Merging upstream version 256.5.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

9 files changed, 121 insertions, 30 deletions

diff --git a/man/repart.d.xml b/man/repart.d.xml
index 52e6b97..474521e 100644
--- a/man/repart.d.xml
+++ b/man/repart.d.xml
@@ -708,7 +708,7 @@
         <citerefentry
         project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
 
-        <para>If both bit 50 and 59 are set for a partition (i.e. the partition is marked both read-only and
+        <para>If both bit 60 and 59 are set for a partition (i.e. the partition is marked both read-only and
         marked for file system growing) the latter is typically without effect: the read-only flag takes
         precedence in most tools reading these flags, and since growing the file system involves writing to
         the partition it is consequently ignored.</para>
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
index 2239294..a4fcdfb 100644
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -62,7 +62,7 @@
         </thead>
         <tbody>
           <row>
-            <entry valign="top" morerows="16">VM</entry>
+            <entry valign="top" morerows="17">VM</entry>
             <entry><varname>qemu</varname></entry>
             <entry>QEMU software virtualization, without KVM</entry>
           </row>
@@ -217,6 +217,50 @@
     WSL is categorized as a container for practical purposes.
     Multiple WSL environments share the same kernel and services
     should generally behave like when being run in a container.</para>
+
+    <para>When executed with <option>--cvm</option>, instead of
+    printing the virtualization technology, it will display the
+    confidential virtual machine technology, if any. The
+    following technologies are currently identified:</para>
+
+    <table>
+      <title>Known confidential virtualization technologies</title>
+      <tgroup cols='2' align='left' colsep='1' rowsep='1'>
+        <colspec colname="id" />
+        <colspec colname="product" />
+        <thead>
+          <row>
+            <entry>Arch</entry>
+            <entry>ID</entry>
+            <entry>Technology</entry>
+          </row>
+        </thead>
+        <tbody>
+          <row>
+            <entry valign="top" morerows="3">x86_64</entry>
+            <entry><varname>sev</varname></entry>
+            <entry>AMD Secure Encrypted Virtualization</entry>
+          </row>
+          <row>
+            <entry><varname>sev-es</varname></entry>
+            <entry>AMD Secure Encrypted Virtualization - Encrypted State</entry>
+          </row>
+          <row>
+            <entry><varname>sev-snp</varname></entry>
+            <entry>AMD Secure Encrypted Virtualization - Secure Nested Paging</entry>
+          </row>
+          <row>
+            <entry><varname>tdx</varname></entry>
+            <entry>Intel Trust Domain Extensions</entry>
+          </row>
+          <row>
+            <entry>s390x</entry>
+            <entry><varname>protvirt</varname></entry>
+            <entry>IBM Protected Virtualization (Secure Execution)</entry>
+          </row>
+        </tbody>
+      </tgroup>
+    </table>
   </refsect1>
 
   <refsect1>
diff --git a/man/systemd-path.xml b/man/systemd-path.xml
index 153a9bd..16f7927 100644
--- a/man/systemd-path.xml
+++ b/man/systemd-path.xml
@@ -43,6 +43,12 @@
     The variables whose name begins with <literal>search-</literal>
     do not refer to individual paths, but instead to a list of
     colon-separated search paths, in their order of precedence.</para>
+
+    <para>Note that paths which depend on environment variables are
+    computed with <command>systemd-path</command>'s invoked
+    environment, and not the system or user manager's environment. As
+    such, the output of <command>systemd-path</command> may not
+    reflect the behavior of manager processes.</para>
   </refsect1>
 
   <refsect1>
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index ae5b61b..39117f6 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -474,10 +474,12 @@
         <term><varname>ManagerEnvironment=</varname></term>
 
         <listitem><para>Takes the same arguments as <varname>DefaultEnvironment=</varname>, see above. Sets
-        environment variables just for the manager process itself. In contrast to user managers, these variables
-        are not inherited by processes spawned by the system manager, use <varname>DefaultEnvironment=</varname>
+        environment variables for the manager process itself. These variables are inherited by processes
+        spawned by user managers, but not the system manager - use <varname>DefaultEnvironment=</varname>
         for that. Note that these variables are merged into the existing environment block. In particular, in
-        case of the system manager, this includes variables set by the kernel based on the kernel command line.</para>
+        case of the system manager, this includes variables set by the kernel based on the kernel command line.
+        As with <varname>DefaultEnvironment=</varname>, this environment block is internal, and changes are not
+        reflected in the manager's <filename>/proc/PID/environ</filename>.</para>
 
         <para>Setting environment variables for the manager process may be useful to modify its behaviour.
         See <ulink url="https://systemd.io/ENVIRONMENT">Known Environment Variables</ulink> for a
diff --git a/man/systemd-sysusers.xml b/man/systemd-sysusers.xml
index 8954227..8ace9a8 100644
--- a/man/systemd-sysusers.xml
+++ b/man/systemd-sysusers.xml
@@ -42,15 +42,15 @@
 
     <para>If invoked with no arguments, directives from the configuration files found in the directories
     specified by
-    <citerefentry><refentrytitle>sysusers.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>. When
-    invoked with positional arguments, if option <option>--replace=<replaceable>PATH</replaceable></option>
-    is specified, arguments specified on the command line are used instead of the configuration file
-    <replaceable>PATH</replaceable>. Otherwise, just the configuration specified by the command line
-    arguments is executed. If the string <literal>-</literal> is specified instead of a filename, the
-    configuration is read from standard input. If the argument is a file name (without any slashes), all
-    configuration directories are searched for a matching file and the file found that has the highest
-    priority is executed. If the argument is a path, that file is used directly without searching the
-    configuration directories for any other matching file.</para>
+    <citerefentry><refentrytitle>sysusers.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> are
+    executed. When invoked with positional arguments, if option
+    <option>--replace=<replaceable>PATH</replaceable></option> is specified, arguments specified on the
+    command line are used instead of the configuration file <replaceable>PATH</replaceable>. Otherwise, just
+    the configuration specified by the command line arguments is executed. If the string <literal>-</literal>
+    is specified instead of a filename, the configuration is read from standard input. If the argument is a
+    file name (without any slashes), all configuration directories are searched for a matching file and the
+    file found that has the highest priority is executed. If the argument is a path, that file is used
+    directly without searching the configuration directories for any other matching file.</para>
   </refsect1>
 
   <refsect1>
diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
index e744a4c..923503e 100644
--- a/man/systemd-tmpfiles.xml
+++ b/man/systemd-tmpfiles.xml
@@ -65,15 +65,15 @@
 
     <para>If invoked with no arguments, directives from the configuration files found in the directories
     specified by
-    <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>. When
-    invoked with positional arguments, if option <option>--replace=<replaceable>PATH</replaceable></option>
-    is specified, arguments specified on the command line are used instead of the configuration file
-    <replaceable>PATH</replaceable>. Otherwise, just the configuration specified by the command line
-    arguments is executed. If the string <literal>-</literal> is specified instead of a filename, the
-    configuration is read from standard input. If the argument is a file name (without any slashes), all
-    configuration directories are searched for a matching file and the file found that has the highest
-    priority is executed. If the argument is a path, that file is used directly without searching the
-    configuration directories for any other matching file.</para>
+    <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> are
+    executed. When invoked with positional arguments, if option
+    <option>--replace=<replaceable>PATH</replaceable></option> is specified, arguments specified on the
+    command line are used instead of the configuration file <replaceable>PATH</replaceable>. Otherwise, just
+    the configuration specified by the command line arguments is executed. If the string <literal>-</literal>
+    is specified instead of a filename, the configuration is read from standard input. If the argument is a
+    file name (without any slashes), all configuration directories are searched for a matching file and the
+    file found that has the highest priority is executed. If the argument is a path, that file is used
+    directly without searching the configuration directories for any other matching file.</para>
 
     <para>System services (<filename>systemd-tmpfiles-setup.service</filename>,
     <filename>systemd-tmpfiles-setup-dev-early.service</filename>,
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index ff811c2..7931298 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -478,7 +478,8 @@
           bridge as that would create naming conflict when there are more child devices on that bridge. Now,
           this is relaxed and we will use slot information to generate the name based on it but only if
           the PCI device has multiple functions. This is safe because distinct function number is a part of
-          the device name for multifunction devices.</para>
+          the device name for multifunction devices. Note, this is reverted in <constant>v255</constant>.
+          See below.</para>
 
           <xi:include href="version-info.xml" xpointer="v251"/>
           </listitem>
@@ -521,6 +522,9 @@
           <listitem><para>Naming was changed for SR-IOV virtual device representors to enable the
           change introduced in <constant>v254</constant> by default.</para>
 
+          <para>If we detect that a PCI device associated with a slot is a PCI bridge, we no longer set
+          <varname>ID_NET_NAME_SLOT</varname>, reverting a change that was introduced in v251.</para>
+
           <xi:include href="version-info.xml" xpointer="v255"/>
           </listitem>
         </varlistentry>
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index b0efd62..1e3f244 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -708,6 +708,14 @@ Table=1234</programlisting></para>
           number of dynamically created network interfaces with the same network configuration and
           automatic address range assignment.</para>
 
+          <para>If an IPv4 link-local address (169.254.0.0/16) is specified, IPv4 Address Conflict
+          Detection (<ulink url="https://tools.ietf.org/html/rfc5227">RFC 5227</ulink>) is enabled for the
+          address. To assign an IPv4 link-local address without IPv4 Address Conflict Detection, please use
+          [Address] section to configure the address and disable <varname>DuplicateAddressDetection=</varname>.
+          <programlisting>[Address]
+Address=169.254.10.1/24
+DuplicateAddressDetection=none</programlisting></para>
+
           <para>If an empty string is specified, then the all previous assignments in both [Network] and
           [Address] sections are cleared.</para>
 
@@ -845,7 +853,7 @@ Table=1234</programlisting></para>
       <varlistentry>
         <term><varname>IPv6Forwarding=</varname></term>
         <listitem>
-          <para>Configures IPv6 packet forwarding for the interface. Takes a boolean value. This controls the
+          <para>Configures interface-specific host/router behaviour. Takes a boolean value. This controls the
           <filename>net.ipv6.conf.<replaceable>INTERFACE</replaceable>.forwarding</filename> sysctl option of
           the network interface. See
           <ulink url="https://docs.kernel.org/networking/ip-sysctl.html">IP Sysctl</ulink>
@@ -859,6 +867,14 @@ Table=1234</programlisting></para>
           <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
           </para>
 
+          <para>Note, unlike <varname>IPv4Forwarding=</varname>, enabling per-interface
+          <varname>IPv6Forwarding=</varname> on two or more interfaces <emphasis>DOES NOT</emphasis> make IPv6
+          packets forwarded within the interfaces. This setting just controls the per-interface sysctl value,
+          and the sysctl value is not directly correlated to whether packets are forwarded. To ensure IPv6
+          packets forwarded, the global setting in
+          <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+          needs to be enabled.</para>
+
           <xi:include href="version-info.xml" xpointer="v256"/>
         </listitem>
       </varlistentry>
@@ -1191,6 +1207,18 @@ Table=1234</programlisting></para>
           carrier. Defaults to false. If enabled, and the <varname>IgnoreCarrierLoss=</varname> setting
           is not explicitly set, then it is enabled as well.</para>
 
+          <para>With this enabled, to make the interface enter the <literal>configured</literal> state,
+          which is required to make <command>systemd-networkd-wait-online</command> work properly for the
+          interface, all dynamic address configuration mechanisms like <varname>DHCP=</varname> and
+          <varname>IPv6AcceptRA=</varname> (which is enabled by default in most cases) need to be disabled.
+          Also, <varname>DuplicateAddressDetection=</varname> (which is enabled by default for IPv4
+          link-local addresses and all IPv6 addresses) needs to be disabled for all static address
+          configurations. Otherwise, without carrier, the interface will be stuck in the
+          <literal>configuring</literal> state, and <command>systemd-networkd-wait-online</command> for the
+          interface will timeout. Also, it is recommended to set
+          <varname>RequiredForOnline=no-carrier</varname> to make
+          <command>systemd-networkd-wait-online</command> work for the interface.</para>
+
           <xi:include href="version-info.xml" xpointer="v235"/>
         </listitem>
       </varlistentry>
@@ -1366,10 +1394,10 @@ Table=1234</programlisting></para>
           Detection. See <ulink url="https://tools.ietf.org/html/rfc5227">RFC 5227</ulink>.
           When <literal>ipv6</literal>, performs IPv6 Duplicate Address Detection. See
           <ulink url="https://tools.ietf.org/html/rfc4862">RFC 4862</ulink>. Defaults to
-          <literal>ipv4</literal> for IPv4 link-local addresses, <literal>ipv6</literal> for IPv6
-          addresses, and <literal>none</literal> otherwise.</para>
+          <literal>ipv4</literal> for IPv4 link-local addresses (169.254.0.0/16), <literal>ipv6</literal>
+          for IPv6 addresses, and <literal>none</literal> otherwise.</para>
 
-        <xi:include href="version-info.xml" xpointer="v232"/>
+          <xi:include href="version-info.xml" xpointer="v232"/>
         </listitem>
       </varlistentry>
 
@@ -1682,7 +1710,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
           one of predefined names <literal>default</literal>, <literal>main</literal>, and
           <literal>local</literal>, and names defined in <varname>RouteTable=</varname> in
           <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
-          or a number between 1 and 4294967295. Defaults to <literal>main</literal>.</para>
+          or a number between 1 and 4294967295. Defaults to <literal>main</literal>.
+          Ignored if <varname>L3MasterDevice=</varname> is true.</para>
 
           <xi:include href="version-info.xml" xpointer="v235"/>
         </listitem>
@@ -2053,7 +2082,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
           <command>ip route show table <replaceable>num</replaceable></command>. If unset and
           <varname>Type=</varname> is <literal>local</literal>, <literal>broadcast</literal>,
           <literal>anycast</literal>, or <literal>nat</literal>, then <literal>local</literal> is used.
-          In other cases, defaults to <literal>main</literal>. Ignored if <varname>L3MasterDevice=</varname> is true.</para>
+          In other cases, defaults to <literal>main</literal>.</para>
 
           <xi:include href="version-info.xml" xpointer="v230"/>
         </listitem>
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
index 6667ac5..397b3cd 100644
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
@@ -622,6 +622,12 @@
         <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
         </para>
 
+        <para>Note that the start timeout is also applied to service reloads, regardless if implemented
+        through <varname>ExecReload=</varname> or via the reload logic enabled via <varname>Type=notify-reload</varname>.
+        If the reload does not complete within the configured time, the reload will be considered failed and
+        the service will continue running with the old configuration. This will not affect the running service,
+        but will be logged and will cause e.g. <command>systemctl reload</command> to fail.</para>
+
         <xi:include href="version-info.xml" xpointer="v188"/></listitem>
       </varlistentry>