# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-06-01 06:29+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: TH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "SYSTEMD-SYSEXT" msgstr "" #. type: TH #: archlinux fedora-40 mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "systemd 255" msgstr "" #. type: TH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "systemd-sysext" msgstr "" #. ----------------------------------------------------------------- #. * MAIN CONTENT STARTS HERE * #. ----------------------------------------------------------------- #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "systemd-sysext, systemd-sysext.service, systemd-confext, systemd-confext." "service - Activates System Extension Images" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "SYNOPSIS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B [OPTIONS...] COMMAND" msgstr "" #. type: Plain text #: archlinux debian-bookworm fedora-40 mageia-cauldron opensuse-leap-15-6 #: opensuse-tumbleweed #, no-wrap msgid "systemd-sysext\\&.service\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B [OPTIONS...] COMMAND" msgstr "" #. type: Plain text #: archlinux debian-bookworm fedora-40 mageia-cauldron opensuse-leap-15-6 #: opensuse-tumbleweed #, no-wrap msgid "systemd-confext\\&.service\n" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B activates/deactivates system extension images\\&. System " "extension images may \\(en dynamically at runtime \\(em extend the /usr/ " "and /opt/ directory hierarchies with additional files\\&. This is " "particularly useful on immutable system images where a /usr/ and/or /opt/ " "hierarchy residing on a read-only file system shall be extended temporarily " "at runtime without making any persistent modifications\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "System extension images should contain files and directories similar in " "fashion to regular operating system tree\\&. When one or more system " "extension images are activated, their /usr/ and /opt/ hierarchies are " "combined via \"overlayfs\" with the same hierarchies of the host OS, and the " "host /usr/ and /opt/ overmounted with it (\"merging\")\\&. When they are " "deactivated, the mount point is disassembled \\(em again revealing the " "unmodified original host version of the hierarchy (\"unmerging\")\\&. " "Merging thus makes the extension\\*(Aqs resources suddenly appear below the /" "usr/ and /opt/ hierarchies as if they were included in the base OS image " "itself\\&. Unmerging makes them disappear again, leaving in place only the " "files that were shipped with the base OS image itself\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Files and directories contained in the extension images outside of the /usr/ " "and /opt/ hierarchies are I merged, and hence have no effect when " "included in a system extension image\\&. In particular, files in the /etc/ " "and /var/ included in a system extension image will I appear in the " "respective hierarchies after activation\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm fedora-40 mageia-cauldron opensuse-leap-15-6 #: opensuse-tumbleweed msgid "" "System extension images are strictly read-only, and the host /usr/ and /opt/ " "hierarchies become read-only too while they are activated\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "System extensions are supposed to be purely additive, i\\&.e\\&. they are " "supposed to include only files that do not exist in the underlying basic OS " "image\\&. However, the underlying mechanism (overlayfs) also allows " "overlaying or removing files, but it is recommended not to make use of " "this\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "System extension images may be provided in the following formats:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Plain directories or btrfs subvolumes containing the OS tree" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Disk images with a GPT disk label, following the \\m[blue]B\\m[]\\&\\s-2\\u[1]\\d\\s+2" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Disk images lacking a partition table, with a naked Linux file system (e\\&." "g\\&. erofs, squashfs or ext4)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "These image formats are the same ones that B(1) supports " "via its B<--directory=>/B<--image=> switches and those that the service " "manager supports via B/B\\&. Similar to them " "they may optionally carry Verity authentication information\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "System extensions are searched for in the directories /etc/extensions/, /run/" "extensions/ and /var/lib/extensions/\\&. The first two listed directories " "are not suitable for carrying large binary images, however are still useful " "for carrying symlinks to them\\&. The primary place for installing system " "extensions is /var/lib/extensions/\\&. Any directories found in these search " "directories are considered directory based extension images; any files with " "the \\&.raw suffix are considered disk image based extension images\\&. When " "invoked in the initrd, the additional directory /\\&.extra/sysext/ is " "included in the directories that are searched for extension images\\&. Note " "however, that by default a tighter image policy applies to images found " "there, though, see below\\&. This directory is populated by B(7) with extension images found in the system\\*(Aqs EFI System " "Partition\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "" "During boot OS extension images are activated automatically, if the systemd-" "sysext\\&.service is enabled\\&. Note that this service runs only after the " "underlying file systems where system extensions may be located have been " "mounted\\&. This means they are not suitable for shipping resources that are " "processed by subsystems running in earliest boot\\&. Specifically, OS " "extension images are not suitable for shipping system services or B(8) definitions\\&. See the \\m[blue]B\\m[]\\&\\s-2\\u[2]\\d\\s+2 page for a simple mechanism for " "shipping system services in disk images, in a similar fashion to OS " "extensions\\&. Note the different isolation on these two mechanisms: while " "system extension directly extend the underlying OS image with additional " "files that appear in a way very similar to as if they were shipped in the OS " "image itself and thus imply no security isolation, portable services imply " "service level sandboxing in one way or another\\&. The systemd-sysext\\&." "service service is guaranteed to finish start-up before basic\\&.target is " "reached; i\\&.e\\&. at the time regular services initialize (those which do " "not use I), the files and directories system " "extensions provide are available in /usr/ and /opt/ and may be accessed\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that there is no concept of enabling/disabling installed system " "extension images: all installed extension images are automatically activated " "at boot\\&. However, you can place an empty directory named like the " "extension (no \\&.raw) in /etc/extensions/ to \"mask\" an extension with the " "same name in a system folder with lower precedence\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "A simple mechanism for version compatibility is enforced: a system extension " "image must carry a /usr/lib/extension-release\\&.d/extension-release\\&." "I file, which must match its image name, that is compared with the " "host os-release file: the contained I fields have to match unless " "\"_any\" is set for the extension\\&. If the extension I is not " "\"_any\", the I field (if defined) has to match\\&. If the " "latter is not defined, the I field has to match instead\\&. If " "the extension defines the I field and the value is not " "\"_any\" it has to match the kernel\\*(Aqs architecture reported by " "B(2) but the used architecture identifiers are the same as for " "I described in B(5)\\&. " "I can be set to 1 if the extension requires a " "service manager reload after application of the extension\\&. Note that for " "the reasons mentioned earlier: \\m[blue]B\\m[]\\&\\s-2\\u[2]\\d\\s+2 remain the recommended way to ship " "system services\\&. System extensions should not ship a /usr/lib/os-release " "file (as that would be merged into the host /usr/ tree, overriding the host " "OS version data, which is not desirable)\\&. The extension-release file " "follows the same format and semantics, and carries the same content, as the " "os-release file of the OS, but it describes the resources carried in the " "extension image\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B concept follows the same principle as the B(1) functionality but instead of working on /usr and /opt, " "B will extend only /etc\\&. Files and directories contained in the " "confext images outside of the /etc/ hierarchy are I merged, and hence " "have no effect when included in the image\\&. Formats for these images are " "of the same as sysext images\\&. The merged hierarchy will be mounted with " "\"nosuid\" and (if not disabled via B<--noexec=false>) \"noexec\"\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Confexts are looked for in the directories /run/confexts/, /var/lib/" "confexts/, /usr/lib/confexts/ and /usr/local/lib/confexts/\\&. The first " "listed directory is not suitable for carrying large binary images, however " "is still useful for carrying symlinks to them\\&. The primary place for " "installing configuration extensions is /var/lib/confexts/\\&. Any " "directories found in these search directories are considered directory based " "confext images; any files with the \\&.raw suffix are considered disk image " "based confext images\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "" "Again, just like sysext images, the confext images will contain a /etc/" "extension-release\\&.d/extension-release\\&.I file, which must match " "the image name (with the usual escape hatch of the I B(7)), and again with content being one or more of " "I, I, and I\\&. Confext images will then be " "checked and matched against the base OS layer\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "USES" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The primary use case for system images are immutable environments where " "debugging and development tools shall optionally be made available, but not " "included in the immutable base OS image itself (e\\&.g\\&. B(1) " "and B(1) shall be an optionally installable addition in order to make " "debugging/development easier)\\&. System extension images should not be " "misunderstood as a generic software packaging framework, as no dependency " "scheme is available: system extensions should carry all files they need " "themselves, except for those already shipped in the underlying host system " "image\\&. Typically, system extension images are built at the same time as " "the base OS image \\(em within the same build system\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Another use case for the system extension concept is temporarily overriding " "OS supplied resources with newer ones, for example to install a locally " "compiled development version of some low-level component over the immutable " "OS image without doing a full OS rebuild or modifying the nominally " "immutable image\\&. (e\\&.g\\&. \"install\" a locally built package with " "B, making it available in /usr/ as if it was installed in the OS " "image itself\\&.) This case works regardless if the underlying host /usr/ is " "managed as immutable disk image or is a traditional package manager " "controlled (i\\&.e\\&. writable) tree\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm fedora-40 mageia-cauldron opensuse-leap-15-6 #: opensuse-tumbleweed msgid "" "For the confext case, the OSConfig project aims to perform runtime " "reconfiguration of OS services\\&. Sometimes, there is a need to swap " "certain configuration parameter values or restart only a specific service " "without deployment of new code or a complete OS deployment\\&. In other " "words, we want to be able to tie the most frequently configured options to " "runtime updateable flags that can be changed without a system reboot\\&. " "This will help reduce servicing times when there is a need for changing the " "OS configuration\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "COMMANDS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The following commands are understood by both the sysext and confext " "concepts:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When invoked without any command verb, or when B is specified the " "current merge status is shown, separately (for both /usr/ and /opt/ of " "sysext and for /etc/ of confext)\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "Added in version 248\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Merges all currently installed system extension images into /usr/ and /opt/, " "by overmounting these hierarchies with an \"overlayfs\" file system " "combining the underlying hierarchies with those included in the extension " "images\\&. This command will fail if the hierarchies are already merged\\&. " "For confext, the merge happens into the /etc/ directory instead\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Unmerges all currently installed system extension images from /usr/ and /" "opt/ for sysext and /etc/, for confext, by unmounting the \"overlayfs\" file " "systems created by B prior\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A combination of B and B: if already mounted the existing " "\"overlayfs\" instance is unmounted temporarily, and then replaced by a new " "version\\&. This command is useful after installing/removing system " "extension images, in order to update the \"overlayfs\" file system " "accordingly\\&. If no system extensions are installed when this command is " "executed, the equivalent of B is executed, without establishing any " "new \"overlayfs\" instance\\&. Note that currently there\\*(Aqs a brief " "moment where neither the old nor the new \"overlayfs\" file system is " "mounted\\&. This implies that all resources supplied by a system extension " "will briefly disappear \\(em even if it exists continuously during the " "refresh operation\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "A brief list of installed extension images is shown\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-h>, B<--help>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Print a short help text and exit\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--version>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Print a short version string and exit\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "OPTIONS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--root=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Operate relative to the specified root directory, i\\&.e\\&. establish the " "\"overlayfs\" mount not on the top-level host /usr/ and /opt/ hierarchies " "for sysext or /etc/ for confext, but below some specified root directory\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--force>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When merging system extensions into /usr/ and /opt/ for sysext and /etc/ for " "confext, ignore version incompatibilities, i\\&.e\\&. force merging " "regardless of whether the version information included in the images matches " "the host or not\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--image-policy=>I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Takes an image policy string as argument, as per B(7)\\&. The policy is enforced when operating on system extension " "disk images\\&. If not specified defaults to " "\"root=verity+signed+encrypted+unprotected+absent:" "usr=verity+signed+encrypted+unprotected+absent\" for system extensions, i\\&." "e\\&. only the root and /usr/ file systems in the image are used\\&. For " "configuration extensions defaults to " "\"root=verity+signed+encrypted+unprotected+absent\"\\&. When run in the " "initrd and operating on a system extension image stored in the /\\&.extra/" "sysext/ directory a slightly stricter policy is used by default: " "\"root=signed+absent:usr=signed+absent\", see above for details\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "Added in version 254\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--noexec=>I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When merging configuration extensions into /etc/ the \"MS_NOEXEC\" mount " "flag is used by default\\&. This option can be used to disable it\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "B<--no-reload>" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "" "When used with B, B or B, do not reload daemon " "after executing the changes even if an extension that is applied requires a " "reload via the I set to 1\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "Added in version 255\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--no-pager>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Do not pipe output into a pager\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--no-legend>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Do not print the legend, i\\&.e\\&. column headers and the footer with " "hints\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--json=>I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Shows output formatted as JSON\\&. Expects one of \"short\" (for the " "shortest possible output without any redundant whitespace or line breaks), " "\"pretty\" (for a pretty version of the same, with indentation and line " "breaks) or \"off\" (to turn off JSON output, the default)\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "EXIT STATUS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "On success, 0 is returned\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux debian-bookworm fedora-40 mageia-cauldron opensuse-leap-15-6 #: opensuse-tumbleweed msgid "B(1), B(1), B(7)" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "NOTES" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " 1." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Discoverable Partitions Specification" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "\\%https://uapi-group.org/specifications/specs/" "discoverable_partitions_specification" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " 2." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "Portable Services" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "\\%https://systemd.io/PORTABLE_SERVICES" msgstr "" #. type: TH #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "systemd 254" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 msgid "" "During boot OS extension images are activated automatically, if the systemd-" "sysext\\&.service is enabled\\&. Note that this service runs only after the " "underlying file systems where system extensions may be located have been " "mounted\\&. This means they are not suitable for shipping resources that are " "processed by subsystems running in earliest boot\\&. Specifically, OS " "extension images are not suitable for shipping system services or B(8) definitions\\&. See the \\m[blue]B\\m[]\\&\\s-2\\u[2]\\d\\s+2 for a simple mechanism for " "shipping system services in disk images, in a similar fashion to OS " "extensions\\&. Note the different isolation on these two mechanisms: while " "system extension directly extend the underlying OS image with additional " "files that appear in a way very similar to as if they were shipped in the OS " "image itself and thus imply no security isolation, portable services imply " "service level sandboxing in one way or another\\&. The systemd-sysext\\&." "service service is guaranteed to finish start-up before basic\\&.target is " "reached; i\\&.e\\&. at the time regular services initialize (those which do " "not use I), the files and directories system " "extensions provide are available in /usr/ and /opt/ and may be accessed\\&." msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 msgid "" "A simple mechanism for version compatibility is enforced: a system extension " "image must carry a /usr/lib/extension-release\\&.d/extension-release\\&." "I<$name> file, which must match its image name, that is compared with the " "host os-release file: the contained I fields have to match unless " "\"_any\" is set for the extension\\&. If the extension I is not " "\"_any\", the I field (if defined) has to match\\&. If the " "latter is not defined, the I field has to match instead\\&. If " "the extension defines the I field and the value is not " "\"_any\" it has to match the kernel\\*(Aqs architecture reported by " "B(2) but the used architecture identifiers are the same as for " "I described in B(5)\\&. System " "extensions should not ship a /usr/lib/os-release file (as that would be " "merged into the host /usr/ tree, overriding the host OS version data, which " "is not desirable)\\&. The extension-release file follows the same format and " "semantics, and carries the same content, as the os-release file of the OS, " "but it describes the resources carried in the extension image\\&." msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 msgid "" "Again, just like sysext images, the confext images will contain a /etc/" "extension-release\\&.d/extension-release\\&.I<$name> file, which must match " "the image name (with the usual escape hatch of xattr), and again with " "content being one or more of I, I, and " "I\\&. Confext images will then be checked and matched against " "the base OS layer\\&." msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 msgid "Portable Services Documentation" msgstr "" #. type: TH #: debian-unstable fedora-rawhide #, no-wrap msgid "systemd 256~rc3" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "systemd-sysext\\&.service" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "systemd-confext\\&.service" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "System extension images are strictly read-only by default\\&. On mutable " "host file systems, /usr/ and /opt/ hierarchies become read-only while " "extensions are merged, unless mutability is enabled\\&. Mutability may be " "enabled via the B<--mutable=> option; see \"Mutability\" below for more " "information\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "Just like sysexts, confexts are strictly read-only by default\\&. Merging " "confexts on mutable host file systems will result in /etc/ becoming read-" "only\\&. As with sysexts, mutability can be enabled via the B<--mutable=> " "option\\&. Refer to \"Mutability\" below for more information\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "With systemd-confext one can perform runtime reconfiguration of OS " "services\\&. Sometimes, there is a need to swap certain configuration " "parameter values or restart only a specific service without deployment of " "new code or a complete OS deployment\\&. In other words, we want to be able " "to tie the most frequently configured options to runtime updateable flags " "that can be changed without a system reboot\\&. This will help reduce " "servicing times when there is a need for changing the OS configuration\\&. " "It also provides a reliable tool for managing configuration because all old " "configuration files disappear when the systemd-confext image is removed\\&." msgstr "" #. type: SH #: debian-unstable fedora-rawhide #, no-wrap msgid "MUTABILITY" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "By default, merging system extensions on mutable host file systems will " "render /usr/ and /opt/ hierarchies read-only\\&. Merging configuration " "extensions will have the same effect on /etc/\\&. Mutable mode allows writes " "to these locations when extensions are merged\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "The following modes are supported:" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "B: Force immutable mode even if write routing directories exist " "below /var/lib/extensions\\&.mutable/\\&. This is the default\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "B: Automatic mode\\&. Mutability is disabled by default and only " "enabled if a corresponding write routing directory exists below /var/lib/" "extensions\\&.mutable/\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "B: Force mutable mode and automatically create write routing " "directories below /var/lib/extensions\\&.mutable/ when required\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "B: Force immutable mode like B above, but merge the " "contents of directories below /var/lib/extensions\\&.mutable/ into the host " "file system\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "B: Force mutable mode like B above, but instead of using " "write routing directory below /var/lib/extensions\\&.mutable/, B will use empty ephemeral directories\\&. This means that the " "modifications made in the merged hierarchies will be gone when the " "hierarchies are unmerged\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "B: Force mutable mode like B above, but instead " "of ignoring the contents of write routing directories under /var/lib/" "extensions\\&.mutable/, merge them into the host file system, like B " "does\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "See \"Options\" below on specifying modes using the B<--mutable=> command " "line option\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "With exception of the ephemeral mode, the mutable mode routes writes to " "subdirectories in /var/lib/extensions\\&.mutable/\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "Writes to /usr/ are directed to /var/lib/extensions\\&.mutable/usr/" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "writes to /opt/ are directed to /var/lib/extensions\\&.mutable/opt/, and" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "writes to /etc/ land in /var/lib/extensions\\&.mutable/etc/\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "If usr/, opt/, or etc/ in /var/lib/extensions\\&.mutable/ are symlinks, then " "writes are directed to the symlinks\\*(Aq targets\\&. Consequently, to " "retain mutability of a host file system, create symlinks" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "/var/lib/extensions\\&.mutable/etc/ → /etc/" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "/var/lib/extensions\\&.mutable/usr/ → /usr/" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "/var/lib/extensions\\&.mutable/opt/ → /opt/" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "to route writes back to the original base directory hierarchy\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "Alternatively, a temporary file system may be mounted to /var/lib/" "extensions\\&.mutable/, or symlinks in /var/lib/extensions\\&.mutable/ may " "point to sub-directories on a temporary file system (e\\&.g\\&. below /tmp/) " "to only allow ephemeral changes\\&. Note that this is not the same as " "ephemeral mode, because the temporary file system will still exist after " "unmerging\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "Added in version 256\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "B<--mutable=>IB<|>IB<|>I" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "Set mutable mode\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "B" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "force immutable mode even with write routing directories present\\&. This is " "the default\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "B" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "enable mutable mode individually for /usr/, /opt/, and /etc/ if write " "routing sub-directories or symlinks are present in /var/lib/extensions\\&." "mutable/; disable otherwise\\&. See \"Mutability\" above for more " "information on write routing\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "B" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "force mutable mode\\&. Write routing directories will be created in /var/lib/" "extensions\\&.mutable/ if not present\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "B" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "immutable mode, but with contents of write routing directories in /var/lib/" "extensions\\&.mutable/ also merged into the host file system\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "B" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "force mutable mode, but with contents of write routing directories in /var/" "lib/extensions\\&.mutable/ being ignored, and modifications of the host file " "system being discarded after unmerge\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "B" msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "force mutable mode, with contents of write routing directories in /var/lib/" "extensions\\&.mutable/ being merged into the host file system, but with the " "modifications made to the host file system being discarded after unmerge\\&." msgstr "" #. type: Plain text #: debian-unstable fedora-rawhide msgid "" "B(1), B(1), B(7), B(1)" msgstr "" #. type: Plain text #: fedora-40 msgid "" "A simple mechanism for version compatibility is enforced: a system extension " "image must carry a /usr/lib/extension-release\\&.d/extension-release\\&." "I file, which must match its image name, that is compared with the " "host os-release file: the contained I fields have to match unless " "\"_any\" is set for the extension\\&. If the extension I is not " "\"_any\", the I field (if defined) has to match\\&. If the " "latter is not defined, the I field has to match instead\\&. If " "the extension defines the I field and the value is not " "\"_any\" it has to match the kernel\\*(Aqs architecture reported by " "B(2) but the used architecture identifiers are the same as for " "I described in B(5)\\&. " "I can be set to 1 if the extension requires a " "service manager reload after application of the extension\\&. Note that the " "for the reasons mentioned earlier: \\m[blue]B\\m[]\\&\\s-2\\u[2]\\d\\s+2 remain the recommended way to ship " "system services\\&. System extensions should not ship a /usr/lib/os-release " "file (as that would be merged into the host /usr/ tree, overriding the host " "OS version data, which is not desirable)\\&. The extension-release file " "follows the same format and semantics, and carries the same content, as the " "os-release file of the OS, but it describes the resources carried in the " "extension image\\&." msgstr ""