summaryrefslogtreecommitdiff
path: root/man/systemd.exec.xml
Commit message (Collapse)AuthorAgeFilesLines
* Add support for opening files for appendingZsolt Dollenstein2020-05-191-5/+11
| | | | | | | | Addresses part of #8983 (cherry picked from commit 566b7d23eb747e9c5a74e5647693077b52395fc5) Resolves: #1809175
* core: imply NNP and SUID/SGID restriction for DynamicUser=yes servicev239-26Lennart Poettering2020-02-191-6/+10
| | | | | | | | | | | | Let's be safe, rather than sorry. This way DynamicUser=yes services can neither take benefit of, nor create SUID/SGID binaries. Given that DynamicUser= is a recent addition only we should be able to get away with turning this on, even though this is strictly speaking a binary compatibility breakage. (cherry picked from commit bf65b7e0c9fc215897b676ab9a7c9d1c688143ba) Resolves: #1687512
* man: document the new RestrictSUIDSGID= settingLennart Poettering2020-02-191-12/+29
| | | | | (cherry picked from commit 7445db6eb70e8d5989f481d0c5a08ace7047ae5b) Related: #1687512
* core: introduce NUMAPolicy and NUMAMask optionsMichal Sekletár2019-12-051-0/+28
| | | | | | | | | | | | | | | | | Make possible to set NUMA allocation policy for manager. Manager's policy is by default inherited to all forked off processes. However, it is possible to override the policy on per-service basis. Currently we support, these policies: default, prefer, bind, interleave, local. See man 2 set_mempolicy for details on each policy. Overall NUMA policy actually consists of two parts. Policy itself and bitmask representing NUMA nodes where is policy effective. Node mask can be specified using related option, NUMAMask. Default mask can be overwritten on per-service level. (cherry-picked from commit fe9c54b2188e6cd23262a319f96b13215f2c5e9c) Resolves: #1734787
* pid1: parse CPUAffinity= in incremental fashionZbigniew Jędrzejewski-Szmek2019-12-051-1/+1
| | | | | | | | | | | | This makes the handling of this option match what we do in unit files. I think consistency is important here. (As it happens, it is the only option in system.conf that is "non-atomic", i.e. where there's a list of things which can be split over multiple assignments. All other options are single-valued, so there's no issue of how to handle multiple assignments.) (cherry picked from commit 61fbbac1d517a0b3498a689c736c6ca918497904) Related: #1734787
* core: implement per unit journal rate limitingAnita Zhang2019-10-211-0/+16
| | | | | | | | | | | | | Add LogRateLimitIntervalSec= and LogRateLimitBurst= options for services. If provided, these values get passed to the journald client context, and those values are used in the rate limiting function in the journal over the the journald.conf values. Part of #10230 (cherry picked from commit 90fc172e191f44979005a524521112f2bd1ff21b) Resolves: #1719577
* seccomp: add new system call filter, suitable as default whitelist for ↵Lennart Poettering2018-06-141-0/+12
| | | | | | | | | | | | | | | system services Currently we employ mostly system call blacklisting for our system services. Let's add a new system call filter group @system-service that helps turning this around into a whitelist by default. The new group is very similar to nspawn's default filter list, but in some ways more restricted (as sethostname() and suchlike shouldn't be available to most system services just like that) and in others more relaxed (for example @keyring is blocked in nspawn since it's not properly virtualized yet in the kernel, but is fine for regular system services).
* man: drop unused <authorgroup> tags from man sourcesZbigniew Jędrzejewski-Szmek2018-06-141-9/+0
| | | | | | | | | | | | Docbook styles required those to be present, even though the templates that we use did not show those names anywhere. But something changed semi-recently (I would suspect docbook templates, but there was only a minor version bump in recent years, and the changelog does not suggest anything related), and builds now work without those entries. Let's drop this dead weight. Tested with F26-F29, debian unstable. $ perl -i -0pe 's/\s*<authorgroup>.*<.authorgroup>//gms' man/*xml
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* Merge pull request #9153 from poettering/private-mountsZbigniew Jędrzejewski-Szmek2018-06-131-19/+60
|\ | | | | introduce PrivateMounts= setting and clean up documentation for MountFlags=
| * man: document the new PrivateMounts= settingLennart Poettering2018-06-121-19/+60
| | | | | | | | | | | | | | Also, extend the documentation on MountFlags= substantially, hopefully addressing all the questions of #4393 Fixes: #4393
* | doc: more spelling fixesMichael Biebl2018-06-121-5/+5
|/
* tree-wide: drop trailing whitespaceLennart Poettering2018-06-121-2/+2
|
* Table is easier to graspBruno Vernay2018-06-111-7/+42
| | | | | | State goes in CONFIG for users 3rd review
* man: RuntimeDirectory= or friends accept dot contained pathsYu Watanabe2018-06-041-1/+1
|
* load-fragment: make IOScheduling{Class,Priority}= accept the empty stringYu Watanabe2018-05-311-2/+5
|
* Merge pull request #8817 from yuwata/cleanup-nsflagsLennart Poettering2018-05-241-3/+14
|\ | | | | core: allow to specify RestrictNamespaces= multiple times
| * man: fix merging rule for CapabilityBoundingSet=Yu Watanabe2018-05-051-1/+1
| |
| * man: mention that RestrictNamespaces= can be specified multiple timesYu Watanabe2018-05-051-2/+13
| |
* | man: fix reference in StandardOutput=Lucas Werkmeister2018-05-141-2/+2
|/ | | | | | | Since StandardOutput=file:path is more similar to StandardInput= than StandardInputText=, and only StandardInput= is actually documented above StandardOutput= whereas StandardInputText= is documented below it, I assume the intention was to refer to the former.
* man: don't claim we'd set XDG_SEAT and XDG_VTNR as part of service managementLennart Poettering2018-04-271-20/+15
| | | | | | | | | | | | Previously, reading through systemd.exec(5) one might get the idea that XDG_SEAT and XDG_VTNR are part of the service management logic, but they are not, they are only set if pam_systemd is part of a PAM stack an pam_systemd is used. Hence, let's drop these env vars from the list of env vars, and instead add a paragraph after the list mentioning that pam_systemd might add more systemd-specific env vars if included in the PAM stack for a service that uses PAMName=.
* man: document BSD exit codes in systemd.exec(5) tooLennart Poettering2018-04-271-0/+92
| | | | | Our own tools use them now, and we probably should encourage that, hence let's document them along with the other exit codes we use.
* tree-wide: drop spurious newlines (#8764)Lennart Poettering2018-04-191-3/+0
| | | | | | | | Double newlines (i.e. one empty lines) are great to structure code. But let's avoid triple newlines (i.e. two empty lines), quadruple newlines, quintuple newlines, …, that's just spurious whitespace. It's an easy way to drop 121 lines of code, and keeps the coding style of our sources a bit tigther.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* man: suggests TemporaryFileSystem= when people want to nest bind mounts ↵Yu Watanabe2018-02-271-3/+7
| | | | | | inside InaccessiblePaths= (#8288) Suggested by @sourcejedi in #8242. Closes #7895, #7153, and #2780.
* Merge pull request #7908 from yuwata/rfe-7895Alan Jenkins2018-02-211-9/+44
|\ | | | | core: add TemporaryFileSystem= setting and 'tmpfs' option to ProtectHome=
| * core: add new option 'tmpfs' to ProtectHome=Yu Watanabe2018-02-211-8/+18
| | | | | | | | | | This make ProtectHome= setting can take 'tmpfs'. This is mostly equivalent to `TemporaryFileSystem=/home /run/user /root`.
| * man: add documents for TemporaryFileSystem=Yu Watanabe2018-02-211-0/+23
| |
| * core/namespace: make '-' prefix in Bind{,ReadOnly}Paths= workYu Watanabe2018-02-211-1/+3
| | | | | | | | | | | | Each path in `Bind{ReadOnly}Paths=` accept '-' prefix. However, the prefix is completely ignored. This makes it work as expected.
* | core: change KeyringMode= to "shared" by default for non-service units in ↵Lennart Poettering2018-02-201-2/+2
|/ | | | | | | | | | | | | | | the system manager (#8172) Before this change all unit types would default to "private" in the system service manager and "inherit" to in the user service manager. With this change this is slightly altered: non-service units of the system service manager are now run with KeyringMode=shared. This appears to be the more appropriate choice as isolation is not as desirable for mount tools, which regularly consume key material. After all mounts are a shared resource themselves as they appear system-wide hence it makes a lot of sense to share their key material too. Fixes: #8159
* seccomp: allow x86-64 syscalls on x32, used by the VDSO (fix #8060)Alan Jenkins2018-02-021-5/+7
| | | | | | | | | | The VDSO provided by the kernel for x32, uses x86-64 syscalls instead of x32 ones. I think we can safely allow this; the set of x86-64 syscalls should be very similar to the x32 ones. The real point is not to allow *x86* syscalls, because some of those are inconveniently multiplexed and we're apparently not able to block the specific actions we want to.
* man: systemd.exec: cleanup "only X will be permitted" ... "but X=X+1"Alan Jenkins2018-01-311-9/+9
| | | | | | | | | | | | | | > Only system calls of the *specified* architectures will be permitted to > processes of this unit. (my emphasis) > Note that setting this option to a non-empty list implies that > native is included too. Attempting to use "implies" in the later sentence, in a way that contradicts the very clear meaning of the earlier sentence... it's too much.
* man: note that `systemctl show` does not overridden valueYu Watanabe2017-12-191-3/+4
| | | | Fixes #7694.
* man: LockPersonality= implies NoNewPrivileges=Yu Watanabe2017-12-191-1/+2
|
* man: "systemd" is to be written in all lower-case, even at beginnings of ↵Lennart Poettering2017-12-131-1/+1
| | | | | | sentences This very important commit is very important.
* man: fix typoYu Watanabe2017-12-051-1/+1
|
* man: fix typo (#7511)Yu Watanabe2017-11-301-1/+1
|
* man: reorder/add sections to systemd.exec(5) (#7412)Lennart Poettering2017-11-231-1103/+1086
| | | | | | | | | | | | The long long list of settings is getting too confusing, let's add some sections and reorder things in them. This makes no changes regarding contents, it only reorders things, sometimes reindents them, and adds sections that made sense to me to some degree. Within each sections the settings are ordered by relevance (at least according to how relevant I personally find them), and not alphabetically.
* Merge pull request #7198 from poettering/stdin-stdoutLennart Poettering2017-11-191-149/+154
|\ | | | | Add StandardInput=data, StandardInput=file:... and more
| * man: document all the new options we acquiredLennart Poettering2017-11-171-149/+154
| |
* | Add SPDX license identifiers to man pagesZbigniew Jędrzejewski-Szmek2017-11-191-0/+2
| |
* | man: add link to kernel docs about no_new_privsZbigniew Jędrzejewski-Szmek2017-11-191-1/+5
|/
* man: document LogFieldMax= and LogExtraFields=Lennart Poettering2017-11-161-0/+35
|
* man: update SyslogXYZ= documentation a bitLennart Poettering2017-11-161-61/+41
| | | | | | Let's clarify that these settings only apply to stdout/stderr logging. Always mention the journal before syslog (as the latter is in most ways just a legacy alias these days). Always mention the +console cases too.
* man: fix wrong tag (#7358)Yu Watanabe2017-11-161-3/+3
|
* man: document > /dev/stderr pitfalls (#7317)Lennart Poettering2017-11-141-2/+7
| | | | Fixes: #7254 See: #2473
* shared/seccomp: disallow pkey_mprotect the same as mprotect for W^X mappings ↵Zbigniew Jędrzejewski-Szmek2017-11-121-2/+3
| | | | | | | | | | | | | | (#7295) MemoryDenyWriteExecution policy could be be bypassed by using pkey_mprotect instead of mprotect to create an executable writable mapping. The impact is mitigated by the fact that the man page says "Note that this feature is fully available on x86-64, and partially on x86", so hopefully people do not rely on it as a sole security measure. Found by Karin Hossen and Thomas Imbert from Sogeti ESEC R&D. https://bugs.launchpad.net/bugs/1725348
* core: allow to specify errno number in SystemCallErrorNumber=Yu Watanabe2017-11-111-9/+5
|
* core: add support to specify errno in SystemCallFilter=Yu Watanabe2017-11-111-1/+6
| | | | | | | | | This makes each system call in SystemCallFilter= blacklist optionally takes errno name or number after a colon. The errno takes precedence over the one given by SystemCallErrorNumber=. C.f. #7173. Closes #7169.
View Lorry Controller Status