diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-12-01 22:41:47 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-04-05 20:55:15 +0200 |
| commit | 9ea811914fce034c2fe9d5f7d5712d49462ac6a4 (patch) | |
| tree | 8923f84ccfc9b4a41d23d449658c7b9ccd5cf4b7 /man/systemd-analyze.xml | |
| parent | f1f42aeaf1ba5444f4a4e0f2d0d4fb304fc34a49 (diff) | |
| download | systemd-9ea811914fce034c2fe9d5f7d5712d49462ac6a4.tar.gz | |
man: document image policy syntax and semantics, and the hooks in the various components
Diffstat (limited to 'man/systemd-analyze.xml')
| -rw-r--r-- | man/systemd-analyze.xml | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index 9fd28e6f45..7176e3c046 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -162,6 +162,12 @@ <arg choice="plain">fdstore</arg> <arg choice="opt" rep="repeat"><replaceable>UNIT</replaceable></arg> </cmdsynopsis> + <cmdsynopsis> + <command>systemd-analyze</command> + <arg choice="opt" rep="repeat">OPTIONS</arg> + <arg choice="plain">image-policy</arg> + <arg choice="plain" rep="repeat"><replaceable>POLICY</replaceable></arg> + </cmdsynopsis> </refsynopsisdiv> <refsect1> @@ -840,6 +846,39 @@ stored sock 0:8 4213190 - socket:[4213190] ro "DEVNO".</para> </refsect2> + <refsect2> + <title><command>systemd-analyze image-policy <optional><replaceable>POLICY</replaceable>…</optional></command></title> + + <para>This command analyzes the specified image policy string, as per + <citerefentry><refentrytitle>systemd.image-policy</refentrytitle><manvolnum>7</manvolnum></citerefentry>. The + policy is normalized and simplified. For each currently defined partition identifier (as per the <ulink + url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable + Partitions Specification</ulink> the effect of the image policy string is shown in tabular form.</para> + + <example> + <title>Example Output</title> + + <programlisting>$ systemd-analyze image-policy swap=encrypted:usr=read-only-on+verity:root=encrypted +Analyzing policy: root=encrypted:usr=verity+read-only-on:swap=encrypted + Long form: root=encrypted:usr=verity+read-only-on:swap=encrypted:=unused+absent + +PARTITION MODE READ-ONLY GROWFS +root encrypted - - +usr verity yes - +home ignore - - +srv ignore - - +esp ignore - - +xbootldr ignore - - +swap encrypted - - +root-verity ignore - - +usr-verity unprotected yes - +root-verity-sig ignore - - +usr-verity-sig ignore - - +tmp ignore - - +var ignore - - +default ignore - -</programlisting> + </example> + </refsect2> </refsect1> <refsect1> @@ -967,6 +1006,8 @@ stored sock 0:8 4213190 - socket:[4213190] ro operate on files inside the specified image path <replaceable>PATH</replaceable>.</para></listitem> </varlistentry> + <xi:include href="standard-options.xml" xpointer="image-policy-open" /> + <varlistentry> <term><option>--offline=<replaceable>BOOL</replaceable></option></term> |