summaryrefslogtreecommitdiff
path: root/man/systemd.exec.xml
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2022-12-01 22:41:47 +0100
committerLennart Poettering <lennart@poettering.net>2023-04-05 20:55:15 +0200
commit9ea811914fce034c2fe9d5f7d5712d49462ac6a4 (patch)
tree8923f84ccfc9b4a41d23d449658c7b9ccd5cf4b7 /man/systemd.exec.xml
parentf1f42aeaf1ba5444f4a4e0f2d0d4fb304fc34a49 (diff)
downloadsystemd-9ea811914fce034c2fe9d5f7d5712d49462ac6a4.tar.gz
man: document image policy syntax and semantics, and the hooks in the various components
Diffstat (limited to 'man/systemd.exec.xml')
-rw-r--r--man/systemd.exec.xml24
1 files changed, 24 insertions, 0 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 17be33c56a..1d99c58601 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -261,6 +261,30 @@
</varlistentry>
<varlistentry>
+ <term><varname>RootImagePolicy=</varname></term>
+ <term><varname>MountImagePolicy=</varname></term>
+ <term><varname>ExtensionImagePolicy=</varname></term>
+
+ <listitem><para>Takes an image policy string as per
+ <citerefentry><refentrytitle>systemd.image-policy</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ to use when mounting the disk images (DDI) specified in <varname>RootImage=</varname>,
+ <varname>MountImage=</varname>, <varname>ExtensionImage=</varname>, respectively. If not specified
+ the following policy string is the default for <varname>RootImagePolicy=</varname> and <varname>MountImagePolicy</varname>:</para>
+
+ <programlisting>root=verity+signed+encrypted+unprotected+absent: \
+ usr=verity+signed+encrypted+unprotected+absent: \
+ home=encrypted+unprotected+absent: \
+ srv=encrypted+unprotected+absent: \
+ tmp=encrypted+unprotected+absent: \
+ var=encrypted+unprotected+absent</programlisting>
+
+ <para>The default policy for <varname>ExtensionImagePolicy=</varname> is:</para>
+
+ <programlisting>root=verity+signed+encrypted+unprotected+absent: \
+ usr=verity+signed+encrypted+unprotected+absent</programlisting></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>MountAPIVFS=</varname></term>
<listitem><para>Takes a boolean argument. If on, a private mount namespace for the unit's processes is created
View Lorry Controller Status