<programlisting>BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout</programlisting>
</example>
- <para>In place of the directory path a <literal>.v/</literal> versioned directory may be specified,
- see <citerefentry><refentrytitle>systemd.v</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
- details.</para>
+ <xi:include href="vpick.xml" xpointer="directory"/>
<xi:include href="system-or-user-ns.xml" xpointer="singular"/></listitem>
</varlistentry>
<citerefentry><refentrytitle>systemd-soft-reboot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
in case the service is configured to survive it.</para>
- <para>In place of the image path a <literal>.v/</literal> versioned directory may be specified, see
- <citerefentry><refentrytitle>systemd.v</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
- details.</para>
+ <xi:include href="vpick.xml" xpointer="image"/>
<xi:include href="system-only.xml" xpointer="singular"/>
<varname>PrivateDevices=</varname> below, as it may change the setting of
<varname>DevicePolicy=</varname>.</para>
+ <xi:include href="vpick.xml" xpointer="image"/>
+
<xi:include href="system-only.xml" xpointer="singular"/>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
<para>Note that usage from user units requires overlayfs support in unprivileged user namespaces,
which was first introduced in kernel v5.11.</para>
+ <xi:include href="vpick.xml" xpointer="directory"/>
+
<xi:include href="system-or-user-ns.xml" xpointer="singular"/>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
<varlistentry>
<term><varname>IgnoreSIGPIPE=</varname></term>
- <listitem><para>Takes a boolean argument. If true, causes <constant>SIGPIPE</constant> to be ignored in the
- executed process. Defaults to true because <constant>SIGPIPE</constant> generally is useful only in shell
- pipelines.</para></listitem>
+ <listitem><para>Takes a boolean argument. If true, <constant>SIGPIPE</constant> is ignored in the
+ executed process. Defaults to true since <constant>SIGPIPE</constant> is generally only useful in
+ shell pipelines.</para></listitem>
</varlistentry>
</variablelist>
units, it only enables sharing of the <filename>/tmp/</filename> and <filename>/var/tmp/</filename>
directories.</para>
- <para>Other file system namespace unit settings — <varname>PrivateMounts=</varname>,
- <varname>PrivateTmp=</varname>, <varname>PrivateDevices=</varname>, <varname>ProtectSystem=</varname>,
- <varname>ProtectHome=</varname>, <varname>ReadOnlyPaths=</varname>, <varname>InaccessiblePaths=</varname>,
- <varname>ReadWritePaths=</varname>, … — also enable file system namespacing in a fashion equivalent to this
- option. Hence it is primarily useful to explicitly request this behaviour if none of the other settings are
- used.</para>
+ <para>Other file system namespace unit settings — <varname>PrivateTmp=</varname>,
+ <varname>PrivateDevices=</varname>, <varname>ProtectSystem=</varname>,
+ <varname>ProtectHome=</varname>, <varname>ReadOnlyPaths=</varname>,
+ <varname>InaccessiblePaths=</varname>, <varname>ReadWritePaths=</varname>, … — also enable file
+ system namespacing in a fashion equivalent to this option. Hence it is primarily useful to explicitly
+ request this behaviour if none of the other settings are used.</para>
<xi:include href="system-or-user-ns.xml" xpointer="singular"/>
the kernel log buffer, the unit will implicitly gain a dependency of type <varname>After=</varname>
on <filename>systemd-journald.socket</filename> (also see the "Implicit Dependencies" section
above). Also note that in this case stdout (or stderr, see below) will be an
- <constant>AF_UNIX</constant> stream socket, and not a pipe or FIFO that can be re-opened. This means
+ <constant>AF_UNIX</constant> stream socket, and not a pipe or FIFO that can be reopened. This means
when executing shell scripts the construct <command>echo "hello" > /dev/stderr</command> for
writing text to stderr will not work. To mitigate this use the construct <command>echo "hello"
>&2</command> instead, which is mostly equivalent and avoids this pitfall.</para>
<literal>\x7efoobar</literal> would add a pattern matching <literal>~foobar</literal> to the allow list.</para>
<para>Log messages are tested against denied patterns (if any), then against allowed patterns
- (if any). If a log message matches any of the denied patterns, it will be discarded, whatever the
- allowed patterns. Then, remaining log messages are tested against allowed patterns. Messages matching
+ (if any). If a log message matches any of the denied patterns, it is discarded immediately without considering
+ allowed patterns. Remaining log messages are tested against allowed patterns. Messages matching
against none of the allowed pattern are discarded. If no allowed patterns are defined, then all
messages are processed directly after going through denied filters.</para>
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the details about <varname>DevicePolicy=</varname> or <varname>DeviceAllow=</varname>.</para>
+ <para>Note that encrypted credentials targeted for services of the per-user service manager must be
+ encrypted with <command>systemd-creds encrypt --user</command>, and those for the system service
+ manager without the <option>--user</option> switch. Encrypted credentials are always targeted to a
+ specific user or the system as a whole, and it is ensured that per-user service managers cannot
+ decrypt secrets intended for the system or for other users.</para>
+
<para>The credential files/IPC sockets must be accessible to the service manager, but don't have to
be directly accessible to the unit's processes: the credential data is read and copied into separate,
read-only copies for the unit that are accessible to appropriately privileged processes. This is
projects / thirdparty / systemd.git / blobdiff