in version 253. + Added in version 254. + Added in version 255. +