Merging upstream version 4.23.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 45 insertions, 8 deletions

diff --git a/upstream/opensuse-tumbleweed/man8/systemd-sysext.8 b/upstream/opensuse-tumbleweed/man8/systemd-sysext.8
index 7a498533..8d83408c 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-sysext.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-sysext.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-SYSEXT" "8" "" "systemd 254" "systemd-sysext"
+.TH "SYSTEMD\-SYSEXT" "8" "" "systemd 255" "systemd-sysext"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -146,8 +146,8 @@ systemd\-sysext\&.service
 is enabled\&. Note that this service runs only after the underlying file systems where system extensions may be located have been mounted\&. This means they are not suitable for shipping resources that are processed by subsystems running in earliest boot\&. Specifically, OS extension images are not suitable for shipping system services or
 \fBsystemd-sysusers\fR(8)
 definitions\&. See the
-\m[blue]\fBPortable Services Documentation\fR\m[]\&\s-2\u[2]\d\s+2
-for a simple mechanism for shipping system services in disk images, in a similar fashion to OS extensions\&. Note the different isolation on these two mechanisms: while system extension directly extend the underlying OS image with additional files that appear in a way very similar to as if they were shipped in the OS image itself and thus imply no security isolation, portable services imply service level sandboxing in one way or another\&. The
+\m[blue]\fBPortable Services\fR\m[]\&\s-2\u[2]\d\s+2
+page for a simple mechanism for shipping system services in disk images, in a similar fashion to OS extensions\&. Note the different isolation on these two mechanisms: while system extension directly extend the underlying OS image with additional files that appear in a way very similar to as if they were shipped in the OS image itself and thus imply no security isolation, portable services imply service level sandboxing in one way or another\&. The
 systemd\-sysext\&.service
 service is guaranteed to finish start\-up before
 basic\&.target
@@ -164,7 +164,7 @@ Note that there is no concept of enabling/disabling installed system extension i
 to "mask" an extension with the same name in a system folder with lower precedence\&.
 .PP
 A simple mechanism for version compatibility is enforced: a system extension image must carry a
-/usr/lib/extension\-release\&.d/extension\-release\&.\fI$name\fR
+/usr/lib/extension\-release\&.d/extension\-release\&.\fINAME\fR
 file, which must match its image name, that is compared with the host
 os\-release
 file: the contained
@@ -187,7 +187,11 @@ it has to match the kernel\*(Aqs architecture reported by
 but the used architecture identifiers are the same as for
 \fIConditionArchitecture=\fR
 described in
-\fBsystemd.unit\fR(5)\&. System extensions should not ship a
+\fBsystemd.unit\fR(5)\&.
+\fIEXTENSION_RELOAD_MANAGER=\fR
+can be set to 1 if the extension requires a service manager reload after application of the extension\&. Note that for the reasons mentioned earlier:
+\m[blue]\fBPortable Services\fR\m[]\&\s-2\u[2]\d\s+2
+remain the recommended way to ship system services\&. System extensions should not ship a
 /usr/lib/os\-release
 file (as that would be merged into the host
 /usr/
@@ -228,8 +232,10 @@ and
 suffix are considered disk image based confext images\&.
 .PP
 Again, just like sysext images, the confext images will contain a
-/etc/extension\-release\&.d/extension\-release\&.\fI$name\fR
-file, which must match the image name (with the usual escape hatch of xattr), and again with content being one or more of
+/etc/extension\-release\&.d/extension\-release\&.\fINAME\fR
+file, which must match the image name (with the usual escape hatch of the
+\fIuser\&.extension\-release\&.strict\fR
+\fBxattr\fR(7)), and again with content being one or more of
 \fIID=\fR,
 \fIVERSION_ID=\fR, and
 \fICONFEXT_LEVEL\fR\&. Confext images will then be checked and matched against the base OS layer\&.
@@ -264,6 +270,8 @@ and
 of sysext and for
 /etc/
 of confext)\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fBmerge\fR
@@ -276,6 +284,8 @@ and
 file system combining the underlying hierarchies with those included in the extension images\&. This command will fail if the hierarchies are already merged\&. For confext, the merge happens into the
 /etc/
 directory instead\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fBunmerge\fR
@@ -290,6 +300,8 @@ for sysext and
 file systems created by
 \fBmerge\fR
 prior\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fBrefresh\fR
@@ -308,11 +320,15 @@ is executed, without establishing any new
 instance\&. Note that currently there\*(Aqs a brief moment where neither the old nor the new
 "overlayfs"
 file system is mounted\&. This implies that all resources supplied by a system extension will briefly disappear \(em even if it exists continuously during the refresh operation\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fBlist\fR
 .RS 4
 A brief list of installed extension images is shown\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -337,6 +353,8 @@ and
 hierarchies for sysext or
 /etc/
 for confext, but below some specified root directory\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fB\-\-force\fR
@@ -348,6 +366,8 @@ and
 for sysext and
 /etc/
 for confext, ignore version incompatibilities, i\&.e\&. force merging regardless of whether the version information included in the images matches the host or not\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fB\-\-image\-policy=\fR\fB\fIpolicy\fR\fR
@@ -362,6 +382,8 @@ file systems in the image are used\&. For configuration extensions defaults to
 /\&.extra/sysext/
 directory a slightly stricter policy is used by default:
 "root=signed+absent:usr=signed+absent", see above for details\&.
+.sp
+Added in version 254\&.
 .RE
 .PP
 \fB\-\-noexec=\fR\fIBOOL\fR
@@ -371,6 +393,21 @@ When merging configuration extensions into
 the
 "MS_NOEXEC"
 mount flag is used by default\&. This option can be used to disable it\&.
+.sp
+Added in version 254\&.
+.RE
+.PP
+\fB\-\-no\-reload\fR
+.RS 4
+When used with
+\fBmerge\fR,
+\fBunmerge\fR
+or
+\fBrefresh\fR, do not reload daemon after executing the changes even if an extension that is applied requires a reload via the
+\fIEXTENSION_RELOAD_MANAGER=\fR
+set to 1\&.
+.sp
+Added in version 255\&.
 .RE
 .PP
 \fB\-\-no\-pager\fR
@@ -408,7 +445,7 @@ Discoverable Partitions Specification
 \%https://uapi-group.org/specifications/specs/discoverable_partitions_specification
 .RE
 .IP " 2." 4
-Portable Services Documentation
+Portable Services
 .RS 4
 \%https://systemd.io/PORTABLE_SERVICES
 .RE