From c30e4ee961e72640cc55cbd500475a03308de1b9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 30 May 2024 04:22:44 +0200 Subject: Adding upstream version 252.25. Signed-off-by: Daniel Baumann --- man/common-variables.xml | 8 ++++- man/custom-html.xsl | 6 ++-- man/daemon.xml | 2 +- man/event-quick-child.c | 2 +- man/hwdb-usb-device.c | 6 ++-- man/org.freedesktop.resolve1.xml | 39 +++++++++++++++------- man/path-documents.c | 2 +- man/portablectl.xml | 4 +-- man/sd_bus_error-example.c | 2 +- man/sd_event_add_io.xml | 24 ++++++++------ man/sd_journal_get_cursor.xml | 15 +++++---- man/sd_journal_seek_head.xml | 10 ++++-- man/systemctl.xml | 68 ++++++++++++++++++++++++-------------- man/systemd-bless-boot.service.xml | 2 +- man/systemd-journald.service.xml | 16 +++++++++ man/systemd-socket-proxyd.xml | 5 +++ man/systemd-timedated.service.xml | 4 +-- man/systemd.exec.xml | 23 ++++++++----- man/systemd.journal-fields.xml | 17 +++++++--- man/systemd.network.xml | 13 ++++---- man/systemd.resource-control.xml | 16 +++++++-- man/systemd.socket.xml | 2 +- 22 files changed, 190 insertions(+), 96 deletions(-) (limited to 'man') diff --git a/man/common-variables.xml b/man/common-variables.xml index 0e220b3..4d2092f 100644 --- a/man/common-variables.xml +++ b/man/common-variables.xml @@ -129,6 +129,9 @@ + Note that setting the regular $LESS environment variable has no effect + for less invocations by systemd tools. + See less1 for more discussion. @@ -138,7 +141,10 @@ $SYSTEMD_LESSCHARSET Override the charset passed to less (by default utf-8, if - the invoking terminal is determined to be UTF-8 compatible). + the invoking terminal is determined to be UTF-8 compatible). + + Note that setting the regular $LESSCHARSET environment variable has no effect + for less invocations by systemd tools. diff --git a/man/custom-html.xsl b/man/custom-html.xsl index 8b21e15..2373bc3 100644 --- a/man/custom-html.xsl +++ b/man/custom-html.xsl @@ -81,13 +81,11 @@ - https://www.archlinux.org/ - - / + https://man.archlinux.org/man/ . - .html + .en.html diff --git a/man/daemon.xml b/man/daemon.xml index f2b3f6f..c93a7ce 100644 --- a/man/daemon.xml +++ b/man/daemon.xml @@ -75,7 +75,7 @@ create an independent session. In the child, call fork() again, to ensure that the daemon can - never re-acquire a terminal again. (This relevant if the program — and all its dependencies — does + never re-acquire a terminal again. (This is relevant if the program — and all its dependencies — does not carefully specify `O_NOCTTY` on each and every single `open()` call that might potentially open a TTY device node.) diff --git a/man/event-quick-child.c b/man/event-quick-child.c index 8195efb..b95ee1b 100644 --- a/man/event-quick-child.c +++ b/man/event-quick-child.c @@ -3,7 +3,7 @@ #include #include #include -#include +#include int main(int argc, char **argv) { pid_t pid = fork(); diff --git a/man/hwdb-usb-device.c b/man/hwdb-usb-device.c index 19a5db8..facd8c4 100644 --- a/man/hwdb-usb-device.c +++ b/man/hwdb-usb-device.c @@ -2,16 +2,16 @@ #include #include -#include +#include int print_usb_properties(uint16_t vid, uint16_t pid) { - char match[STRLEN("usb:vp") + DECIMAL_STR_MAX(uint16_t) * 2]; + char match[128]; sd_hwdb *hwdb; const char *key, *value; int r; /* Match this USB vendor and product ID combination */ - xsprintf(match, "usb:v%04Xp%04X", vid, pid); + snprintf(match, sizeof match, "usb:v%04Xp%04X", vid, pid); r = sd_hwdb_new(&hwdb); if (r < 0) diff --git a/man/org.freedesktop.resolve1.xml b/man/org.freedesktop.resolve1.xml index 54f0a18..e6bc573 100644 --- a/man/org.freedesktop.resolve1.xml +++ b/man/org.freedesktop.resolve1.xml @@ -156,16 +156,6 @@ node /org/freedesktop/resolve1 { }; - - - - - - - - - - @@ -433,6 +423,30 @@ node /org/freedesktop/resolve1 { The RevertLink() method may be used to revert all per-link settings described above to the defaults. + The FlushCaches() flushes all resource record caches maintained by the + resolver, and ensures that any subsequent lookups re-request their responses from their sources. + + The ResetServerFeatures() flushes any feature information learned about + remote DNS servers. This ensures that subsequent lookups will be initially attempted at the highest DNS + protocol feature level again, possibly requiring a (potentially slow) downgrade cycle to recognize the + supported feature level again. + + The RegisterService() method may be used to register a DNS-SD service on the + host. This functionality is closely related to the functionality provided by + systemd.dnssd5 + files. It takes a server identifier string as first parameter (this is jus a local identifier, and + should be chosen so that it neither collides with the basename of *.dnssd files + nor with names chosen by other IPC clients). It also takes a name template string for the DNS-SD + service name visible on the network. This string is subject to specifier expansation, as documented for + the Name= setting in *.dnssd files. It also takes a service + type string containing the DNS-SD service type, as well as an IP port, a priority/weight pair for the + DNS-SD SRV record. Finally, it takes an array of TXT record data. It returns an object path which may be + used as handle to the registered service. + + The UnregisterService() method undoes the effect of + RegisterService() and deletes a DNS-SD service previously created via IPC + again. + The Flags Parameter @@ -634,6 +648,9 @@ node /org/freedesktop/resolve1 { enabled. Possible values are yes (enabled), no (disabled), udp (only the UDP listener is enabled), and tcp (only the TCP listener is enabled). + + The DNSSECNegativeTrustAnchors property contains a list of recognized DNSSEC + negative trust anchors and contains a list of domains. @@ -688,8 +705,6 @@ node /org/freedesktop/resolve1/link/_1 { }; - - diff --git a/man/path-documents.c b/man/path-documents.c index a357dd6..994f20b 100644 --- a/man/path-documents.c +++ b/man/path-documents.c @@ -2,7 +2,7 @@ #include #include -#include +#include int main(void) { int r; diff --git a/man/portablectl.xml b/man/portablectl.xml index 963361e..267ea09 100644 --- a/man/portablectl.xml +++ b/man/portablectl.xml @@ -45,12 +45,12 @@ within the file system context of the image. Portable service images are an efficient way to bundle multiple related services and other units together, - and transfer them as a whole between systems. When these images are attached the local system the contained units + and transfer them as a whole between systems. When these images are attached to the local system, the contained units may run in most ways like regular system-provided units, either with full privileges or inside strict sandboxing, depending on the selected configuration. For more details, see Portable Services. - Specifically portable service images may be of the following kind: + Portable service images may be of the following kinds: Directory trees containing an OS, including the top-level directories /usr/, diff --git a/man/sd_bus_error-example.c b/man/sd_bus_error-example.c index 9b162eb..4b5217c 100644 --- a/man/sd_bus_error-example.c +++ b/man/sd_bus_error-example.c @@ -3,7 +3,7 @@ #include #include #include -#include +#include int writer_with_negative_errno_return(int fd, sd_bus_error *error) { const char *message = "Hello, World!\n"; diff --git a/man/sd_event_add_io.xml b/man/sd_event_add_io.xml index 383a58a..238ca08 100644 --- a/man/sd_event_add_io.xml +++ b/man/sd_event_add_io.xml @@ -217,16 +217,20 @@ source object and returns the non-negative file descriptor or a negative error number on error (see below). - sd_event_source_set_io_fd() - changes the UNIX file descriptor of an I/O event source created - previously with sd_event_add_io(). It takes - the event source object and the new file descriptor. - - sd_event_source_set_io_fd_own() controls whether the file descriptor of the event source - shall be closed automatically when the event source is freed, i.e. whether it shall be considered 'owned' by the - event source object. By default it is not closed automatically, and the application has to do this on its own. The - b parameter is a boolean parameter: if zero, the file descriptor is not closed automatically - when the event source is freed, otherwise it is closed. + sd_event_source_set_io_fd() changes the UNIX file descriptor of an I/O event + source created previously with sd_event_add_io(). It takes the event source object + and the new file descriptor. If the event source takes the ownership of the previous file descriptor, + that is, sd_event_source_set_io_fd_own() was called for the event source with a + non-zero value, then the previous file descriptor will be closed and the event source will also take the + ownership of the new file descriptor on success. + + sd_event_source_set_io_fd_own() controls whether the file descriptor of the + event source shall be closed automatically when the event source is freed (or when the file descriptor + assigned to the event source is replaced by sd_event_source_set_io_fd()), i.e. + whether it shall be considered 'owned' by the event source object. By default it is not closed + automatically, and the application has to do this on its own. The b parameter is a + boolean parameter: if zero, the file descriptor is not closed automatically when the event source is + freed, otherwise it is closed. sd_event_source_get_io_fd_own() may be used to query the current setting of the file descriptor ownership boolean flag as set with sd_event_source_set_io_fd_own(). It returns diff --git a/man/sd_journal_get_cursor.xml b/man/sd_journal_get_cursor.xml index acaba06..5620d18 100644 --- a/man/sd_journal_get_cursor.xml +++ b/man/sd_journal_get_cursor.xml @@ -61,12 +61,6 @@ and should be freed after use with free3. - Note that sd_journal_get_cursor() will - not work before - sd_journal_next3 - (or related call) has been called at least once, in order to - position the read pointer at a valid entry. - sd_journal_test_cursor() may be used to check whether the current position in the journal matches the specified cursor. This is @@ -75,10 +69,17 @@ multiple different cursor strings, and hence string comparing cursors is not possible. Use this call to verify after an invocation of - sd_journal_seek_cursor3 + sd_journal_seek_cursor3, whether the entry being sought to was actually found in the journal or the next closest entry was used instead. + + Note that sd_journal_get_cursor() + and sd_journal_test_cursor() + will not work before + sd_journal_next3 + (or one of the other functions which move to an entry) + has been called at least once to position the read pointer at a valid entry. diff --git a/man/sd_journal_seek_head.xml b/man/sd_journal_seek_head.xml index 869889a..e95b697 100644 --- a/man/sd_journal_seek_head.xml +++ b/man/sd_journal_seek_head.xml @@ -82,8 +82,7 @@ string. For details on cursors, see sd_journal_get_cursor3. If no entry matching the specified cursor is found the call will seek to the next closest entry (in terms - of time) instead. To verify whether the newly selected entry actually matches the cursor, use - sd_journal_test_cursor3. + of time) instead. Note that these calls do not actually make any entry the new current entry, this needs to be done in a separate step with a subsequent @@ -97,6 +96,13 @@ used, the closest following entry will be sought to, if sd_journal_previous3 is used the closest preceding entry is sought to. + + After the seek is done, and + sd_journal_next3 + or a similar call has been made, + sd_journal_test_cursor3 + may be used to verify whether the newly selected entry actually matches the cursor. + diff --git a/man/systemctl.xml b/man/systemctl.xml index 00ae580..862609f 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -1176,46 +1176,64 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err show-environment - Dump the systemd manager environment block. This is the environment - block that is passed to all processes the manager spawns. The environment - block will be dumped in straightforward form suitable for sourcing into - most shells. If no special characters or whitespace is present in the variable - values, no escaping is performed, and the assignments have the form - VARIABLE=value. If whitespace or characters which have - special meaning to the shell are present, dollar-single-quote escaping is - used, and assignments have the form VARIABLE=$'value'. - This syntax is known to be supported by - bash1, - zsh1, - ksh1, - and - busybox1's - ash1, - but not - dash1 - or - fish1. + Dump the systemd manager environment block. This is the environment block that is passed to + all processes the manager spawns. The environment block will be dumped in straightforward form + suitable for sourcing into most shells. If no special characters or whitespace is present in the + variable values, no escaping is performed, and the assignments have the form + VARIABLE=value. If whitespace or characters which have special meaning to the + shell are present, dollar-single-quote escaping is used, and assignments have the form + VARIABLE=$'value'. This syntax is known to be supported by bash1, + zsh1, + ksh1, and + busybox1's + ash1, but + not dash1 or + fish1. + + Note that this shows the effective block, i.e. the combination of + environment variables configured via configuration files, environment generators and via IPC + (i.e. via the set-environment described below). At the moment a unit process + is forked off this combined environment block will be further combined with per-unit environment + variables, which are not visible in this command. set-environment VARIABLE=VALUE - Set one or more systemd manager environment variables, as specified on the command + Set one or more service manager environment variables, as specified on the command line. This command will fail if variable names and values do not conform to the rules listed above. + + Note that this operates on an environment block separate from the environment block + configured from service manager configuration and environment generators. Whenever a process is + invoked the two blocks are combined (also incorporating any per-service environment variables), + and passed to it. The show-environment verb will show the combination of the + blocks, see above. unset-environment VARIABLE - Unset one or more systemd manager environment - variables. If only a variable name is specified, it will be - removed regardless of its value. If a variable and a value - are specified, the variable is only removed if it has the - specified value. + Unset one or more systemd manager environment variables. If only a variable name is + specified, it will be removed regardless of its value. If a variable and a value are specified, + the variable is only removed if it has the specified value. + + Note that this operates on an environment block separate from the environment block + configured from service manager configuration and environment generators. Whenever a process is + invoked the two blocks are combined (also incorporating any per-service environment variables), + and passed to it. The show-environment verb will show the combination of the + blocks, see above. Note that this means this command cannot be used to unset environment + variables defined in the service manager configuration files or via generators. diff --git a/man/systemd-bless-boot.service.xml b/man/systemd-bless-boot.service.xml index bccf22c..f9720c8 100644 --- a/man/systemd-bless-boot.service.xml +++ b/man/systemd-bless-boot.service.xml @@ -37,7 +37,7 @@ boot counting is used. Internally, the service operates based on the LoaderBootCountPath EFI variable (of the - vendor UUID 4a67b082-0a4c-41cf-b6c7-440b29bb8c4), which is passed from the boot loader to the + vendor UUID 4a67b082-0a4c-41cf-b6c7-440b29bb8c4f), which is passed from the boot loader to the OS. It contains a file system path (relative to the EFI system partition) of the Boot Loader Specification compliant boot loader entry file or unified kernel image file that was used to boot up the diff --git a/man/systemd-journald.service.xml b/man/systemd-journald.service.xml index 8fa8644..b81dca9 100644 --- a/man/systemd-journald.service.xml +++ b/man/systemd-journald.service.xml @@ -236,6 +236,22 @@ systemd-tmpfiles --create --prefix /var/log/journal + + + systemd.journald.max_level_store= + systemd.journald.max_level_syslog= + systemd.journald.max_level_kmsg= + systemd.journald.max_level_console= + systemd.journald.max_level_wall= + systemd.journald.max_level_socket= + + Controls the maximum log level of messages that are stored in the journal, forwarded + to syslog, kmsg, the console, the wall, or a socket. This kernel command line options override the + settings of the same names in the + journald.conf5 + file. + + Note that these kernel command line options are only honoured by the default namespace, see diff --git a/man/systemd-socket-proxyd.xml b/man/systemd-socket-proxyd.xml index e512a43..e6ef7b0 100644 --- a/man/systemd-socket-proxyd.xml +++ b/man/systemd-socket-proxyd.xml @@ -53,6 +53,11 @@ Accept=no and an event-driven design that scales better with the number of connections. + + Note that systemd-socket-proxyd will not forward socket side channel + information, i.e. will not forward SCM_RIGHTS, SCM_CREDENTIALS, + SCM_SECURITY, SO_PEERCRED, SO_PEERPIDFD, + SO_PEERSEC, SO_PEERGROUPS and similar. Options diff --git a/man/systemd-timedated.service.xml b/man/systemd-timedated.service.xml index 112bdf3..c0314d5 100644 --- a/man/systemd-timedated.service.xml +++ b/man/systemd-timedated.service.xml @@ -63,7 +63,7 @@ List of network time synchronization services - systemd-timesyncd will look for files with a .list extension + systemd-timedated will look for files with a .list extension in ntp-units.d/ directories. Each file is parsed as a list of unit names, one per line. Empty lines and lines with comments (#) are ignored. Files are read from /usr/lib/systemd/ntp-units.d/ and the corresponding directories under @@ -82,7 +82,7 @@ systemd-timesyncd.service If the environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is set, - systemd-timesyncd will parse the contents of that variable as a colon-separated list + systemd-timedated will parse the contents of that variable as a colon-separated list of unit names. When set, this variable overrides the file-based list described above. diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index d3b64e9..0aad217 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1240,6 +1240,11 @@ CapabilityBoundingSet=~CAP_B CAP_C accessible to privileged processes. However, most namespacing settings, that will not work on their own in user services, will work when used in conjunction with PrivateUsers=. + Note that the various options that turn directories read-only (such as + ProtectSystem=, ReadOnlyPaths=, …) do not affect the ability for + programs to connect to and communicate with AF_UNIX sockets in these + directores. These options cannot be used to lock down access to IPC services hence. + @@ -1253,14 +1258,16 @@ CapabilityBoundingSet=~CAP_B CAP_C mounted read-only, except for the API file system subtrees /dev/, /proc/ and /sys/ (protect these directories using PrivateDevices=, ProtectKernelTunables=, - ProtectControlGroups=). This setting ensures that any modification of the vendor-supplied - operating system (and optionally its configuration, and local mounts) is prohibited for the service. It is - recommended to enable this setting for all long-running services, unless they are involved with system updates - or need to modify the operating system in other ways. If this option is used, - ReadWritePaths= may be used to exclude specific directories from being made read-only. This - setting is implied if DynamicUser= is set. This setting cannot ensure protection in all - cases. In general it has the same limitations as ReadOnlyPaths=, see below. Defaults to - off. + ProtectControlGroups=). This setting ensures that any modification of the + vendor-supplied operating system (and optionally its configuration, and local mounts) is prohibited + for the service. It is recommended to enable this setting for all long-running services, unless they + are involved with system updates or need to modify the operating system in other ways. If this option + is used, ReadWritePaths= may be used to exclude specific directories from being + made read-only. Similar, StateDirectory=, LogsDirectory=, … and + related directory settings (see below) also exclude the specific directories from the effect of + ProtectSystem=. This setting is implied if DynamicUser= is + set. This setting cannot ensure protection in all cases. In general it has the same limitations as + ReadOnlyPaths=, see below. Defaults to off. diff --git a/man/systemd.journal-fields.xml b/man/systemd.journal-fields.xml index caedb6e..7e72701 100644 --- a/man/systemd.journal-fields.xml +++ b/man/systemd.journal-fields.xml @@ -491,8 +491,7 @@ OBJECT_PID=PID - PID of the program that this message pertains to. - + PID of the program that this message pertains to. @@ -510,9 +509,8 @@ OBJECT_SYSTEMD_UNIT= OBJECT_SYSTEMD_USER_UNIT= - These are additional fields added automatically by - systemd-journald. Their meaning is the - same as + These are additional fields added automatically by systemd-journald. + Their meaning is the same as _UID=, _GID=, _COMM=, @@ -530,6 +528,15 @@ process which logged the message. + + + OBJECT_SYSTEMD_INVOCATION_ID= + + An additional field added automatically by systemd-journald. The meaning + is mostly the same as _SYSTEMD_INVOCATION_ID=, with the difference described + above. + + diff --git a/man/systemd.network.xml b/man/systemd.network.xml index e1c050f..8434247 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -354,13 +354,12 @@ LinkLocalAddressing= - Enables link-local address autoconfiguration. Accepts , - , , and . An IPv6 link-local - address is configured when or . An IPv4 link-local - address is configured when or and when DHCPv4 - autoconfiguration has been unsuccessful for some time. (IPv4 link-local address - autoconfiguration will usually happen in parallel with repeated attempts to acquire a DHCPv4 - lease). + Enables link-local address autoconfiguration. Accepts a boolean, , + and . An IPv6 link-local address is configured when + or . An IPv4 link-local address is configured when + or and when DHCPv4 autoconfiguration has been unsuccessful for some time. + (IPv4 link-local address autoconfiguration will usually happen in parallel with repeated attempts + to acquire a DHCPv4 lease). Defaults to when KeepMaster= or Bridge= is set or when the specified diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index 48e7c52..f5b6b82 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -632,6 +632,9 @@ CPUWeight=20 DisableControllers=cpu / \ The system default for this setting may be controlled with DefaultIPAccounting= in systemd-system.conf5. + + Note that this functionality is currently only available for system services, not for + per-user services. @@ -828,8 +831,10 @@ BPFProgram=bind6:/sys/fs/bpf/sock-addr-hook SocketBindDeny=bind-rule - Allow or deny binding a socket address to a socket by matching it with the bind-rule and - applying a corresponding action if there is a match. + Configures restrictions on the ability of unit processes to invoke bind2 on a + socket. Both allow and deny rules may defined that restrict which addresses a socket may be bound + to. bind-rule describes socket properties such as address-family, transport-protocol and ip-ports. @@ -876,6 +881,13 @@ BPFProgram=bind6:/sys/fs/bpf/sock-addr-hook The feature is implemented with cgroup/bind4 and cgroup/bind6 cgroup-bpf hooks. + + Note that these settings apply to any bind2 + system call invocation by the unit processes, regardless in which network namespace they are + placed. Or in other words: changing the network namespace is not a suitable mechanism for escaping + these restrictions on bind(). + Examples:… # Allow binding IPv6 socket addresses with a port greater than or equal to 10000. [Service] diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index 69aa9f3..e506fee 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -724,7 +724,7 @@ TCPCongestion= Takes a string value. Controls the TCP congestion algorithm used by this - socket. Should be one of westwood, veno, + socket. Should be one of westwood, reno, cubic, lp or any other available algorithm supported by the IP stack. This setting applies only to stream sockets. -- cgit v1.2.3