From 67c5de60daa85b91fa68be4157e248fa31e75316 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 16 Sep 2024 20:18:14 +0200 Subject: Adding upstream version 256.2. Signed-off-by: Daniel Baumann --- man/capsule@.service.xml | 2 +- man/file-hierarchy.xml | 464 ++++++++++++++++------------------------------- man/kernel-install.xml | 8 +- man/machine-id.xml | 2 +- man/systemd-tmpfiles.xml | 2 +- man/systemd.exec.xml | 5 +- man/tmpfiles.d.xml | 6 +- 7 files changed, 170 insertions(+), 319 deletions(-) (limited to 'man') diff --git a/man/capsule@.service.xml b/man/capsule@.service.xml index aa5b1bb..f9c5455 100644 --- a/man/capsule@.service.xml +++ b/man/capsule@.service.xml @@ -41,7 +41,7 @@ The capsule service manager utilizes DynamicUser= (see systemd.exec5) to allocate a new UID dynamically on invocation. The user name is automatically generated from the capsule - name, by prefixng p_. The UID is released when the service is terminated. The user + name, by prefixing c-. The UID is released when the service is terminated. The user service manager on the other hand operates under a statically allocated user ID that must be pre-existing, before the user service manager is invoked. diff --git a/man/file-hierarchy.xml b/man/file-hierarchy.xml index 02841a7..04dfbe4 100644 --- a/man/file-hierarchy.xml +++ b/man/file-hierarchy.xml @@ -48,93 +48,63 @@ / - The file system root. Usually writable, but - this is not required. Possibly a temporary file system - (tmpfs). Not shared with other hosts - (unless read-only). - - + The file system root. Usually writable, but this is not required. Possibly a + temporary file system (tmpfs). Not shared with other hosts (unless + read-only). /boot/ - The boot partition used for bringing up the - system. On EFI systems, this is possibly the EFI System - Partition (ESP), also see + The boot partition used for bringing up the system. On EFI systems, this is possibly + the EFI System Partition (ESP), also see systemd-gpt-auto-generator8. - This directory is usually strictly local to the host, and - should be considered read-only, except when a new kernel or - boot loader is installed. This directory only exists on - systems that run on physical or emulated hardware that - requires boot loaders. - - + This directory is usually strictly local to the host, and should be considered read-only, except when + a new kernel or boot loader is installed. This directory only exists on systems that run on physical + or emulated hardware that requires boot loaders. /efi/ - If the boot partition /boot/ is maintained separately from the EFI System - Partition (ESP), the latter is mounted here. Tools that need to operate on the EFI system partition should look - for it at this mount point first, and fall back to /boot/ — if the former doesn't qualify - (for example if it is not a mount point or does not have the correct file system type - MSDOS_SUPER_MAGIC). - - + If the boot partition /boot/ is maintained separately from the + EFI System Partition (ESP), the latter is mounted here. Tools that need to operate on the EFI system + partition should look for it at this mount point first, and fall back to /boot/ + — if the former doesn't qualify (for example if it is not a mount point or does not have the correct + file system type MSDOS_SUPER_MAGIC). /etc/ - System-specific configuration. This directory - may or may not be read-only. Frequently, this directory is - pre-populated with vendor-supplied configuration files, but - applications should not make assumptions about this directory - being fully populated or populated at all, and should fall - back to defaults if configuration is - missing. - - + System-specific configuration. This directory may or may not be + read-only. Frequently, this directory is pre-populated with vendor-supplied configuration files, but + applications should not make assumptions about this directory being fully populated or populated at + all, and should fall back to defaults if configuration is missing. /home/ - The location for normal user's home - directories. Possibly shared with other systems, and never - read-only. This directory should only be used for normal - users, never for system users. This directory and possibly the - directories contained within it might only become available or - writable in late boot or even only after user authentication. - This directory might be placed on limited-functionality - network file systems, hence applications should not assume the - full set of file API is available on this directory. - Applications should generally not reference this directory - directly, but via the per-user $HOME - environment variable, or via the home directory field of the - user database. - - + The location for normal user's home directories. Possibly shared with other systems, + and never read-only. This directory should only be used for normal users, never for system + users. This directory and possibly the directories contained within it might only become available or + writable in late boot or even only after user authentication. This directory might be placed on + limited-functionality network file systems, hence applications should not assume the full set of file + API is available on this directory. Applications should generally not reference this directory + directly, but via the per-user $HOME environment variable, or via the home + directory field of the user database. /root/ - The home directory of the root user. The root - user's home directory is located outside of - /home/ in order to make sure the root user - may log in even without /home/ being - available and mounted. - - + The home directory of the root user. The root user's home directory is located + outside of /home/ in order to make sure the root user may log in even without + /home/ being available and mounted. /srv/ - The place to store general server payload, - managed by the administrator. No restrictions are made how - this directory is organized internally. Generally writable, - and possibly shared among systems. This directory might become - available or writable only very late during - boot. - - + The place to store general server payload, managed by the administrator. No + restrictions are made how this directory is organized internally. Generally writable, and possibly + shared among systems. This directory might become available or writable only very late during + boot. @@ -156,10 +126,7 @@ mkdtemp3, and similar calls. For more details, see Using - /tmp/ and /var/tmp/ Safely. - - - + /tmp/ and /var/tmp/ Safely. @@ -173,34 +140,24 @@ /run/ A tmpfs file system for system packages to place runtime data, socket files, and similar. This directory is flushed on boot, and generally writable for privileged - programs only. Always writable. - - + programs only. Always writable. /run/log/ - Runtime system logs. System components may - place private logs in this directory. Always writable, even - when /var/log/ might not be accessible - yet. - - + Runtime system logs. System components may place private logs in this + directory. Always writable, even when /var/log/ might not be accessible + yet. /run/user/ - Contains per-user runtime directories, each - usually individually mounted tmpfs - instances. Always writable, flushed at each reboot and when - the user logs out. User code should not reference this - directory directly, but via the - $XDG_RUNTIME_DIR environment variable, as - documented in the XDG - Base Directory Specification. - - + Contains per-user runtime directories, each usually individually mounted + tmpfs instances. Always writable, flushed at each reboot and when the user logs + out. User code should not reference this directory directly, but via the + $XDG_RUNTIME_DIR environment variable, as documented in the XDG Base Directory + Specification. @@ -212,99 +169,68 @@ /usr/ - Vendor-supplied operating system resources. - Usually read-only, but this is not required. Possibly shared - between multiple hosts. This directory should not be modified - by the administrator, except when installing or removing - vendor-supplied packages. - - + Vendor-supplied operating system resources. Usually read-only, but this is not + required. Possibly shared between multiple hosts. This directory should not be modified by the + administrator, except when installing or removing vendor-supplied packages. /usr/bin/ - Binaries and executables for user commands - that shall appear in the $PATH search path. - It is recommended not to place binaries in this directory that - are not useful for invocation from a shell (such as daemon - binaries); these should be placed in a subdirectory of - /usr/lib/ instead. - - + Binaries and executables for user commands that shall appear in the + $PATH search path. It is recommended not to place binaries in this directory that + are not useful for invocation from a shell (such as daemon binaries); these should be placed in a + subdirectory of /usr/lib/ instead. /usr/include/ - C and C++ API header files of system - libraries. - - + C and C++ API header files of system libraries. /usr/lib/ - Static, private vendor data that is compatible - with all architectures (though not necessarily - architecture-independent). Note that this includes internal - executables or other binaries that are not regularly invoked - from a shell. Such binaries may be for any architecture - supported by the system. Do not place public libraries in this - directory, use $libdir (see below), - instead. - - + Static, private vendor data that is compatible with all architectures (though not + necessarily architecture-independent). Note that this includes internal executables or other binaries + that are not regularly invoked from a shell. Such binaries may be for any architecture supported by + the system. Do not place public libraries in this directory, use $libdir (see + below), instead. /usr/lib/arch-id/ - Location for placing dynamic libraries into, also - called $libdir. The architecture identifier - to use is defined on Multiarch - Architecture Specifiers (Tuples) list. Legacy - locations of $libdir are - /usr/lib/, - /usr/lib64/. This directory should not be - used for package-specific data, unless this data is - architecture-dependent, too. To query - $libdir for the primary architecture of the - system, invoke: - # systemd-path system-library-arch - - - + Location for placing dynamic libraries into, also called + $libdir. The architecture identifier to use is defined on Multiarch Architecture Specifiers (Tuples) + list. Legacy locations of $libdir are /usr/lib/, + /usr/lib64/. This directory should not be used for package-specific data, unless + this data is architecture-dependent, too. To query $libdir for the primary + architecture of the system, invoke: # systemd-path + system-library-arch /usr/share/ - Resources shared between multiple packages, - such as documentation, man pages, time zone information, fonts - and other resources. Usually, the precise location and format - of files stored below this directory is subject to - specifications that ensure interoperability. + Resources shared between multiple packages, such as documentation, man pages, time + zone information, fonts and other resources. Usually, the precise location and format of files stored + below this directory is subject to specifications that ensure interoperability. - + Note that resources placed in this directory typically are under shared ownership, + i.e. multiple different packages have provide and consume these resources, on equal footing, without + any obvious primary owner. This makes makes things systematically different from + /usr/lib/, where ownership is generally not shared. /usr/share/doc/ - Documentation for the operating system or - system packages. - - + Documentation for the operating system or system packages. /usr/share/factory/etc/ - Repository for vendor-supplied default - configuration files. This directory should be populated with - pristine vendor versions of all configuration files that may - be placed in /etc/. This is useful to - compare the local configuration of a system with vendor - defaults and to populate the local configuration with - defaults. - - + Repository for vendor-supplied default configuration files. This directory should be + populated with pristine vendor versions of all configuration files that may be placed in + /etc/. This is useful to compare the local configuration of a system with vendor + defaults and to populate the local configuration with defaults. @@ -313,10 +239,7 @@ Similar to /usr/share/factory/etc/, but for vendor versions of files in the variable, persistent data directory - /var/. - - - + /var/. @@ -333,49 +256,34 @@ system might start up without this directory being populated. Persistency is recommended, but optional, to support ephemeral systems. This directory might become available or writable only very late during boot. Components that are required to operate during early boot hence shall not - unconditionally rely on this directory. - - + unconditionally rely on this directory. /var/cache/ - Persistent system cache data. System - components may place non-essential data in this directory. - Flushing this directory should have no effect on operation of - programs, except for increased runtimes necessary to rebuild - these caches. - - + Persistent system cache data. System components may place non-essential data in this + directory. Flushing this directory should have no effect on operation of programs, except for + increased runtimes necessary to rebuild these caches. /var/lib/ - Persistent system data. System components may - place private data in this directory. - - + Persistent system data. System components may place private data in this + directory. /var/log/ - Persistent system logs. System components may - place private logs in this directory, though it is recommended - to do most logging via the - syslog3 - and + Persistent system logs. System components may place private logs in this directory, + though it is recommended to do most logging via the syslog3 and sd_journal_print3 - calls. - - + calls. /var/spool/ - Persistent system spool data, such as printer - or mail queues. - - + Persistent system spool data, such as printer or mail queues. @@ -396,10 +304,8 @@ mkdtemp3, and similar calls should be used. For further details about this directory, see Using /tmp/ and /var/tmp/ Safely. - - - + url="https://systemd.io/TEMPORARY_DIRECTORIES">Using /tmp/ and /var/tmp/ + Safely. @@ -411,97 +317,67 @@ /dev/ - The root directory for device nodes. Usually, - this directory is mounted as a devtmpfs - instance, but might be of a different type in - sandboxed/containerized setups. This directory is managed - jointly by the kernel and + The root directory for device nodes. Usually, this directory is mounted as a + devtmpfs instance, but might be of a different type in sandboxed/containerized + setups. This directory is managed jointly by the kernel and systemd-udevd8, - and should not be written to by other components. A number of - special purpose virtual file systems might be mounted below - this directory. - - + and should not be written to by other components. A number of special purpose virtual file systems + might be mounted below this directory. /dev/shm/ - Place for POSIX shared memory segments, as - created via - shm_open3. - This directory is flushed on boot, and is a - tmpfs file system. Since all users have - write access to this directory, special care should be taken - to avoid name clashes and vulnerabilities. For normal users, - shared memory segments in this directory are usually deleted - when the user logs out. Usually, it is a better idea to use - memory mapped files in /run/ (for system - programs) or $XDG_RUNTIME_DIR (for user - programs) instead of POSIX shared memory segments, since these - directories are not world-writable and hence not vulnerable to - security-sensitive name clashes. - - + Place for POSIX shared memory segments, as created via shm_open3. + This directory is flushed on boot, and is a tmpfs file system. Since all users + have write access to this directory, special care should be taken to avoid name clashes and + vulnerabilities. For normal users, shared memory segments in this directory are usually deleted when + the user logs out. Usually, it is a better idea to use memory mapped files in + /run/ (for system programs) or $XDG_RUNTIME_DIR (for user + programs) instead of POSIX shared memory segments, since these directories are not world-writable and + hence not vulnerable to security-sensitive name clashes. /proc/ - A virtual kernel file system exposing the - process list and other functionality. This file system is - mostly an API to interface with the kernel and not a place - where normal files may be stored. For details, see - proc5. - A number of special purpose virtual file systems might be - mounted below this directory. - - + A virtual kernel file system exposing the process list and other functionality. This + file system is mostly an API to interface with the kernel and not a place where normal files may be + stored. For details, see proc5. A + number of special purpose virtual file systems might be mounted below this + directory. /proc/sys/ - A hierarchy below /proc/ - that exposes a number of kernel tunables. The primary way to - configure the settings in this API file tree is via + A hierarchy below /proc/ that exposes a number of kernel + tunables. The primary way to configure the settings in this API file tree is via sysctl.d5 - files. In sandboxed/containerized setups, this directory is - generally mounted read-only. - - + files. In sandboxed/containerized setups, this directory is generally mounted + read-only. /sys/ - A virtual kernel file system exposing - discovered devices and other functionality. This file system - is mostly an API to interface with the kernel and not a place - where normal files may be stored. In sandboxed/containerized - setups, this directory is generally mounted read-only. A number - of special purpose virtual file systems might be mounted below - this directory. - - + A virtual kernel file system exposing discovered devices and other + functionality. This file system is mostly an API to interface with the kernel and not a place where + normal files may be stored. In sandboxed/containerized setups, this directory is generally mounted + read-only. A number of special purpose virtual file systems might be mounted below this + directory. /sys/fs/cgroup/ - A virtual kernel file system exposing process - control groups (cgroups). This file system is an API to interface - with the kernel and not a place where normal files may be stored. On - current systems running in the default "unified" mode, - this directory serves as the mount point for the - cgroup2 filesystem, which provides a unified - cgroup hierarchy for all resource controllers. On systems with - non-default configurations, this directory may instead be a tmpfs - filesystem containing mount points for various - cgroup (v1) resource controllers; in such - configurations, if cgroup2 is mounted it will be - mounted on /sys/fs/cgroup/unified/, but - cgroup2 will not have resource controllers attached. In - sandboxed/containerized setups, this directory may either not exist or - may include a subset of functionality. - - - + A virtual kernel file system exposing process control groups (cgroups). This file + system is an API to interface with the kernel and not a place where normal files may be stored. On + current systems running in the default "unified" mode, this directory serves as the mount point for + the cgroup2 filesystem, which provides a unified cgroup hierarchy for all resource + controllers. On systems with non-default configurations, this directory may instead be a tmpfs + filesystem containing mount points for various cgroup (v1) resource controllers; + in such configurations, if cgroup2 is mounted it will be mounted on + /sys/fs/cgroup/unified/, but cgroup2 will not have resource controllers + attached. In sandboxed/containerized setups, this directory may either not exist or may include a + subset of functionality. @@ -515,47 +391,31 @@ /sbin/ /usr/sbin/ - These compatibility symlinks point to - /usr/bin/, ensuring that scripts and - binaries referencing these legacy paths correctly find their - binaries. - - + These compatibility symlinks point to /usr/bin/, ensuring that + scripts and binaries referencing these legacy paths correctly find their binaries. /lib/ - This compatibility symlink points to - /usr/lib/, ensuring that programs - referencing this legacy path correctly find their - resources. - - + This compatibility symlink points to /usr/lib/, ensuring that + programs referencing this legacy path correctly find their resources. /lib64/ - On some architecture ABIs, this compatibility - symlink points to $libdir, ensuring that - binaries referencing this legacy path correctly find their - dynamic loader. This symlink only exists on architectures - whose ABI places the dynamic loader in this - path. - - + On some architecture ABIs, this compatibility symlink points to + $libdir, ensuring that binaries referencing this legacy path correctly find their + dynamic loader. This symlink only exists on architectures whose ABI places the dynamic loader in this + path. /var/run/ - This compatibility symlink points to - /run/, ensuring that programs referencing - this legacy path correctly find their runtime - data. - - + This compatibility symlink points to /run/, ensuring that + programs referencing this legacy path correctly find their runtime data. @@ -581,9 +441,7 @@ directory. Flushing this directory should have no effect on operation of programs, except for increased runtimes necessary to rebuild these caches. If an application finds $XDG_CACHE_HOME set, it should use the directory specified in it instead of this - directory. - - + directory. @@ -592,9 +450,7 @@ Application configuration. When a new user is created, this directory will be empty or not exist at all. Applications should fall back to defaults should their configuration in this directory be missing. If an application finds $XDG_CONFIG_HOME set, it should use - the directory specified in it instead of this directory. - - + the directory specified in it instead of this directory. @@ -605,18 +461,14 @@ shell; these should be placed in a subdirectory of ~/.local/lib/ instead. Care should be taken when placing architecture-dependent binaries in this place, which might be problematic if the home directory is shared between multiple hosts with different - architectures. - - + architectures. ~/.local/lib/ Static, private vendor data that is compatible with all - architectures. - - + architectures. @@ -624,9 +476,7 @@ Location for placing public dynamic libraries. The architecture identifier to use is defined on Multiarch Architecture Specifiers - (Tuples) list. - - + (Tuples) list. @@ -635,9 +485,7 @@ Resources shared between multiple packages, such as fonts or artwork. Usually, the precise location and format of files stored below this directory is subject to specifications that ensure interoperability. If an application finds $XDG_DATA_HOME set, it should use - the directory specified in it instead of this directory. - - + the directory specified in it instead of this directory. @@ -646,9 +494,7 @@ Application state. When a new user is created, this directory will be empty or not exist at all. Applications should fall back to defaults should their state in this directory be missing. If an application finds $XDG_STATE_HOME set, it should use the directory - specified in it instead of this directory. - - + specified in it instead of this directory. @@ -777,9 +623,9 @@ - Additional static vendor files may be installed in the - /usr/share/ hierarchy to the locations - defined by the various relevant specifications. + Additional static vendor files with shared ownership may be installed in the + /usr/share/ hierarchy to the locations defined by the various relevant + specifications. The following directories shall be used by the package for local configuration and files created during runtime: @@ -869,9 +715,9 @@ - Additional static vendor files may be installed in the ~/.local/share/ - hierarchy, mirroring the subdirectories specified in the section "Vendor-supplied operating system - resources" above. + Additional static vendor files with shared ownership may be installed in the + ~/.local/share/ hierarchy, mirroring the subdirectories specified in the section + "Vendor-supplied operating system resources" above. The following directories shall be used by the package for per-user local configuration and files created during runtime: @@ -890,7 +736,7 @@ ~/.config/package/ - User-specific configuration and state for the package. It is required to default to safe fallbacks if this configuration is missing. + User-specific configuration for the package. It is required to default to safe fallbacks if this configuration is missing. $XDG_RUNTIME_DIR/package/ @@ -900,6 +746,10 @@ ~/.cache/package/ Persistent cache data of the package. If this directory is flushed, the application should work correctly on next invocation, though possibly slowed down due to the need to rebuild any local cache files. The application must be capable of recreating this directory should it be missing and necessary. + + ~/.local/state/package/ + Persistent state data of the package. + diff --git a/man/kernel-install.xml b/man/kernel-install.xml index 54c254e..f3468bb 100644 --- a/man/kernel-install.xml +++ b/man/kernel-install.xml @@ -18,7 +18,7 @@ kernel-install - Add and remove kernel and initrd images to and from /boot + Add and remove kernel and initrd images to and from the boot partition @@ -64,9 +64,9 @@ bootup7 for an explanation. - to and from the boot loader partition, referred to as $BOOT here. It will usually be - one of /boot/, /efi/, or /boot/efi/, see - below. + to and from the boot partition, referred to as $BOOT here. It will usually be one of + /boot/, /efi/, or /boot/efi/, see below. + kernel-install will run the executable files ("plugins") located in the directory /usr/lib/kernel/install.d/ and the local administration directory diff --git a/man/machine-id.xml b/man/machine-id.xml index 4ee100b..b142d2f 100644 --- a/man/machine-id.xml +++ b/man/machine-id.xml @@ -124,7 +124,7 @@ are as follows: - The kernel command argument systemd.condition-first-boot= may be + The kernel command argument systemd.condition_first_boot= may be used to override the autodetection logic, see kernel-command-line7. diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml index 2a494b9..e744a4c 100644 --- a/man/systemd-tmpfiles.xml +++ b/man/systemd-tmpfiles.xml @@ -169,7 +169,7 @@ It is recommended to first run this command in combination with (see below) to verify which files and directories will be deleted. - Warning! This is is usually not the command you want! In most cases + Warning! This is usually not the command you want! In most cases is what you are looking for. diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 56eb6af..21527f7 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -2021,8 +2021,9 @@ BindReadOnlyPaths=/var/lib/systemd /proc/sys/, /sys/, /proc/sysrq-trigger, /proc/latency_stats, /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq will - be made read-only to all processes of the unit. Usually, tunable kernel variables should be initialized only at - boot-time, for example with the + be made read-only and /proc/kallsyms as well as /proc/kcore will be + inaccessible to all processes of the unit. + Usually, tunable kernel variables should be initialized only at boot-time, for example with the sysctl.d5 mechanism. Few services need to write to these at runtime; it is hence recommended to turn this on for most services. For this setting the same restrictions regarding mount propagation and privileges apply as for diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index c897068..e0baf38 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -306,7 +306,7 @@ L /tmp/foobar - - - - /dev/null argument is omitted, symlinks to files with the same name residing in the directory /usr/share/factory/ are created. Note - that permissions and ownership on symlinks are ignored. + that permissions on symlinks are ignored. @@ -588,8 +588,8 @@ w- /proc/sys/vm/swappiness - - - - 10 systemd-tmpfiles8 is used. For z and Z lines, when omitted or when set to -, the file ownership will not be modified. These parameters are ignored for - x, r, R, L, - t, and a lines. + x, r, R, t, + and a lines. This field should generally only reference system users/groups, i.e. users/groups that are guaranteed to be resolvable during early boot. If this field references users/groups that only become -- cgit v1.2.3