diff options
author | Lennart Poettering <lennart@poettering.net> | 2023-01-05 15:35:20 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2023-01-05 18:52:15 +0100 |
commit | 116687f26778c5d8f1fceb9b0ebba363a10597bc (patch) | |
tree | 3514cb8fb28d72896aa6b5434486e4a39b3c23de /man | |
parent | ea575e176aac9fa8f430bb30a3e8abd8da767a10 (diff) | |
download | systemd-116687f26778c5d8f1fceb9b0ebba363a10597bc.tar.gz |
resolved: read DNS conf also from creds and kernel cmdline
Note that this drops ProtectProc=invisible from
systemd-resolved.service.
This is done because othewise access to the booted "kernel" command line is not
necessarily available. That's because in containers we want to read
/proc/1/cmdline for that.
Fixes: #24103
Diffstat (limited to 'man')
-rw-r--r-- | man/kernel-command-line.xml | 9 | ||||
-rw-r--r-- | man/systemd-resolved.service.xml | 43 | ||||
-rw-r--r-- | man/systemd.system-credentials.xml | 9 |
3 files changed, 61 insertions, 0 deletions
diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml index 545dc40798..0528c4b672 100644 --- a/man/kernel-command-line.xml +++ b/man/kernel-command-line.xml @@ -479,6 +479,15 @@ </varlistentry> <varlistentry> + <term><varname>nameserver=</varname></term> + <term><varname>domain=</varname></term> + + <listitem><para>Configures DNS server information and search domains, see + <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> + for details.</para></listitem> + </varlistentry> + + <varlistentry> <term><varname>resume=</varname></term> <term><varname>resumeflags=</varname></term> diff --git a/man/systemd-resolved.service.xml b/man/systemd-resolved.service.xml index c006c03b53..7003c36db7 100644 --- a/man/systemd-resolved.service.xml +++ b/man/systemd-resolved.service.xml @@ -400,6 +400,49 @@ search foobar.com barbar.com </refsect1> <refsect1> + <title>Credentials</title> + + <para><command>systemd-resolved</command> supports the service credentials logic as implemented by + <varname>LoadCredential=</varname>/<varname>SetCredential=</varname> (see + <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>1</manvolnum></citerefentry> for + details). The following credentials are used when passed in:</para> + + <variablelist> + <varlistentry> + <term><varname>network.dns</varname></term> + <term><varname>network.search_domains</varname></term> + + <listitem><para>May contain a space separated list of DNS server IP addresses and DNS search + domains. This information is only used when no explicit configuration via + <filename>/etc/systemd/resolved.conf</filename>, <filename>/etc/resolv.conf</filename> or the kernel + command line has been provided.</para></listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1> + <title>Kernel Command Line</title> + + <para><command>systemd-resolved</command> also honours two kernel command line options:</para> + + <variablelist class='kernel-commandline-options'> + <varlistentry> + <term><varname>nameserver=</varname></term> + <term><varname>domain=</varname></term> + + <listitem><para>Takes the IP address of a DNS server (in case of <varname>nameserver=</varname>), and + a DNS search domain (in case of <varname>domain=</varname>). May be used multiple times, to define + multiple DNS servers/search domains. If either of these options are specified + <filename>/etc/resolv.conf</filename> will not be read and the <varname>DNS=</varname> and + <varname>Domains=</varname> settings of + <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> + will be ignored. These two kernel command line options hence override system + configuration.</para></listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1> <title>See Also</title> <para> <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, diff --git a/man/systemd.system-credentials.xml b/man/systemd.system-credentials.xml index 3eadf9b985..9e49e3feae 100644 --- a/man/systemd.system-credentials.xml +++ b/man/systemd.system-credentials.xml @@ -116,6 +116,15 @@ </varlistentry> <varlistentry> + <term><varname>network.dns</varname></term> + <term><varname>network.search_domains</varname></term> + <listitem> + <para>DNS server information and search domains. Read by + <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> + </listitem> + </varlistentry> + + <varlistentry> <term><varname>passwd.hashed-password.root</varname></term> <term><varname>passwd.plaintext-password.root</varname></term> <listitem> |