diff options
Diffstat (limited to 'man')
| -rw-r--r-- | man/capsule@.service.xml | 2 | ||||
| -rw-r--r-- | man/file-hierarchy.xml | 464 | ||||
| -rw-r--r-- | man/kernel-install.xml | 8 | ||||
| -rw-r--r-- | man/machine-id.xml | 2 | ||||
| -rw-r--r-- | man/systemd-tmpfiles.xml | 2 | ||||
| -rw-r--r-- | man/systemd.exec.xml | 5 | ||||
| -rw-r--r-- | man/tmpfiles.d.xml | 6 |
7 files changed, 170 insertions, 319 deletions
diff --git a/man/capsule@.service.xml b/man/capsule@.service.xml index aa5b1bb..f9c5455 100644 --- a/man/capsule@.service.xml +++ b/man/capsule@.service.xml @@ -41,7 +41,7 @@ <listitem><para>The capsule service manager utilizes <varname>DynamicUser=</varname> (see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>) to allocate a new UID dynamically on invocation. The user name is automatically generated from the capsule - name, by prefixng <literal>p_</literal>. The UID is released when the service is terminated. The user + name, by prefixing <literal>c-</literal>. The UID is released when the service is terminated. The user service manager on the other hand operates under a statically allocated user ID that must be pre-existing, before the user service manager is invoked.</para></listitem> diff --git a/man/file-hierarchy.xml b/man/file-hierarchy.xml index 02841a7..04dfbe4 100644 --- a/man/file-hierarchy.xml +++ b/man/file-hierarchy.xml @@ -48,93 +48,63 @@ <variablelist> <varlistentry> <term><filename>/</filename></term> - <listitem><para>The file system root. Usually writable, but - this is not required. Possibly a temporary file system - (<literal>tmpfs</literal>). Not shared with other hosts - (unless read-only). </para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>The file system root. Usually writable, but this is not required. Possibly a + temporary file system (<literal>tmpfs</literal>). Not shared with other hosts (unless + read-only).</para></listitem> </varlistentry> <varlistentry> <term><filename>/boot/</filename></term> - <listitem><para>The boot partition used for bringing up the - system. On EFI systems, this is possibly the EFI System - Partition (ESP), also see + <listitem><para>The boot partition used for bringing up the system. On EFI systems, this is possibly + the EFI System Partition (ESP), also see <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>. - This directory is usually strictly local to the host, and - should be considered read-only, except when a new kernel or - boot loader is installed. This directory only exists on - systems that run on physical or emulated hardware that - requires boot loaders.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + This directory is usually strictly local to the host, and should be considered read-only, except when + a new kernel or boot loader is installed. This directory only exists on systems that run on physical + or emulated hardware that requires boot loaders.</para></listitem> </varlistentry> <varlistentry> <term><filename>/efi/</filename></term> - <listitem><para>If the boot partition <filename>/boot/</filename> is maintained separately from the EFI System - Partition (ESP), the latter is mounted here. Tools that need to operate on the EFI system partition should look - for it at this mount point first, and fall back to <filename>/boot/</filename> — if the former doesn't qualify - (for example if it is not a mount point or does not have the correct file system type - <constant>MSDOS_SUPER_MAGIC</constant>).</para> - - <xi:include href="version-info.xml" xpointer="v239"/></listitem> + <listitem><para>If the boot partition <filename>/boot/</filename> is maintained separately from the + EFI System Partition (ESP), the latter is mounted here. Tools that need to operate on the EFI system + partition should look for it at this mount point first, and fall back to <filename>/boot/</filename> + — if the former doesn't qualify (for example if it is not a mount point or does not have the correct + file system type <constant>MSDOS_SUPER_MAGIC</constant>).</para></listitem> </varlistentry> <varlistentry> <term><filename>/etc/</filename></term> - <listitem><para>System-specific configuration. This directory - may or may not be read-only. Frequently, this directory is - pre-populated with vendor-supplied configuration files, but - applications should not make assumptions about this directory - being fully populated or populated at all, and should fall - back to defaults if configuration is - missing.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>System-specific configuration. This directory may or may not be + read-only. Frequently, this directory is pre-populated with vendor-supplied configuration files, but + applications should not make assumptions about this directory being fully populated or populated at + all, and should fall back to defaults if configuration is missing.</para></listitem> </varlistentry> <varlistentry> <term><filename>/home/</filename></term> - <listitem><para>The location for normal user's home - directories. Possibly shared with other systems, and never - read-only. This directory should only be used for normal - users, never for system users. This directory and possibly the - directories contained within it might only become available or - writable in late boot or even only after user authentication. - This directory might be placed on limited-functionality - network file systems, hence applications should not assume the - full set of file API is available on this directory. - Applications should generally not reference this directory - directly, but via the per-user <varname>$HOME</varname> - environment variable, or via the home directory field of the - user database.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>The location for normal user's home directories. Possibly shared with other systems, + and never read-only. This directory should only be used for normal users, never for system + users. This directory and possibly the directories contained within it might only become available or + writable in late boot or even only after user authentication. This directory might be placed on + limited-functionality network file systems, hence applications should not assume the full set of file + API is available on this directory. Applications should generally not reference this directory + directly, but via the per-user <varname>$HOME</varname> environment variable, or via the home + directory field of the user database.</para></listitem> </varlistentry> <varlistentry> <term><filename>/root/</filename></term> - <listitem><para>The home directory of the root user. The root - user's home directory is located outside of - <filename>/home/</filename> in order to make sure the root user - may log in even without <filename>/home/</filename> being - available and mounted.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>The home directory of the root user. The root user's home directory is located + outside of <filename>/home/</filename> in order to make sure the root user may log in even without + <filename>/home/</filename> being available and mounted.</para></listitem> </varlistentry> <varlistentry> <term><filename>/srv/</filename></term> - <listitem><para>The place to store general server payload, - managed by the administrator. No restrictions are made how - this directory is organized internally. Generally writable, - and possibly shared among systems. This directory might become - available or writable only very late during - boot.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>The place to store general server payload, managed by the administrator. No + restrictions are made how this directory is organized internally. Generally writable, and possibly + shared among systems. This directory might become available or writable only very late during + boot.</para></listitem> </varlistentry> <varlistentry> @@ -156,10 +126,7 @@ <citerefentry project='man-pages'><refentrytitle>mkdtemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>, and similar calls. For more details, see <ulink url="https://systemd.io/TEMPORARY_DIRECTORIES">Using - /tmp/ and /var/tmp/ Safely</ulink>.</para> - - <xi:include href="version-info.xml" xpointer="v215"/> - </listitem> + /tmp/ and /var/tmp/ Safely</ulink>.</para></listitem> </varlistentry> </variablelist> @@ -173,34 +140,24 @@ <term><filename>/run/</filename></term> <listitem><para>A <literal>tmpfs</literal> file system for system packages to place runtime data, socket files, and similar. This directory is flushed on boot, and generally writable for privileged - programs only. Always writable.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + programs only. Always writable.</para></listitem> </varlistentry> <varlistentry> <term><filename>/run/log/</filename></term> - <listitem><para>Runtime system logs. System components may - place private logs in this directory. Always writable, even - when <filename>/var/log/</filename> might not be accessible - yet.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>Runtime system logs. System components may place private logs in this + directory. Always writable, even when <filename>/var/log/</filename> might not be accessible + yet.</para></listitem> </varlistentry> <varlistentry> <term><filename>/run/user/</filename></term> - <listitem><para>Contains per-user runtime directories, each - usually individually mounted <literal>tmpfs</literal> - instances. Always writable, flushed at each reboot and when - the user logs out. User code should not reference this - directory directly, but via the - <varname>$XDG_RUNTIME_DIR</varname> environment variable, as - documented in the <ulink - url="https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG - Base Directory Specification</ulink>.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>Contains per-user runtime directories, each usually individually mounted + <literal>tmpfs</literal> instances. Always writable, flushed at each reboot and when the user logs + out. User code should not reference this directory directly, but via the + <varname>$XDG_RUNTIME_DIR</varname> environment variable, as documented in the <ulink + url="https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG Base Directory + Specification</ulink>.</para></listitem> </varlistentry> </variablelist> </refsect1> @@ -212,99 +169,68 @@ <varlistentry> <term><filename>/usr/</filename></term> - <listitem><para>Vendor-supplied operating system resources. - Usually read-only, but this is not required. Possibly shared - between multiple hosts. This directory should not be modified - by the administrator, except when installing or removing - vendor-supplied packages.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>Vendor-supplied operating system resources. Usually read-only, but this is not + required. Possibly shared between multiple hosts. This directory should not be modified by the + administrator, except when installing or removing vendor-supplied packages.</para></listitem> </varlistentry> <varlistentry> <term><filename>/usr/bin/</filename></term> - <listitem><para>Binaries and executables for user commands - that shall appear in the <varname>$PATH</varname> search path. - It is recommended not to place binaries in this directory that - are not useful for invocation from a shell (such as daemon - binaries); these should be placed in a subdirectory of - <filename>/usr/lib/</filename> instead.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>Binaries and executables for user commands that shall appear in the + <varname>$PATH</varname> search path. It is recommended not to place binaries in this directory that + are not useful for invocation from a shell (such as daemon binaries); these should be placed in a + subdirectory of <filename>/usr/lib/</filename> instead.</para></listitem> </varlistentry> <varlistentry> <term><filename>/usr/include/</filename></term> - <listitem><para>C and C++ API header files of system - libraries.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>C and C++ API header files of system libraries.</para></listitem> </varlistentry> <varlistentry> <term><filename>/usr/lib/</filename></term> - <listitem><para>Static, private vendor data that is compatible - with all architectures (though not necessarily - architecture-independent). Note that this includes internal - executables or other binaries that are not regularly invoked - from a shell. Such binaries may be for any architecture - supported by the system. Do not place public libraries in this - directory, use <varname>$libdir</varname> (see below), - instead.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>Static, private vendor data that is compatible with all architectures (though not + necessarily architecture-independent). Note that this includes internal executables or other binaries + that are not regularly invoked from a shell. Such binaries may be for any architecture supported by + the system. Do not place public libraries in this directory, use <varname>$libdir</varname> (see + below), instead.</para></listitem> </varlistentry> <varlistentry> <term><filename>/usr/lib/<replaceable>arch-id</replaceable>/</filename></term> - <listitem><para>Location for placing dynamic libraries into, also - called <varname>$libdir</varname>. The architecture identifier - to use is defined on <ulink - url="https://wiki.debian.org/Multiarch/Tuples">Multiarch - Architecture Specifiers (Tuples)</ulink> list. Legacy - locations of <varname>$libdir</varname> are - <filename>/usr/lib/</filename>, - <filename>/usr/lib64/</filename>. This directory should not be - used for package-specific data, unless this data is - architecture-dependent, too. To query - <varname>$libdir</varname> for the primary architecture of the - system, invoke: - <programlisting># systemd-path system-library-arch</programlisting></para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> - + <listitem><para>Location for placing dynamic libraries into, also called + <varname>$libdir</varname>. The architecture identifier to use is defined on <ulink + url="https://wiki.debian.org/Multiarch/Tuples">Multiarch Architecture Specifiers (Tuples)</ulink> + list. Legacy locations of <varname>$libdir</varname> are <filename>/usr/lib/</filename>, + <filename>/usr/lib64/</filename>. This directory should not be used for package-specific data, unless + this data is architecture-dependent, too. To query <varname>$libdir</varname> for the primary + architecture of the system, invoke: <programlisting># systemd-path + system-library-arch</programlisting></para></listitem> </varlistentry> <varlistentry> <term><filename>/usr/share/</filename></term> - <listitem><para>Resources shared between multiple packages, - such as documentation, man pages, time zone information, fonts - and other resources. Usually, the precise location and format - of files stored below this directory is subject to - specifications that ensure interoperability.</para> + <listitem><para>Resources shared between multiple packages, such as documentation, man pages, time + zone information, fonts and other resources. Usually, the precise location and format of files stored + below this directory is subject to specifications that ensure interoperability.</para> - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <para>Note that resources placed in this directory typically are under shared ownership, + i.e. multiple different packages have provide and consume these resources, on equal footing, without + any obvious primary owner. This makes makes things systematically different from + <filename>/usr/lib/</filename>, where ownership is generally not shared.</para></listitem> </varlistentry> <varlistentry> <term><filename>/usr/share/doc/</filename></term> - <listitem><para>Documentation for the operating system or - system packages.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>Documentation for the operating system or system packages.</para></listitem> </varlistentry> <varlistentry> <term><filename>/usr/share/factory/etc/</filename></term> - <listitem><para>Repository for vendor-supplied default - configuration files. This directory should be populated with - pristine vendor versions of all configuration files that may - be placed in <filename>/etc/</filename>. This is useful to - compare the local configuration of a system with vendor - defaults and to populate the local configuration with - defaults.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>Repository for vendor-supplied default configuration files. This directory should be + populated with pristine vendor versions of all configuration files that may be placed in + <filename>/etc/</filename>. This is useful to compare the local configuration of a system with vendor + defaults and to populate the local configuration with defaults.</para></listitem> </varlistentry> <varlistentry> @@ -313,10 +239,7 @@ <listitem><para>Similar to <filename>/usr/share/factory/etc/</filename>, but for vendor versions of files in the variable, persistent data directory - <filename>/var/</filename>.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> - + <filename>/var/</filename>.</para></listitem> </varlistentry> </variablelist> </refsect1> @@ -333,49 +256,34 @@ system might start up without this directory being populated. Persistency is recommended, but optional, to support ephemeral systems. This directory might become available or writable only very late during boot. Components that are required to operate during early boot hence shall not - unconditionally rely on this directory.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + unconditionally rely on this directory.</para></listitem> </varlistentry> <varlistentry> <term><filename>/var/cache/</filename></term> - <listitem><para>Persistent system cache data. System - components may place non-essential data in this directory. - Flushing this directory should have no effect on operation of - programs, except for increased runtimes necessary to rebuild - these caches.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>Persistent system cache data. System components may place non-essential data in this + directory. Flushing this directory should have no effect on operation of programs, except for + increased runtimes necessary to rebuild these caches.</para></listitem> </varlistentry> <varlistentry> <term><filename>/var/lib/</filename></term> - <listitem><para>Persistent system data. System components may - place private data in this directory.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>Persistent system data. System components may place private data in this + directory.</para></listitem> </varlistentry> <varlistentry> <term><filename>/var/log/</filename></term> - <listitem><para>Persistent system logs. System components may - place private logs in this directory, though it is recommended - to do most logging via the - <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry> - and + <listitem><para>Persistent system logs. System components may place private logs in this directory, + though it is recommended to do most logging via the <citerefentry + project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry> and <citerefentry><refentrytitle>sd_journal_print</refentrytitle><manvolnum>3</manvolnum></citerefentry> - calls.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + calls.</para></listitem> </varlistentry> <varlistentry> <term><filename>/var/spool/</filename></term> - <listitem><para>Persistent system spool data, such as printer - or mail queues.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>Persistent system spool data, such as printer or mail queues.</para></listitem> </varlistentry> <varlistentry> @@ -396,10 +304,8 @@ <citerefentry project='man-pages'><refentrytitle>mkdtemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>, and similar calls should be used. For further details about this directory, see <ulink - url="https://systemd.io/TEMPORARY_DIRECTORIES">Using /tmp/ and /var/tmp/ Safely</ulink>.</para> - - <xi:include href="version-info.xml" xpointer="v215"/> - </listitem> + url="https://systemd.io/TEMPORARY_DIRECTORIES">Using /tmp/ and /var/tmp/ + Safely</ulink>.</para></listitem> </varlistentry> </variablelist> @@ -411,97 +317,67 @@ <variablelist> <varlistentry> <term><filename>/dev/</filename></term> - <listitem><para>The root directory for device nodes. Usually, - this directory is mounted as a <literal>devtmpfs</literal> - instance, but might be of a different type in - sandboxed/containerized setups. This directory is managed - jointly by the kernel and + <listitem><para>The root directory for device nodes. Usually, this directory is mounted as a + <literal>devtmpfs</literal> instance, but might be of a different type in sandboxed/containerized + setups. This directory is managed jointly by the kernel and <citerefentry><refentrytitle>systemd-udevd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - and should not be written to by other components. A number of - special purpose virtual file systems might be mounted below - this directory.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + and should not be written to by other components. A number of special purpose virtual file systems + might be mounted below this directory.</para></listitem> </varlistentry> <varlistentry> <term><filename>/dev/shm/</filename></term> - <listitem><para>Place for POSIX shared memory segments, as - created via - <citerefentry project='die-net'><refentrytitle>shm_open</refentrytitle><manvolnum>3</manvolnum></citerefentry>. - This directory is flushed on boot, and is a - <literal>tmpfs</literal> file system. Since all users have - write access to this directory, special care should be taken - to avoid name clashes and vulnerabilities. For normal users, - shared memory segments in this directory are usually deleted - when the user logs out. Usually, it is a better idea to use - memory mapped files in <filename>/run/</filename> (for system - programs) or <varname>$XDG_RUNTIME_DIR</varname> (for user - programs) instead of POSIX shared memory segments, since these - directories are not world-writable and hence not vulnerable to - security-sensitive name clashes.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>Place for POSIX shared memory segments, as created via <citerefentry + project='die-net'><refentrytitle>shm_open</refentrytitle><manvolnum>3</manvolnum></citerefentry>. + This directory is flushed on boot, and is a <literal>tmpfs</literal> file system. Since all users + have write access to this directory, special care should be taken to avoid name clashes and + vulnerabilities. For normal users, shared memory segments in this directory are usually deleted when + the user logs out. Usually, it is a better idea to use memory mapped files in + <filename>/run/</filename> (for system programs) or <varname>$XDG_RUNTIME_DIR</varname> (for user + programs) instead of POSIX shared memory segments, since these directories are not world-writable and + hence not vulnerable to security-sensitive name clashes.</para></listitem> </varlistentry> <varlistentry> <term><filename>/proc/</filename></term> - <listitem><para>A virtual kernel file system exposing the - process list and other functionality. This file system is - mostly an API to interface with the kernel and not a place - where normal files may be stored. For details, see - <citerefentry project='man-pages'><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>. - A number of special purpose virtual file systems might be - mounted below this directory.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>A virtual kernel file system exposing the process list and other functionality. This + file system is mostly an API to interface with the kernel and not a place where normal files may be + stored. For details, see <citerefentry + project='man-pages'><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>. A + number of special purpose virtual file systems might be mounted below this + directory.</para></listitem> </varlistentry> <varlistentry> <term><filename>/proc/sys/</filename></term> - <listitem><para>A hierarchy below <filename>/proc/</filename> - that exposes a number of kernel tunables. The primary way to - configure the settings in this API file tree is via + <listitem><para>A hierarchy below <filename>/proc/</filename> that exposes a number of kernel + tunables. The primary way to configure the settings in this API file tree is via <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> - files. In sandboxed/containerized setups, this directory is - generally mounted read-only.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + files. In sandboxed/containerized setups, this directory is generally mounted + read-only.</para></listitem> </varlistentry> <varlistentry> <term><filename>/sys/</filename></term> - <listitem><para>A virtual kernel file system exposing - discovered devices and other functionality. This file system - is mostly an API to interface with the kernel and not a place - where normal files may be stored. In sandboxed/containerized - setups, this directory is generally mounted read-only. A number - of special purpose virtual file systems might be mounted below - this directory.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>A virtual kernel file system exposing discovered devices and other + functionality. This file system is mostly an API to interface with the kernel and not a place where + normal files may be stored. In sandboxed/containerized setups, this directory is generally mounted + read-only. A number of special purpose virtual file systems might be mounted below this + directory.</para></listitem> </varlistentry> <varlistentry> <term><filename>/sys/fs/cgroup/</filename></term> - <listitem><para>A virtual kernel file system exposing process - control groups (cgroups). This file system is an API to interface - with the kernel and not a place where normal files may be stored. On - current systems running in the default "unified" mode, - this directory serves as the mount point for the - <literal>cgroup2</literal> filesystem, which provides a unified - cgroup hierarchy for all resource controllers. On systems with - non-default configurations, this directory may instead be a tmpfs - filesystem containing mount points for various - <literal>cgroup</literal> (v1) resource controllers; in such - configurations, if <literal>cgroup2</literal> is mounted it will be - mounted on <filename>/sys/fs/cgroup/unified/</filename>, but - cgroup2 will not have resource controllers attached. In - sandboxed/containerized setups, this directory may either not exist or - may include a subset of functionality. - </para> - - <xi:include href="version-info.xml" xpointer="v251"/></listitem> + <listitem><para>A virtual kernel file system exposing process control groups (cgroups). This file + system is an API to interface with the kernel and not a place where normal files may be stored. On + current systems running in the default "unified" mode, this directory serves as the mount point for + the <literal>cgroup2</literal> filesystem, which provides a unified cgroup hierarchy for all resource + controllers. On systems with non-default configurations, this directory may instead be a tmpfs + filesystem containing mount points for various <literal>cgroup</literal> (v1) resource controllers; + in such configurations, if <literal>cgroup2</literal> is mounted it will be mounted on + <filename>/sys/fs/cgroup/unified/</filename>, but cgroup2 will not have resource controllers + attached. In sandboxed/containerized setups, this directory may either not exist or may include a + subset of functionality.</para></listitem> </varlistentry> </variablelist> </refsect1> @@ -515,47 +391,31 @@ <term><filename>/sbin/</filename></term> <term><filename>/usr/sbin/</filename></term> - <listitem><para>These compatibility symlinks point to - <filename>/usr/bin/</filename>, ensuring that scripts and - binaries referencing these legacy paths correctly find their - binaries.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>These compatibility symlinks point to <filename>/usr/bin/</filename>, ensuring that + scripts and binaries referencing these legacy paths correctly find their binaries.</para></listitem> </varlistentry> <varlistentry> <term><filename>/lib/</filename></term> - <listitem><para>This compatibility symlink points to - <filename>/usr/lib/</filename>, ensuring that programs - referencing this legacy path correctly find their - resources.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>This compatibility symlink points to <filename>/usr/lib/</filename>, ensuring that + programs referencing this legacy path correctly find their resources.</para></listitem> </varlistentry> <varlistentry> <term><filename>/lib64/</filename></term> - <listitem><para>On some architecture ABIs, this compatibility - symlink points to <varname>$libdir</varname>, ensuring that - binaries referencing this legacy path correctly find their - dynamic loader. This symlink only exists on architectures - whose ABI places the dynamic loader in this - path.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>On some architecture ABIs, this compatibility symlink points to + <varname>$libdir</varname>, ensuring that binaries referencing this legacy path correctly find their + dynamic loader. This symlink only exists on architectures whose ABI places the dynamic loader in this + path.</para></listitem> </varlistentry> <varlistentry> <term><filename>/var/run/</filename></term> - <listitem><para>This compatibility symlink points to - <filename>/run/</filename>, ensuring that programs referencing - this legacy path correctly find their runtime - data.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + <listitem><para>This compatibility symlink points to <filename>/run/</filename>, ensuring that + programs referencing this legacy path correctly find their runtime data.</para></listitem> </varlistentry> </variablelist> @@ -581,9 +441,7 @@ directory. Flushing this directory should have no effect on operation of programs, except for increased runtimes necessary to rebuild these caches. If an application finds <varname>$XDG_CACHE_HOME</varname> set, it should use the directory specified in it instead of this - directory.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + directory.</para></listitem> </varlistentry> <varlistentry> @@ -592,9 +450,7 @@ <listitem><para>Application configuration. When a new user is created, this directory will be empty or not exist at all. Applications should fall back to defaults should their configuration in this directory be missing. If an application finds <varname>$XDG_CONFIG_HOME</varname> set, it should use - the directory specified in it instead of this directory.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + the directory specified in it instead of this directory.</para></listitem> </varlistentry> <varlistentry> @@ -605,18 +461,14 @@ shell; these should be placed in a subdirectory of <filename>~/.local/lib/</filename> instead. Care should be taken when placing architecture-dependent binaries in this place, which might be problematic if the home directory is shared between multiple hosts with different - architectures.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + architectures.</para></listitem> </varlistentry> <varlistentry> <term><filename>~/.local/lib/</filename></term> <listitem><para>Static, private vendor data that is compatible with all - architectures.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + architectures.</para></listitem> </varlistentry> <varlistentry> @@ -624,9 +476,7 @@ <listitem><para>Location for placing public dynamic libraries. The architecture identifier to use is defined on <ulink url="https://wiki.debian.org/Multiarch/Tuples">Multiarch Architecture Specifiers - (Tuples)</ulink> list.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + (Tuples)</ulink> list.</para></listitem> </varlistentry> <varlistentry> @@ -635,9 +485,7 @@ <listitem><para>Resources shared between multiple packages, such as fonts or artwork. Usually, the precise location and format of files stored below this directory is subject to specifications that ensure interoperability. If an application finds <varname>$XDG_DATA_HOME</varname> set, it should use - the directory specified in it instead of this directory.</para> - - <xi:include href="version-info.xml" xpointer="v215"/></listitem> + the directory specified in it instead of this directory.</para></listitem> </varlistentry> <varlistentry> @@ -646,9 +494,7 @@ <listitem><para>Application state. When a new user is created, this directory will be empty or not exist at all. Applications should fall back to defaults should their state in this directory be missing. If an application finds <varname>$XDG_STATE_HOME</varname> set, it should use the directory - specified in it instead of this directory.</para> - - <xi:include href="version-info.xml" xpointer="v254"/></listitem> + specified in it instead of this directory.</para></listitem> </varlistentry> </variablelist> @@ -777,9 +623,9 @@ </tgroup> </table> - <para>Additional static vendor files may be installed in the - <filename>/usr/share/</filename> hierarchy to the locations - defined by the various relevant specifications.</para> + <para>Additional static vendor files with shared ownership may be installed in the + <filename>/usr/share/</filename> hierarchy to the locations defined by the various relevant + specifications.</para> <para>The following directories shall be used by the package for local configuration and files created during runtime:</para> @@ -869,9 +715,9 @@ </tgroup> </table> - <para>Additional static vendor files may be installed in the <filename>~/.local/share/</filename> - hierarchy, mirroring the subdirectories specified in the section "Vendor-supplied operating system - resources" above.</para> + <para>Additional static vendor files with shared ownership may be installed in the + <filename>~/.local/share/</filename> hierarchy, mirroring the subdirectories specified in the section + "Vendor-supplied operating system resources" above.</para> <para>The following directories shall be used by the package for per-user local configuration and files created during runtime:</para> @@ -890,7 +736,7 @@ <tbody> <row> <entry><filename>~/.config/<replaceable>package</replaceable>/</filename></entry> - <entry>User-specific configuration and state for the package. It is required to default to safe fallbacks if this configuration is missing.</entry> + <entry>User-specific configuration for the package. It is required to default to safe fallbacks if this configuration is missing.</entry> </row> <row> <entry><filename><varname>$XDG_RUNTIME_DIR</varname>/<replaceable>package</replaceable>/</filename></entry> @@ -900,6 +746,10 @@ <entry><filename>~/.cache/<replaceable>package</replaceable>/</filename></entry> <entry>Persistent cache data of the package. If this directory is flushed, the application should work correctly on next invocation, though possibly slowed down due to the need to rebuild any local cache files. The application must be capable of recreating this directory should it be missing and necessary.</entry> </row> + <row> + <entry><filename>~/.local/state/<replaceable>package</replaceable>/</filename></entry> + <entry>Persistent state data of the package.</entry> + </row> </tbody> </tgroup> </table> diff --git a/man/kernel-install.xml b/man/kernel-install.xml index 54c254e..f3468bb 100644 --- a/man/kernel-install.xml +++ b/man/kernel-install.xml @@ -18,7 +18,7 @@ <refnamediv> <refname>kernel-install</refname> - <refpurpose>Add and remove kernel and initrd images to and from /boot</refpurpose> + <refpurpose>Add and remove kernel and initrd images to and from the boot partition</refpurpose> </refnamediv> <refsynopsisdiv> @@ -64,9 +64,9 @@ <citerefentry><refentrytitle>bootup</refentrytitle><manvolnum>7</manvolnum></citerefentry> for an explanation.</para> </footnote> - to and from the boot loader partition, referred to as <varname>$BOOT</varname> here. It will usually be - one of <filename>/boot/</filename>, <filename>/efi/</filename>, or <filename>/boot/efi/</filename>, see - below.</para> + to and from the boot partition, referred to as <varname>$BOOT</varname> here. It will usually be one of + <filename>/boot/</filename>, <filename>/efi/</filename>, or <filename>/boot/efi/</filename>, see below. + </para> <para><command>kernel-install</command> will run the executable files ("plugins") located in the directory <filename>/usr/lib/kernel/install.d/</filename> and the local administration directory diff --git a/man/machine-id.xml b/man/machine-id.xml index 4ee100b..b142d2f 100644 --- a/man/machine-id.xml +++ b/man/machine-id.xml @@ -124,7 +124,7 @@ are as follows:</para> <orderedlist> - <listitem><para>The kernel command argument <varname>systemd.condition-first-boot=</varname> may be + <listitem><para>The kernel command argument <varname>systemd.condition_first_boot=</varname> may be used to override the autodetection logic, see <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>. </para></listitem> diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml index 2a494b9..e744a4c 100644 --- a/man/systemd-tmpfiles.xml +++ b/man/systemd-tmpfiles.xml @@ -169,7 +169,7 @@ <para>It is recommended to first run this command in combination with <option>--dry-run</option> (see below) to verify which files and directories will be deleted.</para> - <para><emphasis>Warning!</emphasis> This is is usually not the command you want! In most cases + <para><emphasis>Warning!</emphasis> This is usually not the command you want! In most cases <option>--remove</option> is what you are looking for.</para> <xi:include href="version-info.xml" xpointer="v256"/></listitem> diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 56eb6af..21527f7 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -2021,8 +2021,9 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting> <filename>/proc/sys/</filename>, <filename>/sys/</filename>, <filename>/proc/sysrq-trigger</filename>, <filename>/proc/latency_stats</filename>, <filename>/proc/acpi</filename>, <filename>/proc/timer_stats</filename>, <filename>/proc/fs</filename> and <filename>/proc/irq</filename> will - be made read-only to all processes of the unit. Usually, tunable kernel variables should be initialized only at - boot-time, for example with the + be made read-only and <filename>/proc/kallsyms</filename> as well as <filename>/proc/kcore</filename> will be + inaccessible to all processes of the unit. + Usually, tunable kernel variables should be initialized only at boot-time, for example with the <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> mechanism. Few services need to write to these at runtime; it is hence recommended to turn this on for most services. For this setting the same restrictions regarding mount propagation and privileges apply as for diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index c897068..e0baf38 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -306,7 +306,7 @@ L /tmp/foobar - - - - /dev/null</programlisting> argument is omitted, symlinks to files with the same name residing in the directory <filename>/usr/share/factory/</filename> are created. Note - that permissions and ownership on symlinks are ignored. + that permissions on symlinks are ignored. </para></listitem> </varlistentry> @@ -588,8 +588,8 @@ w- /proc/sys/vm/swappiness - - - - 10</programlisting></para> <citerefentry><refentrytitle>systemd-tmpfiles</refentrytitle><manvolnum>8</manvolnum></citerefentry> is used. For <varname>z</varname> and <varname>Z</varname> lines, when omitted or when set to <literal>-</literal>, the file ownership will not be modified. These parameters are ignored for - <varname>x</varname>, <varname>r</varname>, <varname>R</varname>, <varname>L</varname>, - <varname>t</varname>, and <varname>a</varname> lines.</para> + <varname>x</varname>, <varname>r</varname>, <varname>R</varname>, <varname>t</varname>, + and <varname>a</varname> lines.</para> <para>This field should generally only reference system users/groups, i.e. users/groups that are guaranteed to be resolvable during early boot. If this field references users/groups that only become |