picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

tree-wide: fixes for assorted grammar and spelling issues 

Fixes #16363. Also includes some changes where I generalized the pattern.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2020-07-06 10:49:59 +02:00
parent 3da49ad55a
commit e9dd698407
65 changed files with 456 additions and 464 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
man/coredumpctl.xml
View File

@ -52,8 +52,8 @@
matching specified characteristics. If no command is
specified, this is the implied default.</para>
<para>The output is designed to be human readable and contains list contains
a table with the following columns:</para>
<para>The output is designed to be human readable and contains a table with the following
columns:</para>
<variablelist>
<varlistentry>
<term>TIME</term>

11
man/crypttab.xml
View File

@ -255,6 +255,7 @@
<listitem><para>Perform encryption using the same cpu that IO was submitted on. The default is to use
an unbound workqueue so that encryption work is automatically balanced between available CPUs.</para>
<para>This requires kernel 4.0 or newer.</para>
</listitem>
</varlistentry>
@ -263,9 +264,10 @@
<term><option>submit-from-crypt-cpus</option></term>
<listitem><para>Disable offloading writes to a separate thread after encryption. There are some
situations where offloading write bios from the encryption threads to a single thread degrades
performance significantly. The default is to offload write bios to the same thread because it benefits
CFQ to have writes submitted using the same context.</para>
situations where offloading write requests from the encryption threads to a dedicated thread degrades
performance significantly. The default is to offload write requests to a dedicated thread because it
benefits the CFQ scheduler to have writes submitted using the same context.</para>
<para>This requires kernel 4.0 or newer.</para>
</listitem>
</varlistentry>
@ -512,7 +514,8 @@ external /dev/sda3 keyfile:LABEL=keydev keyfile-timeout=10s</programlist
<para>The PKCS#11 logic allows hooking up any compatible security token that is capable of storing RSA
decryption keys. Here's an example how to set up a Yubikey security token for this purpose, using
<command>ykman</command> from the yubikey-manager project:</para>
<citerefentry project='debian'><refentrytitle>ykmap</refentrytitle><manvolnum>1</manvolnum></citerefentry>
from the yubikey-manager project:</para>
<programlisting><xi:include href="yubikey-crypttab.sh" parse="text" /></programlisting>

2
man/file-hierarchy.xml
View File

@ -648,7 +648,7 @@
<filename>/usr/share/</filename> hierarchy to the locations
defined by the various relevant specifications.</para>
<para>During runtime, and for local configuration and state,
<para>During runtime, and for local configuration and runtime state,
additional directories are defined:</para>
<table>

57
man/homectl.xml
View File

@ -119,9 +119,9 @@
<term><option>--identity=</option><replaceable>FILE</replaceable></term>
<listitem><para>Read the user's JSON record from the specified file. If passed as
<literal>-</literal> reads the user record from standard input. The supplied JSON object must follow
the structure documented on <ulink url="https://systemd.io/USER_RECORDS">JSON User
Records</ulink>. This option may be used in conjunction with the <command>create</command> and
<literal>-</literal> read the user record from standard input. The supplied JSON object must follow
the structure documented on <ulink url="https://systemd.io/USER_RECORD">JSON User Records</ulink>.
This option may be used in conjunction with the <command>create</command> and
<command>update</command> commands (see below), where it allows configuring the user record in JSON
as-is, instead of setting the individual user record properties (see below).</para></listitem>
</varlistentry>
@ -247,10 +247,9 @@
different system and the configured UID is taken by another user there, then
<command>systemd-homed</command> may assign the user a different UID on that system. The specified
UID must be outside of the system user range. It is recommended to use the 60001…60513 UID range for
this purpose. If not specified the UID is automatically picked. When logging in and the home
directory is found to be owned by a UID not matching the user's assigned one the home directory and
all files and directories inside it will have their ownership changed automatically before login
completes.</para>
this purpose. If not specified, the UID is automatically picked. If the home directory is found to be
owned by a different UID when logging in, the home directory and everything underneath it will have
its ownership changed automatically before login completes.</para>
<para>Note that users managed by <command>systemd-homed</command> always have a matching group
associated with the same name as well as a GID matching the UID of the user. Thus, configuring the
@ -266,19 +265,19 @@
privileges. Note that <command>systemd-homed</command> does not manage any groups besides a group
matching the user in name and numeric UID/GID. Thus any groups listed here must be registered
independently, for example with <citerefentry
project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. If
non-existent groups that are listed there are ignored. This option may be used more than once, in
which case all specified group lists are combined. If the user is currently a member of a group
which is not listed, the user will be removed from the group.</para></listitem>
project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
Any non-existent groups are ignored. This option may be used more than once, in which case all
specified group lists are combined. If the user is currently a member of a group which is not listed,
the user will be removed from the group.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--skel=</option><replaceable>PATH</replaceable></term>
<listitem><para>Takes a file system path to a directory. Specifies the skeleton directory to
initialize the home directory with. All files and directories in the specified are copied into any
newly create home directory. If not specified defaults to
<filename>/etc/skel/</filename>.</para></listitem>
initialize the home directory with. All files and directories in the specified path are copied into
any newly create home directory. If not specified defaults to <filename>/etc/skel/</filename>.
</para></listitem>
</varlistentry>
<varlistentry>
@ -313,7 +312,7 @@
<listitem><para>Takes a specifier indicating the preferred language of the user. The
<varname>$LANG</varname> environment variable is initialized from this value on login, and thus a
value suitable for this environment variable is accepted here, for example
<option>--language=de_DE.UTF8</option></para></listitem>
<option>--language=de_DE.UTF8</option>.</para></listitem>
</varlistentry>
<varlistentry>
@ -331,8 +330,8 @@
security token with exactly one pair of X.509 certificate and private key. A random secret key is
then generated, encrypted with the public key of the X.509 certificate, and stored as part of the
user record. At login time it is decrypted with the PKCS#11 module and then used to unlock the
account and associated resources. See below for an example how to set up authentication with security
token.</para>
account and associated resources. See below for an example how to set up authentication with a
security token.</para>
<para>Instead of a valid PKCS#11 URI, the special strings <literal>list</literal> and
<literal>auto</literal> may be specified. If <literal>list</literal> is passed, a brief table of
@ -439,19 +438,19 @@
<listitem><para>Each of these options takes a time span specification as argument (in the syntax
documented in
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and
configure various aspects of the user's password expiration policy. Specifically,
configures various aspects of the user's password expiration policy. Specifically,
<option>--password-change-min=</option> configures how much time has to pass after changing the
password of the user until the password may be changed again. If the user tries to change their
password before this time passes the attempt is refused. <option>--password-change-max=</option>
configures how much time has to pass after the password is changed until the password expires and
needs to be changed again. After this time passes any attempts to log in may only proceed after the
password is changed. <option>--password-change-warn=</option> specifies how much earlier than then
the time configured with <option>--password-change-max=</option> the user is warned at login to
change their password as it will expire soon. Finally <option>--password-change-inactive=</option>
configures the time which has to pass after the password as expired until the user is not permitted
to log in or change the password anymore. Note that these options only apply to password
authentication, and do not apply to other forms of authentication, for example PKCS#11-based security
token authentication.</para></listitem>
configures how soon after it has been changed the password expires and needs to be changed again.
After this time passes logging in may only proceed after the password is changed.
<option>--password-change-warn=</option> specifies how much earlier than then the time configured
with <option>--password-change-max=</option> the user is warned at login to change their password as
it will expire soon. Finally <option>--password-change-inactive=</option> configures the time which
has to pass after the password as expired until the user is not permitted to log in or change the
password anymore. Note that these options only apply to password authentication, and do not apply to
other forms of authentication, for example PKCS#11-based security token
authentication.</para></listitem>
</varlistentry>
<varlistentry>
@ -695,8 +694,8 @@
<para>Activation of a home directory involves various operations that depend on the selected storage
mechanism. If the LUKS2 mechanism is used, this generally involves: inquiring the user for a
password, setting up a loopback device, validating and activating the LUKS2 volume, checking the file
system, mounting the file system, and potentiatlly changing the ownership of all included files to
the correct UID/GID.</para></listitem>
system, mounting the file system, and potentially changing the ownership of all included files to the
correct UID/GID.</para></listitem>
</varlistentry>
<varlistentry>

12
man/journalctl.xml
View File

@ -555,7 +555,7 @@
is also added for <literal>_SYSTEMD_SLICE=<replaceable>UNIT</replaceable></literal>,
such that if the provided <replaceable>UNIT</replaceable> is a
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
unit, all logs of the children of the slice will be logged.
unit, all logs of children of the slice will be shown.
</para>
<para>This parameter can be specified multiple times.</para>
@ -574,7 +574,7 @@
is also added for <literal>_SYSTEMD_USER_SLICE=<replaceable>UNIT</replaceable></literal>,
such that if the provided <replaceable>UNIT</replaceable> is a
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
unit, all logs of the children of the unit will be logged.</para>
unit, all logs of children of the unit will be shown.</para>
<para>This parameter can be specified multiple times.</para>
</listitem>
@ -761,8 +761,8 @@
underneath the specified directory instead of the root
directory (e.g. <option>--update-catalog</option> will create
<filename><replaceable>ROOT</replaceable>/var/lib/systemd/catalog/database</filename>,
and journal files under <filename><replaceable>ROOT</replaceable>/run/journal</filename>
or <filename><replaceable>ROOT</replaceable>/var/log/journal</filename> will be displayed).
and journal files under <filename><replaceable>ROOT</replaceable>/run/journal/</filename>
or <filename><replaceable>ROOT</replaceable>/var/log/journal/</filename> will be displayed).
</para></listitem>
</varlistentry>
@ -929,10 +929,10 @@
<filename>/run/log/journal/</filename> into <filename>/var/log/journal/</filename>, if persistent
storage is enabled. This call does not return until the operation is complete. Note that this call is
idempotent: the data is only flushed from <filename>/run/log/journal/</filename> into
<filename>/var/log/journal</filename> once during system runtime (but see
<filename>/var/log/journal/</filename> once during system runtime (but see
<option>--relinquish-var</option> below), and this command exits cleanly without executing any
operation if this has already happened. This command effectively guarantees that all data is flushed
to <filename>/var/log/journal</filename> at the time it returns.</para></listitem>
to <filename>/var/log/journal/</filename> at the time it returns.</para></listitem>
</varlistentry>
<varlistentry>

4
man/kernel-install.xml
View File

@ -36,7 +36,7 @@
<title>Description</title>
<para><command>kernel-install</command> is used to install and remove kernel and initramfs images to and
from the boot loader partition, referred to as <varname>$BOOT</varname> here. It will usually be one of
<filename>/boot</filename>, <filename>/efi</filename>, or <filename>/boot/efi</filename>, see below.
<filename>/boot/</filename>, <filename>/efi/</filename>, or <filename>/boot/efi/</filename>, see below.
</para>
<para><command>kernel-install</command> will execute the files
@ -137,7 +137,7 @@
<para>The partition where the kernels and <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot
Loader Specification</ulink> snippets are located is called <varname>$BOOT</varname>.
<command>kernel-install</command> determines the location of this partition by checking
<filename>/efi/</filename>, <filename>/boot/</filename>, and <filename>/boot/efi</filename>
<filename>/efi/</filename>, <filename>/boot/</filename>, and <filename>/boot/efi/</filename>
in turn. The first location where <filename>$BOOT/loader/entries/</filename> or
<filename>$BOOT/$MACHINE_ID/</filename> exists is used.</para>
</refsect1>

2
man/logind.conf.xml
View File

@ -277,7 +277,7 @@
<varlistentry>
<term><varname>HoldoffTimeoutSec=</varname></term>
<listitem><para>Specifies the timeout after system startup or
<listitem><para>Specifies a period of time after system startup or
system resume in which systemd will hold off on reacting to
lid events. This is required for the system to properly
detect any hotplugged devices so systemd can ignore lid events

2
man/machine-id.xml
View File

@ -39,7 +39,7 @@
<para>The machine ID may be set, for example when network booting, with the
<varname>systemd.machine_id=</varname> kernel command line parameter or by passing the
option <option>--machine-id=</option> to systemd. An ID is specified in this manner
option <option>--machine-id=</option> to systemd. An ID specified in this manner
has higher priority and will be used instead of the ID stored in
<filename>/etc/machine-id</filename>.</para>

2
man/machinectl.xml
View File

@ -320,7 +320,7 @@
<listitem><para>Copies files or directories from a container
into the host system. Takes a container name, followed by the
source path in the container the destination path on the host.
source path in the container and the destination path on the host.
If the destination path is omitted, the same as the source path
is used.</para>

3
man/nss-myhostname.xml
View File

@ -18,8 +18,7 @@
<refnamediv>
<refname>nss-myhostname</refname>
<refname>libnss_myhostname.so.2</refname>
<refpurpose>Provide hostname resolution for the locally
configured system hostname.</refpurpose>
<refpurpose>Hostname resolution for the locally configured system hostname</refpurpose>
</refnamediv>
<refsynopsisdiv>

3
man/nss-mymachines.xml
View File

@ -18,8 +18,7 @@
<refnamediv>
<refname>nss-mymachines</refname>
<refname>libnss_mymachines.so.2</refname>
<refpurpose>Provide hostname resolution for local
container instances.</refpurpose>
<refpurpose>Hostname resolution for local container instances</refpurpose>
</refnamediv>
<refsynopsisdiv>

2
man/nss-resolve.xml
View File

@ -18,7 +18,7 @@
<refnamediv>
<refname>nss-resolve</refname>
<refname>libnss_resolve.so.2</refname>
<refpurpose>Provide hostname resolution via <filename>systemd-resolved.service</filename></refpurpose>
<refpurpose>Hostname resolution via <filename>systemd-resolved.service</filename></refpurpose>
</refnamediv>
<refsynopsisdiv>

2
man/nss-systemd.xml
View File

@ -18,7 +18,7 @@
<refnamediv>
<refname>nss-systemd</refname>
<refname>libnss_systemd.so.2</refname>
<refpurpose>Provide UNIX user and group name resolution for user/group lookup via Varlink</refpurpose>
<refpurpose>UNIX user and group name resolution for user/group lookup via Varlink</refpurpose>
</refnamediv>
<refsynopsisdiv>

2
man/pam_systemd.xml
View File

@ -153,7 +153,7 @@
hence be used to uniquely label files or other resources of this session. Combine this ID with the boot
identifier, as returned by
<citerefentry><refentrytitle>sd_id128_get_boot</refentrytitle><manvolnum>3</manvolnum></citerefentry>, for a
globally unique identifier for the current session.</para></listitem>
globally unique identifier.</para></listitem>
</varlistentry>
<varlistentry>

4
man/portablectl.xml
View File

@ -118,7 +118,7 @@
<para>By default all unit files whose names start with a prefix generated from the image's file name are copied
out. Specifically, the prefix is determined from the image file name with any suffix such as
<filename>.raw</filename> removed, truncated at the first occurrence of and underscore character
<filename>.raw</filename> removed, truncated at the first occurrence of an underscore character
(<literal>_</literal>), if there is one. The underscore logic is supposed to be used to versioning so that the
an image file <filename>foobar_47.11.raw</filename> will result in a unit file matching prefix of
<filename>foobar</filename>. This prefix is then compared with all unit files names contained in the image in
@ -403,7 +403,7 @@
</tgroup>
</table>
<para>For details on this profiles, and their effects please have a look at their precise definitions,
<para>For details on these profiles and their effects see their precise definitions,
e.g. <filename>/usr/lib/systemd/portable/profile/default/service.conf</filename> and similar.</para>
</refsect1>

2
man/pstore.conf.xml
View File

@ -82,7 +82,7 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>

2
man/sd_bus_enqueue_for_read.xml
View File

@ -19,7 +19,7 @@
<refnamediv>
<refname>sd_bus_enqueue_for_read</refname>
<refpurpose>Re-enqueue a bus message on a bus connection, for reading.</refpurpose>
<refpurpose>Re-enqueue a bus message on a bus connection, for reading</refpurpose>
</refnamediv>
<refsynopsisdiv>

2
man/sd_bus_is_open.xml
View File

@ -20,7 +20,7 @@
<refname>sd_bus_is_open</refname>
<refname>sd_bus_is_ready</refname>
<refpurpose>Check whether the a bus connection is open or ready.</refpurpose>
<refpurpose>Check whether the bus connection is open or ready</refpurpose>
</refnamediv>
<refsynopsisdiv>

2
man/sd_bus_message_new_method_error.xml
View File

@ -22,7 +22,7 @@
<refname>sd_bus_message_new_method_errno</refname>
<refname>sd_bus_message_new_method_errnof</refname>
<refpurpose>Create a an error reply for a method call</refpurpose>
<refpurpose>Create an error reply for a method call</refpurpose>
</refnamediv>
<refsynopsisdiv>

2
man/sd_bus_set_connected_signal.xml
View File

@ -20,7 +20,7 @@
<refname>sd_bus_set_connected_signal</refname>
<refname>sd_bus_get_connected_signal</refname>
<refpurpose>Control emmission of local connection establishment signal on bus connections</refpurpose>
<refpurpose>Control emission of local connection establishment signal on bus connections</refpurpose>
</refnamediv>
<refsynopsisdiv>

2
man/sd_bus_slot_set_destroy_callback.xml
View File

@ -23,7 +23,7 @@
<refname>sd_bus_track_get_destroy_callback</refname>
<refname>sd_bus_destroy_t</refname>
<refpurpose>Define the callback function for resource cleanup.</refpurpose>
<refpurpose>Define the callback function for resource cleanup</refpurpose>
</refnamediv>
<refsynopsisdiv>

2
man/sd_bus_slot_set_floating.xml
View File

@ -19,7 +19,7 @@
<refname>sd_bus_slot_set_floating</refname>
<refname>sd_bus_slot_get_floating</refname>
<refpurpose>Control whether a bus slot object is "floating".</refpurpose>
<refpurpose>Control whether a bus slot object is "floating"</refpurpose>
</refnamediv>
<refsynopsisdiv>

2
man/sd_event_source_set_destroy_callback.xml
View File

@ -21,7 +21,7 @@
<refname>sd_event_source_get_destroy_callback</refname>
<refname>sd_event_destroy_t</refname>
<refpurpose>Define the callback function for resource cleanup.</refpurpose>
<refpurpose>Define the callback function for resource cleanup</refpurpose>
</refnamediv>
<refsynopsisdiv>

2
man/sd_journal_has_runtime_files.xml
View File

@ -21,7 +21,7 @@
<refnamediv>
<refname>sd_journal_has_runtime_files</refname>
<refname>sd_journal_has_persistent_files</refname>
<refpurpose>Query availability of runtime or persistent journal files.</refpurpose>
<refpurpose>Query availability of runtime or persistent journal files</refpurpose>
</refnamediv>
<refsynopsisdiv>

2
man/sd_machine_get_class.xml
View File

@ -19,7 +19,7 @@
<refname>sd_machine_get_class</refname>
<refname>sd_machine_get_ifindices</refname>
<refpurpose>Determine the class and network interface indices of a
locally running virtual machine or container.</refpurpose>
locally running virtual machine or container</refpurpose>
</refnamediv>
<refsynopsisdiv>

2
man/sd_pid_get_owner_uid.xml
View File

@ -35,7 +35,7 @@
<refname>sd_peer_get_cgroup</refname>
<refpurpose>Determine the owner uid of the user unit or session,
or the session, user unit, system unit, container/VM or slice that
a specific PID or socket peer belongs to.</refpurpose>
a specific PID or socket peer belongs to</refpurpose>
</refnamediv>
<refsynopsisdiv>

10
man/sysctl.d.xml
View File

@ -70,11 +70,11 @@ key.pattern.overridden.with.glob = custom
followed by <literal>=</literal>, see SYNOPSIS.</para>
<para>Any access permission errors and attempts to write variables not present on the local system are
logged, but do not cause the service to fail. Debug log level is used, which means that the message will
not show up at all by default. Moreover, if a variable assignment is prefixed with a single
<literal>-</literal> character, any failure to set the variable will be logged at debug level, but will
not cause the service to fail. All other errors when setting variables are logged with higher priority
and cause the service to return failure at the end (other variables are still processed).</para>
logged at debug level and do not cause the service to fail. Moreover, if a variable assignment is
prefixed with a single <literal>-</literal> character, failure to set the variable for other reasons will
be logged at debug level and will not cause the service to fail. In other cases, errors when setting
variables are logged with higher priority and cause the service to return failure at the end (after
processing other variables).</para>
<para>The settings configured with <filename>sysctl.d</filename> files will be applied early on boot. The
network interface-specific options will also be applied individually for each network interface as it

4
man/systemctl.xml
View File

@ -412,7 +412,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<para>The "Loaded:" line in the output will show <literal>loaded</literal> if the unit has been loaded into
memory. Other possible values for "Loaded:" include: <literal>error</literal> if there was a problem
loading it, <literal>not-found</literal> if not unit file was found for this unit,
loading it, <literal>not-found</literal> if no unit file was found for this unit,
<literal>bad-setting</literal> if an essential unit file setting could not be parsed and
<literal>masked</literal> if the unit file has been masked. Along with showing the path to the unit file,
this line will also show the enablement state. Enabled commands start at boot. See the full table of
@ -773,7 +773,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
</row>
<row>
<entry><literal>indirect</literal></entry>
<entry>The unit file itself is not enabled, but it has a non-empty <varname>Also=</varname> setting in the <literal>[Install]</literal> unit file section, listing other unit files that might be enabled, or it has an alias under a different name through a symlink that is not specified in <varname>Also=</varname>. For template unit file, an instance different than the one specified in <varname>DefaultInstance=</varname> is enabled.</entry>
<entry>The unit file itself is not enabled, but it has a non-empty <varname>Also=</varname> setting in the <literal>[Install]</literal> unit file section, listing other unit files that might be enabled, or it has an alias under a different name through a symlink that is not specified in <varname>Also=</varname>. For template unit files, an instance different than the one specified in <varname>DefaultInstance=</varname> is enabled.</entry>
<entry>0</entry>
</row>
<row>

10
man/systemd-analyze.xml
View File

@ -509,9 +509,9 @@ NAutoVTs=8
<para>This command will load unit files and print warnings if any errors are detected. Files specified
on the command line will be loaded, but also any other units referenced by them. The full unit search
path is formed by combining the directories for all command line arguments, and the usual unit load
paths (variable <varname>$SYSTEMD_UNIT_PATH</varname> is supported, and may be used to replace or
paths. The variable <varname>$SYSTEMD_UNIT_PATH</varname> is supported, and may be used to replace or
augment the compiled in set of unit load paths; see
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>). All
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. All
units files present in the directories containing the command line arguments will be used in preference
to the other paths.</para>
@ -700,9 +700,9 @@ Service b@0.service not loaded, b.socket cannot be started.
<varlistentry>
<term><option>--man=no</option></term>
<listitem><para>Do not invoke man to verify the existence of
man pages listed in <varname>Documentation=</varname>.
</para></listitem>
<listitem><para>Do not invoke
<citerefentry project='man-pages'><refentrytitle>man</refentrytitle><manvolnum>1</manvolnum></citerefentry>
to verify the existence of man pages listed in <varname>Documentation=</varname>.</para></listitem>
</varlistentry>
<varlistentry>

2
man/systemd-bless-boot-generator.xml
View File

@ -17,7 +17,7 @@
<refnamediv>
<refname>systemd-bless-boot-generator</refname>
<refpurpose>Pull <filename>systemd-bless-boot.service</filename> into the initial boot transaction when boot counting is in effect.</refpurpose>
<refpurpose>Pull <filename>systemd-bless-boot.service</filename> into the initial boot transaction when boot counting is in effect</refpurpose>
</refnamediv>
<refsynopsisdiv>

10
man/systemd-boot.xml
View File

@ -91,7 +91,7 @@
<listitem><para>The boot manager optionally reads a random seed from the ESP partition, combines it
with a 'system token' stored in a persistent EFI variable and derives a random seed to use by the OS as
entropy pool initializaton, providing a full entropy pool during early boot.</para></listitem>
entropy pool initialization, providing a full entropy pool during early boot.</para></listitem>
</itemizedlist>
<para><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
@ -313,7 +313,7 @@
is maintained persistently, while <varname>LoaderConfigTimeoutOneShot</varname> is a one-time override which is
read once (in which case it takes precedence over <varname>LoaderConfigTimeout</varname>) and then
removed. <varname>LoaderConfigTimeout</varname> may be manipulated with the
<keycap>t</keycap>/<keycap>T</keycap> keys, see above.)</para></listitem>
<keycap>t</keycap>/<keycap>T</keycap> keys, see above.</para></listitem>
</varlistentry>
<varlistentry>
@ -422,9 +422,9 @@
<varlistentry>
<term><varname>LoaderSystemToken</varname></term>
<listitem><para>A binary random data field, that is used for generating the random see to pass to the
OS (see above). Note that this random data is generally only generated once, during OS installation,
and is then never updated again.</para></listitem>
<listitem><para>A binary random data field, that is used for generating the random seed to pass to
the OS (see above). Note that this random data is generally only generated once, during OS
installation, and is then never updated again.</para></listitem>
</varlistentry>
</variablelist>

2
man/systemd-gpt-auto-generator.xml
View File

@ -19,7 +19,7 @@
<refname>systemd-gpt-auto-generator</refname>
<refpurpose>Generator for automatically discovering and mounting root, <filename>/home/</filename>,
<filename>/srv/</filename>, <filename>/var/</filename> and <filename>/var/tmp/</filename> partitions, as
well as discovering and enabling swap partitions, based on GPT partition type GUIDs.</refpurpose>
well as discovering and enabling swap partitions, based on GPT partition type GUIDs</refpurpose>
</refnamediv>
<refsynopsisdiv>

6
man/systemd-journal-gatewayd.service.xml
View File

@ -217,9 +217,9 @@
</para>
<para>where
<option>cursor</option> is a cursor string,
<option>num_skip</option> is an integer,
<option>num_entries</option> is an unsigned integer.
<replaceable>cursor</replaceable> is a cursor string,
<replaceable>num_skip</replaceable> is an integer,
<replaceable>num_entries</replaceable> is an unsigned integer.
</para>
<para>Range defaults to all available events.</para>

2
man/systemd-journal-upload.service.xml
View File

@ -267,7 +267,7 @@ openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
those files can be specified using
<varname>TrustedCertificateFile=</varname>,
<varname>ServerCertificateFile=</varname>,
<varname>ServerKeyFile=</varname>, in
and <varname>ServerKeyFile=</varname> in
<filename>/etc/systemd/journal-remote.conf</filename> and
<filename>/etc/systemd/journal-upload.conf</filename>,
respectively. The default locations can be queried by using

2
man/systemd-logind.service.xml
View File

@ -103,7 +103,7 @@
<citerefentry><refentrytitle>systemd-user-sessions.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd-login</refentrytitle><manvolnum>3</manvolnum></citerefentry>
</para>
</refsect1>

23
man/systemd-mount.xml
View File

@ -50,10 +50,11 @@
<replaceable>WHERE</replaceable>.</para>
<para>In many ways, <command>systemd-mount</command> is similar to the lower-level
<citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> command, however instead
of executing the mount operation directly and immediately, <command>systemd-mount</command> schedules it through
the service manager job queue, so that it may pull in further dependencies (such as parent mounts, or a file system
checker to execute a priori), and may make use of the auto-mounting logic.</para>
<citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry>
command, however instead of executing the mount operation directly and immediately,
<command>systemd-mount</command> schedules it through the service manager job queue, so that it may pull
in further dependencies (such as parent mounts, or a file system checker to execute a priori), and may
make use of the auto-mounting logic.</para>
<para>The command takes either one or two arguments. If only one argument is specified it should refer to
a block device or regular file containing a file system (e.g. <literal>/dev/sdb1</literal> or
@ -61,15 +62,15 @@
label and other metadata, and is mounted to a directory below <filename>/run/media/system/</filename>
whose name is generated from the file system label. In this mode the block device or image file must
exist at the time of invocation of the command, so that it may be probed. If the device is found to be a
removable block device (e.g. a USB stick) an automount point instead of a regular mount point is created
removable block device (e.g. a USB stick), an automount point is created instead of a regular mount point
(i.e. the <option>--automount=</option> option is implied, see below).</para>
<para>If two arguments are specified the first indicates the mount source (the <replaceable>WHAT</replaceable>) and
the second indicates the path to mount it on (the <replaceable>WHERE</replaceable>). In this mode no probing of the
source is attempted, and a backing device node doesn't have to exist yet. However, if this mode is combined with
<option>--discover</option>, device node probing for additional metadata is enabled, and much like in the
single-argument case discussed above the specified device has to exist at the time of invocation of the
command.</para>
<para>If two arguments are specified, the first indicates the mount source (the
<replaceable>WHAT</replaceable>) and the second indicates the path to mount it on (the
<replaceable>WHERE</replaceable>). In this mode no probing of the source is attempted, and a backing
device node doesn't have to exist. However, if this mode is combined with <option>--discover</option>,
device node probing for additional metadata is enabled, and much like in the single-argument case
discussed above the specified device has to exist at the time of invocation of the command.</para>
<para>Use the <option>--list</option> command to show a terse table of all local, known block devices with file
systems that may be mounted with this command.</para>

46
man/systemd-nspawn.xml
View File

@ -531,11 +531,9 @@
<term><option>-u</option></term>
<term><option>--user=</option></term>
<listitem><para>After transitioning into the container, change
to the specified user-defined in the container's user
database. Like all other systemd-nspawn features, this is not
a security feature and provides protection against accidental
destructive operations only.</para></listitem>
<listitem><para>After transitioning into the container, change to the specified user defined in the
container's user database. Like all other systemd-nspawn features, this is not a security feature and
provides protection against accidental destructive operations only.</para></listitem>
</varlistentry>
<varlistentry>
@ -1167,10 +1165,9 @@
<para>Finally, if set to <literal>auto</literal> the file is left as it is if private networking is
turned on (see <option>--private-network</option>). Otherwise, if
<filename>systemd-resolved.service</filename> is connectible its stub
<filename>resolv.conf</filename> file is used, and if not the host's
<filename>/etc/resolv.conf</filename> file is used. In the latter cases the file is copied if the
image is writable, and bind mounted otherwise.</para>
<filename>systemd-resolved.service</filename> is running its stub <filename>resolv.conf</filename>
file is used, and if not the host's <filename>/etc/resolv.conf</filename> file. In the latter cases
the file is copied if the image is writable, and bind mounted otherwise.</para>
<para>It's recommended to use <literal>copy-…</literal> or <literal>replace-…</literal> if the
container shall be able to make changes to the DNS configuration on its own, deviating from the
@ -1186,19 +1183,20 @@
<varlistentry>
<term><option>--timezone=</option></term>
<listitem><para>Configures how <filename>/etc/localtime</filename> inside of the container (i.e. local timezone
synchronization from host to container) shall be handled. Takes one of <literal>off</literal>,
<literal>copy</literal>, <literal>bind</literal>, <literal>symlink</literal>, <literal>delete</literal> or
<literal>auto</literal>. If set to <literal>off</literal> the <filename>/etc/localtime</filename> file in the
container is left as it is included in the image, and neither modified nor bind mounted over. If set to
<literal>copy</literal> the <filename>/etc/localtime</filename> file of the host is copied into the
container. Similar, if <literal>bind</literal> is used, it is bind mounted from the host into the container. If
set to <literal>symlink</literal> a symlink from <filename>/etc/localtime</filename> in the container is
created pointing to the matching the timezone file of the container that matches the timezone setting on the
host. If set to <literal>delete</literal> the file in the container is deleted, should it exist. If set to
<literal>auto</literal> and the <filename>/etc/localtime</filename> file of the host is a symlink, then
<literal>symlink</literal> mode is used, and <literal>copy</literal> otherwise, except if the image is
read-only in which case <literal>bind</literal> is used instead. Defaults to
<listitem><para>Configures how <filename>/etc/localtime</filename> inside of the container
(i.e. local timezone synchronization from host to container) shall be handled. Takes one of
<literal>off</literal>, <literal>copy</literal>, <literal>bind</literal>, <literal>symlink</literal>,
<literal>delete</literal> or <literal>auto</literal>. If set to <literal>off</literal> the
<filename>/etc/localtime</filename> file in the container is left as it is included in the image, and
neither modified nor bind mounted over. If set to <literal>copy</literal> the
<filename>/etc/localtime</filename> file of the host is copied into the container. Similarly, if
<literal>bind</literal> is used, the file is bind mounted from the host into the container. If set to
<literal>symlink</literal>, a symlink is created pointing from <filename>/etc/localtime</filename> in
the container to the timezone file in the container that matches the timezone setting on the host. If
set to <literal>delete</literal>, the file in the container is deleted, should it exist. If set to
<literal>auto</literal> and the <filename>/etc/localtime</filename> file of the host is a symlink,
then <literal>symlink</literal> mode is used, and <literal>copy</literal> otherwise, except if the
image is read-only in which case <literal>bind</literal> is used instead. Defaults to
<literal>auto</literal>.</para></listitem>
</varlistentry>
@ -1441,7 +1439,7 @@
<para>This installs a minimal Fedora distribution into the
directory <filename index="false">/var/lib/machines/f&fedora_latest_version;</filename>
and then boots an OS in a namespace container in it. Because the installation
and then boots that OS in a namespace container. Because the installation
is located underneath the standard <filename>/var/lib/machines/</filename>
directory, it is also possible to start the machine using
<command>systemd-nspawn -M f&fedora_latest_version;</command>.</para>
@ -1455,7 +1453,7 @@
<para>This installs a minimal Debian unstable distribution into
the directory <filename>~/debian-tree/</filename> and then
spawns a shell in a namespace container in it.</para>
spawns a shell from this image in a namespace container.</para>
<para><command>debootstrap</command> supports
<ulink url="https://www.debian.org">Debian</ulink>,

2
man/systemd-random-seed.service.xml
View File

@ -44,7 +44,7 @@
<citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, with
its <command>bootctl random-seed</command> functionality.</para>
<para>When loading the random seed from disk its file is immediately updated with a new seed retrieved
<para>When loading the random seed from disk, the file is immediately updated with a new seed retrieved
from the kernel, in order to ensure no two boots operate with the same random seed. This new seed is
retrieved synchronously from the kernel, which means the service will not complete start-up until the
random pool is fully initialized. On entropy-starved systems this may take a while. This functionality is

19
man/systemd-repart.xml
View File

@ -57,9 +57,10 @@
available but not yet used. Specifically the following use cases are among those covered:</para>
<itemizedlist>
<listitem><para>The root partition may be grown to cover the whole available disk space</para></listitem>
<listitem><para>A <filename>/home/</filename>, swap or <filename>/srv/</filename> partition can be added in</para></listitem>
<listitem><para>A second (or third, …) root partition may be added in, to cover A/B style setups
<listitem><para>The root partition may be grown to cover the whole available disk space.</para></listitem>
<listitem><para>A <filename>/home/</filename>, swap or <filename>/srv/</filename> partition can be
added.</para></listitem>
<listitem><para>A second (or third, …) root partition may be added, to cover A/B style setups
where a second version of the root file system is alternatingly used for implementing update
schemes. The deployed image would carry only a single partition ("A") but on first boot a second
partition ("B") for this purpose is automatically created.</para></listitem>
@ -69,7 +70,7 @@
<orderedlist>
<listitem><para>The <filename>repart.d/*.conf</filename> configuration files are loaded and parsed,
and ordered by filename (without the directory suffix). </para></listitem>
and ordered by filename (without the directory prefix).</para></listitem>
<listitem><para>The partition table already existing on the block device is loaded and
parsed.</para></listitem>
@ -119,13 +120,13 @@
</orderedlist>
<para>As exception to the normally strictly incremental operation, when called in a special "factory
reset" mode <command>systemd-repart</command> may also be used to erase select existing partitions to
reset" mode, <command>systemd-repart</command> may also be used to erase existing partitions to
reset an installation back to vendor defaults. This mode of operation is used when either the
<option>--factory-reset=yes</option> switch is passed on the tool's command line, or the
<option>systemd.factory_reset=yes</option> option specified on the kernel command line, or the
<varname>FactoryReset</varname> EFI variable (vendor UUID
<constant>8cf2644b-4b0b-428f-9387-6d876050dc67</constant>) is set to "yes". It alters the algorithm above
slightly: between the 3rd and the 4th step above the any partition marked explicitly via the
slightly: between the 3rd and the 4th step above any partition marked explicitly via the
<varname>FactoryReset=</varname> boolean is deleted, and the algorithm restarted, thus immediately
re-creating these partitions anew empty.</para>
@ -267,9 +268,9 @@
<varlistentry>
<term><option>--definitions=</option></term>
<listitem><para>Takes a file system path. If specified the <filename>*.conf</filename> are directly
read from the specified directory instead of searching in
<filename>/usr/lib/repart.d/*.conf</filename>, <filename>/etc/repart.d/*.conf</filename>,
<listitem><para>Takes a file system path. If specified the <filename>*.conf</filename> files are read
from the specified directory instead of searching in <filename>/usr/lib/repart.d/*.conf</filename>,
<filename>/etc/repart.d/*.conf</filename>,
<filename>/run/repart.d/*.conf</filename>.</para></listitem>
</varlistentry>

2
man/systemd-socket-proxyd.xml
View File

@ -16,7 +16,7 @@
</refmeta>
<refnamediv>
<refname>systemd-socket-proxyd</refname>
<refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose>
<refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>

13
man/systemd-suspend.service.xml
View File

@ -71,14 +71,11 @@
url="https://www.freedesktop.org/wiki/Software/systemd/inhibit">Inhibitor
interface</ulink>.</para>
<para>Note that
<filename>systemd-suspend.service</filename>,
<filename>systemd-hibernate.service</filename>, and
<filename>systemd-hybrid-sleep.service</filename>
<filename>systemd-suspend-then-hibernate.service</filename>
should never be executed directly. Instead, trigger system sleep
states with a command such as <literal>systemctl suspend</literal>
or similar.</para>
<para>Note that <filename>systemd-suspend.service</filename>,
<filename>systemd-hibernate.service</filename>, <filename>systemd-hybrid-sleep.service</filename>, and
<filename>systemd-suspend-then-hibernate.service</filename> should never be executed directly. Instead,
trigger system sleep with a command such as <command>systemctl suspend</command> or <command>systemctl
hibernate</command>.</para>
<para>Internally, this service will echo a string like
<literal>mem</literal> into <filename>/sys/power/state</filename>,

6
man/systemd-system.conf.xml
View File

@ -387,9 +387,9 @@
units. See
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
details. These settings may be overridden in individual units using the corresponding
<varname>LimitXXX=</varname> directives, see
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, for
details, and they accept the same parameter syntax. Note that these resource limits are only defaults
<varname>LimitXXX=</varname> directives and they accept the same parameter syntax,
see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. Note that these resource limits are only defaults
for units, they are not applied to the service manager process (i.e. PID 1) itself.</para></listitem>
</varlistentry>

2
man/systemd-time-wait-sync.service.xml
View File

@ -18,7 +18,7 @@
<refnamediv>
<refname>systemd-time-wait-sync.service</refname>
<refname>systemd-time-wait-sync</refname>
<refpurpose>Wait Until Kernel Time Synchronized</refpurpose>
<refpurpose>Wait until kernel time is synchronized</refpurpose>
</refnamediv>
<refsynopsisdiv>

2
man/systemd.device.xml
View File

@ -60,7 +60,7 @@
<para>Device units will be reloaded by systemd whenever the
corresponding device generates a <literal>changed</literal> event.
Other units can use <varname>ReloadPropagatedFrom=</varname> to react
to that event</para>
to that event.</para>
</refsect1>
<refsect1>

56
man/systemd.exec.xml
View File

@ -511,10 +511,11 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
<varlistentry>
<term><varname>AppArmorProfile=</varname></term>
<listitem><para>Takes a profile name as argument. The process executed by the unit will switch to this profile
when started. Profiles must already be loaded in the kernel, or the unit will fail. This result in a non
operation if AppArmor is not enabled. If prefixed by <literal>-</literal>, all errors will be ignored. This
does not affect commands prefixed with <literal>+</literal>.</para></listitem>
<listitem><para>Takes a profile name as argument. The process executed by the unit will switch to
this profile when started. Profiles must already be loaded in the kernel, or the unit will fail. If
prefixed by <literal>-</literal>, all errors will be ignored. This setting has no effect if AppArmor
is not enabled. This setting not affect commands prefixed with <literal>+</literal>.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -880,7 +881,7 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
in <varname>NUMAMask=</varname>. For more details on each policy please see,
<citerefentry><refentrytitle>set_mempolicy</refentrytitle><manvolnum>2</manvolnum></citerefentry>. For overall
overview of NUMA support in Linux see,
<citerefentry project='man-pages'><refentrytitle>numa</refentrytitle><manvolnum>7</manvolnum></citerefentry>
<citerefentry project='man-pages'><refentrytitle>numa</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para></listitem>
</varlistentry>
@ -1067,14 +1068,16 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
<varname>RootDirectory=</varname> or <varname>RootImage=</varname> these paths always reside on the host and
are mounted from there into the unit's file system namespace.</para>
<para>If <varname>DynamicUser=</varname> is used in conjunction with <varname>StateDirectory=</varname>,
<varname>CacheDirectory=</varname> and <varname>LogsDirectory=</varname> is slightly altered: the directories
are created below <filename>/var/lib/private</filename>, <filename>/var/cache/private</filename> and
<para>If <varname>DynamicUser=</varname> is used in conjunction with
<varname>StateDirectory=</varname>, the logic for <varname>CacheDirectory=</varname> and
<varname>LogsDirectory=</varname> is slightly altered: the directories are created below
<filename>/var/lib/private</filename>, <filename>/var/cache/private</filename> and
<filename>/var/log/private</filename>, respectively, which are host directories made inaccessible to
unprivileged users, which ensures that access to these directories cannot be gained through dynamic user ID
recycling. Symbolic links are created to hide this difference in behaviour. Both from perspective of the host
and from inside the unit, the relevant directories hence always appear directly below
<filename>/var/lib</filename>, <filename>/var/cache</filename> and <filename>/var/log</filename>.</para>
unprivileged users, which ensures that access to these directories cannot be gained through dynamic
user ID recycling. Symbolic links are created to hide this difference in behaviour. Both from
perspective of the host and from inside the unit, the relevant directories hence always appear
directly below <filename>/var/lib</filename>, <filename>/var/cache</filename> and
<filename>/var/log</filename>.</para>
<para>Use <varname>RuntimeDirectory=</varname> to manage one or more runtime directories for the unit and bind
their lifetime to the daemon runtime. This is particularly useful for unprivileged daemons that cannot create
@ -1238,8 +1241,8 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
<term><varname>PrivateTmp=</varname></term>
<listitem><para>Takes a boolean argument. If true, sets up a new file system namespace for the executed
processes and mounts private <filename>/tmp</filename> and <filename>/var/tmp</filename> directories inside it
that is not shared by processes outside of the namespace. This is useful to secure access to temporary files of
processes and mounts private <filename>/tmp/</filename> and <filename>/var/tmp/</filename> directories inside it
that are not shared by processes outside of the namespace. This is useful to secure access to temporary files of
the process, but makes sharing between processes via <filename>/tmp</filename> or <filename>/var/tmp</filename>
impossible. If this is enabled, all temporary files created by a service in these directories will be removed
after the service is stopped. Defaults to false. It is possible to run two or more units within the same
@ -1399,7 +1402,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
this option removes <constant>CAP_SYS_TIME</constant> and <constant>CAP_WAKE_ALARM</constant> from the
capability bounding set for this unit, installs a system call filter to block calls that can set the
clock, and <varname>DeviceAllow=char-rtc r</varname> is implied. This ensures <filename>/dev/rtc0</filename>,
<filename>/dev/rtc1</filename>, etc are made read only to the service. See
<filename>/dev/rtc1</filename>, etc. are made read-only to the service. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the details about <varname>DeviceAllow=</varname>.</para>
@ -1495,7 +1498,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
are unaffected. Also, sockets created with <function>socketpair()</function> (which creates connected
AF_UNIX sockets only) are unaffected. Note that this option has no effect on 32-bit x86, s390, s390x,
mips, mips-le, ppc, ppc-le, pcc64, ppc64-le and is ignored (but works correctly on other ABIs,
mips, mips-le, ppc, ppc-le, ppc64, ppc64-le and is ignored (but works correctly on other ABIs,
including x86-64). Note that on systems supporting multiple ABIs (such as x86/x86-64) it is
recommended to turn off alternative ABIs for services, so that they cannot be used to circumvent the
restrictions of this option. Specifically, it is recommended to combine this option with
@ -1803,7 +1806,7 @@ RestrictNamespaces=~cgroup net</programlisting>
</row>
<row>
<entry>@file-system</entry>
<entry>File system operations: opening, creating files and directories for read and write, renaming and removing them, reading file properties, or creating hard and symbolic links.</entry>
<entry>File system operations: opening, creating files and directories for read and write, renaming and removing them, reading file properties, or creating hard and symbolic links</entry>
</row>
<row>
<entry>@io-event</entry>
@ -1819,7 +1822,7 @@ RestrictNamespaces=~cgroup net</programlisting>
</row>
<row>
<entry>@memlock</entry>
<entry>Locking of memory into RAM (<citerefentry project='man-pages'><refentrytitle>mlock</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>mlockall</refentrytitle><manvolnum>2</manvolnum></citerefentry> and related calls)</entry>
<entry>Locking of memory in RAM (<citerefentry project='man-pages'><refentrytitle>mlock</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>mlockall</refentrytitle><manvolnum>2</manvolnum></citerefentry> and related calls)</entry>
</row>
<row>
<entry>@module</entry>
@ -1843,7 +1846,7 @@ RestrictNamespaces=~cgroup net</programlisting>
</row>
<row>
<entry>@process</entry>
<entry>Process control, execution, namespaceing operations (<citerefentry project='man-pages'><refentrytitle>clone</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>kill</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>, …</entry>
<entry>Process control, execution, namespaceing operations (<citerefentry project='man-pages'><refentrytitle>clone</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>kill</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>, …)</entry>
</row>
<row>
<entry>@raw-io</entry>
@ -1871,7 +1874,7 @@ RestrictNamespaces=~cgroup net</programlisting>
</row>
<row>
<entry>@sync</entry>
<entry>Synchronizing files and memory to disk: (<citerefentry project='man-pages'><refentrytitle>fsync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>msync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, and related calls)</entry>
<entry>Synchronizing files and memory to disk (<citerefentry project='man-pages'><refentrytitle>fsync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>msync</refentrytitle><manvolnum>2</manvolnum></citerefentry>, and related calls)</entry>
</row>
<row>
<entry>@system-service</entry>
@ -1949,7 +1952,7 @@ SystemCallErrorNumber=EPERM</programlisting>
manager is compiled for). If running in user mode, or in system mode, but without the
<constant>CAP_SYS_ADMIN</constant> capability (e.g. setting <varname>User=nobody</varname>),
<varname>NoNewPrivileges=yes</varname> is implied. By default, this option is set to the empty list, i.e. no
system call architecture filtering is applied.</para>
filtering is applied.</para>
<para>If this setting is used, processes of this unit will only be permitted to call native system calls, and
system calls of the specified architectures. For the purposes of this option, the x32 architecture is treated
@ -2213,8 +2216,9 @@ SystemCallErrorNumber=EPERM</programlisting>
<constant>AF_UNIX</constant> socket in the file system, as in that case only a
single stream connection is created for both input and output.</para>
<para><option>append:<replaceable>path</replaceable></option> is similar to <option>file:<replaceable>path
</replaceable></option> above, but it opens the file in append mode.</para>
<para><option>append:<replaceable>path</replaceable></option> is similar to
<option>file:<replaceable>path</replaceable></option> above, but it opens the file in append mode.
</para>
<para><option>socket</option> connects standard output to a socket acquired via socket activation. The
semantics are similar to the same option of <varname>StandardInput=</varname>, see above.</para>
@ -2551,7 +2555,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
<varname>UnsetEnvironment=</varname> are removed again from the compiled environment variable list, immediately
before it is passed to the executed process.</para>
<para>The following select environment variables are set or propagated by the service manager for each invoked
<para>The following environment variables are set or propagated by the service manager for each invoked
process:</para>
<variablelist class='environment-variables'>
@ -2622,7 +2626,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
<term><varname>$LOGS_DIRECTORY</varname></term>
<term><varname>$CONFIGURATION_DIRECTORY</varname></term>
<listitem><para>Contains and absolute paths to the directories defined with
<listitem><para>Absolute paths to the directories defined with
<varname>RuntimeDirectory=</varname>, <varname>StateDirectory=</varname>,
<varname>CacheDirectory=</varname>, <varname>LogsDirectory=</varname>, and
<varname>ConfigurationDirectory=</varname> when those settings are used.</para>
@ -3228,7 +3232,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
<row>
<entry>242</entry>
<entry><constant>EXIT_NUMA_POLICY</constant></entry>
<entry>Failed to set up unit's NUMA memory policy. See <varname>NUMAPolicy=</varname> and <varname>NUMAMask=</varname>above.</entry>
<entry>Failed to set up unit's NUMA memory policy. See <varname>NUMAPolicy=</varname> and <varname>NUMAMask=</varname> above.</entry>
</row>
</tbody>

3
man/systemd.journal-fields.xml
View File

@ -524,7 +524,8 @@
structured log entries via calls such as
<citerefentry><refentrytitle>sd_journal_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
They may also not be used as matches for
<citerefentry><refentrytitle>sd_journal_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry></para>
<citerefentry><refentrytitle>sd_journal_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
<variablelist class='journal-directives'>
<varlistentry>

2
man/systemd.kill.xml
View File

@ -151,7 +151,7 @@
terminate upon receiving the initial <constant>SIGTERM</constant>
signal. This can be achieved by configuring <varname>LimitCORE=</varname>
and setting <varname>FinalKillSignal=</varname> to either
<constant>SIGQUIT</constant> or <constant>SIGABRT</constant>
<constant>SIGQUIT</constant> or <constant>SIGABRT</constant>.
Defaults to <constant>SIGKILL</constant>.
</para></listitem>
</varlistentry>

2
man/systemd.net-naming-scheme.xml
View File

@ -357,7 +357,7 @@
</variablelist>
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this
particular version of systemd.</para>
particular version of systemd).</para>
</refsect1>
<refsect1>

115
man/systemd.netdev.xml
View File

@ -114,10 +114,10 @@
<entry>An IPv4 over IPv4 tunnel.</entry></row>
<row><entry><varname>ipvlan</varname></entry>
<entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
<entry>An IPVLAN device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
<row><entry><varname>ipvtap</varname></entry>
<entry>An ipvtap device is a stacked device which receives packets from its underlying device based on IP address filtering and can be accessed using the tap user space interface.</entry></row>
<entry>An IPVTAP device is a stacked device which receives packets from its underlying device based on IP address filtering and can be accessed using the tap user space interface.</entry></row>
<row><entry><varname>macvlan</varname></entry>
<entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
@ -273,13 +273,13 @@
<term><varname>Name=</varname></term>
<listitem>
<para>The interface name used when creating the netdev.
This option is compulsory.</para>
This setting is compulsory.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Kind=</varname></term>
<listitem>
<para>The netdev kind. This option is compulsory. See the
<para>The netdev kind. This setting is compulsory. See the
<literal>Supported netdev kinds</literal> section for the
valid keys.</para>
</listitem>
@ -287,7 +287,7 @@
<varlistentry>
<term><varname>MTUBytes=</varname></term>
<listitem>
<para>The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G,
<para>The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G
are supported and are understood to the base of 1024. For <literal>tun</literal> or
<literal>tap</literal> devices, <varname>MTUBytes=</varname> setting is not currently supported in
<literal>[NetDev]</literal> section. Please specify it in <literal>[Link]</literal> section of
@ -445,7 +445,7 @@
<term><varname>Id=</varname></term>
<listitem>
<para>The VLAN ID to use. An integer in the range 04094.
This option is compulsory.</para>
This setting is compulsory.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -478,8 +478,8 @@
<varlistentry>
<term><varname>ReorderHeader=</varname></term>
<listitem>
<para>Takes a boolean. The VLAN reorder header is set VLAN interfaces behave like physical interfaces.
When unset, the kernel's default will be used.</para>
<para>Takes a boolean. When enabled, the VLAN reorder header is used and VLAN interfaces behave
like physical interfaces. When unset, the kernel's default will be used.</para>
</listitem>
</varlistentry>
</variablelist>
@ -579,7 +579,8 @@
<varlistentry>
<term><varname>Group=</varname></term>
<listitem>
<para>Configures VXLAN multicast group IP address. All members of a VXLAN must use the same multicast group address.</para>
<para>Configures VXLAN multicast group IP address. All members of a VXLAN must use the same
multicast group address.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -637,8 +638,7 @@
<varlistentry>
<term><varname>L3MissNotification=</varname></term>
<listitem>
<para>Takes a boolean. When true, enables netlink IP address miss
notifications.</para>
<para>Takes a boolean. When true, enables netlink IP address miss notifications.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -765,15 +765,16 @@
<varlistentry>
<term><varname>TTL=</varname></term>
<listitem>
<para>Accepts the same key in <literal>[VXLAN]</literal> section except when unset or
set to 0, the kernel's default will be used meaning that packets TTL will be set from
<para>Accepts the same values as in the <literal>[VXLAN]</literal> section, except that when unset
or set to 0, the kernel's default will be used, meaning that packet TTL will be set from
<filename>/proc/sys/net/ipv4/ip_default_ttl</filename>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>UDPChecksum=</varname></term>
<listitem>
<para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para>
<para>Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets
over IPv4.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -821,21 +822,23 @@
<varlistentry>
<term><varname>TunnelId=</varname></term>
<listitem>
<para>Specifies the tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer.
Ranges a number between 1 and 4294967295). This option is compulsory.</para>
<para>Specifies the tunnel identifier. Takes an number in the range 14294967295. The value used
must match the <literal>PeerTunnelId=</literal> value being used at the peer. This setting is
compulsory.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>PeerTunnelId=</varname></term>
<listitem>
<para>Specifies the peer tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer.
Ranges a number between 1 and 4294967295). This option is compulsory.</para>
<para>Specifies the peer tunnel id. Takes a number in the range 1—4294967295. The value used must
match the <literal>PeerTunnelId=</literal> value being used at the peer. This setting is
compulsory.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Remote=</varname></term>
<listitem>
<para>Specifies the IP address of the remote peer. This option is compulsory.</para>
<para>Specifies the IP address of the remote peer. This setting is compulsory.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -852,27 +855,29 @@
<varlistentry>
<term><varname>EncapsulationType=</varname></term>
<listitem>
<para>Specifies the encapsulation type of the tunnel. Takes one of <literal>udp</literal> or <literal>ip</literal>.</para>
<para>Specifies the encapsulation type of the tunnel. Takes one of <literal>udp</literal> or
<literal>ip</literal>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>UDPSourcePort=</varname></term>
<listitem>
<para>Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected it's mandotory. Ignored when ip
encapsulation is selected.</para>
<para>Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected
it's mandatory. Ignored when IP encapsulation is selected.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>UDPDestinationPort=</varname></term>
<listitem>
<para>Specifies destination port. When UDP encapsulation is selected it's mandotory. Ignored when ip
<para>Specifies destination port. When UDP encapsulation is selected it's mandatory. Ignored when IP
encapsulation is selected.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>UDPChecksum=</varname></term>
<listitem>
<para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para>
<para>Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets
over IPv4.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -900,21 +905,23 @@
<varlistentry>
<term><varname>Name=</varname></term>
<listitem>
<para>Specifies the name of the session. This option is compulsory.</para>
<para>Specifies the name of the session. This setting is compulsory.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>SessionId=</varname></term>
<listitem>
<para>Specifies the session id. The value used must match the <literal>SessionId=</literal> value being used at the peer.
Ranges a number between 1 and 4294967295). This option is compulsory.</para>
<para>Specifies the session identifier. Takes an number in the range 14294967295. The value used
must match the <literal>SessionId=</literal> value being used at the peer. This setting is
compulsory.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>PeerSessionId=</varname></term>
<listitem>
<para>Specifies the peer session id. The value used must match the <literal>PeerSessionId=</literal> value being used at the peer.
Ranges a number between 1 and 4294967295). This option is compulsory.</para>
<para>Specifies the peer session identifier. Takes an number in the range 14294967295.
The value used must match the <literal>PeerSessionId=</literal> value being used at the peer.
This setting is compulsory.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -968,7 +975,7 @@
<term><varname>MACAddress=</varname></term>
<listitem>
<para>Specifies the MAC address to be used for the MACsec receive channel. The MAC address
used to make secure channel identifier (SCI). This option is compulsory, and is not set by
used to make secure channel identifier (SCI). This setting is compulsory, and is not set by
default.</para>
</listitem>
</varlistentry>
@ -1002,7 +1009,7 @@
<term><varname>Key=</varname></term>
<listitem>
<para>Specifies the encryption key used in the transmission channel. The same key must be
configured on the peers matching receive channel. This option is compulsory, and is not set
configured on the peers matching receive channel. This setting is compulsory, and is not set
by default. Takes a 128-bit key encoded in a hexadecimal string, for example
<literal>dffafc8d7b9a43d5b9a3dfbbf6a30c16</literal>.</para>
</listitem>
@ -1136,7 +1143,7 @@
<para>A fixed Time To Live N on tunneled packets. N is a
number in the range 1255. 0 is a special value meaning that
packets inherit the TTL value. The default value for IPv4
tunnels is: inherit. The default value for IPv6 tunnels is
tunnels is 0 (inherit). The default value for IPv6 tunnels is
64.</para>
</listitem>
</varlistentry>
@ -1192,7 +1199,7 @@
both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>).
The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad.
It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
and control path) in ip xfrm (framework used to implement IPsec protocol).
and control path) in IP XFRM (framework used to implement IPsec protocol).
See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6,
GRE, GRETAP, and ERSPAN tunnels.</para>
@ -1322,29 +1329,32 @@
<varlistentry>
<term><varname>Encapsulation=</varname></term>
<listitem>
<para>Specifies the encapsulation mechanism used to store networking packets of various protocols inside the UDP packets. Supports the following values:
<para>Specifies the encapsulation mechanism used to store networking packets of various protocols
inside the UDP packets. Supports the following values:
<literal>FooOverUDP</literal> provides the simplest no frills model of UDP encapsulation, it simply encapsulates
packets directly in the UDP payload.
<literal>GenericUDPEncapsulation</literal> is a generic and extensible encapsulation, it allows encapsulation of packets for any IP
protocol and optional data as part of the encapsulation.
For more detailed information see <ulink url="https://lwn.net/Articles/615044">Generic UDP Encapsulation</ulink>.
Defaults to <literal>FooOverUDP</literal>.
<literal>FooOverUDP</literal> provides the simplest no frills model of UDP encapsulation, it simply
encapsulates packets directly in the UDP payload. <literal>GenericUDPEncapsulation</literal> is a
generic and extensible encapsulation, it allows encapsulation of packets for any IP protocol and
optional data as part of the encapsulation. For more detailed information see <ulink
url="https://lwn.net/Articles/615044">Generic UDP Encapsulation</ulink>. Defaults to
<literal>FooOverUDP</literal>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Port=</varname></term>
<listitem>
<para>Specifies the port number, where the IP encapsulation packets will arrive. Please take note that the packets
will arrive with the encapsulation will be removed. Then they will be manually fed back into the network stack, and sent ahead
for delivery to the real destination. This option is mandatory.</para>
<para>Specifies the port number, where the IP encapsulation packets will arrive. Please take note
that the packets will arrive with the encapsulation will be removed. Then they will be manually fed
back into the network stack, and sent ahead for delivery to the real destination. This option is
mandatory.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>PeerPort=</varname></term>
<listitem>
<para>Specifies the peer port number. Defaults to unset. Note that when peer port is set <literal>Peer=</literal> address is mandotory.</para>
<para>Specifies the peer port number. Defaults to unset. Note that when peer port is set
<literal>Peer=</literal> address is mandatory.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -1360,7 +1370,8 @@
<varlistentry>
<term><varname>Peer=</varname></term>
<listitem>
<para>Configures peer IP address. Note that when peer address is set <literal>PeerPort=</literal> is mandotory.</para>
<para>Configures peer IP address. Note that when peer address is set <literal>PeerPort=</literal>
is mandatory.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -1384,7 +1395,7 @@
<term><varname>Name=</varname></term>
<listitem>
<para>The interface name used when creating the netdev.
This option is compulsory.</para>
This setting is compulsory.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -1410,7 +1421,7 @@
<term><varname>Peer=</varname></term>
<listitem>
<para>The peer interface name used when creating the netdev.
This option is compulsory.</para>
This setting is compulsory.</para>
</listitem>
</varlistentry>
</variablelist>
@ -1702,14 +1713,15 @@
<varlistentry>
<term><varname>AdActorSystemPriority=</varname></term>
<listitem>
<para>Specifies the 802.3ad actor system priority. Ranges [1-65535].</para>
<para>Specifies the 802.3ad actor system priority. Takes a number in the range 1—65535.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>AdUserPortKey=</varname></term>
<listitem>
<para>Specifies the 802.3ad user defined portion of the port key. Ranges [0-1023].</para>
<para>Specifies the 802.3ad user defined portion of the port key. Takes a number in the range
01023.</para>
</listitem>
</varlistentry>
@ -1902,8 +1914,7 @@
</variablelist>
<para>For more detail information see
<ulink url="https://lwn.net/Articles/757391">
Virtual xfrm interfaces</ulink></para>
<ulink url="https://lwn.net/Articles/757391">Virtual XFRM Interfaces</ulink>.</para>
</refsect1>
<refsect1>
@ -1916,7 +1927,7 @@
<varlistentry>
<term><varname>Table=</varname></term>
<listitem>
<para>The numeric routing table identifier. This option is compulsory.</para>
<para>The numeric routing table identifier. This setting is compulsory.</para>
</listitem>
</varlistentry>
</variablelist>

154
man/systemd.network.xml
View File

@ -132,9 +132,8 @@
<listitem>
<para>A whitespace-separated list of hardware address of the currently connected wireless
LAN. Use full colon-, hyphen- or dot-delimited hexadecimal. See the example in
<varname>MACAddress=</varname>. This option may appear more than one, in which case the
lists are merged. If the empty string is assigned to this option, the list of BSSID defined
prior to this is reset.</para>
<varname>MACAddress=</varname>. This option may appear more than once, in which case the
lists are merged. If the empty string is assigned to this option, the list is reset.</para>
</listitem>
</varlistentry>
@ -211,7 +210,7 @@
<para>Link groups are similar to port ranges found in managed switches.
When network interfaces are added to a numbered group, operations on
all the interfaces from that group can be performed at once. An unsigned
integer ranges 0 to 4294967294. Default to unset.</para>
integer in the range 0—4294967294. Defaults to unset.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -495,10 +494,8 @@
<varlistentry>
<term><varname>DNSSEC=</varname></term>
<listitem>
<para>Takes a boolean. or
<literal>allow-downgrade</literal>. When true, enables
<ulink
url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink>
<para>Takes a boolean or <literal>allow-downgrade</literal>. When true, enables
<ulink url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink>
DNS validation support on the link. When set to
<literal>allow-downgrade</literal>, compatibility with
non-DNSSEC capable networks is increased, by automatically
@ -770,7 +767,7 @@
<term><varname>IPv4ProxyARP=</varname></term>
<listitem><para>Takes a boolean. Configures proxy ARP for IPv4. Proxy ARP is the technique in which one host,
usually a router, answers ARP requests intended for another machine. By "faking" its identity,
the router accepts responsibility for routing packets to the "real" destination. (see <ulink
the router accepts responsibility for routing packets to the "real" destination. See <ulink
url="https://tools.ietf.org/html/rfc1027">RFC 1027</ulink>.
When unset, the kernel's default will be used.
</para></listitem>
@ -1031,7 +1028,7 @@
<term><varname>Scope=</varname></term>
<listitem>
<para>The scope of the address, which can be <literal>global</literal>,
<literal>link</literal> or <literal>host</literal> or an unsigned integer ranges 0 to 255.
<literal>link</literal> or <literal>host</literal> or an unsigned integer in the range 0—255.
Defaults to <literal>global</literal>.</para>
</listitem>
</varlistentry>
@ -1129,8 +1126,8 @@
<varlistentry>
<term><varname>Label=</varname></term>
<listitem>
<para> The label for the prefix (an unsigned integer) ranges 0 to 4294967294.
0xffffffff is reserved. This key is mandatory.</para>
<para>The label for the prefix, an unsigned integer in the range 04294967294.
0xffffffff is reserved. This setting is mandatory.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -1154,7 +1151,7 @@
<varlistentry>
<term><varname>TypeOfService=</varname></term>
<listitem>
<para>Specifies the type of service to match a number between 0 to 255.</para>
<para>Takes a number between 0 and 255 that specifies the type of service to match.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -1261,10 +1258,9 @@
<refsect1>
<title>[NextHop] Section Options</title>
<para>The <literal>[NextHop]</literal> section accepts the
following keys. Specify several <literal>[NextHop]</literal>
sections to configure several nexthop. Nexthop is used to manipulate entries in the kernel's nexthop
tables.</para>
<para>The [NextHop] section is used to manipulate entries in the kernel's "nexthop" tables. The
[NextHop] section accepts the following keys. Specify several [NextHop] sections to configure several
hops.</para>
<variablelist class='network-directives'>
<varlistentry>
@ -1333,10 +1329,10 @@
<term><varname>IPv6Preference=</varname></term>
<listitem>
<para>Specifies the route preference as defined in <ulink
url="https://tools.ietf.org/html/rfc4191">RFC4191</ulink> for Router Discovery messages.
Which can be one of <literal>low</literal> the route has a lowest priority,
<literal>medium</literal> the route has a default priority or
<literal>high</literal> the route has a highest priority.</para>
url="https://tools.ietf.org/html/rfc4191">RFC 4191</ulink> for Router Discovery messages. Which
can be one of <literal>low</literal> the route has a lowest priority, <literal>medium</literal>
the route has a default priority or <literal>high</literal> the route has a highest priority.
</para>
</listitem>
</varlistentry>
<varlistentry>
@ -1717,8 +1713,8 @@
<para>The table identifier for DHCP routes (a number between 1 and 4294967295, or 0 to unset).
The table can be retrieved using <command>ip route show table <replaceable>num</replaceable></command>.
</para>
<para>When used in combination with <varname>VRF=</varname> the
VRF's routing table is used unless this parameter is specified.
<para>When used in combination with <varname>VRF=</varname>, the
VRF's routing table is used when this parameter is not specified.
</para>
</listitem>
</varlistentry>
@ -1757,11 +1753,12 @@
<varlistentry>
<term><varname>SendDecline=</varname></term>
<listitem>
<para>A boolean. When <literal>true</literal>, DHCPv4 clients receives IP address from DHCP server.
After new IP is received, DHCPv4 performs IPv4 Duplicate Address Detection. If duplicate use of IP is detected
the DHCPv4 client rejects the IP by sending a DHCPDECLINE packet DHCP clients try to obtain an IP address again.
See <ulink url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>.
Defaults to <literal>unset</literal>.</para>
<para>A boolean. When <literal>true</literal>, the DHCPv4 client receives the IP address from the
DHCP server. After a new IP is received, the DHCPv4 client performs IPv4 Duplicate Address
Detection. If duplicate use is detected, the DHCPv4 client rejects the IP by sending a
DHCPDECLINE packet and tries to obtain an IP address again. See <ulink
url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>. Defaults to
<literal>unset</literal>.</para>
</listitem>
</varlistentry>
@ -1839,7 +1836,7 @@
<para>Takes a boolean. The DHCPv6 client can obtain configuration parameters from a DHCPv6 server through
a rapid two-message exchange (solicit and reply). When the rapid commit option is enabled by both
the DHCPv6 client and the DHCPv6 server, the two-message exchange is used, rather than the default
four-method exchange (solicit, advertise, request, and reply). The two-message exchange provides
four-message exchange (solicit, advertise, request, and reply). The two-message exchange provides
faster client configuration and is beneficial in environments in which networks are under a heavy load.
See <ulink url="https://tools.ietf.org/html/rfc3315#section-17.2.1">RFC 3315</ulink> for details.
Defaults to true.</para>
@ -1867,14 +1864,15 @@
<varlistentry>
<term><varname>SendVendorOption=</varname></term>
<listitem>
<para>Send an arbitrary vendor option in the DHCPv6 request. Takes an enterprise identifier, DHCP option number,
data type, and data separated with a colon
(<literal><replaceable>enterprise identifier</replaceable>:<replaceable>option</replaceable>:<replaceable>type</replaceable>:
<replaceable>value</replaceable></literal>). Enterprise identifier is an unsigned integer ranges 1..4294967294.
The option number must be an integer in the range 1..254. Data type takes one of <literal>uint8</literal>,
<literal>uint16</literal>, <literal>uint32</literal>, <literal>ipv4address</literal>, <literal>ipv6address</literal>, or
<literal>string</literal>. Special characters in the data string may be escaped using
<ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
<para>Send an arbitrary vendor option in the DHCPv6 request. Takes an enterprise identifier, DHCP
option number, data type, and data separated with a colon (<literal><replaceable>enterprise
identifier</replaceable>:<replaceable>option</replaceable>:<replaceable>type</replaceable>:
<replaceable>value</replaceable></literal>). Enterprise identifier is an unsigned integer in the
range 14294967294. The option number must be an integer in the range 1254. Data type takes one
of <literal>uint8</literal>, <literal>uint16</literal>, <literal>uint32</literal>,
<literal>ipv4address</literal>, <literal>ipv6address</literal>, or
<literal>string</literal>. Special characters in the data string may be escaped using <ulink
url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
then all options specified earlier are cleared. Defaults to unset.</para>
</listitem>
@ -1918,17 +1916,19 @@
<varlistentry>
<term><varname>PrefixDelegationHint=</varname></term>
<listitem>
<para>Takes an IPv6 address with prefix length as <varname>Address=</varname> in
the "[Network]" section. Specifies the DHCPv6 client for the requesting router to include
a prefix-hint in the DHCPv6 solicitation. Prefix ranges 1..128. Defaults to unset.</para>
<para>Takes an IPv6 address with prefix length in the same format as the
<varname>Address=</varname> in the [Network] section. The DHCPv6 client will include a prefix
hint in the DHCPv6 solicitation sent to the server. The prefix length must be in the range
1128. Defaults to unset.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>WithoutRA=</varname></term>
<listitem>
<para>Allows DHCPv6 client to start without router advertisements's managed or other address configuration flag.
Takes one of <literal>solicit</literal> or <literal>information-request</literal>. Defaults to unset.</para>
<para>Allows DHCPv6 client to start without router advertisements's managed or other address
configuration flag. Takes one of <literal>solicit</literal> or
<literal>information-request</literal>. Defaults to unset.</para>
</listitem>
</varlistentry>
@ -2275,10 +2275,9 @@
<refsect1>
<title>[IPv6Prefix] Section Options</title>
<para>One or more <literal>[IPv6Prefix]</literal> sections contain the IPv6
prefixes that are announced via Router Advertisements. See
<ulink url="https://tools.ietf.org/html/rfc4861">RFC 4861</ulink>
for further details.</para>
<para>One or more [IPv6Prefix] sections contain the IPv6 prefixes that are announced via Router
Advertisements. See <ulink url="https://tools.ietf.org/html/rfc4861">RFC 4861</ulink> for further
details.</para>
<variablelist class='network-directives'>
@ -2405,10 +2404,9 @@
<varlistentry>
<term><varname>HairPin=</varname></term>
<listitem>
<para>Takes a boolean. Configures whether traffic may be sent back
out of the port on which it was received. When this flag is false, and the bridge
will not forward traffic back out of the receiving port.
When unset, the kernel's default will be used.</para>
<para>Takes a boolean. Configures whether traffic may be sent back out of the port on which it
was received. When this flag is false, then the bridge will not forward traffic back out of the
receiving port. When unset, the kernel's default will be used.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -2684,7 +2682,7 @@
<term><varname>PacketLimit=</varname></term>
<listitem>
<para>Specifies the maximum number of packets the qdisc may hold queued at a time.
An unsigned integer ranges 0 to 4294967294. Defaults to 1000.</para>
An unsigned integer in the range 04294967294. Defaults to 1000.</para>
</listitem>
</varlistentry>
@ -2708,8 +2706,8 @@
<refsect1>
<title>[TokenBucketFilter] Section Options</title>
<para>The <literal>[TokenBucketFilter]</literal> section manages the queueing discipline (qdisc) of
token bucket filter (tbf).</para>
<para>The [TokenBucketFilter] section manages the queueing discipline (qdisc) of token bucket filter
(tbf).</para>
<variablelist class='network-directives'>
<xi:include href="tc.xml" xpointer="qdisc-parent" />
@ -2793,7 +2791,7 @@
<term><varname>PacketLimit=</varname></term>
<listitem>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
dropped. An unsigned integer ranges 1 to 4294967294. Defaults to unset and kernel's default is used.</para>
dropped. An unsigned integer in the range 14294967294. Defaults to unset and kernel's default is used.</para>
</listitem>
</varlistentry>
</variablelist>
@ -2811,8 +2809,9 @@
<varlistentry>
<term><varname>PacketLimit=</varname></term>
<listitem>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
incoming packets are dropped. An unsigned integer in the range 04294967294. Defaults to unset and
kernel's default is used.</para>
</listitem>
</varlistentry>
</variablelist>
@ -2848,10 +2847,11 @@
<varlistentry>
<term><varname>LimitBytes=</varname></term>
<listitem>
<para>Specifies the hard limit on the FIFO size in bytes. The size limit (a buffer size) to prevent it
from overflowing in case it is unable to dequeue packets as quickly as it receives them. When this limit
is reached, incoming packets are dropped. When suffixed with K, M, or G, the specified size is parsed as
Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para>
<para>Specifies the hard limit on the FIFO size in bytes. The size limit (a buffer size) to prevent
it from overflowing in case it is unable to dequeue packets as quickly as it receives them. When
this limit is reached, incoming packets are dropped. When suffixed with K, M, or G, the specified
size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults
to unset and kernel's default is used.</para>
</listitem>
</varlistentry>
</variablelist>
@ -2869,9 +2869,10 @@
<varlistentry>
<term><varname>PacketLimit=</varname></term>
<listitem>
<para>Specifies the hard limit on the FIFO size in number of packets. The size limit (a buffer size) to prevent it
from overflowing in case it is unable to dequeue packets as quickly as it receives them. When this limit is reached,
incoming packets are dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
<para>Specifies the hard limit on the FIFO size in number of packets. The size limit (a buffer
size) to prevent it from overflowing in case it is unable to dequeue packets as quickly as it
receives them. When this limit is reached, incoming packets are dropped. An unsigned integer in the
range 04294967294. Defaults to unset and kernel's default is used.</para>
</listitem>
</varlistentry>
</variablelist>
@ -2917,8 +2918,8 @@
<varlistentry>
<term><varname>OverheadBytes=</varname></term>
<listitem>
<para>Specifies that bytes to be addeded to the size of each packet. Bytes may be negative.
Takes an integer ranges -64 to 256. Defaults to unset and kernel's default is used.</para>
<para>Specifies that bytes to be addeded to the size of each packet. Bytes may be negative. Takes
an integer in the range from -64 to 256. Defaults to unset and kernel's default is used.</para>
</listitem>
</varlistentry>
@ -2945,8 +2946,9 @@
<varlistentry>
<term><varname>PacketLimit=</varname></term>
<listitem>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
incoming packets are dropped. An unsigned integer in the range 04294967294. Defaults to unset and
kernel's default is used.</para>
</listitem>
</varlistentry>
@ -3029,18 +3031,17 @@
<varlistentry>
<term><varname>Bands=</varname></term>
<listitem>
<para>Specifies the number of bands. An unsigned integer ranges 1 to 16. This value has to be
at least large enough to cover the strict bands specified through the
<varname>StrictBands=</varname> and bandwidth-sharing bands specified in
<varname>QuantumBytes=</varname>.</para>
<para>Specifies the number of bands. An unsigned integer in the range 116. This value has to be at
least large enough to cover the strict bands specified through the <varname>StrictBands=</varname>
and bandwidth-sharing bands specified in <varname>QuantumBytes=</varname>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>StrictBands=</varname></term>
<listitem>
<para>Specifies the number of bands that should be created in strict mode. An unsigned integer
ranges 1 to 16.</para>
<para>Specifies the number of bands that should be created in strict mode. An unsigned integer in
the range 116.</para>
</listitem>
</varlistentry>
@ -3156,7 +3157,7 @@
<varlistentry>
<term><varname>QuantumBytes=</varname></term>
<listitem>
<para>Specifies the number of bytes used as 'deficit' in the fair queuing algorithmtimespan.
<para>Specifies the number of bytes used as the "deficit" in the fair queuing algorithm timespan.
When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para>
</listitem>
@ -3411,8 +3412,9 @@
<varlistentry>
<term><varname>PacketLimit=</varname></term>
<listitem>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
dropped. An unsigned integer ranges 0 to 4294967294. Defaults to unset and kernel's default is used.</para>
<para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
incoming packets are dropped. An unsigned integer in the range 04294967294. Defaults to unset and
kernel's default is used.</para>
</listitem>
</varlistentry>
</variablelist>

2
man/systemd.nspawn.xml
View File

@ -405,7 +405,7 @@
<varlistentry>
<term><varname>Inaccessible=</varname></term>
<listitem><para>Masks the specified file or directly in the container, by over-mounting it with an empty file
<listitem><para>Masks the specified file or directory in the container, by over-mounting it with an empty file
node of the same type with the most restrictive access mode. Takes a file system path as argument. This option
may be used multiple times to mask multiple files or directories. This option is equivalent to the command line
switch <option>--inaccessible=</option>, see

6
man/systemd.offline-updates.xml
View File

@ -33,7 +33,7 @@
<orderedlist>
<listitem>
<para>The package manager prepares system updates by downloading all (RPM or DEB or
<para>The package manager prepares system updates by downloading all (.rpm or .deb or
whatever) packages to update off-line in a special directory
<filename index="false">/var/lib/system-update</filename> (or
another directory of the package/upgrade manager's choice).</para>
@ -85,8 +85,8 @@
</listitem>
<listitem>
<para>The upgrade scripts should exit only after the update is finished. It is expected
that the service which performs the upgrade will cause the machine to reboot after it
<para>The update scripts should exit only after the update is finished. It is expected
that the service which performs the update will cause the machine to reboot after it
is done. If the <filename>system-update.target</filename> is successfully reached, i.e.
all update services have run, and the <filename>/system-update</filename> symlink still
exists, it will be removed and the machine rebooted as a safety measure.</para>

2
man/systemd.service.xml
View File

@ -896,7 +896,7 @@
this option will have no effect.</para>
<example>
<title>A service with with the <varname>SuccessExitStatus=</varname> setting</title>
<title>A service with the <varname>SuccessExitStatus=</varname> setting</title>
<programlisting>SuccessExitStatus=TEMPFAIL 250 SIGUSR1</programlisting>

175
man/systemd.socket.xml
View File

@ -117,10 +117,9 @@
<listitem><para>Socket units automatically gain a <varname>Before=</varname>
dependency on the service units they activate.</para></listitem>
<listitem><para>Socket units referring to file system paths (such as AF_UNIX
sockets or FIFOs) implicitly gain <varname>Requires=</varname> and
<varname>After=</varname> dependencies on all mount units
necessary to access those paths.</para></listitem>
<listitem><para>Socket units referring to file system paths (such as <constant>AF_UNIX</constant>
sockets or FIFOs) implicitly gain <varname>Requires=</varname> and <varname>After=</varname>
dependencies on all mount units necessary to access those paths.</para></listitem>
<listitem><para>Socket units using the <varname>BindToDevice=</varname>
setting automatically gain a <varname>BindsTo=</varname> and
@ -300,7 +299,7 @@
url="https://www.kernel.org/doc/Documentation/usb/functionfs.txt">USB
FunctionFS</ulink> endpoints location to listen on, for
implementation of USB gadget functions. This expects an
absolute file system path of functionfs mount point as the argument.
absolute file system path of FunctionFS mount point as the argument.
Behavior otherwise is very similar to the <varname>ListenFIFO=</varname>
directive above. Use this to open the FunctionFS endpoint
<filename>ep0</filename>. When using this option, the
@ -313,9 +312,9 @@
<varlistentry>
<term><varname>SocketProtocol=</varname></term>
<listitem><para>Takes one of <option>udplite</option>
or <option>sctp</option>. Specifies a socket protocol
(<constant>IPPROTO_UDPLITE</constant>) UDP-Lite
(<constant>IPPROTO_SCTP</constant>) SCTP socket respectively. </para>
or <option>sctp</option>. The socket will use the UDP-Lite
(<constant>IPPROTO_UDPLITE</constant>) or SCTP
(<constant>IPPROTO_SCTP</constant>) protocol, respectively.</para>
</listitem>
</varlistentry>
@ -349,16 +348,14 @@
<varlistentry>
<term><varname>BindToDevice=</varname></term>
<listitem><para>Specifies a network interface name to bind
this socket to. If set, traffic will only be accepted from the
specified network interfaces. This controls the
SO_BINDTODEVICE socket option (see <citerefentry
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details). If this option is used, an implicit dependency
from this socket unit on the network interface device unit
(<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
is created. Note that setting this parameter might result in
additional dependencies to be added to the unit (see
<listitem><para>Specifies a network interface name to bind this socket to. If set, traffic will only
be accepted from the specified network interfaces. This controls the
<constant>SO_BINDTODEVICE</constant> socket option (see <citerefentry
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
details). If this option is used, an implicit dependency from this socket unit on the network
interface device unit is created
(see <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
Note that setting this parameter might result in additional dependencies to be added to the unit (see
above).</para></listitem>
</varlistentry>
@ -366,12 +363,10 @@
<term><varname>SocketUser=</varname></term>
<term><varname>SocketGroup=</varname></term>
<listitem><para>Takes a UNIX user/group name. When specified,
all AF_UNIX sockets and FIFO nodes in the file system are
owned by the specified user and group. If unset (the default),
the nodes are owned by the root user/group (if run in system
context) or the invoking user/group (if run in user context).
If only a user is specified but no group, then the group is
<listitem><para>Takes a UNIX user/group name. When specified, all <constant>AF_UNIX</constant>
sockets and FIFO nodes in the file system are owned by the specified user and group. If unset (the
default), the nodes are owned by the root user/group (if run in system context) or the invoking
user/group (if run in user context). If only a user is specified but no group, then the group is
derived from the user's default group.</para></listitem>
</varlistentry>
@ -420,10 +415,10 @@
to work unmodified with systemd socket
activation.</para>
<para>For IPv4 and IPv6 connections, the <varname>REMOTE_ADDR</varname>
environment variable will contain the remote IP address, and <varname>REMOTE_PORT</varname>
will contain the remote port. This is the same as the format used by CGI.
For SOCK_RAW, the port is the IP protocol.</para></listitem>
<para>For IPv4 and IPv6 connections, the <varname>REMOTE_ADDR</varname> environment variable will
contain the remote IP address, and <varname>REMOTE_PORT</varname> will contain the remote port. This
is the same as the format used by CGI. For <constant>SOCK_RAW</constant>, the port is the IP
protocol.</para></listitem>
</varlistentry>
<varlistentry>
@ -456,17 +451,13 @@
<varlistentry>
<term><varname>KeepAlive=</varname></term>
<listitem><para>Takes a boolean argument. If true, the TCP/IP
stack will send a keep alive message after 2h (depending on
the configuration of
<filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>)
for all TCP streams accepted on this socket. This controls the
SO_KEEPALIVE socket option (see
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
and the <ulink
url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
Keepalive HOWTO</ulink> for details.) Defaults to
<option>false</option>.</para></listitem>
<listitem><para>Takes a boolean argument. If true, the TCP/IP stack will send a keep alive message
after 2h (depending on the configuration of
<filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>) for all TCP streams accepted on this
socket. This controls the <constant>SO_KEEPALIVE</constant> socket option (see <citerefentry
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> and
the <ulink url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP Keepalive
HOWTO</ulink> for details.) Defaults to <option>false</option>.</para></listitem>
</varlistentry>
<varlistentry>
@ -483,15 +474,12 @@
<varlistentry>
<term><varname>KeepAliveIntervalSec=</varname></term>
<listitem><para>Takes time (in seconds) as argument between
individual keepalive probes, if the socket option SO_KEEPALIVE
has been set on this socket. This controls
the TCP_KEEPINTVL socket option (see
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
and the <ulink
url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
Keepalive HOWTO</ulink> for details.) Defaults value is 75
seconds.</para></listitem>
<listitem><para>Takes time (in seconds) as argument between individual keepalive probes, if the
socket option <constant>SO_KEEPALIVE</constant> has been set on this socket. This controls the
<constant>TCP_KEEPINTVL</constant> socket option (see <citerefentry
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> and
the <ulink url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP Keepalive
HOWTO</ulink> for details.) Defaults value is 75 seconds.</para></listitem>
</varlistentry>
<varlistentry>
@ -513,17 +501,16 @@
algorithm works by combining a number of small outgoing
messages, and sending them all at once. This controls the
TCP_NODELAY socket option (see
<citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>
<citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
Defaults to <option>false</option>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>Priority=</varname></term>
<listitem><para>Takes an integer argument controlling the
priority for all traffic sent from this socket. This controls
the SO_PRIORITY socket option (see
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details.).</para></listitem>
<listitem><para>Takes an integer argument controlling the priority for all traffic sent from this
socket. This controls the <constant>SO_PRIORITY</constant> socket option (see <citerefentry
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
details.).</para></listitem>
</varlistentry>
<varlistentry>
@ -559,12 +546,12 @@
<varlistentry>
<term><varname>ReceiveBuffer=</varname></term>
<term><varname>SendBuffer=</varname></term>
<listitem><para>Takes an integer argument controlling the
receive or send buffer sizes of this socket, respectively.
This controls the SO_RCVBUF and SO_SNDBUF socket options (see
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details.). The usual suffixes K, M, G are supported and
are understood to the base of 1024.</para></listitem>
<listitem><para>Takes an integer argument controlling the receive or send buffer sizes of this
socket, respectively. This controls the <constant>SO_RCVBUF</constant> and
<constant>SO_SNDBUF</constant> socket options (see <citerefentry
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
details.). The usual suffixes K, M, G are supported and are understood to the base of
1024.</para></listitem>
</varlistentry>
<varlistentry>
@ -593,23 +580,20 @@
<varlistentry>
<term><varname>Mark=</varname></term>
<listitem><para>Takes an integer value. Controls the firewall
mark of packets generated by this socket. This can be used in
the firewall logic to filter packets from this socket. This
sets the SO_MARK socket option. See
<citerefentry project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry>
for details.</para></listitem>
<listitem><para>Takes an integer value. Controls the firewall mark of packets generated by this
socket. This can be used in the firewall logic to filter packets from this socket. This sets the
<constant>SO_MARK</constant> socket option. See <citerefentry
project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
details.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>ReusePort=</varname></term>
<listitem><para>Takes a boolean value. If true, allows
multiple
<citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s
to this TCP or UDP port. This controls the SO_REUSEPORT socket
option. See
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details.</para></listitem>
<listitem><para>Takes a boolean value. If true, allows multiple
<citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s to this TCP
or UDP port. This controls the <constant>SO_REUSEPORT</constant> socket option. See <citerefentry
project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
details.</para></listitem>
</varlistentry>
<varlistentry>
@ -685,28 +669,23 @@
<varlistentry>
<term><varname>Broadcast=</varname></term>
<listitem><para>Takes a boolean value. This controls the
SO_BROADCAST socket option, which allows broadcast datagrams
to be sent from this socket. Defaults to
<listitem><para>Takes a boolean value. This controls the <constant>SO_BROADCAST</constant> socket
option, which allows broadcast datagrams to be sent from this socket. Defaults to
<option>false</option>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>PassCredentials=</varname></term>
<listitem><para>Takes a boolean value. This controls the
SO_PASSCRED socket option, which allows
<constant>AF_UNIX</constant> sockets to receive the
credentials of the sending process in an ancillary message.
Defaults to <option>false</option>.</para></listitem>
<listitem><para>Takes a boolean value. This controls the <constant>SO_PASSCRED</constant> socket
option, which allows <constant>AF_UNIX</constant> sockets to receive the credentials of the sending
process in an ancillary message. Defaults to <option>false</option>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>PassSecurity=</varname></term>
<listitem><para>Takes a boolean value. This controls the
SO_PASSSEC socket option, which allows
<constant>AF_UNIX</constant> sockets to receive the security
context of the sending process in an ancillary message.
Defaults to <option>false</option>.</para></listitem>
<listitem><para>Takes a boolean value. This controls the <constant>SO_PASSSEC</constant> socket
option, which allows <constant>AF_UNIX</constant> sockets to receive the security context of the
sending process in an ancillary message. Defaults to <option>false</option>.</para></listitem>
</varlistentry>
<varlistentry>
@ -720,11 +699,10 @@
<varlistentry>
<term><varname>TCPCongestion=</varname></term>
<listitem><para>Takes a string value. Controls the TCP
congestion algorithm used by this socket. Should be one of
"westwood", "veno", "cubic", "lp" or any other available
algorithm supported by the IP stack. This setting applies only
to stream sockets.</para></listitem>
<listitem><para>Takes a string value. Controls the TCP congestion algorithm used by this
socket. Should be one of <literal>westwood</literal>, <literal>veno</literal>,
<literal>cubic</literal>, <literal>lp</literal> or any other available algorithm supported by the IP
stack. This setting applies only to stream sockets.</para></listitem>
</varlistentry>
<varlistentry>
@ -788,15 +766,12 @@
<varlistentry>
<term><varname>RemoveOnStop=</varname></term>
<listitem><para>Takes a boolean argument. If enabled, any file
nodes created by this socket unit are removed when it is
stopped. This applies to AF_UNIX sockets in the file system,
POSIX message queues, FIFOs, as well as any symlinks to them
configured with <varname>Symlinks=</varname>. Normally, it
should not be necessary to use this option, and is not
recommended as services might continue to run after the socket
unit has been terminated and it should still be possible to
communicate with them via their file system node. Defaults to
<listitem><para>Takes a boolean argument. If enabled, any file nodes created by this socket unit are
removed when it is stopped. This applies to <constant>AF_UNIX</constant> sockets in the file system,
POSIX message queues, FIFOs, as well as any symlinks to them configured with
<varname>Symlinks=</varname>. Normally, it should not be necessary to use this option, and is not
recommended as services might continue to run after the socket unit has been terminated and it should
still be possible to communicate with them via their file system node. Defaults to
off.</para></listitem>
</varlistentry>

6
man/systemd.special.xml
View File

@ -1043,7 +1043,7 @@
<para>By default, all user processes and services started on
behalf of the user, including the per-user systemd instance
are found in this slice. This is pulled in by
<filename>systemd-logind.service</filename></para>
<filename>systemd-logind.service</filename>.</para>
</listitem>
</varlistentry>
@ -1052,8 +1052,8 @@
<listitem>
<para>By default, all virtual machines and containers
registered with <command>systemd-machined</command> are
found in this slice. This is pulled in by
<filename>systemd-machined.service</filename></para>
found in this slice. This is pulled in by
<filename>systemd-machined.service</filename>.</para>
</listitem>
</varlistentry>
</variablelist>

2
man/systemd.swap.xml
View File

@ -166,7 +166,7 @@
<refsect1>
<title>Options</title>
<para>Swap files must include a [Swap] section, which carries
<para>Swap unit files must include a [Swap] section, which carries
information about the swap device it supervises. A number of
options that may be used in this section are shared with other
unit types. These options are documented in

4
man/systemd.syntax.xml
View File

@ -98,10 +98,10 @@ KeyTwo=value 2 \
value 2 continued
[Section C]
KeyThree=value 2\
KeyThree=value 3\
# this line is ignored
; this line is ignored too
value 2 continued
value 3 continued
</programlisting></example>
<para>Boolean arguments used in configuration files can be written in

28
man/systemd.time.xml
View File

@ -98,18 +98,20 @@
<refsect1>
<title>Parsing Timestamps</title>
<para>When parsing, systemd will accept a similar syntax, but expects no timezone specification, unless it is given
as the literal string <literal>UTC</literal> (for the UTC timezone), or is specified to be the locally configured
timezone, or the timezone name in the IANA timezone database format. The complete list of timezones
supported on your system can be obtained using the <literal>timedatectl list-timezones</literal>
(see <citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
Using IANA format is recommended over local timezone names, as less prone to errors (eg: with local timezone it's possible to
specify daylight saving time in winter, while it's incorrect). The weekday specification is optional, but when
the weekday is specified, it must either be in the abbreviated (<literal>Wed</literal>) or non-abbreviated
(<literal>Wednesday</literal>) English language form (case does not matter), and is not subject to the locale
choice of the user. Either the date, or the time part may be omitted, in which case the current date or 00:00:00,
respectively, is assumed. The seconds component of the time may also be omitted, in which case ":00" is
assumed. Year numbers may be specified in full or may be abbreviated (omitting the century).</para>
<para>When parsing, systemd will accept a similar syntax, but expects no timezone specification, unless
it is given as the literal string <literal>UTC</literal> (for the UTC timezone), or is specified to be
the locally configured timezone, or the timezone name in the IANA timezone database format. The complete
list of timezones supported on your system can be obtained using the <literal>timedatectl
list-timezones</literal> (see
<citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>). Using
IANA format is recommended over local timezone names, as less prone to errors (e.g. with local timezone
it's possible to specify daylight saving time in winter, even though that is not correct). The weekday
specification is optional, but when the weekday is specified, it must either be in the abbreviated
(<literal>Wed</literal>) or non-abbreviated (<literal>Wednesday</literal>) English language form (case
does not matter), and is not subject to the locale choice of the user. Either the date, or the time part
may be omitted, in which case the current date or 00:00:00, respectively, is assumed. The seconds
component of the time may also be omitted, in which case ":00" is assumed. Year numbers may be specified
in full or may be abbreviated (omitting the century).</para>
<para>A timestamp is considered invalid if a weekday is specified and the date does not match the specified day of
the week.</para>
@ -282,7 +284,7 @@ Wed..Sat,Tue 12-10-15 1:2:3 → Tue..Sat 2012-10-15 01:02:03
<para>Use the <command>calendar</command> command of
<citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry> to validate
and normalize calendar time specifications for testing purposes. The tool also calculates when a specified
calendar event would elapse next.</para>
calendar event would occur next.</para>
</refsect1>
<refsect1>

10
man/systemd.unit.xml
View File

@ -737,7 +737,7 @@
that the listed unit is fully started up before the configured unit is started.</para>
<para>When two units with an ordering dependency between them are shut down, the inverse of the
start-up order is applied. i.e. if a unit is configured with <varname>After=</varname> on another
start-up order is applied. I.e. if a unit is configured with <varname>After=</varname> on another
unit, the former is stopped before the latter if both are shut down. Given two units with any
ordering dependency between them, if one unit is shut down and the other is started up, the shutdown
is ordered before the start-up. It doesn't matter if the ordering dependency is
@ -833,7 +833,7 @@
<option>--job-mode=</option> option for details on the
possible values. If this is set to <literal>isolate</literal>,
only a single unit may be listed in
<varname>OnFailure=</varname>..</para></listitem>
<varname>OnFailure=</varname>.</para></listitem>
</varlistentry>
<varlistentry>
@ -1027,9 +1027,9 @@
<term><varname>StartLimitAction=</varname></term>
<listitem><para>Configure an additional action to take if the rate limit configured with
<varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same
values as the setting <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings and executes
the same actions. If <option>none</option> is set, hitting the rate limit will trigger no action besides that
<varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same
values as the <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings. If
<option>none</option> is set, hitting the rate limit will trigger no action except that
the start will not be permitted. Defaults to <option>none</option>.</para></listitem>
</varlistentry>

21
man/systemd.xml
View File

@ -760,13 +760,11 @@
<varlistentry>
<term><varname>systemd.crash_chvt</varname></term>
<listitem><para>Takes a positive integer, or a boolean argument. Can be also
specified without an argument, with the same effect as a positive boolean. If
a positive integer (in the range 163) is specified, the system manager (PID
1) will activate the specified virtual terminal (VT) when it
crashes. Defaults to disabled, meaning that no such switch is attempted. If
set to enabled, the VT the kernel messages are written to is selected.
</para></listitem>
<listitem><para>Takes a positive integer, or a boolean argument. Can be also specified without an
argument, with the same effect as a positive boolean. If a positive integer (in the range 163) is
specified, the system manager (PID 1) will activate the specified virtual terminal when it crashes.
Defaults to disabled, meaning that no such switch is attempted. If set to enabled, the virtual
terminal the kernel messages are written to is used instead.</para></listitem>
</varlistentry>
<varlistentry>
@ -1089,14 +1087,15 @@
this context, because they are properly namespaced. When an option is specified both on the kernel
command line, and as a normal command line argument, the latter has higher precedence.</para>
<para>When <command>systemd</command> is used a user manager, the kernel command line is ignored and
<para>When <command>systemd</command> is used as a user manager, the kernel command line is ignored and
the options described are understood. Nevertheless, <command>systemd</command> is usually started in
this mode through the
<citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
service, which is shared between all users, and it may be more convenient to use configuration files to
modify settings, see
<citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
or a drop-in that specifies one of the environment variables listed above in "Environment, see
or a drop-in that specifies one of the environment variables listed above in the Environment section,
see
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
<variablelist>
@ -1146,8 +1145,8 @@
<varlistentry>
<term><option>--show-status</option></term>
<listitem><para>Show terse unit status information is shown on the console during boot-up and
shutdown. See <varname>systemd.show_status</varname> above.</para></listitem>
<listitem><para>Show terse unit status information on the console during boot-up and shutdown. See
<varname>systemd.show_status</varname> above.</para></listitem>
</varlistentry>
<varlistentry>

24
man/tc.xml
View File

@ -10,27 +10,28 @@
<varlistentry id='qdisc-parent'>
<term><varname>Parent=</varname></term>
<listitem>
<para>Specifies the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>,
<literal>clsact</literal>, <literal>ingress</literal> or a class id. The class id takes the
major and minor number in hexadecimal ranges 1 to ffff separated with a colon
(<literal>major:minor</literal>). Defaults to <literal>root</literal>.</para>
<para>Configures the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>,
<literal>clsact</literal>, <literal>ingress</literal> or a class identifier. The class identifier is
specified as the major and minor numbers in hexadecimal in the range 0x1Oxffff separated with a
colon (<literal>major:minor</literal>). Defaults to <literal>root</literal>.</para>
</listitem>
</varlistentry>
<varlistentry id='qdisc-handle'>
<term><varname>Handle=</varname></term>
<listitem>
<para>Specifies the major number of unique identifier of the qdisc, known as the handle.
Takes a number in hexadecimal ranges 1 to ffff. Defaults to unset.</para>
<para>Configures the major number of unique identifier of the qdisc, known as the handle.
Takes a hexadecimal number in the range 0x10xffff. Defaults to unset.</para>
</listitem>
</varlistentry>
<varlistentry id='tclass-parent'>
<term><varname>Parent=</varname></term>
<listitem>
<para>Specifies the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>,
or a qdisc id. The qdisc id takes the major and minor number in hexadecimal ranges 1 to ffff
separated with a colon (<literal>major:minor</literal>). Defaults to <literal>root</literal>.
<para>Configures the parent Queueing Discipline (qdisc). Takes one of <literal>root</literal>, or a
qdisc identifier. The qdisc identifier is specified as the major and minor numbers in hexadecimal in
the range 0x1Oxffff separated with a colon (<literal>major:minor</literal>). Defaults to
<literal>root</literal>.
</para>
</listitem>
</varlistentry>
@ -38,8 +39,9 @@
<varlistentry id='tclass-classid'>
<term><varname>ClassId=</varname></term>
<listitem>
<para>Specifies the major and minur number of unique identifier of the class, known as the
class ID. Each number is in hexadecimal ranges 1 to ffff. Defaults to unset.</para>
<para>Configues the unique identifier of the class. It is specified as the major and minor numbers in
hexadecimal in the range 0x1Oxffff separated with a colon (<literal>major:minor</literal>).
Defaults to unset.</para>
</listitem>
</varlistentry>
</variablelist>

5
man/userdbctl.xml
View File

@ -163,11 +163,10 @@
<title>Well-Known Services</title>
<para>The <command>userdbctl services</command> command will list all currently running services that
provide user or group definitions to the system. The following are well-known services are shown among
this list.</para>
provide user or group definitions to the system. The following well-known services are shown among
this list:</para>
<variablelist>
<varlistentry>
<term><constant>io.systemd.DynamicUser</constant></term>

2
src/basic/user-util.c
View File

@ -777,7 +777,7 @@ bool valid_user_group_name(const char *u, ValidUserFlags flags) {
return false;
if (in_charset(u, "0123456789")) /* Don't allow fully numeric strings, they might be confused
* with with UIDs (note that this test is more broad than
* with UIDs (note that this test is more broad than
* the parse_uid() test above, as it will cover more than
* the 32bit range, and it will detect 65535 (which is in
* invalid UID, even though in the unsigned 32 bit range) */

2
src/journal/journal-file.c
View File

@ -625,7 +625,7 @@ int journal_file_fstat(JournalFile *f) {
f->last_stat_usec = now(CLOCK_MONOTONIC);
/* Refuse dealing with with files that aren't regular */
/* Refuse dealing with files that aren't regular */
r = stat_verify_regular(&f->last_stat);
if (r < 0)
return r;

2
src/libsystemd/sd-bus/bus-internal.h
View File

@ -43,7 +43,7 @@ struct match_callback {
unsigned last_iteration;
/* Don't dispatch this slot with with messages that arrived in any iteration before or at the this
/* Don't dispatch this slot with messages that arrived in any iteration before or at the this
* one. We use this to ensure that matches don't apply "retroactively" and thus can confuse the
* caller: matches will only match incoming messages from the moment on the match was installed. */
uint64_t after;