diff options
Diffstat (limited to 'upstream/opensuse-leap-15-6/man5')
30 files changed, 1195 insertions, 822 deletions
diff --git a/upstream/opensuse-leap-15-6/man5/adjtime_config.5 b/upstream/opensuse-leap-15-6/man5/adjtime_config.5 deleted file mode 100644 index e1c1d966..00000000 --- a/upstream/opensuse-leap-15-6/man5/adjtime_config.5 +++ /dev/null @@ -1,88 +0,0 @@ -'\" t -.\" Title: adjtime_config -.\" Author: [see the "AUTHOR(S)" section] -.\" Generator: Asciidoctor 2.0.15 -.\" Date: 2022-02-14 -.\" Manual: File formats -.\" Source: util-linux 2.37.4 -.\" Language: English -.\" -.TH "ADJTIME_CONFIG" "5" "2022-02-14" "util\-linux 2.37.4" "File formats" -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.ss \n[.ss] 0 -.nh -.ad l -.de URL -\fI\\$2\fP <\\$1>\\$3 -.. -.als MTO URL -.if \n[.g] \{\ -. mso www.tmac -. am URL -. ad l -. . -. am MTO -. ad l -. . -. LINKSTYLE blue R < > -.\} -.SH "NAME" -adjtime_config \- information about hardware clock setting and drift factor -.SH "SYNOPSIS" -.sp -\fI/etc/adjtime\fP -.SH "DESCRIPTION" -.sp -The file \fI/etc/adjtime\fP contains descriptive information about the hardware mode clock setting and clock drift factor. The file is read and write by \fBhwclock\fP(8); and read by programs like rtcwake to get RTC time mode. -.sp -The file is usually located in \fI/etc\fP, but tools like \fBhwclock\fP(8) or \fBrtcwake\fP(8) can use alternative location by command line options if write access to \fI/etc\fP is unwanted. The default clock mode is "UTC" if the file is missing. -.sp -The Hardware Clock is usually not very accurate. However, much of its inaccuracy is completely predictable \- it gains or loses the same amount of time every day. This is called systematic drift. The util \fBhwclock\fP(8) keeps the file \fI/etc/adjtime\fP, that keeps some historical information. For more details see "\fBThe Adjust Function\fP" and "\fBThe Adjtime File\fP" sections from \fBhwclock\fP(8) man page. -.sp -The format of the adjtime file is, in ASCII. -.SS "First line" -.sp -Three numbers, separated by blanks: -.sp -\fBdrift factor\fP -.RS 4 -the systematic drift rate in seconds per day (floating point decimal) -.RE -.sp -\fBlast adjust time\fP -.RS 4 -the resulting number of seconds since 1969 UTC of most recent adjustment or calibration (decimal integer) -.RE -.sp -\fBadjustment status\fP -.RS 4 -zero (for compatibility with \fBclock\fP(8)) as a floating point decimal -.RE -.SS "Second line" -.sp -\fBlast calibration time\fP -.RS 4 -The resulting number of seconds since 1969 UTC of most recent calibration. Zero if there has been no calibration yet or it is known that any previous calibration is moot (for example, because the Hardware Clock has been found, since that calibration, not to contain a valid time). This is a decimal integer. -.RE -.SS "Third line" -.sp -\fBclock mode\fP -.RS 4 -Supported values are \fBUTC\fP or \fBLOCAL\fP. Tells whether the Hardware Clock is set to Coordinated Universal Time or local time. You can always override this value with options on the \fBhwclock\fP(8) command line. -.RE -.SH "FILES" -.sp -\fI/etc/adjtime\fP -.SH "SEE ALSO" -.sp -\fBhwclock\fP(8), -\fBrtcwake\fP(8) -.SH "REPORTING BUGS" -.sp -For bug reports, use the issue tracker at \c -.URL "https://github.com/karelzak/util\-linux/issues" "" "." -.SH "AVAILABILITY" -.sp -\fBadjtime_config\fP is part of the util\-linux package which can be downloaded from \c -.URL "https://www.kernel.org/pub/linux/utils/util\-linux/" "Linux Kernel Archive" "."
\ No newline at end of file diff --git a/upstream/opensuse-leap-15-6/man5/binfmt.d.5 b/upstream/opensuse-leap-15-6/man5/binfmt.d.5 index 8157ff76..27e746ec 100644 --- a/upstream/opensuse-leap-15-6/man5/binfmt.d.5 +++ b/upstream/opensuse-leap-15-6/man5/binfmt.d.5 @@ -70,7 +70,12 @@ Packages should install their configuration files in /usr/local/lib/ (local installs)\&. Files in /etc/ -are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. It is recommended to prefix all filenames with a two\-digit number and a dash, to simplify the ordering of the files\&. +are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. It is recommended to prefix all filenames with a two\-digit number and a dash, to simplify the ordering of the files\&. It is recommended to use the range 10\-40 for configuration files in +/usr/ +and the range 60\-90 for configuration files in +/etc/ +and +/run/, to make sure that local and transient configuration files will always take priority over configuration files shipped by the OS vendor\&. .PP If the administrator wants to disable a configuration file supplied by the vendor, the recommended way is to place a symlink to /dev/null diff --git a/upstream/opensuse-leap-15-6/man5/coredump.conf.5 b/upstream/opensuse-leap-15-6/man5/coredump.conf.5 index 2adef112..0b07e69e 100644 --- a/upstream/opensuse-leap-15-6/man5/coredump.conf.5 +++ b/upstream/opensuse-leap-15-6/man5/coredump.conf.5 @@ -64,7 +64,12 @@ configuration subdirectories are sorted by their filename in lexicographic order When packages need to customize the configuration, they can install drop\-ins under /usr/\&. Files in /etc/ -are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defined a concept of drop\-in priority to allow distributions to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. +are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defines a concept of drop\-in priorities to allow OS vendors to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. It is recommended to use the range 10\-40 for drop\-ins in +/usr/ +and the range 60\-90 for drop\-ins in +/etc/ +and +/run/, to make sure that local and transient drop\-ins take priority over drop\-ins shipped by the OS vendor\&. .PP To disable a configuration file supplied by the vendor, the recommended way is to place a symlink to /dev/null diff --git a/upstream/opensuse-leap-15-6/man5/environment.d.5 b/upstream/opensuse-leap-15-6/man5/environment.d.5 index 264faad5..92c2ecc7 100644 --- a/upstream/opensuse-leap-15-6/man5/environment.d.5 +++ b/upstream/opensuse-leap-15-6/man5/environment.d.5 @@ -36,7 +36,7 @@ environment.d \- Definition of user service environment .PP Configuration files in the environment\&.d/ -directories contain lists of environment variable assignments for services started by the systemd user instance\&. +directories contain lists of environment variable assignments passed to services started by the systemd user instance\&. \fBsystemd-environment-d-generator\fR(8) parses them and updates the environment exported by the systemd user instance\&. See below for an discussion of which processes inherit those variables\&. .PP @@ -71,7 +71,12 @@ Packages should install their configuration files in /usr/local/lib/ (local installs)\&. Files in /etc/ -are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. It is recommended to prefix all filenames with a two\-digit number and a dash, to simplify the ordering of the files\&. +are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. It is recommended to prefix all filenames with a two\-digit number and a dash, to simplify the ordering of the files\&. It is recommended to use the range 10\-40 for configuration files in +/usr/ +and the range 60\-90 for configuration files in +/etc/ +and +/run/, to make sure that local and transient configuration files will always take priority over configuration files shipped by the OS vendor\&. .PP If the administrator wants to disable a configuration file supplied by the vendor, the recommended way is to place a symlink to /dev/null @@ -124,17 +129,19 @@ are ignored\&. .\} .SH "APPLICABILITY" .PP -Environment variables exported by the user manager (\fBsystemd \-\-user\fR +Environment variables exported by the user service manager (\fBsystemd \-\-user\fR instance started in the user@\fIuid\fR\&.service -system service) apply to any services started by that manager\&. In particular, this may include services which run user shells\&. For example in the GNOME environment, the graphical terminal emulator runs as the +system service) are passed to any services started by that service manager\&. In particular, this may include services which run user shells\&. For example in the GNOME environment, the graphical terminal emulator runs as the gnome\-terminal\-server\&.service -user unit, which in turn runs the user shell, so that shell will inherit environment variables exported by the user manager\&. For other instances of the shell, not launched by the user manager, the environment they inherit is defined by the program that starts them\&. Hint: in general, +user unit, which in turn runs the user shell, so that shell will inherit environment variables exported by the user manager\&. For other instances of the shell, not launched by the user service manager, the environment they inherit is defined by the program that starts them\&. Hint: in general, \fBsystemd.service\fR(5) units contain programs launched by systemd, and \fBsystemd.scope\fR(5) units contain programs launched by something else\&. .PP +Note that these files do not affect the environment block of the service manager itself, but exclusively the environment blocks passed to the services it manages\&. Environment variables set that way thus cannot be used to influence behaviour of the service manager\&. In order to make changes to the service manager\*(Aqs environment block the environment must be modified before the user\*(Aqs service manager is invoked, for example from the system service manager or via a PAM module\&. +.PP Specifically, for ssh logins, the \fBsshd\fR(8) service builds an environment that is a combination of variables forwarded from the remote system and defined by diff --git a/upstream/opensuse-leap-15-6/man5/exports.5 b/upstream/opensuse-leap-15-6/man5/exports.5 index d8de6bec..b7582776 100644 --- a/upstream/opensuse-leap-15-6/man5/exports.5 +++ b/upstream/opensuse-leap-15-6/man5/exports.5 @@ -125,16 +125,66 @@ In that case you may include multiple sec= options, and following options will be enforced only for access using flavors listed in the immediately preceding sec= option. The only options that are permitted to vary in this way are ro, rw, no_root_squash, root_squash, and all_squash. +.SS Transport layer security +The Linux NFS server allows the use of RPC-with-TLS (RFC 9289) to +protect RPC traffic between itself and its clients. +Alternately, administrators can secure NFS traffic using a VPN, +or an ssh tunnel or similar mechanism, in a way that is transparent +to the server. .PP +To enable the use of RPC-with-TLS, the server's administrator must +install and configure +.BR tlshd +to handle transport layer security handshake requests from the local +kernel. +Clients can then choose to use RPC-with-TLS or they may continue +operating without it. +.PP +Administrators may require the use of RPC-with-TLS to protect access +to individual exports. +This is particularly useful when using non-cryptographic security +flavors such as +.IR sec=sys . +The +.I xprtsec= +option, followed by an unordered colon-delimited list of security policies, +can restrict access to the export to only clients that have negotiated +transport-layer security. +Currently supported transport layer security policies include: +.TP +.IR none +The server permits clients to access the export +without the use of transport layer security. +.TP +.IR tls +The server permits clients that have negotiated an RPC-with-TLS session +without peer authentication (confidentiality only) to access the export. +Clients are not required to offer an x.509 certificate +when establishing a transport layer security session. +.TP +.IR mtls +The server permits clients that have negotiated an RPC-with-TLS session +with peer authentication to access the export. +The server requires clients to offer an x.509 certificate +when establishing a transport layer security session. +.PP +If RPC-with-TLS is configured and enabled and the +.I xprtsec= +option is not specified, the default setting for an export is +.IR xprtsec=none:tls:mtls . +With this setting, the server permits clients to use any transport +layer security mechanism or none at all to access the export. .SS General Options .BR exportfs understands the following export options: .TP .IR secure -This option requires that requests originate on an Internet port less -than IPPORT_RESERVED (1024). This option is on by default. To turn it -off, specify +This option requires that requests not using gss originate on an +Internet port less than IPPORT_RESERVED (1024). This option is on by default. +To turn it off, specify .IR insecure . +(NOTE: older kernels (before upstream kernel version 4.17) enforced this +requirement on gss requests as well.) .TP .IR rw Allow both read and write requests on this NFS volume. The @@ -167,13 +217,6 @@ default. In all releases after 1.0.0, is the default, and .I async must be explicitly requested if needed. -To help make system administrators aware of this change, -.B exportfs -will issue a warning if neither -.I sync -nor -.I async -is specified. .TP .IR no_wdelay This option has no effect if @@ -410,7 +453,7 @@ of the filesystem must be handled elsewhere.) .TP .IR pnfs -This option allows enables the use of pNFS extension if protocol level +This option enables the use of the pNFS extension if the protocol level is NFSv4.1 or higher, and the filesystem supports pNFS exports. With pNFS clients can bypass the server and perform I/O directly to storage devices. The default can be explicitly requested with the @@ -425,6 +468,37 @@ will only work if all clients use a consistent security policy. Note that early kernels did not support this export option, and instead enabled security labels by default. +.TP +.IR reexport= auto-fsidnum|predefined-fsidnum +This option helps when a NFS share is re-exported. Since the NFS server +needs a unique identifier for each exported filesystem and a NFS share +cannot provide such, usually a manual fsid is needed. +As soon +.IR crossmnt +is used manually assigning fsid won't work anymore. This is where this +option becomes handy. It will automatically assign a numerical fsid +to exported NFS shares. The fsid and path relations are stored in a SQLite +database. If +.IR auto-fsidnum +is selected, the fsid is also autmatically allocated. +.IR predefined-fsidnum +assumes pre-allocated fsid numbers and will just look them up. +This option depends also on the kernel, you will need at least kernel version +5.19. +Since +.IR reexport= +can automatically allocate and assign numerical fsids, it is no longer possible +to have numerical fsids in other exports as soon this option is used in at least +one export entry. + +The association between fsid numbers and paths is stored in a SQLite database. +Don't edit or remove the database unless you know exactly what you're doing. +.IR predefined-fsidnum +is useful when you have used +.IR auto-fsidnum +before and don't want further entries stored. + + .SS User ID Mapping .PP .B nfsd @@ -492,6 +566,33 @@ export entry for .B /home/joe in the example section below, which maps all requests to uid 150 (which is supposedly that of user joe). + +.SS Subdirectory Exports + +Normally you should only export only the root of a filesystem. The NFS +server will also allow you to export a subdirectory of a filesystem, +however, this has drawbacks: + +First, it may be possible for a malicious user to access files on the +filesystem outside of the exported subdirectory, by guessing filehandles +for those other files. The only way to prevent this is by using the +.IR no_subtree_check +option, which can cause other problems. + +Second, export options may not be enforced in the way that you would +expect. For example, the +.IR security_label +option will not work on subdirectory exports, and if nested subdirectory +exports change the +.IR security_label +or +.IR sec= +options, NFSv4 clients will normally see only the options on the parent +export. Also, where security options differ, a malicious client may use +filehandle-guessing attacks to access the files from one subdirectory +using the options from another. + + .SS Extra Export Tables After reading .I /etc/exports @@ -559,7 +660,8 @@ a character class wildcard match. .BR netgroup (5), .BR mountd (8), .BR nfsd (8), -.BR showmount (8). +.BR showmount (8), +.BR tlshd (8). .\".SH DIAGNOSTICS .\"An error parsing the file is reported using syslogd(8) as level NOTICE from .\"a DAEMON whenever diff --git a/upstream/opensuse-leap-15-6/man5/fstab.5 b/upstream/opensuse-leap-15-6/man5/fstab.5 deleted file mode 100644 index 10ade2d5..00000000 --- a/upstream/opensuse-leap-15-6/man5/fstab.5 +++ /dev/null @@ -1,144 +0,0 @@ -'\" t -.\" Title: fstab -.\" Author: [see the "AUTHOR(S)" section] -.\" Generator: Asciidoctor 2.0.15 -.\" Date: 2022-01-06 -.\" Manual: File formats -.\" Source: util-linux 2.37.4 -.\" Language: English -.\" -.TH "FSTAB" "5" "2022-01-06" "util\-linux 2.37.4" "File formats" -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.ss \n[.ss] 0 -.nh -.ad l -.de URL -\fI\\$2\fP <\\$1>\\$3 -.. -.als MTO URL -.if \n[.g] \{\ -. mso www.tmac -. am URL -. ad l -. . -. am MTO -. ad l -. . -. LINKSTYLE blue R < > -.\} -.SH "NAME" -fstab \- static information about the filesystems -.SH "SYNOPSIS" -.sp -\fI/etc/fstab\fP -.SH "DESCRIPTION" -.sp -The file \fBfstab\fP contains descriptive information about the filesystems the system can mount. \fBfstab\fP is only read by programs, and not written; it is the duty of the system administrator to properly create and maintain this file. The order of records in \fBfstab\fP is important because \fBfsck\fP(8), \fBmount\fP(8), and \fBumount\fP(8) sequentially iterate through \fBfstab\fP doing their thing. -.sp -Each filesystem is described on a separate line. Fields on each line are separated by tabs or spaces. Lines starting with \(aq#\(aq are comments. Blank lines are ignored. -.sp -The following is a typical example of an \fBfstab\fP entry: -.sp -.if n .RS 4 -.nf -.fam C -LABEL=t\-home2 /home ext4 defaults,auto_da_alloc 0 2 -.fam -.fi -.if n .RE -.SS "The first field (\fIfs_spec\fP)." -.sp -This field describes the block special device, remote filesystem or filesystem image for loop device to be mounted or swap file or swap partition to be enabled. -.sp -For ordinary mounts, it will hold (a link to) a block special device node (as created by \fBmknod\fP(2)) for the device to be mounted, like \fI/dev/cdrom\fP or \fI/dev/sdb7\fP. For NFS mounts, this field is \fI<host>:<dir>\fP, e.g., \fIknuth.aeb.nl:/\fP. For filesystems with no storage, any string can be used, and will show up in \fBdf\fP(1) output, for example. Typical usage is \fIproc\fP for \fBprocfs\fP; \fImem\fP, \fInone\fP, or \fItmpfs\fP for \fBtmpfs\fP. Other special filesystems, like \fBudev\fP and \fBsysfs\fP, are typically not listed in \fBfstab\fP. -.sp -LABEL=<label> or UUID=<uuid> may be given instead of a device name. This is the recommended method, as device names are often a coincidence of hardware detection order, and can change when other disks are added or removed. For example, \(aqLABEL=Boot\(aq or \(aqUUID=3e6be9de\-8139\-11d1\-9106\-a43f08d823a6\(aq. (Use a filesystem\-specific tool like \fBe2label\fP(8), \fBxfs_admin\fP(8), or \fBfatlabel\fP(8) to set LABELs on filesystems). -.sp -It\(cqs also possible to use \fBPARTUUID=\fP and \fBPARTLABEL=\fP. These partitions identifiers are supported for example for GUID Partition Table (GPT). -.sp -See \fBmount\fP(8), \fBblkid\fP(8) or \fBlsblk\fP(8) for more details about device identifiers. -.sp -Note that \fBmount\fP(8) uses UUIDs as strings. The string representation of the UUID should be based on lower case characters. But when specifying the volume ID of FAT or NTFS file systems upper case characters are used (e.g UUID="A40D\-85E7" or UUID="61DB7756DB7779B3"). -.SS "The second field (\fIfs_file\fP)." -.sp -This field describes the mount point (target) for the filesystem. For swap partitions, this field should be specified as `none\(aq. If the name of the mount point contains spaces or tabs these can be escaped as `\(rs040\(aq and \(aq\(rs011\(aq respectively. -.SS "The third field (\fIfs_vfstype\fP)." -.sp -This field describes the type of the filesystem. Linux supports many filesystem types: ext4, xfs, btrfs, f2fs, vfat, ntfs, hfsplus, tmpfs, sysfs, proc, iso9660, udf, squashfs, nfs, cifs, and many more. For more details, see \fBmount\fP(8). -.sp -An entry \fIswap\fP denotes a file or partition to be used for swapping, cf. \fBswapon\fP(8). An entry \fInone\fP is useful for bind or move mounts. -.sp -More than one type may be specified in a comma\-separated list. -.sp -\fBmount\fP(8) and \fBumount\fP(8) support filesystem \fIsubtypes\fP. The subtype is defined by \(aq.subtype\(aq suffix. For example \(aqfuse.sshfs\(aq. It\(cqs recommended to use subtype notation rather than add any prefix to the first fstab field (for example \(aqsshfs#example.com\(aq is deprecated). -.SS "The fourth field (\fIfs_mntops\fP)." -.sp -This field describes the mount options associated with the filesystem. -.sp -It is formatted as a comma\-separated list of options. It contains at least the type of mount (\fBro\fP or \fBrw\fP), plus any additional options appropriate to the filesystem type (including performance\-tuning options). For details, see \fBmount\fP(8) or \fBswapon\fP(8). -.sp -Basic filesystem\-independent options are: -.sp -\fBdefaults\fP -.RS 4 -use default options: rw, suid, dev, exec, auto, nouser, and async. -.RE -.sp -\fBnoauto\fP -.RS 4 -do not mount when \fBmount \-a\fP is given (e.g., at boot time) -.RE -.sp -\fBuser\fP -.RS 4 -allow a user to mount -.RE -.sp -\fBowner\fP -.RS 4 -allow device owner to mount -.RE -.sp -\fBcomment\fP -.RS 4 -or \fBx\-<name>\fP for use by fstab\-maintaining programs -.RE -.sp -\fBnofail\fP -.RS 4 -do not report errors for this device if it does not exist. -.RE -.SS "The fifth field (\fIfs_freq\fP)." -.sp -This field is used by \fBdump\fP(8) to determine which filesystems need to be dumped. Defaults to zero (don\(cqt dump) if not present. -.SS "The sixth field (\fIfs_passno\fP)." -.sp -This field is used by \fBfsck\fP(8) to determine the order in which filesystem checks are done at boot time. The root filesystem should be specified with a \fIfs_passno\fP of 1. Other filesystems should have a \fIfs_passno\fP of 2. Filesystems within a drive will be checked sequentially, but filesystems on different drives will be checked at the same time to utilize parallelism available in the hardware. Defaults to zero (don\(cqt check the filesystem) if not present. -.SH "FILES" -.sp -\fI/etc/fstab\fP, -\fI<fstab.h>\fP -.SH "NOTES" -.sp -The proper way to read records from \fBfstab\fP is to use the routines \fBgetmntent\fP(3) or \fBlibmount\fP. -.sp -The keyword \fBignore\fP as a filesystem type (3rd field) is no longer supported by the pure libmount based mount utility (since util\-linux v2.22). -.SH "HISTORY" -.sp -The ancestor of this \fBfstab\fP file format appeared in 4.0BSD. -.SH "SEE ALSO" -.sp -\fBgetmntent\fP(3), -\fBfs\fP(5), -\fBfindmnt\fP(8), -\fBmount\fP(8), -\fBswapon\fP(8) -.SH "REPORTING BUGS" -.sp -For bug reports, use the issue tracker at \c -.URL "https://github.com/karelzak/util\-linux/issues" "" "." -.SH "AVAILABILITY" -.sp -\fBfstab\fP is part of the util\-linux package which can be downloaded from \c -.URL "https://www.kernel.org/pub/linux/utils/util\-linux/" "Linux Kernel Archive" "."
\ No newline at end of file diff --git a/upstream/opensuse-leap-15-6/man5/idmapd.conf.5 b/upstream/opensuse-leap-15-6/man5/idmapd.conf.5 new file mode 100644 index 00000000..58c2d977 --- /dev/null +++ b/upstream/opensuse-leap-15-6/man5/idmapd.conf.5 @@ -0,0 +1,424 @@ +.\" +.\" idmapd.conf(5) +.\" +.\" COPYRIGHT (c) 2008 +.\" The Regents of the University of Michigan +.\" ALL RIGHTS RESERVED +.\" +.\" Permission is granted to use, copy, create derivative works +.\" and redistribute this software and such derivative works +.\" for any purpose, so long as the name of The University of +.\" Michigan is not used in any advertising or publicity +.\" pertaining to the use of distribution of this software +.\" without specific, written prior authorization. If the +.\" above copyright notice or any other identification of the +.\" University of Michigan is included in any copy of any +.\" portion of this software, then the disclaimer below must +.\" also be included. +.\" +.\" THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION +.\" FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY +.\" PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF +.\" MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING +.\" WITHOUT LIMITATION THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE +.\" REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE +.\" FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR +.\" CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING +.\" OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN +.\" IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGES. +.\" +.TH idmapd.conf 5 "19 Nov 2008" +.SH NAME +idmapd.conf \- configuration file for libnfsidmap +.SH SYNOPSIS +Configuration file for libnfsidmap. Used by idmapd and svcgssd to map NFSv4 name to and from ids. +.SH DESCRIPTION +The +.B idmapd.conf +configuration files consists of several sections, initiated by strings of the +form [General] and [Mapping]. Each section may contain lines of the form +.nf + variable = value +.fi +The recognized sections and their recognized variables are as follows: +.\" +.\" ------------------------------------------------------------------- +.\" The [General] section +.\" ------------------------------------------------------------------- +.\" +.SS "[General] section variables" +.nf + + +.fi +.TP +.B Verbosity +Verbosity level of debugging +(Default: 0) +.TP +.B Domain +The local NFSv4 domain name. An NFSv4 domain is a namespace with +a unique username<->UID and groupname<->GID mapping. +(Default: Host's fully-qualified DNS domain name) +.TP +.B No-Strip +In multi-domain environments, some NFS servers will append the identity +management domain to the owner and owner_group in lieu of a true NFSv4 +domain. This option can facilitate lookups in such environments. If +set to a value other than "none", the nsswitch plugin will first pass +the name to the password/group lookup function without stripping the +domain off. If that mapping fails then the plugin will try again using +the old method (comparing the domain in the string to the Domain value, +stripping it if it matches, and passing the resulting short name to the +lookup function). Valid values are "user", "group", "both", and +"none". +(Default: "none") +.TP +.B Reformat-Group +Winbind has a quirk whereby doing a group lookup in UPN format +(e.g. staff@americas.example.com) will cause the group to be +displayed prefixed with the full domain in uppercase +(e.g. AMERICAS.EXAMPLE.COM\\staff) instead of in the familiar netbios +name format (e.g. AMERICAS\\staff). Setting this option to true +causes the name to be reformatted before passing it to the group +lookup function in order to work around this. This setting is +ignored unless No-Strip is set to either "both" or "group". +(Default: "false") +.TP +.B Local-Realms +A comma-separated list of Kerberos realm names that may be considered equivalent to the +local realm name. For example, users juser@ORDER.EDU and juser@MAIL.ORDER.EDU +may be considered to be the same user in the specified +.B Domain. +(Default: the host's default realm name) +.br +.B Note: +If a value is specified here, the default local realm must be included as well. +.\" +.\" ------------------------------------------------------------------- +.\" The [Mapping] section +.\" ------------------------------------------------------------------- +.\" +.SS "[Mapping] section variables" +.nf + +.fi +.TP +.B Nobody-User +Local user name to be used when a mapping cannot be completed. +.TP +.B Nobody-Group +Local group name to be used when a mapping cannot be completed. +.\" +.\" ------------------------------------------------------------------- +.\" The [Translation] section +.\" ------------------------------------------------------------------- +.\" +.SS "[Translation] section variables" +.nf + +.fi +.TP +.B Method +A comma-separated, ordered list of mapping methods (plug-ins) +to use when mapping between NFSv4 names and local IDs. Each +specified method is tried in order until a mapping is found, +or there are no more methods to try. The methods included in +the default distribution include "nsswitch", "umich_ldap", and +"static". +(Default: nsswitch) +.TP +.B GSS-Methods +An optional comma-separated, ordered list of mapping methods (plug-ins) +to use when mapping between GSS Authenticated names and local IDs. +(Default: the same list as specified for +.B Method) +.\" +.\" ------------------------------------------------------------------- +.\" The [Static] section +.\" ------------------------------------------------------------------- +.\" +.SS "[Static] section variables" +.nf + +.fi +The "static" translation method uses a static list of GSS-Authenticated +names to local user names. Entries in the list are of the form: +.nf + principal@REALM = localusername +.fi +.\" +.\" ------------------------------------------------------------------- +.\" The [REGEX] section +.\" ------------------------------------------------------------------- +.\" +.SS "[REGEX] section variables" +.nf + +.fi +If the "regex" translation method is specified, the following +variables within the [REGEX] section are used to map between NFS4 names and local IDs. +.TP +.B User-Regex +Case-insensitive regular expression that extracts the local user name from an NFSv4 name. Multiple expressions may be concatenated with '|'. The first match will be used. +There is no default. A basic regular expression for domain DOMAIN.ORG and realm MY.DOMAIN.ORG would be: +.nf +^DOMAIN\\([^@]+)@MY.DOMAIN.ORG$ +.fi +.TP +.B Group-Regex +Case-insensitive regular expression that extracts the local group name from an NFSv4 name. Multiple expressions may be concatenated with '|'. The first match will be used. +There is no default. A basic regular expression for domain DOMAIN.ORG and realm MY.DOMAIN.ORG would be: +.nf +^([^@]+)@DOMAIN.ORG@MY.DOMAIN.ORG$|^DOMAIN\\([^@]+)@MY.DOMAIN.ORG$ +.fi +.TP +.B Prepend-Before-User +Constant string to put before a local user name when building an NFSv4 name. Usually this is the short domain name followed by '\'. +(Default: none) +.TP +.B Append-After-User +Constant string to put after a local user name when building an NFSv4 name. Usually this is '@' followed by the default realm. +(Default: none) +.TP +.B Prepend-Before-Group +Constant string to put before a local group name when building an NFSv4 name. Usually not used. +(Default: none) +.TP +.B Append-After-Group +Constant string to put before a local group name when building an NFSv4 name. Usually this is '@' followed by the domain name followed by another '@' and the default realm. +(Default: none) +.TP +.B Group-Name-Prefix +Constant string that is prepended to a local group name when converting it to an NFSv4 name. If an NFSv4 group name has this prefix it is removed when converting it to a local group name. +With this group names of a central directory can be shortened for an isolated organizational unit if all groups have a common prefix. +(Default: none) +.TP +.B Group-Name-No-Prefix-Regex +Case-insensitive regular expression to exclude groups from adding and removing the prefix set by +.BR Group-Name-Prefix . +The regular expression must match both the remote and local group names. Multiple expressions may be concatenated with '|'. +(Default: none) +.\" +.\" ------------------------------------------------------------------- +.\" The [UMICH_SCHEMA] section +.\" ------------------------------------------------------------------- +.\" +.SS "[UMICH_SCHEMA] section variables" +.nf + +.fi +If the "umich_ldap" translation method is specified, the following +variables within the [UMICH_SCHEMA] section are used. +.TP +.B LDAP_server +LDAP server name or address +(Required if using UMICH_LDAP) +.TP +.B LDAP_base +Absolute LDAP search base. +(Required if using UMICH_LDAP) +.TP +.B LDAP_people_base +Absolute LDAP search base for people accounts. +(Default: The +.B LDAP_base +value) +.TP +.B LDAP_group_base +Absolute LDAP search base for group accounts. +(Default: The +.B LDAP_base +value) +.TP +.B LDAP_canonicalize_name +Whether or not to perform name canonicalization on the +name given as +.B LDAP_server +(Default: "true") +.TP +.B LDAP_follow_referrals +Whether or not to follow ldap referrals. (Default: "true") +.TP +.B LDAP_use_ssl +Set to "true" to enable SSL communication with the LDAP server. +(Default: "false") +.TP +.B LDAP_ca_cert +Location of a trusted CA certificate used when SSL is enabled +(Required if +.B LDAP_use_ssl +is true and +.B LDAP_tls_reqcert +is not set to never) +.TP +.B LDAP_tls_reqcert +Controls the LDAP server certificate validation behavior. +It can take the same values as ldap.conf(5)'s +.B TLS_REQCERT +tunable. +(Default: "hard") +.TP +.B LDAP_timeout_seconds +Number of seconds before timing out an LDAP request +(Default: 4) +.TP +.B LDAP_sasl_mech +SASL mechanism to be used for sasl authentication. Required +if SASL auth is to be used (Default: None) +.TP +.B LDAP_realm +SASL realm to be used for sasl authentication. (Default: None) +.TP +.B LDAP_sasl_authcid +Authentication identity to be used for sasl authentication. (Default: None) +.TP +.B LDAP_sasl_authzid +Authorization identity to be used for sasl authentication. (Default: None) +.TP +.B LDAP_sasl_secprops +Cyrus SASL security properties. It can the same values as ldap.conf(5)'s +sasl_secprops. +.TP +.B LDAP_sasl_canonicalize +Specifies whether the LDAP server hostname should be canonicalised. +If set to yes LDAP lib with do a reverse hostname lookup. +If this is not set the LDAP library's default will be used. (Default: +None) +.TP +.B LDAP_sasl_krb5_ccname +Path to kerberos credential cache. If it is not set then the value +of environment variable KRB5CCNAME will be used. If the environment +variable is not set then the default mechanism of kerberos library +will be used. +.TP +.B NFSv4_person_objectclass +The object class name for people accounts in your local LDAP schema +(Default: NFSv4RemotePerson) +.TP +.B NFSv4_name_attr +Your local schema's attribute name to be used for NFSv4 user names +(Default: NFSv4Name) +.TP +.B NFSv4_uid_attr +Your local schema's attribute name to be used for uidNumber +(Default: uidNumber) +.TP +.B GSS_principal_attr +Your local schema's attribute name for GSSAPI Principal names +(Default: GSSAuthName) +.TP +.B NFSv4_acctname_attr +Your local schema's attribute name to be used for account names +(Default: uid) +.TP +.B NFSv4_group_objectclass +The object class name for group accounts in your local LDAP schema +(Default: NFSv4RemoteGroup) +.TP +.B NFSv4_gid_attr +Your local schema's attribute name to be used for gidNumber +(Default: gidNumber) +.TP +.B NFSv4_group_attr +Your local schema's attribute name to be used for NFSv4 group names +(Default: NFSv4Name) +.TP +.B LDAP_use_memberof_for_groups +Some LDAP servers do a better job with indexing where searching +through all the groups searching for the user in the memberuid +list. Others like SunOne directory that search can takes minutes +if there are thousands of groups. So setting +.B LDAP_use_memberof_for_groups +to true in the configuration file will use the memberof lists of +the account and search through only those groups to obtain gids. +(Default: false) +.TP +.B NFSv4_member_attr +If +.B LDAP_use_memberof_for_groups +is true, this is the attribute to be searched for. +(Default: memberUid) +.TP +.B NFSv4_grouplist_filter +An optional search filter for determining group membership. +(No Default) +.\" +.\" ------------------------------------------------------------------- +.\" An Example +.\" ------------------------------------------------------------------- +.\" +.SH EXAMPLES +An example +.I /etc/idmapd.conf +file: +.nf + + +[General] + +Verbosity = 0 +Domain = domain.org +Local-Realms = DOMAIN.ORG,MY.DOMAIN.ORG,YOUR.DOMAIN.ORG + +[Mapping] + +Nobody-User = nfsnobody +Nobody-Group = nfsnobody + +[Translation] + +Method = umich_ldap,regex,nsswitch +GSS-Methods = umich_ldap,regex,static + +[Static] + +johndoe@OTHER.DOMAIN.ORG = johnny + +[Regex] + +User-Regex = ^DOMAIN\\([^@]+)@DOMAIN.ORG$ +Group-Regex = ^([^@]+)@DOMAIN.ORG@DOMAIN.ORG$|^DOMAIN\\([^@]+)@DOMAIN.ORG$ +Prepend-Before-User = DOMAIN\ +Append-After-User = @DOMAIN.ORG +Append-After-Group = @domain.org@domain.org +Group-Name-Prefix = sales- +Group-Name-No-Prefix-Regex = -personal-group$ + +[UMICH_SCHEMA] + +LDAP_server = ldap.domain.org +LDAP_base = dc=org,dc=domain + +.fi +.\" +.\" ------------------------------------------------------------------- +.\" Additional sections +.\" ------------------------------------------------------------------- +.\" +.SH FILES +.I /usr/etc/idmapd.conf +.br +.I /usr/etc/idmapd.conf.d/*.conf +.br +.I /etc/idmapd.conf +.br +.I /etc/idmapd.conf.d/*.conf +.br +.IP +Files are read in the order listed. Later settings override earlier +settings. + +.SH SEE ALSO +.BR idmapd (8) +.BR svcgssd (8) +.\".SH COMPATIBILITY +.\".SH STANDARDS +.\".SH ACKNOWLEDGEMENTS +.\".SH AUTHORS +.\".SH HISTORY +.SH BUGS +Report bugs to <nfsv4@linux-nfs.org> +.\".SH CAVEATS diff --git a/upstream/opensuse-leap-15-6/man5/journal-remote.conf.5 b/upstream/opensuse-leap-15-6/man5/journal-remote.conf.5 index 5b8aee5b..5708a49c 100644 --- a/upstream/opensuse-leap-15-6/man5/journal-remote.conf.5 +++ b/upstream/opensuse-leap-15-6/man5/journal-remote.conf.5 @@ -57,7 +57,12 @@ configuration subdirectories are sorted by their filename in lexicographic order When packages need to customize the configuration, they can install drop\-ins under /usr/\&. Files in /etc/ -are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defined a concept of drop\-in priority to allow distributions to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. +are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defines a concept of drop\-in priorities to allow OS vendors to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. It is recommended to use the range 10\-40 for drop\-ins in +/usr/ +and the range 60\-90 for drop\-ins in +/etc/ +and +/run/, to make sure that local and transient drop\-ins take priority over drop\-ins shipped by the OS vendor\&. .PP To disable a configuration file supplied by the vendor, the recommended way is to place a symlink to /dev/null diff --git a/upstream/opensuse-leap-15-6/man5/journal-upload.conf.5 b/upstream/opensuse-leap-15-6/man5/journal-upload.conf.5 index 535e3a40..46d33e65 100644 --- a/upstream/opensuse-leap-15-6/man5/journal-upload.conf.5 +++ b/upstream/opensuse-leap-15-6/man5/journal-upload.conf.5 @@ -57,7 +57,12 @@ configuration subdirectories are sorted by their filename in lexicographic order When packages need to customize the configuration, they can install drop\-ins under /usr/\&. Files in /etc/ -are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defined a concept of drop\-in priority to allow distributions to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. +are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defines a concept of drop\-in priorities to allow OS vendors to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. It is recommended to use the range 10\-40 for drop\-ins in +/usr/ +and the range 60\-90 for drop\-ins in +/etc/ +and +/run/, to make sure that local and transient drop\-ins take priority over drop\-ins shipped by the OS vendor\&. .PP To disable a configuration file supplied by the vendor, the recommended way is to place a symlink to /dev/null diff --git a/upstream/opensuse-leap-15-6/man5/journald.conf.5 b/upstream/opensuse-leap-15-6/man5/journald.conf.5 index 372e99bd..dc754063 100644 --- a/upstream/opensuse-leap-15-6/man5/journald.conf.5 +++ b/upstream/opensuse-leap-15-6/man5/journald.conf.5 @@ -75,7 +75,12 @@ configuration subdirectories are sorted by their filename in lexicographic order When packages need to customize the configuration, they can install drop\-ins under /usr/\&. Files in /etc/ -are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defined a concept of drop\-in priority to allow distributions to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. +are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defines a concept of drop\-in priorities to allow OS vendors to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. It is recommended to use the range 10\-40 for drop\-ins in +/usr/ +and the range 60\-90 for drop\-ins in +/etc/ +and +/run/, to make sure that local and transient drop\-ins take priority over drop\-ins shipped by the OS vendor\&. .PP To disable a configuration file supplied by the vendor, the recommended way is to place a symlink to /dev/null @@ -306,7 +311,8 @@ and control how large individual journal files may grow at most\&. This influences the granularity in which disk space is made available through rotation, i\&.e\&. deletion of historic data\&. Defaults to one eighth of the values configured with \fISystemMaxUse=\fR and -\fIRuntimeMaxUse=\fR, so that usually seven rotated journal files are kept as history\&. If the journal compact mode is enabled (enabled by default), the maximum file size is capped to 4G\&. +\fIRuntimeMaxUse=\fR +capped to 128M, so that usually seven rotated journal files are kept as history\&. If the journal compact mode is enabled (enabled by default), the maximum file size is capped to 4G\&. .sp Specify values in bytes or use K, M, G, T, P, E as units for the specified sizes (equal to 1024, 1024\(S2, \&... bytes)\&. Note that size limits are enforced synchronously when journal files are extended, and no explicit rotation step triggered by time is needed\&. .sp @@ -370,6 +376,10 @@ to the kernel command line\&. \fBsystemd\fR will automatically disable kernel\*(Aqs rate\-limiting applied to userspace processes (equivalent to setting "printk\&.devkmsg=on")\&. +.PP +Note: Forwarding is performed synchronously within journald, and may significantly affect its performance\&. This is particularly relevant when using ForwardToConsole=yes in cloud environments, where the console is often a slow, virtual serial port\&. Since journald is implemented as a conventional single\-process daemon, forwarding to a completely hung console will block journald\&. This can have a cascading effect resulting in any services synchronously logging to the blocked journal also becoming blocked\&. Unless actively debugging/developing something, it\*(Aqs generally preferable to setup a +\fBjournalctl \-\-follow\fR +style service redirected to the console, instead of ForwardToConsole=yes, for production use\&. .RE .PP \fIMaxLevelStore=\fR, \fIMaxLevelSyslog=\fR, \fIMaxLevelKMsg=\fR, \fIMaxLevelConsole=\fR, \fIMaxLevelWall=\fR diff --git a/upstream/opensuse-leap-15-6/man5/logind.conf.5 b/upstream/opensuse-leap-15-6/man5/logind.conf.5 index 3734aa79..97eef777 100644 --- a/upstream/opensuse-leap-15-6/man5/logind.conf.5 +++ b/upstream/opensuse-leap-15-6/man5/logind.conf.5 @@ -57,7 +57,12 @@ configuration subdirectories are sorted by their filename in lexicographic order When packages need to customize the configuration, they can install drop\-ins under /usr/\&. Files in /etc/ -are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defined a concept of drop\-in priority to allow distributions to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. +are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defines a concept of drop\-in priorities to allow OS vendors to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. It is recommended to use the range 10\-40 for drop\-ins in +/usr/ +and the range 60\-90 for drop\-ins in +/etc/ +and +/run/, to make sure that local and transient drop\-ins take priority over drop\-ins shipped by the OS vendor\&. .PP To disable a configuration file supplied by the vendor, the recommended way is to place a symlink to /dev/null diff --git a/upstream/opensuse-leap-15-6/man5/machine-id.5 b/upstream/opensuse-leap-15-6/man5/machine-id.5 index 5e55cdfe..7d0cb9ee 100644 --- a/upstream/opensuse-leap-15-6/man5/machine-id.5 +++ b/upstream/opensuse-leap-15-6/man5/machine-id.5 @@ -89,7 +89,8 @@ will attempt to use the D\-Bus machine ID from product_uuid or the devicetree vm,uuid -(on KVM systems), and finally a randomly generated UUID\&. +(on KVM systems), the Xen hypervisor +uuid, and finally a randomly generated UUID\&. .PP After the machine ID is established, \fBsystemd\fR(1) diff --git a/upstream/opensuse-leap-15-6/man5/moduli.5 b/upstream/opensuse-leap-15-6/man5/moduli.5 index 149846c8..6dffdc7e 100644 --- a/upstream/opensuse-leap-15-6/man5/moduli.5 +++ b/upstream/opensuse-leap-15-6/man5/moduli.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: moduli.5,v 1.17 2012/09/26 17:34:38 jmc Exp $ +.\" $OpenBSD: moduli.5,v 1.19 2022/04/16 04:30:10 dtucker Exp $ .\" .\" Copyright (c) 2008 Damien Miller <djm@mindrot.org> .\" @@ -13,7 +13,7 @@ .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: September 26 2012 $ +.Dd $Mdocdate: April 16 2022 $ .Dt MODULI 5 .Os .Sh NAME @@ -32,12 +32,12 @@ using a two-step process. An initial .Em candidate generation pass, using -.Ic ssh-keygen -G , +.Ic ssh-keygen -M generate , calculates numbers that are likely to be useful. A second .Em primality testing pass, using -.Ic ssh-keygen -T , +.Ic ssh-keygen -M screen , provides a high degree of assurance that the numbers are prime and are safe for use in Diffie-Hellman operations by .Xr sshd 8 . @@ -123,5 +123,4 @@ that best meets the size requirement. .%D March 2006 .%R RFC 4419 .%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol -.%D 2006 .Re diff --git a/upstream/opensuse-leap-15-6/man5/nfs.5 b/upstream/opensuse-leap-15-6/man5/nfs.5 index a006501c..c0ba4d08 100644 --- a/upstream/opensuse-leap-15-6/man5/nfs.5 +++ b/upstream/opensuse-leap-15-6/man5/nfs.5 @@ -11,11 +11,8 @@ NFS is an Internet Standard protocol created by Sun Microsystems in 1984. NFS was developed to allow file sharing between systems residing on a local area network. -The Linux NFS client supports three versions -of the NFS protocol: -NFS version 2 [RFC1094], -NFS version 3 [RFC1813], -and NFS version 4 [RFC3530]. +Depending on kernel configuration, the Linux NFS client may +support NFS versions 3, 4.0, 4.1, or 4.2. .P The .BR mount (8) @@ -88,9 +85,8 @@ These options are valid to use with any NFS version. The NFS protocol version number used to contact the server's NFS service. If the server does not support the requested version, the mount request fails. -If this option is not specified, the client negotiates a suitable version -with -the server, trying version 4 first, version 3 second, and version 2 last. +If this option is not specified, the client tries version 4.2 first, +then negotiates down until it finds a version supported by the server. .TP 1.5i .BI vers= n This option is an alternative to the @@ -98,33 +94,70 @@ This option is an alternative to the option. It is included for compatibility with other operating systems .TP 1.5i -.BR soft " / " hard +.BR soft " / " softerr " / " hard Determines the recovery behavior of the NFS client after an NFS request times out. -If neither option is specified (or if the +If no option is specified (or if the .B hard option is specified), NFS requests are retried indefinitely. -If the -.B soft +If either the +.BR soft " or " softerr option is specified, then the NFS client fails an NFS request after .B retrans retransmissions have been sent, -causing the NFS client to return an error -to the calling application. +causing the NFS client to return either the error +.B EIO +(for the +.B soft +option) or +.B ETIMEDOUT +(for the +.B softerr +option) to the calling application. .IP .I NB: A so-called "soft" timeout can cause silent data corruption in certain cases. As such, use the -.B soft +.BR soft " or " softerr option only when client responsiveness is more important than data integrity. Using NFS over TCP or increasing the value of the .B retrans option may mitigate some of the risks of using the -.B soft +.BR soft " or " softerr option. .TP 1.5i +.BR softreval " / " nosoftreval +In cases where the NFS server is down, it may be useful to +allow the NFS client to continue to serve up paths and +attributes from cache after +.B retrans +attempts to revalidate that cache have timed out. +This may, for instance, be helpful when trying to unmount a +filesystem tree from a server that is permanently down. +.IP +It is possible to combine +.BR softreval +with the +.B soft +mount option, in which case operations that cannot be served up +from cache will time out and return an error after +.B retrans +attempts. The combination with the default +.B hard +mount option implies those uncached operations will continue to +retry until a response is received from the server. +.IP +Note: the default mount option is +.BR nosoftreval +which disallows fallback to cache when revalidation fails, and +instead follows the behavior dictated by the +.B hard +or +.B soft +mount option. +.TP 1.5i .BR intr " / " nointr This option is provided for backward compatibility. It is ignored after kernel 2.6.25. @@ -526,7 +559,7 @@ detailed discussion of these trade-offs. .BR fsc " / " nofsc Enable/Disables the cache of (read-only) data pages to the local disk using the FS-Cache facility. See cachefilesd(8) -and <kernel_soruce>/Documentation/filesystems/caching +and <kernel_source>/Documentation/filesystems/caching for detail on how to configure the FS-Cache facility. Default value is nofsc. .TP 1.5i @@ -535,7 +568,46 @@ The .B sloppy option is an alternative to specifying .BR mount.nfs " -s " option. - +.TP 1.5i +.BI xprtsec= policy +Specifies the use of transport layer security to protect NFS network +traffic on behalf of this mount point. +.I policy +can be one of +.BR none , +.BR tls , +or +.BR mtls . +.IP +If +.B none +is specified, +transport layer security is forced off, even if the NFS server supports +transport layer security. +.IP +If +.B tls +is specified, the client uses RPC-with-TLS to provide in-transit +confidentiality. +.IP +If +.B mtls +is specified, the client uses RPC-with-TLS to authenticate itself and +to provide in-transit confidentiality. +.IP +If either +.B tls +or +.B mtls +is specified and the server does not support RPC-with-TLS or peer +authentication fails, the mount attempt fails. +.IP +If the +.B xprtsec= +option is not specified, +the default behavior depends on the kernel version, +but is usually equivalent to +.BR "xprtsec=none" . .SS "Options for NFS versions 2 and 3 only" Use these options, along with the options in the above subsection, for NFS versions 2 and 3 only. @@ -545,7 +617,7 @@ The .I netid determines the transport that is used to communicate with the NFS server. Available options are -.BR udp ", " udp6 ", "tcp ", " tcp6 ", and " rdma . +.BR udp ", " udp6 ", "tcp ", " tcp6 ", " rdma ", and " rdma6 . Those which end in .B 6 use IPv6 addresses and are only available if support for TI-RPC is @@ -786,14 +858,14 @@ NOTE: When used together, the 'local_lock' mount option will be overridden by 'nolock'/'lock' mount option. .SS "Options for NFS version 4 only" Use these options, along with the options in the first subsection above, -for NFS version 4 and newer. +for NFS version 4.0 and newer. .TP 1.5i .BI proto= netid The .I netid determines the transport that is used to communicate with the NFS server. Supported options are -.BR tcp ", " tcp6 ", and " rdma . +.BR tcp ", " tcp6 ", " rdma ", and " rdma6 . .B tcp6 use IPv6 addresses and is only available if support for TI-RPC is built in. Both others use IPv4 addresses. @@ -803,6 +875,23 @@ so if this mount option is not specified, the NFS version 4 client uses the TCP protocol. Refer to the TRANSPORT METHODS section for more details. .TP 1.5i +.BI minorversion= n +Specifies the protocol minor version number. +NFSv4 introduces "minor versioning," where NFS protocol enhancements can +be introduced without bumping the NFS protocol version number. +Before kernel 2.6.38, the minor version is always zero, and this +option is not recognized. +After this kernel, specifying "minorversion=1" enables a number of +advanced features, such as NFSv4 sessions. +.IP +Recent kernels allow the minor version to be specified using the +.B vers= +option. +For example, specifying +.B vers=4.1 +is the same as specifying +.BR vers=4,minorversion=1 . +.TP 1.5i .BI port= n The numeric value of the server's NFS service port. If the server's NFS service is not available on the specified port, @@ -842,10 +931,13 @@ the behavior of this option in more detail. Specifies a single IPv4 address (in dotted-quad form), or a non-link-local IPv6 address, that the NFS client advertises to allow servers -to perform NFS version 4 callback requests against +to perform NFS version 4.0 callback requests against files on this mount point. If the server is unable to establish callback connections to clients, performance may degrade, or accesses to files may temporarily hang. +Can specify a value of IPv4_ANY (0.0.0.0) or equivalent +IPv6 any address which will signal to the NFS server that +this NFS client does not want delegations. .IP If this option is not specified, the .BR mount (8) @@ -855,6 +947,11 @@ In the presence of multiple client network interfaces, special routing policies, or atypical network topologies, the exact address to use for callbacks may be nontrivial to determine. +.IP +NFS protocol versions 4.1 and 4.2 use the client-established +TCP connection for callback requests, so do not require the server to +connect to the client. This option is therefore only affect NFS version +4.0 mounts. .TP 1.5i .BR migration " / " nomigration Selects whether the client uses an identification string that is compatible @@ -875,6 +972,32 @@ when it identifies itself via a traditional identification string. .IP This mount option has no effect with NFSv4 minor versions newer than zero, which always use TSM-compatible client identification strings. +.TP 1.5i +.BR max_connect= n +While +.BR nconnect +option sets a limit on the number of connections that can be established +to a given server IP, +.BR max_connect +option allows the user to specify maximum number of connections to different +server IPs that belong to the same NFSv4.1+ server (session trunkable +connections) up to a limit of 16. When client discovers that it established +a client ID to an already existing server, instead of dropping the newly +created network transport, the client will add this new connection to the +list of available transports for that RPC client. +.TP 1.5i +.BR trunkdiscovery " / " notrunkdiscovery +When the client discovers a new filesystem on a NFSv4.1+ server, the +.BR trunkdiscovery +mount option will cause it to send a GETATTR for the fs_locations attribute. +If is receives a non-zero length reply, it will iterate through the response, +and for each server location it will establish a connection, send an +EXCHANGE_ID, and test for session trunking. If the trunking test succeeds, +the connection will be added to the existing set of transports for the server, +subject to the limit specified by the +.BR max_connect +option. The default is +.BR notrunkdiscovery . .SH nfs4 FILE SYSTEM TYPE The .BR nfs4 @@ -890,12 +1013,6 @@ file. See .BR nfsmount.conf(5) for details. .SH EXAMPLES -To mount an export using NFS version 2, -use the -.B nfs -file system type and specify the -.B nfsvers=2 -mount option. To mount using NFS version 3, use the .B nfs @@ -921,13 +1038,6 @@ reasonable defaults for NFS behavior. server:/export /mnt nfs defaults 0 0 .fi .P -Here is an example from an /etc/fstab file for an NFS version 2 mount over UDP. -.P -.nf -.ta 8n +16n +6n +6n +30n - server:/export /mnt nfs nfsvers=2,proto=udp 0 0 -.fi -.P This example shows how to mount using NFS version 4 over TCP with Kerberos 5 mutual authentication. .P @@ -1020,7 +1130,7 @@ and can safely be allowed to default to the largest values supported by both client and server, independent of the network's MTU size. .SS "Using the mountproto mount option" -This section applies only to NFS version 2 and version 3 mounts +This section applies only to NFS version 3 mounts since NFS version 4 does not use a separate protocol for mount requests. .P @@ -1255,7 +1365,7 @@ If absolute cache coherence among clients is required, applications should use file locking. Alternatively, applications can also open their files with the O_DIRECT flag to disable data caching entirely. -.SS "File timestamp maintainence" +.SS "File timestamp maintenance" NFS servers are responsible for managing file and directory timestamps .RB ( atime , .BR ctime ", and" @@ -1423,7 +1533,7 @@ the use of the mount option. .SS "Using file locks with NFS" The Network Lock Manager protocol is a separate sideband protocol -used to manage file locks in NFS version 2 and version 3. +used to manage file locks in NFS version 3. To support lock recovery after a client or server reboot, a second sideband protocol -- known as the Network Status Manager protocol -- @@ -1595,52 +1705,55 @@ from a server's pseudo-fs into one of the server's exported physical filesystems, which often have more restrictive security settings than the pseudo-fs. .SS "NFS version 4 Leases" -In NFS version 4, a lease is a period of time during which a server -irrevocably grants a file lock to a client. -If the lease expires, the server is allowed to revoke that lock. +In NFS version 4, a lease is a period during which a server +irrevocably grants a client file locks. +Once the lease expires, the server may revoke those locks. Clients periodically renew their leases to prevent lock revocation. .P After an NFS version 4 server reboots, each client tells the -server about all file open and lock state under its lease +server about existing file open and lock state under its lease before operation can continue. -If the client reboots, the server frees all open and lock state +If a client reboots, the server frees all open and lock state associated with that client's lease. .P -As part of establishing a lease, therefore, +When establishing a lease, therefore, a client must identify itself to a server. -A fixed string is used to distinguish that client from -others, and a changeable verifier is used to indicate -when the client has rebooted. -.P -A client uses a particular security flavor and principal -when performing the operations to establish a lease. -If two clients happen to present the same identity string, -a server can use their principals to detect that they are -different clients, and prevent one client from interfering -with the other's lease. -.P -The Linux NFS client establishes one lease for each server. +Each client presents an arbitrary string +to distinguish itself from other clients. +The client administrator can +supplement the default identity string using the +.I nfs4.nfs4_unique_id +module parameter to avoid collisions +with other client identity strings. +.P +A client also uses a unique security flavor and principal +when it establishes its lease. +If two clients present the same identity string, +a server can use client principals to distinguish between them, +thus securely preventing one client from interfering with the other's lease. +.P +The Linux NFS client establishes one lease on each NFS version 4 server. Lease management operations, such as lease renewal, are not done on behalf of a particular file, lock, user, or mount -point, but on behalf of the whole client that owns that lease. -These operations must use the same security flavor and -principal that was used when the lease was established, -even across client reboots. +point, but on behalf of the client that owns that lease. +A client uses a consistent identity string, security flavor, +and principal across client reboots to ensure that the server +can promptly reap expired lease state. .P When Kerberos is configured on a Linux NFS client (i.e., there is a .I /etc/krb5.keytab on that client), the client attempts to use a Kerberos security flavor for its lease management operations. -This provides strong authentication of the client to -each server it contacts. +Kerberos provides secure authentication of each client. By default, the client uses the .I host/ or .I nfs/ service principal in its .I /etc/krb5.keytab -for this purpose. +for this purpose, as described in +.BR rpc.gssd (8). .P If the client has Kerberos configured, but the server does not, or if the client does not have a keytab or @@ -1796,7 +1909,7 @@ file system table .TP 1.5i .I /etc/nfsmount.conf Configuration file for NFS mounts -.SH BUGS +.SH NOTES Before 2.4.7, the Linux NFS client did not support NFS over TCP. .P Before 2.4.20, the Linux NFS client used a heuristic @@ -1815,9 +1928,9 @@ when the .BR rsize " and " wsize settings were smaller than the system's page size. .P -The Linux NFS client does not yet support -certain optional features of the NFS version 4 protocol, -such as security negotiation, server referrals, and named attributes. +The Linux client's support for protocol versions depend on whether the +kernel was built with options CONFIG_NFS_V2, CONFIG_NFS_V3, +CONFIG_NFS_V4, CONFIG_NFS_V4_1, and CONFIG_NFS_V4_2. .SH "SEE ALSO" .BR fstab (5), .BR mount (8), @@ -1840,8 +1953,6 @@ RFC 768 for the UDP specification. .br RFC 793 for the TCP specification. .br -RFC 1094 for the NFS version 2 specification. -.br RFC 1813 for the NFS version 3 specification. .br RFC 1832 for the XDR specification. @@ -1850,4 +1961,8 @@ RFC 1833 for the RPC bind specification. .br RFC 2203 for the RPCSEC GSS API protocol specification. .br -RFC 3530 for the NFS version 4 specification. +RFC 7530 for the NFS version 4.0 specification. +.br +RFC 5661 for the NFS version 4.1 specification. +.br +RFC 7862 for the NFS version 4.2 specification. diff --git a/upstream/opensuse-leap-15-6/man5/nfs.conf.5 b/upstream/opensuse-leap-15-6/man5/nfs.conf.5 index 5a64ad93..d03fc887 100644 --- a/upstream/opensuse-leap-15-6/man5/nfs.conf.5 +++ b/upstream/opensuse-leap-15-6/man5/nfs.conf.5 @@ -2,10 +2,13 @@ .SH NAME nfs.conf \- general configuration for NFS daemons and tools .SH SYNOPSIS +.I /usr/etc/nfs.conf +.I /usr/etc/nfs.conf.d/ .I /etc/nfs.conf +.I /etc/nfs.conf.d/ .SH DESCRIPTION .PP -This file contains site-specific configuration for various NFS daemons +These files contain site-specific configuration for various NFS daemons and other processes. Most configuration can also be passed to processes via command line arguments, but it can be more convenient to have a central file. In particular, this encourages consistent @@ -65,6 +68,9 @@ section headers, then new sections will be created just as if the included file appeared in place of the .B include line. +If the file name starts with a hyphen then that is stripped off +before the file is opened, and if file doesn't exist no warning is +given. Normally a non-existent include file generates a warning. .PP Lookup of section and value names is case-insensitive. @@ -95,11 +101,59 @@ value, which can be one or more from the list .BR parse , .BR all . When a list is given, the members should be comma-separated. +The values +.BR 0 +and +.BR 1 +are also accepted, with '0' making no changes to the debug level, and '1' equivalent to specifying 'all'. + +.TP +.B general +Recognized values: +.BR pipefs-directory . + +See +.BR blkmapd (8), +.BR rpc.idmapd (8), +and +.BR rpc.gssd (8) +for details. + .TP -Note that setting +.B exports +Recognized values: +.BR rootdir . + +Setting +.B rootdir +to a valid path causes the nfs server to act as if the +supplied path is being prefixed to all the exported entries. For +instance, if +.BR rootdir=/my/root , +and there is an entry in /etc/exports for +.BR /filesystem , +then the client will be able to mount the path as +.BR /filesystem , +but on the server, this will resolve to the path +.BR /my/root/filesystem . + +.TP +.B exportd +Recognized values: +.BR manage-gids , +.BR threads , +.BR cache-use-ipaddr , +.BR ttl , +.BR state-directory-path + +See +.BR exportd (8) +for details. + +Note that setting .B "\[dq]debug = auth\[dq]" for -.B mountd +.B exportd is equivalent to providing the .B \-\-log\-auth option. @@ -128,13 +182,12 @@ Recognized values: .BR lease-time , .BR udp , .BR tcp , -.BR vers2 , .BR vers3 , .BR vers4 , .BR vers4.0 , .BR vers4.1 , .BR vers4.2 , -.BR rdma . +.BR rdma , Version and protocol values are Boolean values as described above, and are also used by @@ -155,7 +208,7 @@ Recognized values: .BR port , .BR threads , .BR reverse-lookup , -.BR cache-use-upaddr , +.BR cache-use-ipaddr , .BR ttl , .BR state-directory-path , .BR ha-callout . @@ -166,6 +219,21 @@ section, are used to configure mountd. See .BR rpc.mountd (8) for details. +Note that setting +.B "\[dq]debug = auth\[dq]" +for +.B mountd +is equivalent to providing the +.B \-\-log\-auth +option. + +The +.B state-directory-path +value in the +.B [mountd] +section is also used by +.BR exportfs (8). + .TP .B statd Recognized values: @@ -204,16 +272,19 @@ for details. .TP .B gssd Recognized values: +.BR verbosity , +.BR rpc-verbosity , .BR use-memcache , .BR use-machine-creds , +.BR use-gss-proxy , .BR avoid-dns , .BR limit-to-legacy-enctypes , .BR context-timeout , .BR rpc-timeout , -.BR pipefs-directory , .BR keytab-file , .BR cred-cache-directory , -.BR preferred-realm . +.BR preferred-realm , +.BR set-home . See .BR rpc.gssd (8) @@ -234,8 +305,29 @@ Only .B debug= is recognized. +.TP +.B nfsrahead +Recognized values: +.BR nfs , +.BR nfsv4 , +.BR default . + +See +.BR nfsrahead (5) +for deatils. + .SH FILES +.I /usr/etc/nfs.conf +.br +.I /usr/etc/nfs.conf.d/*.conf +.br .I /etc/nfs.conf +.br +.I /etc/nfs.conf.d/*.conf +.br +.IP +Various configuration files read in order. Later settings override +earlier settings. .SH SEE ALSO .BR nfsdcltrack (8), .BR rpc.nfsd (8), diff --git a/upstream/opensuse-leap-15-6/man5/nfsmount.conf.5 b/upstream/opensuse-leap-15-6/man5/nfsmount.conf.5 index 3aa34564..10287cdf 100644 --- a/upstream/opensuse-leap-15-6/man5/nfsmount.conf.5 +++ b/upstream/opensuse-leap-15-6/man5/nfsmount.conf.5 @@ -1,53 +1,84 @@ -.\"@(#)nfsmount.conf.5" -.TH NFSMOUNT.CONF 5 "9 October 2012" +.\" @(#)nfsmount.conf.5" +.TH NFSMOUNT.CONF 5 "16 December 2020" .SH NAME nfsmount.conf - Configuration file for NFS mounts .SH SYNOPSIS Configuration file for NFS mounts that allows options to be set globally, per server or per mount point. .SH DESCRIPTION -The configuration file is made up of multiple sections -followed by variables associated with that section. -A section is defined by a string enclosed by +The configuration file is made up of multiple section headers +followed by variable assignments associated with that section. +A section header is defined by a string enclosed by .BR [ -and +and .BR ] -branches. -Variables are assignment statements that assign values -to particular variables using the -.BR = -operator, as in +brackets. +Variable assignments are assignment statements that assign values +to particular variables using the +.BR = +operator, as in .BR Proto=Tcp . -The variables that can be assigned are exactly the set of NFS specific +The variables that can be assigned are the set of NFS specific mount options listed in -.BR nfs (5). +.BR nfs (5) +together with the filesystem-independant mount options listed in +.BR mount (8) +and three additions: +.B Sloppy=True +has the same effect as the +.B -s +option to +.IR mount , +and +.B Foreground=True +and +.B Background=True +have the same effect as +.B bg +and +.BR fg . +.PP +Options in the config file may be given in upper, lower, or mixed case +and will be shifted to lower case before being passed to the filesystem. +.PP +Boolean mount options which do not need an equals sign must be given as +.RI \[dq] option =True". +Instead of preceeding such an option with +.RB \[dq] no \[dq] +its negation must be given as +.RI \[dq] option =False". .PP Sections are broken up into three basic categories: Global options, Server options and Mount Point options. .HP .B [ NFSMount_Global_Options ] - This statically named section -defines all of the global mount options that can be +defines all of the global mount options that can be applied to every NFS mount. .HP -.B [ Server \(lqServer_Name\(rq ] -- This section defines all the mount options that should -be used on mounts to a particular NFS server. The -.I \(lqServer_Name\(rq -strings needs to be surrounded by '\(lq' and -be an exact match of the server name used in the +.B [ Server \[dq]Server_Name\[dq] ] +- This section defines all the mount options that should +be used on mounts to a particular NFS server. The +.I \[dq]Server_Name\[dq] +strings needs to be surrounded by '\[dq]' and be an exact match +(ignoring case) of the server name used in the .B mount -command. +command. .HP -.B [ MountPoint \(lqMount_Point\(rq ] -- This section defines all the mount options that +.B [ MountPoint \[dq]Mount_Point\[dq] ] +- This section defines all the mount options that should be used on a particular mount point. -The -.I \(lqMount_Point\(rq -string needs to be surrounded by '\(lq' and be an -exact match of the mount point used in the -.BR mount -command. +The +.I \[dq]Mount_Point\[dq] +string needs to be surrounded by '\[dq]' and be an +exact match of the mount point used in the +.BR mount +command. Though path names are usually case-sensitive, the Mount_Point +name is matched insensitive to case. +.PP +The sections are processed in the reverse of the order listed above, and +any options already seen, either in a previous section or on the +command line, will be ignored when seen again. .SH EXAMPLES .PP These are some example lines of how sections and variables @@ -57,37 +88,44 @@ are defined in the configuration file. .br Proto=Tcp .RS -.HP +.PP The TCP/IPv4 protocol will be used on every NFS mount. -.HP .RE -[ Server \(lqnfsserver.foo.com\(rq ] +.PP +[ Server \[dq]nfsserver.foo.com\[dq] ] .br rsize=32k .br wsize=32k .br proto=udp6 -.HP .RS +.PP A 32k (32768 bytes) block size will be used as the read and write size on all mounts to the 'nfsserver.foo.com' server. UDP/IPv6 is the protocol to be used. -.HP .RE -.BR -[ MountPoint \(lq/export/home\(rq ] +.PP +[ MountPoint \[dq]/export/home\[dq] ] .br Background=True .RS -.HP +.PP All mounts to the '/export/home' export will be performed in the background (i.e. done asynchronously). -.HP +.RE .SH FILES -.TP 10n +.I /usr/etc/nfsmount.conf +.br +.I /usr/etc/nfsmount.conf.d/*.conf +.br .I /etc/nfsmount.conf -Default NFS mount configuration file +.br +.I /etc/nfsmount.conf.d/*.conf +.br +.IP +Default NFS mount configuration files, variables set in the later file +over-ride those in the earlier file. .PD .SH SEE ALSO .BR nfs (5), diff --git a/upstream/opensuse-leap-15-6/man5/nfsrahead.5 b/upstream/opensuse-leap-15-6/man5/nfsrahead.5 new file mode 100644 index 00000000..5488f633 --- /dev/null +++ b/upstream/opensuse-leap-15-6/man5/nfsrahead.5 @@ -0,0 +1,72 @@ +.\" Manpage for nfsrahead. +.nh +.ad l +.TH man 5 "08 Mar 2022" "1.0" "nfsrahead man page" +.SH NAME + +nfsrahead \- Configure the readahead for NFS mounts + +.SH SYNOPSIS + +nfsrahead [-F] [-d] <device> + +.SH DESCRIPTION + +\fInfsrahead\fR is a tool intended to be used with udev to set the \fIread_ahead_kb\fR parameter of NFS mounts, according to the configuration file (see \fICONFIGURATION\fR). \fIdevice\fR is the device number for the NFS backing device as provided by the kernel. + +.SH OPTIONS +.TP +.B -F +Send messages to +.I stderr +instead of +.I syslog + +.TP +.B -d +Increase the debugging level. + +.SH CONFIGURATION +.I nfsrahead +is configured in +.IR /etc/nfs.conf , +in the section titled +.IR nfsrahead . +It accepts the following configurations. + +.TP +.B nfs=<value> +The readahead value applied to NFSv3 mounts. + +.TP +.B nfs4=<value> +The readahead value applied to NFSv4 mounts. + +.TP +.B default=<value> +The default configuration when none of the configurations above is set. + +.SH EXAMPLE CONFIGURATION +[nfsrahead] +.br +nfs=15000 # readahead of 15000 for NFSv3 mounts +.br +nfs4=16000 # readahead of 16000 for NFSv4 mounts +.br +default=128 # default is 128 + +.SH SEE ALSO + +.BR mount.nfs (8), +.BR nfs (5), +.BR nfs.conf (5), +.BR udev (7), +.BR bcc-readahead (8) + +.SH BUGS + +No known bugs. + +.SH AUTHOR + +Thiago Rafael Becker <trbecker@gmail.com> diff --git a/upstream/opensuse-leap-15-6/man5/org.freedesktop.login1.5 b/upstream/opensuse-leap-15-6/man5/org.freedesktop.login1.5 index 57ac17a3..7ab6ee14 100644 --- a/upstream/opensuse-leap-15-6/man5/org.freedesktop.login1.5 +++ b/upstream/opensuse-leap-15-6/man5/org.freedesktop.login1.5 @@ -1115,9 +1115,7 @@ node /org/freedesktop/login1/session/1 { readonly u VTNr = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("const") readonly (so) Seat = \&.\&.\&.; - @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("const") readonly s TTY = \*(Aq\&.\&.\&.\*(Aq; - @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("const") readonly s Display = \*(Aq\&.\&.\&.\*(Aq; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("const") readonly b Remote = \&.\&.\&.; diff --git a/upstream/opensuse-leap-15-6/man5/org.freedesktop.portable1.5 b/upstream/opensuse-leap-15-6/man5/org.freedesktop.portable1.5 index a7d9566a..8cb990ac 100644 --- a/upstream/opensuse-leap-15-6/man5/org.freedesktop.portable1.5 +++ b/upstream/opensuse-leap-15-6/man5/org.freedesktop.portable1.5 @@ -336,7 +336,7 @@ write mkdir .RE .sp -Note that an image cannot be attached if a unit that it contains is already present on the system\&. +Note that an image cannot be attached if a unit that it contains is already present on the system\&. Note that this method returns only after all the listed operations are completed, and due to the I/O involved it might take some time\&. .PP \fBAttachImageWithExtensions()\fR attaches a portable image to the system\&. This method is a superset of @@ -364,7 +364,7 @@ detaches a portable image from the system\&. This method takes an image path or unlink .RE .sp -Note that an image cannot be detached if a unit that it contains is running\&. +Note that an image cannot be detached if a unit that it contains is running\&. Note that this method returns only after all the listed operations are completed, and due to the I/O involved it might take some time\&. .PP \fBDetachImageWithExtensions()\fR detaches a portable image from the system\&. This method is a superset of diff --git a/upstream/opensuse-leap-15-6/man5/org.freedesktop.systemd1.5 b/upstream/opensuse-leap-15-6/man5/org.freedesktop.systemd1.5 index 0cfb5246..b6c9575a 100644 --- a/upstream/opensuse-leap-15-6/man5/org.freedesktop.systemd1.5 +++ b/upstream/opensuse-leap-15-6/man5/org.freedesktop.systemd1.5 @@ -807,7 +807,13 @@ enqueues a start job and possibly depending jobs\&. It takes the unit to activat "fail", the method will start the unit and its dependencies, but will fail if this would change an already queued job\&. If "isolate", the method will start the unit in question and terminate all units that aren\*(Aqt dependencies of it\&. If "ignore\-dependencies", it will start a unit but ignore all its dependencies\&. If -"ignore\-requirements", it will start a unit but only ignore the requirement dependencies\&. It is not recommended to make use of the latter two options\&. On completion, this method returns the newly created job object\&. +"ignore\-requirements", it will start a unit but only ignore the requirement dependencies\&. It is not recommended to make use of the latter two options\&. On reply, if successful, this method returns the newly created job object which has been enqueued for asynchronous activation\&. Callers that want to track the outcome of the actual start operation need to monitor the result of this job\&. This can be achieved in a race\-free manner by first subscribing to the +\fBJobRemoved()\fR +signal, then calling +\fBStartUnit()\fR +and using the returned job object to filter out unrelated +\fBJobRemoved()\fR +signals, until the desired one is received, which will then carry the result of the start operation\&. .PP \fBStartUnitReplace()\fR is similar to @@ -904,7 +910,7 @@ resets the "failed" state of a specific unit\&. resets the "failed" state of all units\&. .PP \fBListUnits()\fR -returns an array of all currently loaded units\&. Note that units may be known by multiple names at the same name, and hence there might be more unit names loaded than actual units behind them\&. The array consists of structures with the following elements: +returns an array of all currently loaded units\&. Note that units may be known by multiple names at the same time, and hence there might be more unit names loaded than actual units behind them\&. The array consists of structures with the following elements: .sp .RS 4 .ie n \{\ @@ -2146,7 +2152,7 @@ or unit, and it is only provided in a best effort fashion: it is not guaranteed to be set, and it is not guaranteed to be the only trigger\&. It is only guaranteed to be a valid trigger that caused the activation job to be enqueued and complete successfully\&. The key value pairs correspond (in lowercase) to the environment variables described in the "Environment Variables Set or Propagated by the Service Manager" section in -\fBsystemd.exec\fR(1)\&. Note that new key value pair may be added at any time in future versions\&. Existing entries will not be removed\&. +\fBsystemd.exec\fR(5)\&. Note that new key value pair may be added at any time in future versions\&. Existing entries will not be removed\&. .SS "Security" .PP Similarly to methods on the @@ -2310,6 +2316,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t MemoryAvailable = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveMemoryMax = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveMemoryHigh = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t CPUUsageNSec = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly ay EffectiveCPUs = [\&.\&.\&.]; @@ -2318,6 +2328,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t TasksCurrent = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveTasksMax = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t IPIngressBytes = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t IPIngressPackets = \&.\&.\&.; @@ -3167,6 +3179,9 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { + + + .SS "Methods" .PP \fBBindMount()\fR @@ -3454,6 +3469,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t MemoryAvailable = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveMemoryMax = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveMemoryHigh = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t CPUUsageNSec = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly ay EffectiveCPUs = [\&.\&.\&.]; @@ -3462,6 +3481,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t TasksCurrent = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveTasksMax = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t IPIngressBytes = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t IPIngressPackets = \&.\&.\&.; @@ -4300,6 +4321,9 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + + + .SS "Properties" .PP Most of the properties map directly to the corresponding settings in socket unit files\&. As socket units can include @@ -4458,6 +4482,10 @@ node /org/freedesktop/systemd1/unit/home_2emount { @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t MemoryAvailable = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveMemoryMax = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveMemoryHigh = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t CPUUsageNSec = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly ay EffectiveCPUs = [\&.\&.\&.]; @@ -4466,6 +4494,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t TasksCurrent = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveTasksMax = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t IPIngressBytes = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t IPIngressPackets = \&.\&.\&.; @@ -5263,6 +5293,9 @@ node /org/freedesktop/systemd1/unit/home_2emount { + + + .SS "Properties" .PP Most of the properties map directly to the corresponding settings in mount unit files\&. As mount units invoke the @@ -5495,6 +5528,10 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t MemoryAvailable = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveMemoryMax = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveMemoryHigh = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t CPUUsageNSec = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly ay EffectiveCPUs = [\&.\&.\&.]; @@ -5503,6 +5540,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t TasksCurrent = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveTasksMax = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t IPIngressBytes = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t IPIngressPackets = \&.\&.\&.; @@ -6293,6 +6332,9 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { + + + .SS "Properties" .PP Most of the properties map directly to the corresponding settings in swap unit files\&. As mount units invoke the @@ -6411,6 +6453,10 @@ node /org/freedesktop/systemd1/unit/system_2eslice { @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t MemoryAvailable = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveMemoryMax = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveMemoryHigh = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t CPUUsageNSec = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly ay EffectiveCPUs = [\&.\&.\&.]; @@ -6419,6 +6465,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t TasksCurrent = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveTasksMax = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t IPIngressBytes = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t IPIngressPackets = \&.\&.\&.; @@ -6662,6 +6710,9 @@ node /org/freedesktop/systemd1/unit/system_2eslice { + + + .SS "Properties" .PP Most properties correspond directly with the matching settings in slice unit files\&. @@ -6708,6 +6759,10 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t MemoryAvailable = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveMemoryMax = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveMemoryHigh = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t CPUUsageNSec = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly ay EffectiveCPUs = [\&.\&.\&.]; @@ -6716,6 +6771,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t TasksCurrent = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") + readonly t EffectiveTasksMax = \&.\&.\&.; + @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t IPIngressBytes = \&.\&.\&.; @org\&.freedesktop\&.DBus\&.Property\&.EmitsChangedSignal("false") readonly t IPIngressPackets = \&.\&.\&.; @@ -6988,6 +7045,9 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { + + + .SS "Methods" .PP \fBAbandon()\fR diff --git a/upstream/opensuse-leap-15-6/man5/smbpasswd.5 b/upstream/opensuse-leap-15-6/man5/smbpasswd.5 index 169d3ec4..0619b573 100644 --- a/upstream/opensuse-leap-15-6/man5/smbpasswd.5 +++ b/upstream/opensuse-leap-15-6/man5/smbpasswd.5 @@ -2,12 +2,12 @@ .\" Title: smbpasswd .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 10/23/2023 +.\" Date: 02/20/2024 .\" Manual: File Formats and Conventions -.\" Source: Samba 4.19.2-git.328.e4c431e307f150600.1.23SUSE-oS15.0-x86_64 +.\" Source: Samba 4.19.5-git.342.57620c4f7e150600.1.30SUSE-oS15.0-x86_64 .\" Language: English .\" -.TH "SMBPASSWD" "5" "10/23/2023" "Samba 4\&.19\&.2\-git\&.328\&." "File Formats and Conventions" +.TH "SMBPASSWD" "5" "02/20/2024" "Samba 4\&.19\&.5\-git\&.342\&." "File Formats and Conventions" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -165,7 +165,7 @@ This field consists of the time the account was last modified\&. It consists of All other colon separated fields are ignored at this time\&. .SH "VERSION" .PP -This man page is part of version 4\&.19\&.2\-git\&.328\&.e4c431e307f150600\&.1\&.23SUSE\-oS15\&.0\-x86_64 of the Samba suite\&. +This man page is part of version 4\&.19\&.5\-git\&.342\&.57620c4f7e150600\&.1\&.30SUSE\-oS15\&.0\-x86_64 of the Samba suite\&. .SH "SEE ALSO" .PP \fBsmbpasswd\fR(8), diff --git a/upstream/opensuse-leap-15-6/man5/sysctl.d.5 b/upstream/opensuse-leap-15-6/man5/sysctl.d.5 index 91f0a6ab..f29cc182 100644 --- a/upstream/opensuse-leap-15-6/man5/sysctl.d.5 +++ b/upstream/opensuse-leap-15-6/man5/sysctl.d.5 @@ -122,7 +122,12 @@ Packages should install their configuration files in /usr/local/lib/ (local installs)\&. Files in /etc/ -are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. It is recommended to prefix all filenames with a two\-digit number and a dash, to simplify the ordering of the files\&. +are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. It is recommended to prefix all filenames with a two\-digit number and a dash, to simplify the ordering of the files\&. It is recommended to use the range 10\-40 for configuration files in +/usr/ +and the range 60\-90 for configuration files in +/etc/ +and +/run/, to make sure that local and transient configuration files will always take priority over configuration files shipped by the OS vendor\&. .PP If the administrator wants to disable a configuration file supplied by the vendor, the recommended way is to place a symlink to /dev/null diff --git a/upstream/opensuse-leap-15-6/man5/systemd-system.conf.5 b/upstream/opensuse-leap-15-6/man5/systemd-system.conf.5 index f9d25712..93cb0876 100644 --- a/upstream/opensuse-leap-15-6/man5/systemd-system.conf.5 +++ b/upstream/opensuse-leap-15-6/man5/systemd-system.conf.5 @@ -72,7 +72,12 @@ configuration subdirectories are sorted by their filename in lexicographic order When packages need to customize the configuration, they can install drop\-ins under /usr/\&. Files in /etc/ -are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defined a concept of drop\-in priority to allow distributions to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. +are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defines a concept of drop\-in priorities to allow OS vendors to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. It is recommended to use the range 10\-40 for drop\-ins in +/usr/ +and the range 60\-90 for drop\-ins in +/etc/ +and +/run/, to make sure that local and transient drop\-ins take priority over drop\-ins shipped by the OS vendor\&. .PP To disable a configuration file supplied by the vendor, the recommended way is to place a symlink to /dev/null diff --git a/upstream/opensuse-leap-15-6/man5/systemd.exec.5 b/upstream/opensuse-leap-15-6/man5/systemd.exec.5 index d3ee2537..433926f4 100644 --- a/upstream/opensuse-leap-15-6/man5/systemd.exec.5 +++ b/upstream/opensuse-leap-15-6/man5/systemd.exec.5 @@ -435,7 +435,7 @@ file system of the host is bind mounted if this option is used without \fIPrivateDevices=\fR\&. .sp In order to allow propagating mounts at runtime in a safe manner, -/run/systemd/propagate +/run/systemd/propagate/ on the host will be used to set up new mounts, and /run/host/incoming/ in the private namespace will be used as an intermediate step to store them before being moved to the final mount point\&. @@ -1354,11 +1354,11 @@ personalities but no others\&. The personality feature is useful when running 32 .PP \fIIgnoreSIGPIPE=\fR .RS 4 -Takes a boolean argument\&. If true, causes +Takes a boolean argument\&. If true, \fBSIGPIPE\fR -to be ignored in the executed process\&. Defaults to true because +is ignored in the executed process\&. Defaults to true since \fBSIGPIPE\fR -generally is useful only in shell pipelines\&. +is generally only useful in shell pipelines\&. .RE .SH "SCHEDULING" .PP @@ -1835,7 +1835,13 @@ in order to provide writable subdirectories within read\-only directories\&. Use \fIReadWritePaths=\fR in order to allow\-list specific paths for write access if \fIProtectSystem=strict\fR -is used\&. +is used\&. Note that +\fIReadWritePaths=\fR +cannot be used to gain write access to a file system whose superblock is mounted read\-only\&. On Linux, for each mount point write access is granted only if the mount point itself +\fIand\fR +the file system superblock backing it are not marked read\-only\&. +\fIReadWritePaths=\fR +only controls the former, not the latter, hence a read\-only file system superblock remains protected\&. .sp Paths listed in \fIInaccessiblePaths=\fR @@ -1889,6 +1895,11 @@ Note that the effect of these settings may be undone by privileged processes\&. or \fISystemCallFilter=~@mount\fR\&. .sp +Please be extra careful when applying these options to API file systems (a list of them could be found in +\fIMountAPIVPS=\fR), since they may be required for basic system functionalities\&. Moreover, +/run/ +needs to be writable for setting up mount namespace and propagation\&. +.sp Simple allow\-list example using these directives: .sp .if n \{\ @@ -3343,7 +3354,10 @@ for details) to have \fIAccept=yes\fR set, or to specify a single socket only\&. If this option is set, standard input will be connected to the socket the service was activated from, which is primarily useful for compatibility with daemons designed for use with the traditional \fBinetd\fR(8) -socket activation daemon\&. +socket activation daemon (\fI$LISTEN_FDS\fR +(and related) environment variables are not passed when +\fBsocket\fR +value is configured)\&. .sp The \fBfd:\fR\fB\fIname\fR\fR @@ -3908,7 +3922,11 @@ command line use \fIEnvironment=\fR line use "%d/mycred", e\&.g\&. -"Environment=MYCREDPATH=%d/mycred"\&. +"Environment=MYCREDPATH=%d/mycred"\&. For system services the path may also be referenced as +"/run/credentials/\fIUNITNAME\fR" +in cases where no interpolation is possible, e\&.g\&. configuration files of software that does not yet support credentials natively\&. +\fI$CREDENTIALS_DIRECTORY\fR +is considered the primary interface to look for credentials, though, since it also works for user services\&. .sp Currently, an accumulated credential size limit of 1 MB per unit is enforced\&. .sp diff --git a/upstream/opensuse-leap-15-6/man5/systemd.link.5 b/upstream/opensuse-leap-15-6/man5/systemd.link.5 index 6821d3d0..0d460256 100644 --- a/upstream/opensuse-leap-15-6/man5/systemd.link.5 +++ b/upstream/opensuse-leap-15-6/man5/systemd.link.5 @@ -537,7 +537,7 @@ option, then the password is read from the credential "wol\&.password"\&. See \fIImportCredential=\fR/\fILoadCredential=\fR/\fISetCredential=\fR in -\fBsystemd.exec\fR(1) +\fBsystemd.exec\fR(5) for details\&. The password in the credential, must be 6 bytes in hex format with each byte separated by a colon (":") like an Ethernet MAC address, e\&.g\&., "aa:bb:cc:dd:ee:ff"\&. .RE diff --git a/upstream/opensuse-leap-15-6/man5/systemd.resource-control.5 b/upstream/opensuse-leap-15-6/man5/systemd.resource-control.5 index 313c2b00..68ae3aaa 100644 --- a/upstream/opensuse-leap-15-6/man5/systemd.resource-control.5 +++ b/upstream/opensuse-leap-15-6/man5/systemd.resource-control.5 @@ -408,7 +408,10 @@ Takes a memory size in bytes\&. If the value is suffixed with K, M, G or T, the "infinity", no memory throttling is applied\&. This controls the "memory\&.high" control group attribute\&. For details about this control group attribute, see -\m[blue]\fBMemory Interface Files\fR\m[]\&\s-2\u[5]\d\s+2\&. +\m[blue]\fBMemory Interface Files\fR\m[]\&\s-2\u[5]\d\s+2\&. The effective configuration is reported as +\fIEffectiveMemoryHigh=\fR +(see also +\fIEffectiveMemoryMax=\fR)\&. .sp While \fIStartupMemoryHigh=\fR @@ -435,7 +438,9 @@ Takes a memory size in bytes\&. If the value is suffixed with K, M, G or T, the "infinity", no memory limit is applied\&. This controls the "memory\&.max" control group attribute\&. For details about this control group attribute, see -\m[blue]\fBMemory Interface Files\fR\m[]\&\s-2\u[5]\d\s+2\&. +\m[blue]\fBMemory Interface Files\fR\m[]\&\s-2\u[5]\d\s+2\&. The effective configuration is reported as +\fIEffectiveMemoryMax=\fR +(the value is the most stringent limit of the unit and parent slices and it is capped by physical memory)\&. .sp While \fIStartupMemoryMax=\fR @@ -543,7 +548,8 @@ Specify the maximum number of tasks that may be created in the unit\&. This ensu "infinity", no tasks limit is applied\&. This controls the "pids\&.max" control group attribute\&. For details about this control group attribute, the -\m[blue]\fBpids controller\fR\m[]\&\s-2\u[7]\d\s+2\&. +\m[blue]\fBpids controller\fR\m[]\&\s-2\u[7]\d\s+2\&. The effective configuration is reported as +\fIEffectiveTasksMax=\fR\&. .sp The system default for this setting may be controlled with \fIDefaultTasksMax=\fR diff --git a/upstream/opensuse-leap-15-6/man5/systemd.service.5 b/upstream/opensuse-leap-15-6/man5/systemd.service.5 index 8d127bfb..6708a4c5 100644 --- a/upstream/opensuse-leap-15-6/man5/systemd.service.5 +++ b/upstream/opensuse-leap-15-6/man5/systemd.service.5 @@ -1059,7 +1059,13 @@ If set to \fBon\-abnormal\fR, the service will be restarted when the process is terminated by a signal (including on core dump, excluding the aforementioned four signals), when an operation times out, or when the watchdog timeout is triggered\&. If set to \fBon\-abort\fR, the service will be restarted only if the service process exits due to an uncaught signal not specified as a clean exit status\&. If set to \fBon\-watchdog\fR, the service will be restarted only if the watchdog timeout for the service expires\&. If set to -\fBalways\fR, the service will be restarted regardless of whether it exited cleanly or not, got terminated abnormally by a signal, or hit a timeout\&. +\fBalways\fR, the service will be restarted regardless of whether it exited cleanly or not, got terminated abnormally by a signal, or hit a timeout\&. Note that +\fIType=oneshot\fR +services will never be restarted on a clean exit status, i\&.e\&. +\fBalways\fR +and +\fBon\-success\fR +are rejected for them\&. .sp .it 1 an-trap .nr an-no-space-flag 1 @@ -1355,6 +1361,18 @@ for details), will have the flag set and hence are in non\-blocking mode\&. This option is only useful in conjunction with a socket unit, as described in \fBsystemd.socket\fR(5) and has no effect on file descriptors which were previously saved in the file\-descriptor store for example\&. Defaults to false\&. +.sp +Note that if the same socket unit is configured to be passed to multiple service units (via the +\fISockets=\fR +setting, see below), and these services have different +\fINonBlocking=\fR +configurations, the precise state of +\fBO_NONBLOCK\fR +depends on the order in which these services are invoked, and will possibly change after service code already took possession of the socket file descriptor, simply because the +\fBO_NONBLOCK\fR +state of a socket is shared by all file descriptors referencing it\&. Hence it is essential that all services sharing the same socket use the same +\fINonBlocking=\fR +configuration, and do not change the flag in service code either\&. .RE .PP \fINotifyAccess=\fR diff --git a/upstream/opensuse-leap-15-6/man5/systemd.unit.5 b/upstream/opensuse-leap-15-6/man5/systemd.unit.5 index 4c177ef4..7d7946c8 100644 --- a/upstream/opensuse-leap-15-6/man5/systemd.unit.5 +++ b/upstream/opensuse-leap-15-6/man5/systemd.unit.5 @@ -1951,9 +1951,11 @@ l l l l l l l l l l l l l l l l -l l l s l l l l l l l s +l l l s +l l ^ ^ +l l l s l l ^ ^ l l l l. T{ @@ -2023,13 +2025,6 @@ T}:T{ an automatic property T} T{ -\fITriggers=\fR -T}:T{ -\fITriggeredBy=\fR -T}:T{ -Automatic properties, see notes below -T} -T{ \fIConflicts=\fR T}:T{ \fIConflictedBy=\fR @@ -2039,6 +2034,13 @@ T}:T{ an automatic property T} T{ +\fITriggers=\fR +T}:T{ +\fITriggeredBy=\fR +T}:T{ +Automatic properties, see notes below +T} +T{ \fIPropagatesReloadTo=\fR T}:T{ \fIReloadPropagatedFrom=\fR @@ -2051,6 +2053,18 @@ T}:T{ \fIPropagatesReloadTo=\fR T}:: T{ +\fIPropagatesStopTo=\fR +T}:T{ +\fIStopPropagatedFrom=\fR +T}:T{ +[Unit] section +T} +T{ +\fIStopPropagatedFrom=\fR +T}:T{ +\fIPropagatesStopTo=\fR +T}:: +T{ \fIFollowing=\fR T}:T{ n/a diff --git a/upstream/opensuse-leap-15-6/man5/terminal-colors.d.5 b/upstream/opensuse-leap-15-6/man5/terminal-colors.d.5 deleted file mode 100644 index 2284175f..00000000 --- a/upstream/opensuse-leap-15-6/man5/terminal-colors.d.5 +++ /dev/null @@ -1,404 +0,0 @@ -'\" t -.\" Title: terminal-colors.d -.\" Author: [see the "AUTHOR(S)" section] -.\" Generator: Asciidoctor 2.0.15 -.\" Date: 2022-02-14 -.\" Manual: File formats -.\" Source: util-linux 2.37.4 -.\" Language: English -.\" -.TH "TERMINAL\-COLORS.D" "5" "2022-02-14" "util\-linux 2.37.4" "File formats" -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.ss \n[.ss] 0 -.nh -.ad l -.de URL -\fI\\$2\fP <\\$1>\\$3 -.. -.als MTO URL -.if \n[.g] \{\ -. mso www.tmac -. am URL -. ad l -. . -. am MTO -. ad l -. . -. LINKSTYLE blue R < > -.\} -.SH "NAME" -terminal-colors.d \- configure output colorization for various utilities -.SH "SYNOPSIS" -.sp -/etc/terminal\-colors.d/\fI[[name][@term].][type]\fP -.SH "DESCRIPTION" -.sp -Files in this directory determine the default behavior for utilities when coloring output. -.sp -The \fIname\fP is a utility name. The name is optional and when none is specified then the file is used for all unspecified utilities. -.sp -The \fIterm\fP is a terminal identifier (the TERM environment variable). The terminal identifier is optional and when none is specified then the file is used for all unspecified terminals. -.sp -The \fItype\fP is a file type. Supported file types are: -.sp -\fBdisable\fP -.RS 4 -Turns off output colorization for all compatible utilities. -.RE -.sp -\fBenable\fP -.RS 4 -Turns on output colorization; any matching \fBdisable\fP files are ignored. -.RE -.sp -\fBscheme\fP -.RS 4 -Specifies colors used for output. The file format may be specific to the utility, the default format is described below. -.RE -.sp -If there are more files that match for a utility, then the file with the more specific filename wins. For example, the filename "@xterm.scheme" has less priority than "dmesg@xterm.scheme". The lowest priority are those files without a utility name and terminal identifier (e.g., "disable"). -.sp -The user\-specific \fI$XDG_CONFIG_HOME/terminal\-colors.d\fP or \fI$HOME/.config/terminal\-colors.d\fP overrides the global setting. -.SH "DEFAULT SCHEME FILES FORMAT" -.sp -The following statement is recognized: -.RS 3 -.ll -.6i -.sp -\fBname color\-sequence\fP -.br -.RE -.ll -.sp -The \fBname\fP is a logical name of color sequence (for example "error"). The names are specific to the utilities. For more details always see the COLORS section in the man page for the utility. -.sp -The \fBcolor\-sequence\fP is a color name, ASCII color sequences or escape sequences. -.SS "Color names" -.sp -black, blink, blue, bold, brown, cyan, darkgray, gray, green, halfbright, lightblue, lightcyan, lightgray, lightgreen, lightmagenta, lightred, magenta, red, reset, reverse, and yellow. -.SS "ANSI color sequences" -.sp -The color sequences are composed of sequences of numbers separated by semicolons. The most common codes are: -.RS 3 -.ll -.6i -.TS -allbox tab(:); -lt lt. -T{ -.sp -0 -T}:T{ -.sp -to restore default color -T} -T{ -.sp -1 -T}:T{ -.sp -for brighter colors -T} -T{ -.sp -4 -T}:T{ -.sp -for underlined text -T} -T{ -.sp -5 -T}:T{ -.sp -for flashing text -T} -T{ -.sp -30 -T}:T{ -.sp -for black foreground -T} -T{ -.sp -31 -T}:T{ -.sp -for red foreground -T} -T{ -.sp -32 -T}:T{ -.sp -for green foreground -T} -T{ -.sp -33 -T}:T{ -.sp -for yellow (or brown) foreground -T} -T{ -.sp -34 -T}:T{ -.sp -for blue foreground -T} -T{ -.sp -35 -T}:T{ -.sp -for purple foreground -T} -T{ -.sp -36 -T}:T{ -.sp -for cyan foreground -T} -T{ -.sp -37 -T}:T{ -.sp -for white (or gray) foreground -T} -T{ -.sp -40 -T}:T{ -.sp -for black background -T} -T{ -.sp -41 -T}:T{ -.sp -for red background -T} -T{ -.sp -42 -T}:T{ -.sp -for green background -T} -T{ -.sp -43 -T}:T{ -.sp -for yellow (or brown) background -T} -T{ -.sp -44 -T}:T{ -.sp -for blue background -T} -T{ -.sp -45 -T}:T{ -.sp -for purple background -T} -T{ -.sp -46 -T}:T{ -.sp -for cyan background -T} -T{ -.sp -47 -T}:T{ -.sp -for white (or gray) background -T} -.TE -.sp -.br -.RE -.ll -.SS "Escape sequences" -.sp -To specify control or blank characters in the color sequences, C\-style \(rs\-escaped notation can be used: -.RS 3 -.ll -.6i -.TS -allbox tab(:); -lt lt. -T{ -.sp -\fB\(rsa\fP -T}:T{ -.sp -Bell (ASCII 7) -T} -T{ -.sp -\fB\(rsb\fP -T}:T{ -.sp -Backspace (ASCII 8) -T} -T{ -.sp -\fB\(rse\fP -T}:T{ -.sp -Escape (ASCII 27) -T} -T{ -.sp -\fB\(rsf\fP -T}:T{ -.sp -Form feed (ASCII 12) -T} -T{ -.sp -\fB\(rsn\fP -T}:T{ -.sp -Newline (ASCII 10) -T} -T{ -.sp -\fB\(rsr\fP -T}:T{ -.sp -Carriage Return (ASCII 13) -T} -T{ -.sp -\fB\(rst\fP -T}:T{ -.sp -Tab (ASCII 9) -T} -T{ -.sp -\fB\(rsv\fP -T}:T{ -.sp -Vertical Tab (ASCII 11) -T} -T{ -.sp -\fB\(rs?\fP -T}:T{ -.sp -Delete (ASCII 127) -T} -T{ -.sp -\fB\(rs_\fP -T}:T{ -.sp -Space -T} -T{ -.sp -\fB\(rs\(rs\fP -T}:T{ -.sp -Backslash (\(rs) -T} -T{ -.sp -\fB\(rs^\fP -T}:T{ -.sp -Caret (^) -T} -T{ -.sp -\fB\(rs#\fP -T}:T{ -.sp -Hash mark (#) -T} -.TE -.sp -.br -.RE -.ll -.sp -Please note that escapes are necessary to enter a space, backslash, caret, or any control character anywhere in the string, as well as a hash mark as the first character. -.sp -For example, to use a red background for alert messages in the output of \fBdmesg\fP(1), use: -.RS 3 -.ll -.6i -.sp -\fBecho \(aqalert 37;41\(aq >> /etc/terminal\-colors.d/dmesg.scheme\fP -.br -.RE -.ll -.SS "Comments" -.sp -Lines where the first non\-blank character is a # (hash) are ignored. Any other use of the hash character is not interpreted as introducing a comment. -.SH "ENVIRONMENT" -.sp -TERMINAL_COLORS_DEBUG=all -.RS 4 -enables debug output. -.RE -.SH "FILES" -.sp -\fI$XDG_CONFIG_HOME/terminal\-colors.d\fP -.sp -\fI$HOME/.config/terminal\-colors.d\fP -.sp -\fI/etc/terminal\-colors.d\fP -.SH "EXAMPLE" -.sp -Disable colors for all compatible utilities: -.RS 3 -.ll -.6i -.sp -\fBtouch /etc/terminal\-colors.d/disable\fP -.br -.RE -.ll -.sp -Disable colors for all compatible utils on a vt100 terminal: -.RS 3 -.ll -.6i -.sp -\fBtouch /etc/terminal\-colors.d/@vt100.disable\fP -.br -.RE -.ll -.sp -Disable colors for all compatible utils except \fBdmesg\fP(1): -.RS 3 -.ll -.6i -.sp -\fBtouch /etc/terminal\-colors.d/disable\fP -.sp -\fBtouch /etc/terminal\-colors.d/dmesg.enable\fP -.br -.RE -.ll -.SH "COMPATIBILITY" -.sp -The terminal\-colors.d functionality is currently supported by all util\-linux utilities which provides colorized output. For more details always see the COLORS section in the man page for the utility. -.SH "REPORTING BUGS" -.sp -For bug reports, use the issue tracker at \c -.URL "https://github.com/karelzak/util\-linux/issues" "" "." -.SH "AVAILABILITY" -.sp -\fBterminal\-colors.d\fP is part of the util\-linux package which can be downloaded from \c -.URL "https://www.kernel.org/pub/linux/utils/util\-linux/" "Linux Kernel Archive" "."
\ No newline at end of file diff --git a/upstream/opensuse-leap-15-6/man5/tmpfiles.d.5 b/upstream/opensuse-leap-15-6/man5/tmpfiles.d.5 index b5451825..89b488b0 100644 --- a/upstream/opensuse-leap-15-6/man5/tmpfiles.d.5 +++ b/upstream/opensuse-leap-15-6/man5/tmpfiles.d.5 @@ -523,8 +523,8 @@ Optionally, if prefixed with "~", the access mode is masked based on the already set access bits for existing file or directories: if the existing file has all executable bits unset, all executable bits are removed from the new access mode, too\&. Similarly, if all read bits are removed from the old access mode, they will be removed from the new access mode too, and if all write bits are removed, they will be removed from the new access mode too\&. In addition, the sticky/SUID/SGID bit is removed unless applied to a directory\&. This functionality is particularly useful in conjunction with \fIZ\fR\&. .PP -Optionally, if prefixed with -":", the configured access mode is only used when creating new inodes\&. If the inode the line refers to already exists, its access mode is left in place unmodified\&. +By default the access mode of listed inodes is set to the specified mode regardless if it is created anew, or already existed\&. Optionally, if prefixed with +":", the configured access mode is only applied when creating new inodes, and if the inode the line refers to already exists, its access mode is left in place unmodified\&. .SS "User, Group" .PP The user and group to use for this file or directory\&. This may either be a numeric ID or a user/group name\&. If omitted or when set to @@ -548,8 +548,8 @@ This field should generally only reference system users/groups, i\&.e\&. users/g \m[blue]\fBNotes on Resolvability of User and Group Names\fR\m[]\&\s-2\u[3]\d\s+2 for more information on requirements on system user/group definitions\&. .PP -Optionally, if prefixed with -":", the configured user/group information is only used when creating new inodes\&. If the inode the line refers to already exists, its user/group is left in place unmodified\&. +By default the ownership of listed inodes is set to the specified user/group regardless if it is created anew, or already existed\&. Optionally, if prefixed with +":", the configured user/group information is only applied when creating new inodes, and if the inode the line refers to already exists, its user/group is left in place unmodified\&. .SS "Age" .PP The date field, when set, is used to decide what files to delete when cleaning\&. If a file or directory is older than the current time minus the age field, it is deleted\&. The field format is a series of integers each followed by one of the following suffixes for the respective time units: @@ -622,7 +622,7 @@ d /tmp/foo/bar \- \- \- bmA:1h \- .\} .PP Note that while the aging algorithm is run an exclusive BSD file lock (see -\fBflock\fR(2)) is taken on each directory/file the algorithm decides to remove\&. If the aging algorithm finds a lock ( shared or exclusive) is already taken on some directory/file, it (and everything below it) is skipped\&. Applications may use this to temporarily exclude certain directory subtrees from the aging algorithm: the applications can take a BSD file lock themselves, and as long as they keep it aging of the directory/file and everything below it is disabled\&. +\fBflock\fR(2)) is taken on each directory/file the algorithm decides to remove\&. If the aging algorithm finds a lock (shared or exclusive) is already taken on some directory/file, it (and everything below it) is skipped\&. Applications may use this to temporarily exclude certain directory subtrees from the aging algorithm: the applications can take a BSD file lock themselves, and as long as they keep it aging of the directory/file and everything below it is disabled\&. .PP This behavior can be used to ensure guaranteed cleanup of files or directories whose lifetime should be aligned with the process that created them by having that process create them in a location monitored by \fBsystemd\-tmpfiles\fR |