/test-path
/test-path-lookup
/test-path-util
-/test-pppoe
/test-prioq
/test-process-util
/test-pty
/test-socket-util
/test-ssd
/test-strbuf
+/test-string-util
/test-strip-tab-ansi
/test-strv
/test-strxcpyx
test-utf8 \
test-ellipsize \
test-util \
+ test-string-util \
test-extract-word \
test-parse-util \
test-user-util \
test_util_LDADD = \
libshared.la
+test_string_util_SOURCES = \
+ src/test/test-string-util.c
+
+test_string_util_LDADD = \
+ libshared.la
+
test_extract_word_SOURCES = \
src/test/test-extract-word.c
src/systemd/sd-ndisc.h \
src/systemd/sd-dhcp6-client.h \
src/systemd/sd-dhcp6-lease.h \
- src/systemd/sd-pppoe.h \
src/systemd/sd-lldp.h \
src/libsystemd-network/sd-dhcp-client.c \
src/libsystemd-network/sd-dhcp-server.c \
src/libsystemd-network/sd-ipv4acd.c \
src/libsystemd-network/arp-util.h \
src/libsystemd-network/arp-util.c \
- src/libsystemd-network/sd-pppoe.c \
src/libsystemd-network/network-internal.c \
src/libsystemd-network/network-internal.h \
src/libsystemd-network/sd-ndisc.c \
libsystemd-network.la \
libshared.la
-test_pppoe_SOURCES = \
- src/systemd/sd-pppoe.h \
- src/libsystemd-network/test-pppoe.c
-
-test_pppoe_LDADD = \
- libsystemd-network.la \
- libshared.la
-
test_ndisc_rs_SOURCES = \
src/systemd/sd-dhcp6-client.h \
src/systemd/sd-ndisc.h \
test-dhcp6-client \
test-lldp
-manual_tests += \
- test-pppoe
-
# ------------------------------------------------------------------------------
include_HEADERS += \
src/libudev/libudev.h
* File descriptors passed during socket activation may now be
named. A new API sd_listen_fds_with_names() is added to
- access the names. The default names may be overriden,
+ access the names. The default names may be overridden,
either in the .socket file using the FileDescriptorName=
parameter, or by passing FDNAME= when storing the file
descriptors using sd_notify().
another unit listed in its Also= setting might be.
* Similar to the various existing ConditionXYZ= settings for
- units there are now matching AssertXYZ= settings. While
+ units, there are now matching AssertXYZ= settings. While
failing conditions cause a unit to be skipped, but its job
to succeed, failing assertions declared like this will cause
a unit start operation and its job to fail.
* hostnamed now knows a new chassis type "embedded".
* systemctl gained a new "edit" command. When used on a unit
- file this allows extending unit files with .d/ drop-in
+ file, this allows extending unit files with .d/ drop-in
configuration snippets or editing the full file (after
copying it from /usr/lib to /etc). This will invoke the
user's editor (as configured with $EDITOR), and reload the
inhibitors.
* Scope and service units gained a new "Delegate" boolean
- property, which when set allows processes running inside the
+ property, which, when set, allows processes running inside the
unit to further partition resources. This is primarily
useful for systemd user instances as well as container
managers.
audit fields are split up and fully indexed. This means that
journalctl in many ways is now a (nicer!) alternative to
ausearch, the traditional audit client. Note that this
- implements only a minimal audit client, if you want the
+ implements only a minimal audit client. If you want the
special audit modes like reboot-on-log-overflow, please use
the traditional auditd instead, which can be used in
parallel to journald.
* journalctl gained two new commands --vacuum-size= and
--vacuum-time= to delete old journal files until the
- remaining ones take up no more the specified size on disk,
+ remaining ones take up no more than the specified size on disk,
or are not older than the specified time.
* A new, native PPPoE library has been added to sd-network,
will spew out warnings if the compilation fails. This
requires libxkbcommon to be installed.
- * When a coredump is collected a larger number of metadata
+ * When a coredump is collected, a larger number of metadata
fields is now collected and included in the journal records
- created for it. More specifically control group membership,
+ created for it. More specifically, control group membership,
environment variables, memory maps, working directory,
chroot directory, /proc/$PID/status, and a list of open file
descriptors is now stored in the log entry.
a fixed machine ID for subsequent boots.
* networkd's .netdev files now provide a large set of
- configuration parameters for VXLAN devices. Similar, the
+ configuration parameters for VXLAN devices. Similarly, the
bridge port cost parameter is now configurable in .network
files. There's also new support for configuring IP source
routing. networkd .link files gained support for a new
* .socket units gained a new DeferAcceptSec= setting that
controls the kernels' TCP_DEFER_ACCEPT sockopt for
- TCP. Similar, support for controlling TCP keep-alive
+ TCP. Similarly, support for controlling TCP keep-alive
settings has been added (KeepAliveTimeSec=,
KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for
turning off Nagle's algorithm on TCP has been added
* tmpfiles learnt a new "L+" directive which creates a symlink
but (unlike "L") deletes a pre-existing file first, should
it already exist and not already be the correct
- symlink. Similar, "b+", "c+" and "p+" directives have been
+ symlink. Similarly, "b+", "c+" and "p+" directives have been
added as well, which create block and character devices, as
well as fifos in the filesystem, possibly removing any
pre-existing files of different types.
open_by_handle_at() is now prohibited for containers,
closing a hole similar to a recently discussed vulnerability
in docker regarding access to files on file hierarchies the
- container should normally not have access to. Note that for
- nspawn we generally make no security claims anyway (and
+ container should normally not have access to. Note that, for
+ nspawn, we generally make no security claims anyway (and
this is explicitly documented in the man page), so this is
just a fix for one of the most obvious problems.
CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
loses the ability to write to files owned by root this way.
- * Similar, systemd-resolved now runs under its own
+ * Similarly, systemd-resolved now runs under its own
"systemd-resolve" user with no capabilities remaining.
- * Similar, systemd-bus-proxyd now runs under its own
+ * Similarly, systemd-bus-proxyd now runs under its own
"systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.
* systemd-networkd gained support for setting up "veth"
- virtual ethernet devices for container connectivity, as well
+ virtual Ethernet devices for container connectivity, as well
as GRE and VTI tunnels.
* systemd-networkd will no longer automatically attempt to
* The configuration of network interface naming rules for
"permanent interface names" has changed: a new NamePolicy=
setting in the [Link] section of .link files determines the
- priority of possible naming schemes (onboard, slot, mac,
+ priority of possible naming schemes (onboard, slot, MAC,
path). The default value of this setting is determined by
/usr/lib/net/links/99-default.link. Old
80-net-name-slot.rules udev configuration file has been
devices as seat masters, i.e. as devices that are required
to be existing before a seat is considered preset. Instead,
it will now look for all devices that are tagged as
- "seat-master" in udev. By default framebuffer devices will
- be marked as such, but depending on local systems other
+ "seat-master" in udev. By default, framebuffer devices will
+ be marked as such, but depending on local systems, other
devices might be marked as well. This may be used to
integrate graphics cards using closed source drivers (such
as NVidia ones) more nicely into logind. Note however, that
* Reorder configuration file lookup order. /etc now always
overrides /run in order to allow the administrator to always
- and unconditionally override vendor supplied or
+ and unconditionally override vendor-supplied or
automatically generated data.
* The various user visible bits of the journal now have man
glibc >= 2.16
libcap
- libmount >= 2.27 (from util-linux)
+ libmount >= 2.27.1 (from util-linux)
libseccomp >= 1.0.0 (optional)
libblkid >= 2.24 (from util-linux) (optional)
libkmod >= 15 (optional)
During runtime, you need the following additional
dependencies:
- util-linux >= v2.27 required
+ util-linux >= v2.27.1 required
dbus >= 1.4.0 (strictly speaking optional, but recommended)
dracut (optional)
PolicyKit (optional)
- add Scope= parsing option for [Network]
- properly handle routerless dhcp leases
- add more attribute support for SIT tunnel
- - work with non-ethernet devices
+ - work with non-Ethernet devices
- add support for more bond options
* networkd-wait-online:
--- /dev/null
+# This file is part of systemd.
+#
+# Copyright 2012 Lennart Poettering
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# systemd is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+# Korean translation
+
+# The catalog format is documented on
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# For an explanation why we do all this, see https://xkcd.com/1024/
+#
+# Translator :
+# Seong-ho Cho <darkcircle.0426@gmail.com>, 2015.
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: 저널 시작
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+시스템 저널 프로세스를 시작했고 기록목적으로 저널 파일을 열었으며,
+프로세스 요청을 기다리고 있습니다.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: 저널 멈춤
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+시스템 저널 프로세스를 껐고 현재 활성화 중인 저널 파일을 모두
+닫았습니다.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: 서비스의 메시지를 거절함
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+일정 시간동안 서비스에서 너무 많은 메시지를 기록했습니다.
+서비스에서 오는 메시지를 거절했습니다.
+
+의문점이 있는 서비스로부터 오는 메시지만 거절했음을 참고하십시오
+다른 서비스의 메시지에는 영향을 주지 않습니다.
+
+메시지 거절 제어 제한 값은 /etc/systemd/journald.conf 의
+RateLimitInterval= 변수와 RateLimitBurst= 변수로 설정합니다.
+자세한 내용은 ournald.conf(5)를 살펴보십시오.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: 저널 메시지 놓침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+저널 시스템에서 커널 메시지를 충분히 빠르게 처리할 수 없어 커널
+ 메시지를 잃었습니다.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: 프로세스 @COREDUMP_PID@번 코어 덤프(@COREDUMP_COMM@) 생성함
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+프로세스 @COREDUMP_PID@번 (@COREDUMP_COMM@)이 비정상적으로 끝나
+코어 덤프를 생성했습니다.
+
+보통 비정상 종료 관리 프로그램에서 프로그래밍 오류를 나타내며,
+제작자에게 버그로 보고해야합니다.
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: @USER_ID@ 사용자의 새 @SESSION_ID@ 세션 만듦
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+@USER_ID@ 사용자의 새 @SESSION_ID@ 세션을 만들었습니다.
+
+이 세션의 관리 프로세스는 @LEADER@ 입니다.
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: @SESSION_ID@ 세션 마침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+@SESSION_ID@ 세션을 끝냈습니다.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: 새 @SEAT_ID@ 시트 사용할 수 있음
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+새 @SEAT_ID@ 시트를 설정했고 사용할 수 있습니다.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: @SEAT_ID@ 시트 제거함
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+@SEAT_ID@ 시트를 제거했으며 더이상 사용할 수 없습니다.
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: 시간 바꿈
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+시스템 시계를 1970년 1월 1일 이후로 @REALTIME@ 마이크로초 지난 값으로
+설정했습니다.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: @TIMEZONE@ 시간대로 시간대 바꿈
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+시스템 시간대를 @TIMEZONE@ 시간대로 바꾸었습니다.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: 시스템 시동 마침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+부팅 과정에 시작하려고 준비한 모든 시스템 서비스를 성공적으로
+ 시작했습니다. 머신이 서비스처럼 대기중이라는 의미는 아니며
+지동을 완전히 마칠 때까지 사용중일 수도 있는 점 참고하십시오.
+
+커널 시동에 @KERNEL_USEC@ 마이크로초가 걸립니다.
+
+초기 램 디스크 시동에 @INITRD_USEC@ 마이크로초가 걸립니다.
+
+사용자 영역 시동에 @USERSPACE_USEC@ 마이크로초가 걸립니다.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: @SLEEP@ 대기 상태 진입
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@SLEEP@ 대기 상태로 진입했습니다.
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: @SLEEP@ 대기 상태 마침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@SLEEP@ 대기 상태를 마쳤습니다.
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: 컴퓨터 끄기 시작
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+컴퓨터 끄기 동작을 시작했습니다. 모든 시스템 동작을 멈추고
+모든 파일 시스템의 마운트를 해제합니다.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: @UNIT@ 유닛 시작
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛을 시작했습니다.
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: @UNIT@ 유닛 시동 마침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛 시동을 마쳤습니다.
+
+시동 결과는 @RESULT@ 입니다.
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: @UNIT@ 유닛 끝내기 동작 시작
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛 끝내기 동작을 시작했습니다.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: @UNIT@ 유닛 끝내기 동작 마침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛 끝내기 동작을 마쳤습니다.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: @UNIT@ 유닛 동작 실패
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛 동작에 실패했습니다.
+
+결과는 @RESULT@ 입니다.
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: @UNIT@ 유닛 설정 다시 읽기 시작
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛의 설정 다시 읽기를 시작했습니다
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: @UNIT@ 유닛 설정 다시 읽기 완료
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛의 설정 다시 읽기 동작을 끝냈습니다.
+
+결과는 @RESULT@ 입니다.
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: @EXECUTABLE@ 프로세스 시작할 수 없음
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@EXECUTABLE@ 프로세스를 시작할 수 없어 실행에 실패했습니다.
+
+이 프로세스에서 반환한 오류 번호는 @ERRNO@번 입니다.
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: 하나 이상의 메시지를 syslog에 전달할 수 없음
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+journald 서비스와 동시에 실행중인 syslog 서비스에 하나 이상의 메시지를
+전달할 수 없습니다. 보통 순차적으로 오는 메시지의 속도를 syslog 구현체가
+따라가지 못함을 의미합니다.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: 마운트 지점 비어있지 않음
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@WHERE@ 디렉터리를 마운트 지점으로 지정했으며 (/etc/fstab 파일의
+ 두번째 필드 또는 systemd 유닛 파일의 Where= 필드) 비어있지 않습니다.
+마운트 과정에 방해가 되진 않지만 이전에 이 디렉터리에 존재하는 파일에
+ 접근할 수 없게 됩니다. 중복으로 마운트한 파일을 보려면, 근본 파일
+시스템의 다음 위치에 직접 마운트하십시오.
+
+-- 24d8d4452573402496068381a6312df2
+Subject: 가상 머신 또는 컨테이너 시작
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@LEADER@ 프로세스 ID로 동작하는 @NAME@ 가상 머신을 시작했으며,
+이제부터 사용할 수 있습니다.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: 가상 머신 또는 컨테이너 마침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@LEADER@ 프로세스 ID로 동작하는 @NAME@ 가상 머신을 껐습니다.
@@
-identifier r;
+identifier log_LEVEL_errno =~ "^log_(debug|info|notice|warning|error|emergency)_errno$";
+local idexpression r;
expression e;
@@
- r = -e;
-- log_error_errno(e,
-+ r = log_error_errno(e,
- ...);
++ r =
+ log_LEVEL_errno(e, ...);
@@
-identifier r;
+identifier log_LEVEL_errno =~ "^log_(debug|info|notice|warning|error|emergency)_errno$";
+local idexpression r;
expression e;
@@
-- log_error_errno(e,
-+ r = log_error_errno(e,
- ...);
++ r =
+ log_LEVEL_errno(e, ...);
- r = -e;
@@
-identifier r;
+identifier log_LEVEL_errno =~ "^log_(debug|info|notice|warning|error|emergency)_errno$";
+local idexpression r;
expression e;
@@
-- r = log_error_errno(e,
-+ return log_error_errno(e,
- ...);
+- r =
++ return
+ log_LEVEL_errno(e, ...);
- return r;
@@
-identifier r;
+identifier log_LEVEL_errno =~ "^log_(debug|info|notice|warning|error|emergency)_errno$";
expression e;
@@
-- r = -e;
-- log_warning_errno(e,
-+ r = log_warning_errno(e,
- ...);
-@@
-identifier r;
-expression e;
-@@
-- log_warning_errno(e,
-+ r = log_warning_errno(e,
- ...);
-- r = -e;
-@@
-identifier r;
-expression e;
-@@
-- r = log_warning_errno(e,
-+ return log_warning_errno(e,
- ...);
-- return r;
++ return
+ log_LEVEL_errno(e, ...);
+- return -e;
<term><varname>Frequency=25</varname></term>
<listitem><para>Configure the sample log frequency. This can
be a fractional number, but must be larger than 0.0. Most
- systems can cope with values under 25-50 without impacting
+ systems can cope with values under 25–50 without impacting
boot time severely.</para></listitem>
</varlistentry>
system.</para>
<para><command>bootctl status</command> checks and prints the
- currently installed versions of the boot loader binaries and the
+ currently installed versions of the boot loader binaries and
all current EFI boot variables.</para>
<para><command>bootctl update</command> updates all installed
versions of systemd-boot, if the current version is newer than the
version installed in the EFI system partition. This also includes
the EFI default/fallback loader at /EFI/Boot/boot*.efi. A
- systemd-boot entry in the EFI boot variables is created, if there
+ systemd-boot entry in the EFI boot variables is created if there
is no current entry. The created entry will be added to the end of
the boot order list.</para>
versions of systemd-boot from the EFI system partition, and removes
systemd-boot from the EFI boot variables.</para>
- <para>If no command is passed <command>status</command> is
+ <para>If no command is passed, <command>status</command> is
implied.</para>
</refsect1>
<refsect1>
<title>Exit status</title>
- <para>On success 0 is returned, a non-zero failure
+ <para>On success, 0 is returned, a non-zero failure
code otherwise.</para>
</refsect1>
<term><option>--size=</option></term>
<listitem>
- <para>When used with the <command>capture</command> command
+ <para>When used with the <command>capture</command> command,
specifies the maximum bus message size to capture
("snaplen"). Defaults to 4096 bytes.</para>
</listitem>
<term><option>--list</option></term>
<listitem>
- <para>When used with the <command>tree</command> command shows a
+ <para>When used with the <command>tree</command> command, shows a
flat list of object paths instead of a tree.</para>
</listitem>
</varlistentry>
<term><option>--quiet</option></term>
<listitem>
- <para>When used with the <command>call</command> command
+ <para>When used with the <command>call</command> command,
suppresses display of the response message payload. Note that even
- if this option is specified errors returned will still be
+ if this option is specified, errors returned will still be
printed and the tool will indicate success or failure with
the process exit code.</para>
</listitem>
<listitem>
<para>When used with the <command>call</command> or
- <command>get-property</command> command shows output in a
+ <command>get-property</command> command, shows output in a
more verbose format.</para>
</listitem>
</varlistentry>
<term><option>--expect-reply=</option><replaceable>BOOL</replaceable></term>
<listitem>
- <para>When used with the <command>call</command> command
+ <para>When used with the <command>call</command> command,
specifies whether <command>busctl</command> shall wait for
completion of the method call, output the returned method
response data, and return success or failure via the process
- exit code. If this is set to <literal>no</literal> the
+ exit code. If this is set to <literal>no</literal>, the
method call will be issued but no response is expected, the
tool terminates immediately, and thus no response can be
shown, and no success or failure is returned via the exit
- code. To only suppress output of the reply message payload
+ code. To only suppress output of the reply message payload,
use <option>--quiet</option> above. Defaults to
<literal>yes</literal>.</para>
</listitem>
<term><option>--auto-start=</option><replaceable>BOOL</replaceable></term>
<listitem>
- <para>When used with the <command>call</command> command specifies
+ <para>When used with the <command>call</command> command, specifies
whether the method call should implicitly activate the
- called service should it not be running yet but is
+ called service, should it not be running yet but is
configured to be auto-started. Defaults to
<literal>yes</literal>.</para>
</listitem>
<term><option>--allow-interactive-authorization=</option><replaceable>BOOL</replaceable></term>
<listitem>
- <para>When used with the <command>call</command> command
+ <para>When used with the <command>call</command> command,
specifies whether the services may enforce interactive
authorization while executing the operation, if the security
policy is configured for this. Defaults to
<term><option>--timeout=</option><replaceable>SECS</replaceable></term>
<listitem>
- <para>When used with the <command>call</command> command
+ <para>When used with the <command>call</command> command,
specifies the maximum time to wait for method call
- completion. If no time unit is specified assumes
+ completion. If no time unit is specified, assumes
seconds. The usual other units are understood, too (ms, us,
s, min, h, d, w, month, y). Note that this timeout does not
- apply if <option>--expect-reply=no</option> is used as the
+ apply if <option>--expect-reply=no</option> is used, as the
tool does not wait for any reply message then. When not
- specified or when set to 0 the default of
+ specified or when set to 0, the default of
<literal>25s</literal> is assumed.</para>
</listitem>
</varlistentry>
<para>Controls whether credential data reported by
<command>list</command> or <command>status</command> shall
be augmented with data from
- <filename>/proc</filename>. When this is turned on the data
+ <filename>/proc</filename>. When this is turned on, the data
shown is possibly inconsistent, as the data read from
- <filename>/proc</filename> might be more recent than rest of
+ <filename>/proc</filename> might be more recent than the rest of
the credential information. Defaults to <literal>yes</literal>.</para>
</listitem>
</varlistentry>
<term><command>list</command></term>
<listitem><para>Show all peers on the bus, by their service
- names. By default shows both unique and well-known names, but
+ names. By default, shows both unique and well-known names, but
this may be changed with the <option>--unique</option> and
<option>--acquired</option> switches. This is the default
operation if no command is specified.</para></listitem>
<replaceable>SERVICE</replaceable> is specified, show messages
to or from this peer, identified by its well-known or unique
name. Otherwise, show all messages on the bus. Use Ctrl-C to
- terminate dump.</para></listitem>
+ terminate the dump.</para></listitem>
</varlistentry>
<varlistentry>
<term><command>capture</command> <arg choice="opt" rep="repeat"><replaceable>SERVICE</replaceable></arg></term>
<listitem><para>Similar to <command>monitor</command> but
- writes the output in pcap format (for details see the <ulink
+ writes the output in pcap format (for details
, see the <ulink
url="http://wiki.wireshark.org/Development/LibpcapFileFormat">Libpcap
File Format</ulink> description. Make sure to redirect the
output to STDOUT to a file. Tools like
<listitem><para>Show interfaces, methods, properties and
signals of the specified object (identified by its path) on
- the specified service. If the interface argument is passed the
+ the specified service. If the interface argument is passed, the
output is limited to members of the specified
interface.</para></listitem>
</varlistentry>
<listitem><para>Invoke a method and show the response. Takes a
service name, object path, interface name and method name. If
- parameters shall be passed to the method call a signature
+ parameters shall be passed to the method call, a signature
string is required, followed by the arguments, individually
formatted as strings. For details on the formatting used, see
- below. To suppress output of the returned data use the
+ below. To suppress output of the returned data, use the
<option>--quiet</option> option.</para></listitem>
</varlistentry>
<listitem><para>Retrieve the current value of one or more
object properties. Takes a service name, object path,
interface name and property name. Multiple properties may be
- specified at once in which case their values will be shown one
- after the other, separated by newlines. The output is by
- default in terse format. Use <option>--verbose</option> for a
+ specified at once, in which case their values will be shown one
+ after the other, separated by newlines. The output is, by
+ default, in terse format. Use <option>--verbose</option> for a
more elaborate output format.</para></listitem>
</varlistentry>
<varlistentry>
<term><command>set-property</command> <arg choice="plain"><replaceable>SERVICE</replaceable></arg> <arg choice="plain"><replaceable>OBJECT</replaceable></arg> <arg choice="plain"><replaceable>INTERFACE</replaceable></arg> <arg choice="plain"><replaceable>PROPERTY</replaceable></arg> <arg choice="plain"><replaceable>SIGNATURE</replaceable></arg> <arg choice="plain" rep="repeat"><replaceable>ARGUMENT</replaceable></arg></term>
- <listitem><para>Set the current value an object
+ <listitem><para>Set the current value of an object
property. Takes a service name, object path, interface name,
property name, property signature, followed by a list of
parameters formatted as strings.</para></listitem>
<para>The <command>call</command> and
<command>set-property</command> commands take a signature string
followed by a list of parameters formatted as string (for details
- on D-Bus signature strings see the <ulink
+ on D-Bus signature strings
, see the <ulink
url="http://dbus.freedesktop.org/doc/dbus-specification.html#type-system">Type
system chapter of the D-Bus specification</ulink>). For simple
- types each parameter following the signature should simply be the
+ types, each parameter following the signature should simply be the
parameter's value formatted as string. Positive boolean values may
be formatted as <literal>true</literal>, <literal>yes</literal>,
- <literal>on</literal>, <literal>1</literal>; negative boolean
+ <literal>on</literal>, or <literal>1</literal>; negative boolean
values may be specified as <literal>false</literal>,
- <literal>no</literal>, <literal>off</literal>,
+ <literal>no</literal>, <literal>off</literal>, or
<literal>0</literal>. For arrays, a numeric argument for the
number of entries followed by the entries shall be specified. For
- variants the signature of the contents shall be specified,
- followed by the contents. For dictionaries and structs the
+ variants, the signature of the contents shall be specified,
+ followed by the contents. For dictionaries and structs, the
contents of them shall be directly specified.</para>
<para>For example,
array that maps strings to variants, consisting of three
entries. The string <literal>One</literal> is assigned the
string <literal>Eins</literal>. The string
- <literal>Two</literal> is assigned the 32bit unsigned
+ <literal>Two</literal> is assigned the 32-bit unsigned
integer 2. The string <literal>Yes</literal> is assigned a
positive boolean.</para>
of the <literal>org.freedesktop.systemd1</literal>
service, and passes it two strings
<literal>cups.service</literal> and
- <literal>replace</literal>. As result of the method
- call a single object path parameter is received and
+ <literal>replace</literal>. As a result of the method
+ call, a single object path parameter is received and
shown:</para>
<programlisting># busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager StartUnit ss "cups.service" "replace"
<term><varname>Compress=</varname></term>
<listitem><para>Controls compression for external
- storage. Takes a boolean argument, defaults to
+ storage. Takes a boolean argument, which defaults to
<literal>yes</literal>.</para>
</listitem>
</varlistentry>
coredumps are processed. Note that old coredumps are also
removed based on time via
<citerefentry><refentrytitle>systemd-tmpfiles</refentrytitle><manvolnum>8</manvolnum></citerefentry>. Set
- either value to 0 to turn off size based
+ either value to 0 to turn off size-based
clean-up.</para></listitem>
</varlistentry>
</variablelist>
at the beginning. This is different from the <option>--offset</option>
option with respect to the sector numbers used in initialization vector
(IV) calculation. Using <option>--offset</option> will shift the IV
- calculation by the same negative amount. Hence, if <option>--offset n</option>,
+ calculation by the same negative amount. Hence, if <option>--offset n</option> is given,
sector n will get a sector number of 0 for the IV calculation.
Using <option>--skip</option> causes sector n to also be the first
- sector of the mapped device, but with its number for IV generation is n.</para>
+ sector of the mapped device, but with its number for IV generation being n.</para>
<para>This option is only relevant for plain devices.</para>
</listitem>
<!--
- helper template to do conflict resolution between various headings with the same inferred ID attribute/tag from the headerlink template
- - this conflict resolution is necessary to prevent malformed HTML output (multiple id attributes with the same value)
+ - this conflict resolution is necessary to prevent malformed HTML output (multiple ID attributes with the same value)
- and it fixes xsltproc warnings during compilation of HTML man pages
-
- A simple top-to-bottom numbering scheme is implemented for nodes with the same ID value to derive unique ID values for HTML output.
<!--
- If stable URLs with fragment markers (references to the ID) turn out not to be important:
- generatedID could simply take the value of generate-id(), and various other helper templates may be dropped entirely.
- - Alternatively if xsltproc is patched to generate reproducible generate-id() output the same simplifications can be
+ - Alternatively, if xsltproc is patched to generate reproducible generate-id() output, the same simplifications can be
- applied at the cost of breaking compatibility with URLs generated from output of previous versions of this stylesheet.
-->
<xsl:variable name="generatedID">
configured address redundant. Another often suggested trigger
for service activation is low system load. However, here too, a
more convincing approach might be to make proper use of features
- of the operating system, in particular, the CPU or IO scheduler
+ of the operating system, in particular, the CPU or I/O scheduler
of Linux. Instead of scheduling jobs from userspace based on
monitoring the OS scheduler, it is advisable to leave the
scheduling of processes to the OS scheduler itself. systemd
- provides fine-grained access to the CPU and IO schedulers. If a
+ provides fine-grained access to the CPU and I/O schedulers. If a
process executed by the init system shall not negatively impact
- the amount of CPU or IO bandwidth available to other processes,
+ the amount of CPU or I/O bandwidth available to other processes,
it should be configured with
<varname>CPUSchedulingPolicy=idle</varname> and/or
<varname>IOSchedulingClass=idle</varname>. Optionally, this may
<varlistentry>
<term><filename>/boot</filename></term>
<listitem><para>The boot partition used for bringing up the
- system. On EFI systems this is possibly the EFI System
+ system. On EFI systems, this is possibly the EFI System
Partition, also see
<citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
This directory is usually strictly local to the host, and
directory is usually mounted as a <literal>tmpfs</literal>
instance, and should hence not be used for larger files. (Use
<filename>/var/tmp</filename> for larger files.) Since the
- directory is accessible to other users of the system it is
+ directory is accessible to other users of the system, it is
essential that this directory is only written to with the
<citerefentry project='man-pages'><refentrytitle>mkstemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>mkdtemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>
and related calls. This directory is usually flushed at
boot-up. Also, files that are not accessed within a certain
time are usually automatically deleted. If applications find
- the environment variable <varname>$TMPDIR</varname> set they
+ the environment variable <varname>$TMPDIR</varname> set, they
should prefer using the directory specified in it over
directly referencing <filename>/tmp</filename> (see
<citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
<varlistentry>
<term><filename>/usr/bin</filename></term>
- <listitem><para>Binaries and executables for user commands,
+ <listitem><para>Binaries and executables for user commands
that shall appear in the <varname>$PATH</varname> search path.
It is recommended not to place binaries in this directory that
are not useful for invocation from a shell (such as daemon
<varlistentry>
<term><filename>/usr/lib/<replaceable>arch-id</replaceable></filename></term>
- <listitem><para>Location for placing dynamic libraries, also
+ <listitem><para>Location for placing dynamic libraries into, also
called <varname>$libdir</varname>. The architecture identifier
to use is defined on <ulink
url="https://wiki.debian.org/Multiarch/Tuples">Multiarch
<term><filename>/usr/share/factory/var</filename></term>
<listitem><para>Similar to
- <filename>/usr/share/factory/etc</filename> but for vendor
+ <filename>/usr/share/factory/etc</filename>, but for vendor
versions of files in the variable, persistent data directory
<filename>/var</filename>.</para></listitem>
<varlistentry>
<term><filename>/var/tmp</filename></term>
<listitem><para>The place for larger and persistent temporary
- files. In contrast to <filename>/tmp</filename> this directory
+ files. In contrast to <filename>/tmp</filename>, this directory
is usually mounted from a persistent physical file system and
can thus accept larger files. (Use <filename>/tmp</filename>
for smaller files.) This directory is generally not flushed at
<citerefentry project='man-pages'><refentrytitle>mkdtemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>
or similar calls should be used to make use of this directory.
If applications find the environment variable
- <varname>$TMPDIR</varname> set they should prefer using the
+ <varname>$TMPDIR</varname> set, they should prefer using the
directory specified in it over directly referencing
<filename>/var/tmp</filename> (see
<citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
<variablelist>
<varlistentry>
<term><filename>/dev</filename></term>
- <listitem><para>The root directory for device nodes. Usually
+ <listitem><para>The root directory for device nodes. Usually,
this directory is mounted as a <literal>devtmpfs</literal>
instance, but might be of a different type in
sandboxed/containerized setups. This directory is managed
write access to this directory, special care should be taken
to avoid name clashes and vulnerabilities. For normal users,
shared memory segments in this directory are usually deleted
- when the user logs out. Usually it is a better idea to use
+ when the user logs out. Usually, it is a better idea to use
memory mapped files in <filename>/run</filename> (for system
programs) or <varname>$XDG_RUNTIME_DIR</varname> (for user
- programs) instead of POSIX shared memory segments, since those
+ programs) instead of POSIX shared memory segments, since these
directories are not world-writable and hence not vulnerable to
security-sensitive name clashes.</para></listitem>
</varlistentry>
that exposes a number of kernel tunables. The primary way to
configure the settings in this API file tree is via
<citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- files. In sandboxed/containerized setups this directory is
+ files. In sandboxed/containerized setups, this directory is
generally mounted read-only.</para></listitem>
</varlistentry>
discovered devices and other functionality. This file system
is mostly an API to interface with the kernel and not a place
where normal files may be stored. In sandboxed/containerized
- setups this directory is generally mounted read-only. A number
+ setups, this directory is generally mounted read-only. A number
of special purpose virtual file systems might be mounted below
this directory.</para></listitem>
</varlistentry>
<varlistentry>
<term><filename>/lib64</filename></term>
- <listitem><para>On some architecture ABIs this compatibility
+ <listitem><para>On some architecture ABIs, this compatibility
symlink points to <varname>$libdir</varname>, ensuring that
binaries referencing this legacy path correctly find their
dynamic loader. This symlink only exists on architectures
directory should have no effect on operation of programs,
except for increased runtimes necessary to rebuild these
caches. If an application finds
- <varname>$XDG_CACHE_HOME</varname> set is should use the
+ <varname>$XDG_CACHE_HOME</varname> set, it should use the
directory specified in it instead of this
directory.</para></listitem>
</varlistentry>
<term><filename>~/.config</filename></term>
<listitem><para>Application configuration and state. When a
- new user is created this directory will be empty or not exist
+ new user is created, this directory will be empty or not exist
at all. Applications should fall back to defaults should their
configuration or state in this directory be missing. If an
- application finds <varname>$XDG_CONFIG_HOME</varname> set is
+ application finds <varname>$XDG_CONFIG_HOME</varname> set, it
should use the directory specified in it instead of this
directory.</para></listitem>
</varlistentry>
invocation from a shell; these should be placed in a
subdirectory of <filename>~/.local/lib</filename> instead.
Care should be taken when placing architecture-dependent
- binaries in this place which might be problematic if the home
+ binaries in this place, which might be problematic if the home
directory is shared between multiple hosts with different
architectures.</para></listitem>
</varlistentry>
<term><filename>~/.local/lib/<replaceable>arch-id</replaceable></filename></term>
<listitem><para>Location for placing public dynamic libraries.
- The architecture identifier to use
, is defined on <ulink
+ The architecture identifier to use is defined on <ulink
url="https://wiki.debian.org/Multiarch/Tuples">Multiarch
Architecture Specifiers (Tuples)</ulink>
list.</para></listitem>
such as fonts or artwork. Usually, the precise location and
format of files stored below this directory is subject to
specifications that ensure interoperability. If an application
- finds <varname>$XDG_DATA_HOME</varname> set is should use the
+ finds <varname>$XDG_DATA_HOME</varname> set, it should use the
directory specified in it instead of this
directory.</para></listitem>
</varlistentry>
<filename>/run/user</filename>) of the user, which are all
writable.</para>
- <para>For unprivileged system processes only
+ <para>For unprivileged system processes, only
<filename>/tmp</filename>,
<filename>/var/tmp</filename> and
<filename>/dev/shm</filename> are writable. If an
- unprivileged system process needs a private, writable directory in
+ unprivileged system process needs a private writable directory in
<filename>/var</filename> or <filename>/run</filename>, it is
recommended to either create it before dropping privileges in the
daemon code, to create it via
<para>It is strongly recommended that <filename>/dev</filename> is
the only location below which device nodes shall be placed.
- Similar, <filename>/run</filename> shall be the only location to
+ Similarly, <filename>/run</filename> shall be the only location to
place sockets and FIFOs. Regular files, directories and symlinks
may be used in all directories.</para>
</refsect1>
<tbody>
<row>
<entry><filename>/usr/bin</filename></entry>
- <entry>Package executables that shall appear in the <varname>$PATH</varname> executable search path, compiled for any of the supported architectures compatible with the operating system. It is not recommended to place internal binaries or binaries that are not commonly invoked from the shell in this directory, such as daemon binaries. As this directory is shared with most other packages of the system special care should be taken to pick unique names for files placed here, that are unlikely to clash with other package's files.</entry>
+ <entry>Package executables that shall appear in the <varname>$PATH</varname> executable search path, compiled for any of the supported architectures compatible with the operating system. It is not recommended to place internal binaries or binaries that are not commonly invoked from the shell in this directory, such as daemon binaries. As this directory is shared with most other packages of the system, special care should be taken to pick unique names for files placed here, that are unlikely to clash with other package's files.</entry>
</row>
<row>
<entry><filename>/usr/lib/<replaceable>arch-id</replaceable></filename></entry>
</row>
<row>
<entry><filename>/usr/lib/<replaceable>package</replaceable></filename></entry>
- <entry>Private, static vendor resources of the package, including private binaries and libraries, or any other kind of read-only vendor data.</entry>
+ <entry>Private static vendor resources of the package, including private binaries and libraries, or any other kind of read-only vendor data.</entry>
</row>
<row>
<entry><filename>/usr/lib/<replaceable>arch-id</replaceable>/<replaceable>package</replaceable></filename></entry>
</table>
<para>Additional static vendor files may be installed in the
- <filename>/usr/share</filename> hierarchy, to the locations
+ <filename>/usr/share</filename> hierarchy to the locations
defined by the various relevant specifications.</para>
- <para>During runtime and for local configuration and state
+ <para>During runtime, and for local configuration and state,
additional directories are defined:</para>
<table>
</row>
<row>
<entry><filename>/var/cache/<replaceable>package</replaceable></filename></entry>
- <entry>Persistent cache data of the package. If this directory is flushed the application should work correctly on next invocation, though possibly slowed down due to the need to rebuild any local cache files. The application must be capable of recreating this directory should it be missing and necessary.</entry>
+ <entry>Persistent cache data of the package. If this directory is flushed, the application should work correctly on next invocation, though possibly slowed down due to the need to rebuild any local cache files. The application must be capable of recreating this directory should it be missing and necessary.</entry>
</row>
<row>
<entry><filename>/var/lib/<replaceable>package</replaceable></filename></entry>
when placing their own files in the user's home directory. The
following table lists recommended locations in the home directory
for specific types of files supplied by the vendor if the
- application is installed in the home directory. (Note however,
+ application is installed in the home directory. (Note, however,
that user applications installed system-wide should follow the
rules outlined above regarding placing vendor files.)</para>
<tbody>
<row>
<entry><filename>~/.local/bin</filename></entry>
- <entry>Package executables that shall appear in the <varname>$PATH</varname> executable search path. It is not recommended to place internal executables or executables that are not commonly invoked from the shell in this directory, such as daemon executables. As this directory is shared with most other packages of the user special care should be taken to pick unique names for files placed here, that are unlikely to clash with other package's files.</entry>
+ <entry>Package executables that shall appear in the <varname>$PATH</varname> executable search path. It is not recommended to place internal executables or executables that are not commonly invoked from the shell in this directory, such as daemon executables. As this directory is shared with most other packages of the user, special care should be taken to pick unique names for files placed here, that are unlikely to clash with other package's files.</entry>
</row>
<row>
<entry><filename>~/.local/lib/<replaceable>arch-id</replaceable></filename></entry>
</table>
<para>Additional static vendor files may be installed in the
- <filename>~/.local/share</filename> hierarchy, to the locations
+ <filename>~/.local/share</filename> hierarchy to the locations
defined by the various relevant specifications.</para>
- <para>During runtime and for local configuration and state
+ <para>During runtime, and for local configuration and state,
additional directories are defined:</para>
<table>
</row>
<row>
<entry><filename>~/.cache/<replaceable>package</replaceable></filename></entry>
- <entry>Persistent cache data of the package. If this directory is flushed the application should work correctly on next invocation, though possibly slowed down due to the need to rebuild any local cache files. The application must be capable of recreating this directory should it be missing and necessary.</entry>
+ <entry>Persistent cache data of the package. If this directory is flushed, the application should work correctly on next invocation, though possibly slowed down due to the need to rebuild any local cache files. The application must be capable of recreating this directory should it be missing and necessary.</entry>
</row>
</tbody>
</tgroup>
<refsect1><title>Description</title>
<para>The hardware database is a key-value store for associating modalias-like keys to
- udev-properties-like values. It is used primarily by udev to add the relevant properties
+ udev-property-like values. It is used primarily by udev to add the relevant properties
to matching devices, but it can also be queried directly.</para>
</refsect1>
<para>The hwdb file contains data records consisting of matches and
associated key-value pairs. Every record in the hwdb starts with one or
- more match string, specifying a shell glob to compare the database
+ more match strings, specifying a shell glob to compare the database
lookup string against. Multiple match lines are specified in additional
- consecutive lines. Every match line is compared individually, they are
+ consecutive lines. Every match line is compared individually, and they are
combined by OR. Every match line must start at the first character of
the line.</para>
and compiled to a binary database located at <filename>/etc/udev/hwdb.bin</filename>,
or alternatively <filename>/usr/lib/udev/hwdb.bin</filename> if you want ship the compiled
database in an immutable image.
- During runtime only the binary database is used.</para>
+ During runtime, only the binary database is used.</para>
</refsect1>
<refsect1>
matches apply to the same field, then they are automatically
matched as alternatives, i.e. the resulting output will show
entries matching any of the specified matches for the same
- field. Finally, the character <literal>+</literal> may appears
+ field. Finally, the character <literal>+</literal> may appear
as a separate word between other terms on the command line. This
causes all matches before and after to be combined in a
disjunction (i.e. logical OR).</para>
<literal>_KERNEL_DEVICE=</literal> match for the device.</para>
<para>Additional constraints may be added using options
- <option>--boot</option>, <option>--unit=</option>, etc, to
+ <option>--boot</option>, <option>--unit=</option>, etc., to
further limit what entries will be shown (logical AND).</para>
<para>Output is interleaved from all accessible journal files,
<option>-n1000</option> to guarantee that the pager will not
buffer logs of unbounded size. This may be overridden with
an explicit <option>-n</option> with some other numeric
- value while <option>-nall</option> will disable this cap.
+ value, while <option>-nall</option> will disable this cap.
Note that this option is only supported for the
<citerefentry project='man-pages'><refentrytitle>less</refentrytitle><manvolnum>1</manvolnum></citerefentry>
pager.</para></listitem>
<listitem><para>Removes archived journal files until the disk
space they use falls below the specified size (specified with
the usual <literal>K</literal>, <literal>M</literal>,
- <literal>G</literal>, <literal>T</literal> suffixes), or all
+ <literal>G</literal> and <literal>T</literal> suffixes), or all
journal files contain no data older than the specified
timespan (specified with the usual <literal>s</literal>,
<literal>min</literal>, <literal>h</literal>,
<literal>days</literal>, <literal>months</literal>,
- <literal>weeks</literal>, <literal>years</literal> suffixes),
+ <literal>weeks</literal> and <literal>years</literal> suffixes),
or no more than the specified number of separate journal files
remain. Note that running <option>--vacuum-size=</option> has
- only indirect effect on the output shown by
- <option>--disk-usage</option> as the latter includes active
+ only an indirect effect on the output shown by
+ <option>--disk-usage</option>, as the latter includes active
journal files, while the vacuuming operation only operates
- on archived journal files. Similar,
+ on archived journal files. Similarly,
<option>--vacuum-files=</option> might not actually reduce the
number of journal files to below the specified number, as it
will not remove active journal
<varlistentry>
<term><option>--flush</option></term>
- <listitem><para>Asks the Journal daemon to flush any log data
+ <listitem><para>Asks the journal daemon to flush any log data
stored in <filename>/run/log/journal</filename> into
<filename>/var/log/journal</filename>, if persistent storage is
enabled. This call does not return until the operation is
<varlistentry>
<term><option>--rotate</option></term>
- <listitem><para>Asks the Journal daemon to rotate journal files.
+ <listitem><para>Asks the journal daemon to rotate journal files.
</para></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="help" />
<para><varname>SystemMaxUse=</varname> and
<varname>RuntimeMaxUse=</varname> control how much disk space
- the journal may use up at maximum.
+ the journal may use up at most.
<varname>SystemKeepFree=</varname> and
<varname>RuntimeKeepFree=</varname> control how much disk
space systemd-journald shall leave free for other uses.
enough free space before and journal files were created, and
subsequently something else causes the file system to fill up,
journald will stop using more space, but it will not be
- removing existing files to reduce footprint again
+ removing existing files to reduce the footprint again,
either.</para>
<para><varname>SystemMaxFileSize=</varname> and
<varname>RuntimeMaxFileSize=</varname> control how large
- individual journal files may grow at maximum. This influences
+ individual journal files may grow at most. This influences
the granularity in which disk space is made available through
rotation, i.e. deletion of historic data. Defaults to one
eighth of the values configured with
rotated journal files are kept as history.</para>
<para>Specify values in bytes or use K, M, G, T, P, E as
- units for the specified sizes (equal to 1024, 1024²,... bytes).
+ units for the specified sizes (equal to 1024, 1024², ... bytes).
Note that size limits are enforced synchronously when journal
files are extended, and no explicit rotation step triggered by
time is needed.</para>
<para><varname>SystemMaxFiles=</varname> and
<varname>RuntimeMaxFiles=</varname> control how many
- individual journal files to keep at maximum. Note that only
+ individual journal files to keep at most. Note that only
archived files are deleted to reduce the number of files until
this limit is reached; active files will stay around. This
- means that in effect there might still be more journal files
+ means that, in effect, there might still be more journal files
around in total than this limit after a vacuuming operation is
complete. This setting defaults to 100.</para></listitem>
</varlistentry>
<literal>notice</literal>,
<literal>info</literal>,
<literal>debug</literal>,
- or integer values in the range of 0..7 (corresponding to the
+ or integer values in the range of 0–7 (corresponding to the
same levels). Messages equal or below the log level specified
are stored/forwarded, messages above are dropped. Defaults to
<literal>debug</literal> for <varname>MaxLevelStore=</varname>
<para>
Journal events can be transferred to a different logging daemon
- in two different ways. In the first method, messages are
+ in two different ways. With the first method, messages are
immediately forwarded to a socket
(<filename>/run/systemd/journal/syslog</filename>), where the
traditional syslog daemon can read them. This method is
- controlled by <varname>ForwardToSyslog=</varname> option. In a
+ controlled by the <varname>ForwardToSyslog=</varname> option. With a
second method, a syslog daemon behaves like a normal journal
client, and reads messages from the journal files, similarly to
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
- In this method, messages do not have to be read immediately,
+ With this, messages do not have to be read immediately,
which allows a logging daemon which is only started late in boot
to access all messages since the start of the system. In
addition, full structured meta-data is available to it. This
a udev context. Furthermore, multiple different udev contexts can
be used in parallel by multiple threads. However, a single context
must not be accessed by multiple threads in parallel. The caller
- is responsible of providing suitable locking if they intend to use
+ is responsible for providing suitable locking if they intend to use
it from multiple threads.</para>
<para>To introspect a local device on a system, a udev device
<para>Furthermore, libudev also exports legacy APIs that should
not be used by new software (and as such are not documented as
- part of this manual). This includes the hardware-database known
+ part of this manual). This includes the hardware database known
as <constant>udev_hwdb</constant> (please use the new
<citerefentry><refentrytitle>sd-hwdb</refentrytitle><manvolnum>3</manvolnum></citerefentry>
API instead) and the <constant>udev_queue</constant> object to
- query the udev-daemon (which should not be used by new software
+ query the udev daemon (which should not be used by new software
at all).</para>
</refsect1>
<title>Description</title>
<para>The <filename>/etc/locale.conf</filename> file configures
- system-wide locale settings. It is read at early-boot by
+ system-wide locale settings. It is read at early boot by
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
<para>The basic file format of <filename>locale.conf</filename> is
<listitem><para>Show terse runtime status information about
one or more sessions, followed by the most recent log data
from the journal. Takes one or more session identifiers as
- parameters. If no session identifiers are passed the status of
+ parameters. If no session identifiers are passed, the status of
the caller's session is shown. This function is intended to
generate human-readable output. If you are looking for
computer-parsable output, use <command>show-session</command>
<term><command>activate</command> <optional><replaceable>ID</replaceable></optional></term>
<listitem><para>Activate a session. This brings a session into
- the foreground, if another session is currently in the
+ the foreground if another session is currently in the
foreground on the respective seat. Takes a session identifier
- as argument. If no argument is specified the session of the
+ as argument. If no argument is specified, the session of the
caller is put into foreground.</para></listitem>
</varlistentry>
<listitem><para>Activates/deactivates the screen lock on one
or more sessions, if the session supports it. Takes one or
more session identifiers as arguments. If no argument is
- specified the session of the caller is locked/unlocked.
+ specified, the session of the caller is locked/unlocked.
</para></listitem>
</varlistentry>
<listitem><para>Show terse runtime status information about
one or more logged in users, followed by the most recent log
data from the journal. Takes one or more user names or numeric
- user IDs as parameters. If no parameters are passed the status
+ user IDs as parameters. If no parameters are passed, the status
of the caller's user is shown. This function is intended to
generate human-readable output. If you are looking for
computer-parsable output, use <command>show-user</command>
spawned for the user at boot and kept around after logouts.
This allows users who are not logged in to run long-running
services. Takes one or more user names or numeric UIDs as
- argument. If no argument is specified enables/disables
+ argument. If no argument is specified, enables/disables
lingering for the user of the session of the caller.
</para></listitem>
</varlistentry>
seat. The devices should be specified via device paths in the
<filename>/sys</filename> file system. To create a new seat,
attach at least one graphics card to a previously unused seat
- name. Seat names may consist only of a-z, A-Z, 0-9,
+ name. Seat names may consist only of a–z, A–Z, 0–9,
<literal>-</literal> and <literal>_</literal> and must be
prefixed with <literal>seat</literal>. To drop assignment of a
device to a specific seat, just reassign it to a different
<listitem><para>Specifies the timeout after system startup or
system resume in which systemd will hold off on reacting to
- LID events. This is required for the system to properly
- detect any hotplugged devices so systemd can ignore LID events
+ lid events. This is required for the system to properly
+ detect any hotplugged devices so systemd can ignore lid events
if external monitors, or docks, are connected. If set to 0,
systemd will always react immediately, possibly before the
kernel fully probed all hotplugged devices. This is safe, as
<literal>tablet</literal>,
<literal>handset</literal>,
<literal>watch</literal>, and
- <literal>embedded</literal>
+ <literal>embedded</literal>,
as well as the special chassis types
<literal>vm</literal> and
<literal>container</literal> for
</itemizedlist>
<para>Machines are identified by names that follow the same rules
- as UNIX and DNS host names, for details see below. Machines are
- instantiated from disk or file system images, that frequently but not
- necessarily carry the same name as machines running from
+ as UNIX and DNS host names, for details, see below. Machines are
+ instantiated from disk or file system images that frequently — but not
+ necessarily — carry the same name as machines running from
them. Images in this sense are considered:</para>
<itemizedlist>
<varlistentry>
<term><option>--mkdir</option></term>
- <listitem><para>When used with <command>bind</command> creates
+ <listitem><para>When used with <command>bind</command>, creates
the destination directory before applying the bind
mount.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--read-only</option></term>
- <listitem><para>When used with <command>bind</command> applies
+ <listitem><para>When used with <command>bind</command>, applies
a read-only bind mount.</para></listitem>
</varlistentry>
specify whether the image shall be verified before it is made
available. Takes one of <literal>no</literal>,
<literal>checksum</literal> and <literal>signature</literal>.
- If <literal>no</literal> no verification is done. If
- <literal>checksum</literal> is specified the download is
- checked for integrity after transfer is complete, but no
+ If <literal>no</literal>, no verification is done. If
+ <literal>checksum</literal> is specified, the download is
+ checked for integrity after the transfer is complete, but no
signatures are verified. If <literal>signature</literal> is
specified, the checksum is verified and the images's signature
is checked against a local keyring of trustable vendors. It is
<term><option>--format=</option></term>
<listitem><para>When used with the <option>export-tar</option>
- or <option>export-raw</option> commands specifies the
+ or <option>export-raw</option> commands, specifies the
compression format to use for the resulting file. Takes one of
<literal>uncompressed</literal>, <literal>xz</literal>,
- <literal>gzip</literal>, <literal>bzip2</literal>. By default
+ <literal>gzip</literal>, <literal>bzip2</literal>. By default,
the format is determined automatically from the image file
name passed.</para></listitem>
</varlistentry>
image by the specified name in
<filename>/var/lib/machines/</filename> (and other search
paths, see below) and runs it. Use
- <command>list-images</command> (see below), for listing
+ <command>list-images</command> (see below) for listing
available container images to start.</para>
<para>Note that
<term><command>login</command> [<replaceable>NAME</replaceable>]</term>
<listitem><para>Open an interactive terminal login session in
- a container or on the local host. If an argument is supplied
+ a container or on the local host. If an argument is supplied,
it refers to the container machine to connect to. If none is
specified, or the container name is specified as the empty
string, or the special machine name <literal>.host</literal>
instead. This works similar to <command>login</command> but
immediately invokes a user process. This command runs the
specified executable with the specified arguments, or
- <filename>/bin/sh</filename> if none is specified. By default
+ <filename>/bin/sh</filename> if none is specified. By default,
opens a <literal>root</literal> shell, but by using
<option>--uid=</option>, or by prefixing the machine name with
a username and an <literal>@</literal> character, a different
environment variables for the executed process.</para>
<para>When using the <command>shell</command> command without
- arguments (thus invoking the executed shell or command on the
- local host) it is similar in many ways to a <citerefentry
+ arguments, (thus invoking the executed shell or command on the
+ local host), it is in many ways similar to a <citerefentry
project='die-net'><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- session, but unlike <command>su</command> completely isolates
+ session, but, unlike <command>su</command>, completely isolates
the new session from the originating session, so that it
shares no process or session properties, and is in a clean and
well-defined state. It will be tracked in a new utmp, login,
environment variables or resource limits, among other
properties.</para>
- <para>Note that the
+ <para>Note that
<citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>
may be used in place of the <command>shell</command> command,
and allows more detailed, low-level configuration of the
specified container. The first directory argument is the
source directory on the host, the second directory argument
is the destination directory in the container. When the
- latter is omitted the destination path in the container is
+ latter is omitted, the destination path in the container is
the same as the source path on the host. When combined with
- the <option>--read-only</option> switch a ready-only bind
+ the <option>--read-only</option> switch, a ready-only bind
mount is created. When combined with the
- <option>--mkdir</option> switch the destination path is first
+ <option>--mkdir</option> switch, the destination path is first
created before the mount is applied. Note that this option is
currently only supported for
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
<listitem><para>Copies files or directories from the host
system into a running container. Takes a container name,
followed by the source path on the host and the destination
- path in the container. If the destination path is omitted the
+ path in the container. If the destination path is omitted, the
same as the source path is used.</para></listitem>
</varlistentry>
<listitem><para>Copies files or directories from a container
into the host system. Takes a container name, followed by the
source path in the container the destination path on the host.
- If the destination path is omitted the same as the source path
+ If the destination path is omitted, the same as the source path
is used.</para></listitem>
</varlistentry>
</variablelist></refsect2>
directories and subvolumes in
<filename>/var/lib/machines/</filename> (and other search
paths, see below). Use <command>start</command> (see above) to
- run a container off one of the listed images. Note that by
- default containers whose name begins with a dot
+ run a container off one of the listed images. Note that, by
+ default, containers whose name begins with a dot
(<literal>.</literal>) are not shown. To show these too,
specify <option>--all</option>. Note that a special image
<literal>.host</literal> always implicitly exists and refers
<listitem><para>Removes one or more container or VM images.
The special image <literal>.host</literal>, which refers to
- the host's own directory tree may not be
+ the host's own directory tree, may not be
removed.</para></listitem>
</varlistentry>
<varlistentry>
<term><command>set-limit</command> [<replaceable>NAME</replaceable>] <replaceable>BYTES</replaceable></term>
- <listitem><para>Sets the maximum size in bytes a specific
- container or VM image, or all images may grow up to on disk
+ <listitem><para>Sets the maximum size in bytes that a specific
+ container or VM image, or all images, may grow up to on disk
(disk quota). Takes either one or two parameters. The first,
optional parameter refers to a container or VM image name. If
- specified the size limit of the specified image is changed. If
- omitted the overall size limit of the sum of all images stored
+ specified, the size limit of the specified image is changed. If
+ omitted, the overall size limit of the sum of all images stored
locally is changed. The final argument specifies the size
limit in bytes, possibly suffixed by the usual K, M, G, T
units. If the size limit shall be disabled, specify
<literal>-</literal> as size.</para>
<para>Note that per-container size limits are only supported
- on btrfs file systems. Also note that if
- <command>set-limit</command> is invoked without image
+ on btrfs file systems. Also note that, if
+ <command>set-limit</command> is invoked without an image
parameter, and <filename>/var/lib/machines</filename> is
empty, and the directory is not located on btrfs, a btrfs
loopback file is implicitly created as
loopback may later be readjusted with
<command>set-limit</command>, as well. If such a
loopback-mounted <filename>/var/lib/machines</filename>
- directory is used <command>set-limit</command> without image
+ directory is used, <command>set-limit</command> without an image
name alters both the quota setting within the file system as
well as the loopback file and file system size
itself.</para></listitem>
<literal>https://</literal>, and must refer to a
<filename>.tar</filename>, <filename>.tar.gz</filename>,
<filename>.tar.xz</filename> or <filename>.tar.bz2</filename>
- archive file. If the local machine name is omitted it
+ archive file. If the local machine name is omitted, it
is automatically derived from the last component of the URL,
with its suffix removed.</para>
<para>The image is verified before it is made available,
unless <option>--verify=no</option> is specified. Verification
- is done via SHA256SUMS and SHA256SUMS.gpg files, that need to
+ is done via SHA256SUMS and SHA256SUMS.gpg files that need to
be made available on the same web server, under the same URL
as the <filename>.tar</filename> file, but with the last
component (the filename) of the URL replaced. With
- <option>--verify=checksum</option> only the SHA256 checksum
+ <option>--verify=checksum</option>, only the SHA256 checksum
for the file is verified, based on the
<filename>SHA256SUMS</filename> file. With
- <option>--verify=signature</option> the SHA256SUMS file is
+ <option>--verify=signature</option>, the SHA256SUMS file is
first verified with detached GPG signature file
<filename>SHA256SUMS.gpg</filename>. The public key for this
verification step needs to be available in
<para>The container image will be downloaded and stored in a
read-only subvolume in
- <filename>/var/lib/machines/</filename>, that is named after
+ <filename>/var/lib/machines/</filename> that is named after
the specified URL and its HTTP etag. A writable snapshot is
then taken from this subvolume, and named after the specified
local name. This behavior ensures that creating multiple
be a <filename>.qcow2</filename> or raw disk image, optionally
compressed as <filename>.gz</filename>,
<filename>.xz</filename>, or <filename>.bz2</filename>. If the
- local machine name is omitted it is automatically
+ local machine name is omitted, it is automatically
derived from the last component of the URL, with its suffix
removed.</para>
<listitem><para>Imports a TAR or RAW container or VM image,
and places it under the specified name in
<filename>/var/lib/machines/</filename>. When
- <command>import-tar</command> is used the file specified as
- first argument should be a tar archive, possibly compressed
+ <command>import-tar</command> is used, the file specified as
+ the first argument should be a tar archive, possibly compressed
with xz, gzip or bzip2. It will then be unpacked into its own
subvolume in <filename>/var/lib/machines</filename>. When
- <command>import-raw</command> is used the file should be a
+ <command>import-raw</command> is used, the file should be a
qcow2 or raw disk image, possibly compressed with xz, gzip or
bzip2. If the second argument (the resulting image name) is
- not specified it is automatically derived from the file
- name. If the file name is passed as <literal>-</literal> the
+ not specified, it is automatically derived from the file
+ name. If the file name is passed as <literal>-</literal>, the
image is read from standard input, in which case the second
argument is mandatory.</para>
<para>Similar as with <command>pull-tar</command>,
<command>pull-raw</command> the file system
<filename>/var/lib/machines.raw</filename> is increased in
- size of necessary and appropriate. Optionally the
+ size of necessary and appropriate. Optionally, the
<option>--read-only</option> switch may be used to create a
read-only container or VM image. No cryptographic validation
is done when importing the images.</para>
stores it in the specified file. The first parameter should be
a VM or container image name. The second parameter should be a
file path the TAR or RAW image is written to. If the path ends
- in <literal>.gz</literal> the file is compressed with gzip, if
- it ends in <literal>.xz</literal> with xz, and if it ends in
- <literal>.bz2</literal> with bzip2. If the path ends in
- neither the file is left uncompressed. If the second argument
- is missing the image is written to standard output. The
+ in <literal>.gz</literal>, the file is compressed with gzip, if
+ it ends in <literal>.xz</literal>, with xz, and if it ends in
+ <literal>.bz2</literal>, with bzip2. If the path ends in
+ neither, the file is left uncompressed. If the second argument
+ is missing, the image is written to standard output. The
compression may also be explicitly selected with the
<option>--format=</option> switch. This is in particular
useful if the second parameter is left unspecified.</para>
aborted with
<command>cancel-transfer</command>.</para>
- <para>Note that currently only directory and subvolume images
+ <para>Note that, currently, only directory and subvolume images
may be exported as TAR images, and only raw disk images as RAW
images.</para></listitem>
</varlistentry>
<title>Machine and Image Names</title>
<para>The <command>machinectl</command> tool operates on machines
- and images, whose names must be chosen following strict
+ and images whose names must be chosen following strict
rules. Machine names must be suitable for use as host names
following a conservative subset of DNS and UNIX/Linux
semantics. Specifically, they must consist of one or more
non-empty label strings, separated by dots. No leading or trailing
dots are allowed. No sequences of multiple dots are allowed. The
- label strings may only consists of alphanumeric characters as well
+ label strings may only consist of alphanumeric characters as well
as the dash and underscore. The maximum length of a machine name
is 64 characters.</para>
<para>A special machine with the name <literal>.host</literal>
refers to the running host system itself. This is useful for execution
- operations or inspecting the host system as well. Not that
+ operations or inspecting the host system as well. Note that
<command>machinectl list</command> will not show this special
machine unless the <option>--all</option> switch is specified.</para>
- <para>Requirements on image names are less strict, however must be
+ <para>Requirements on image names are less strict, however, they must be
valid UTF-8, must be suitable as file names (hence not be the
single or double dot, and not include a slash), and may not
contain control characters. Since many operations search for an
- image by the name of a requested machine it is recommended to name
+ image by the name of a requested machine, it is recommended to name
images in the same strict fashion as machines.</para>
<para>A special image with the name <literal>.host</literal>
- refers to the image of the running host system. It is hence
+ refers to the image of the running host system. It hence
conceptually maps to the special <literal>.host</literal> machine
name described above. Note that <command>machinectl
- list-images</command> won't show this special image either, unless
+ list-images</command> will not show this special image either, unless
<option>--all</option> is specified.</para>
</refsect1>
<para>Machine images are preferably stored in
<filename>/var/lib/machines/</filename>, but are also searched for
in <filename>/usr/local/lib/machines/</filename> and
- <filename>/usr/lib/machines/</filename>. For compatibility reasons
+ <filename>/usr/lib/machines/</filename>. For compatibility reasons,
the directory <filename>/var/lib/container/</filename> is
searched, too. Note that images stored below
<filename>/usr</filename> are always considered read-only. It is
<listitem><para>A simple directory tree, containing the files
and directories of the container to boot.</para></listitem>
- <listitem><para>A subvolume (on btrfs file systems), which are
+ <listitem><para>Subvolumes (on btrfs file systems), which are
similar to the simple directories, described above. However,
they have additional benefits, such as efficient cloning and
quota reporting.</para></listitem>
<para>See
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- for more information on image formats, in particular it's
+ for more information on image formats, in particular its
<option>--directory=</option> and <option>--image=</option>
options.</para>
</refsect1>
# machinectl login Fedora-Cloud-Base-20141203-21</programlisting>
<para>This downloads the specified <filename>.raw</filename>
- image with verification disabled. Then a shell is opened in it
+ image with verification disabled. Then, a shell is opened in it
and a root password is set. Afterwards the shell is left, and
the machine started as system service. With the last command a
login prompt into the container is requested.</para>
<programlisting># machinectl export-tar fedora myfedora.tar.xz</programlisting>
- <para>Exports the container <literal>fedora</literal> in an
- xz-compress tar file <filename>myfedora.tar.xz</filename> in the
+ <para>Exports the container <literal>fedora</literal> as an
+ xz-compressed tar file <filename>myfedora.tar.xz</filename> into the
current directory.</para>
</example>
<programlisting># machinectl shell --uid=lennart</programlisting>
- <para>This creates a new shell session on the local host, for
+ <para>This creates a new shell session on the local host for
the user ID <literal>lennart</literal>, in a <citerefentry
project='die-net'><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>-like
fashion.</para>
configured DNS servers, etc.</para>
<para>When no links are specified, routable links are
- shown. See also option <option>--all</option>.</para>
+ shown. Also see the option <option>--all</option>.</para>
<para>Produces output similar to
<programlisting>
<para><command>nss-myhostname</command> is a plugin for the GNU
Name Service Switch (NSS) functionality of the GNU C Library
- (<command>glibc</command>) primarily providing hostname resolution
+ (<command>glibc</command>), primarily providing hostname resolution
for the locally configured system hostname as returned by
<citerefentry><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
The precise hostnames resolved by this module are:</para>
time as changing the hostname. This is problematic since it
requires a writable <filename>/etc</filename> file system and is
fragile because the file might be edited by the administrator at
- the same time. With <command>nss-myhostname</command> enabled
+ the same time. With <command>nss-myhostname</command> enabled,
changing <filename>/etc/hosts</filename> is unnecessary, and on
- many systems the file becomes entirely optional.</para>
+ many systems, the file becomes entirely optional.</para>
<para>To activate the NSS modules, <literal>myhostname</literal>
has to be added to the line starting with
<para>It is recommended to place <literal>myhostname</literal>
last in the <filename>nsswitch.conf</filename> line to make sure
- that this mapping is only used as fallback, and any DNS or
+ that this mapping is only used as fallback, and that any DNS or
<filename>/etc/hosts</filename> based mapping takes
precedence.</para>
</refsect1>
<refsect1>
<title>Example</title>
- <para>Here's an example <filename>/etc/nsswitch.conf</filename>
- file, that enables <command>myhostname</command> correctly:</para>
+ <para>Here is an example <filename>/etc/nsswitch.conf</filename>
+ file that enables <command>myhostname</command> correctly:</para>
<programlisting>passwd: compat mymachines
group: compat mymachines
127.0.0.2 DGRAM
127.0.0.2 RAW</programlisting>
- <para>In this case the local hostname is <varname>omega</varname>.</para>
+ <para>In this case, the local hostname is <varname>omega</varname>.</para>
</refsect1>
<para><command>nss-mymachines</command> is a plugin for the GNU
Name Service Switch (NSS) functionality of the GNU C Library
- (<command>glibc</command>) providing hostname resolution for
- container names of containers running locally, that are registered
+ (<command>glibc</command>), providing hostname resolution for
+ container names of containers running locally that are registered
with
<citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
The container names are resolved to the IP addresses of the
<para>It is recommended to place <literal>mymachines</literal>
near the end of the <filename>nsswitch.conf</filename> lines to
- make sure that its mappings are only used as fallback, and any
+ make sure that its mappings are only used as fallback, and that any
other mappings, such as DNS or <filename>/etc/hosts</filename>
- based mappings take precedence.</para>
+ based mappings, take precedence.</para>
</refsect1>
<refsect1>
<title>Example</title>
- <para>Here's an example <filename>/etc/nsswitch.conf</filename>
- file, that enables <command>mymachines</command> correctly:</para>
+ <para>Here is an example <filename>/etc/nsswitch.conf</filename>
+ file that enables <command>mymachines</command> correctly:</para>
<programlisting>passwd: compat <command>mymachines</command>
group: compat <command>mymachines</command>
<refsect1>
<title>Example</title>
- <para>Here's an example <filename>/etc/nsswitch.conf</filename>
- file, that enables <command>resolve</command> correctly:</para>
+ <para>Here is an example <filename>/etc/nsswitch.conf</filename>
+ file that enables <command>resolve</command> correctly:</para>
<programlisting>passwd: compat mymachines
group: compat mymachines
without implementing a shell compatible execution engine. Variable
assignment values must be enclosed in double or single quotes if
they include spaces, semicolons or other special characters
- outside of A-Z, a-z, 0-9. Shell special characters ("$", quotes,
+ outside of A–Z, a–z, 0–9. Shell special characters ("$", quotes,
backslash, backtick) must be escaped with backslashes, following
shell style. All strings should be in UTF-8 format, and
non-printable characters should not be used. It is not supported
<term><varname>ID=</varname></term>
<listitem><para>A lower-case string (no spaces or other
- characters outside of 0-9, a-z, ".", "_" and "-") identifying
+ characters outside of 0–9, a–z, ".", "_" and "-") identifying
the operating system, excluding any version information and
suitable for processing by scripts or usage in generated
filenames. If not set, defaults to
<term><varname>VERSION_ID=</varname></term>
<listitem><para>A lower-case string (mostly numeric, no spaces
- or other characters outside of 0-9, a-z, ".", "_" and "-")
+ or other characters outside of 0–9, a–z, ".", "_" and "-")
identifying the operating system version, excluding any OS
name information or release code name, and suitable for
processing by scripts or usage in generated filenames. This
<listitem><para>
A lower-case string (no spaces or other characters outside of
- 0-9, a-z, ".", "_" and "-"), identifying a specific variant or
+ 0–9, a–z, ".", "_" and "-"), identifying a specific variant or
edition of the operating system. This may be interpreted by
other packages in order to determine a divergent default
configuration. This field is optional and may not be
as <constant>AF_UNIX</constant> sockets, FIFOs, PID files and
similar. It is guaranteed that this directory is local and
offers the greatest possible file system feature set the
- operating system provides. For further details see the <ulink
+ operating system provides. For further details
, see the <ulink
url="http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG
Base Directory Specification</ulink>.</para></listitem>
</varlistentry>
<title>Description</title>
<para>These configuration files control local DNS and LLMNR
- name resolving.</para>
+ name resolution.</para>
</refsect1>
<varlistentry>
<term><varname>DNS=</varname></term>
- <listitem><para>A space separated list of IPv4 and IPv6
+ <listitem><para>A space-separated list of IPv4 and IPv6
addresses to be used as system DNS servers. DNS requests are
sent to one of the listed DNS servers in parallel to any
per-interface DNS servers acquired from
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
- For compatibility reasons, if set to the empty list the DNS
+ For compatibility reasons, if set to the empty list, the DNS
servers listed in <filename>/etc/resolv.conf</filename> are
used, if any are configured there. This setting defaults to
the empty list.</para></listitem>
<varlistentry>
<term><varname>FallbackDNS=</varname></term>
- <listitem><para>A space separated list of IPv4 and IPv6
+ <listitem><para>A space-separated list of IPv4 and IPv6
addresses to be used as the fallback DNS servers. Any
per-interface DNS servers obtained from
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<literal>resolve</literal>. Controls Link-Local Multicast Name
Resolution support (<ulink
url="https://tools.ietf.org/html/rfc4795">RFC 4794</ulink>) on
- the local host. If true enables full LLMNR responder and
- resolver support. If false disable both. If set to
- <literal>resolve</literal> only resolving support is enabled,
+ the local host. If true, enables full LLMNR responder and
+ resolver support. If false, disables both. If set to
+ <literal>resolve</literal>, only resolution support is enabled,
but responding is disabled. Note that
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
also maintains per-interface LLMNR settings. LLMNR will be
<title>Description</title>
<para>In addition to the error names user programs define, D-Bus
- knows a number of generic, standardized error names, that are
+ knows a number of generic, standardized error names that are
listed below.</para>
- <para>In addition to this list, in sd-bus the special error
+ <para>In addition to this list, in sd-bus, the special error
namespace <literal>System.Error.</literal> is used to map
arbitrary Linux system errors (as defined by <citerefentry
project='man-pages'><refentrytitle>errno</refentrytitle><manvolnum>3</manvolnum></citerefentry>)
<varlistentry>
<term><varname>SD_BUS_ERROR_IO_ERROR</varname></term>
<listitem><para>Generic input/output error, for example when
- accessing a socket or other IO context.</para></listitem>
+ accessing a socket or other I/O context.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>SD_BUS_ERROR_BAD_ADDRESS</varname></term>
</varlistentry>
<varlistentry>
<term><varname>SD_BUS_ERROR_ACCESS_DENIED</varname></term>
- <listitem><para>Access to a resource has been denied, due to security restrictions.</para></listitem>
+ <listitem><para>Access to a resource has been denied due to security restrictions.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>SD_BUS_ERROR_AUTH_FAILED</varname></term>
</varlistentry>
<varlistentry>
<term><varname>SD_BUS_ERROR_FILE_EXISTS</varname></term>
- <listitem><para>The requested file exists already.</para></listitem>
+ <listitem><para>The requested file already exists.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>SD_BUS_ERROR_UNKNOWN_METHOD</varname></term>
<varlistentry>
<term><varname>SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED</varname></term>
<listitem><para>Access to the requested operation is not
- permitted, however, it might be available after interactive
+ permitted. However, it might be available after interactive
authentication. This is usually returned by method calls
supporting a framework for additional interactive
authorization, when interactive authorization was not enabled
to determine the mask of fields available.</para>
<para><function>sd_bus_creds_get_pid()</function> will retrieve
- the PID (process identifier). Similar,
+ the PID (process identifier). Similarly,
<function>sd_bus_creds_get_ppid()</function> will retrieve the
parent PID. Note that PID 1 has no parent process, in which case
-ENXIO is returned.</para>
TID (thread identifier).</para>
<para><function>sd_bus_creds_get_uid()</function> will retrieve
- the numeric UID (user identifier). Similar,
+ the numeric UID (user identifier). Similarly,
<function>sd_bus_creds_get_euid()</function> returns the effective
UID, <function>sd_bus_creds_get_suid()</function> the saved UID
and <function>sd_bus_creds_get_fsuid()</function> the file system
UID.</para>
<para><function>sd_bus_creds_get_gid()</function> will retrieve the
- numeric GID (group identifier). Similar,
+ numeric GID (group identifier). Similarly,
<function>sd_bus_creds_get_egid()</function> returns the effective
GID, <function>sd_bus_creds_get_sgid()</function> the saved GID
and <function>sd_bus_creds_get_fsgid()</function> the file system
<para><function>sd_bus_creds_get_exe()</function> will retrieve
the path to the program executable (as stored in the
<filename>/proc/<replaceable>pid</replaceable>/exe</filename>
- link, but with <literal> (deleted)</literal> suffix removed). Note
+ link, but with the <literal> (deleted)</literal> suffix removed). Note
that kernel threads do not have an executable path, in which case
-ENXIO is returned.</para>
<para><function>sd_bus_creds_get_unit()</function> will retrieve
the systemd unit name (in the system instance of systemd) that the
- process is part of. See
+ process is a part of. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For
- processes that are not part of a unit returns -ENXIO.
+ processes that are not part of a unit, returns -ENXIO.
</para>
<para><function>sd_bus_creds_get_user_unit()</function> will
retrieve the systemd unit name (in the user instance of systemd)
- that the process is part of. See
+ that the process is a part of. See
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For
- processes that are not part of a user unit returns -ENXIO.
+ processes that are not part of a user unit, returns -ENXIO.
</para>
<para><function>sd_bus_creds_get_slice()</function> will retrieve
the systemd slice (a unit in the system instance of systemd) that
- the process is part of. See
- <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Similar,
+ the process is a part of. See
+ <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Similarly,
<function>sd_bus_creds_get_user_slice()</function> retrieves the
systemd slice of the process, in the user instance of systemd.
</para>
<para><function>sd_bus_creds_get_session()</function> will
retrieve the identifier of the login session that the process is
- part of. See
+ a part of. See
<citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. For
- processes that are not part of a session returns -ENXIO.
+ processes that are not part of a session, returns -ENXIO.
</para>
<para><function>sd_bus_creds_get_owner_uid()</function> will
retrieve the numeric UID (user identifier) of the user who owns
- the login session that the process is part of. See
+ the login session that the process is a part of. See
<citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
- For processes that are not part of a session returns -ENXIO.
+ For processes that are not part of a session, returns -ENXIO.
</para>
<para><function>sd_bus_creds_has_effective_cap()</function> will
<varlistentry>
<term><constant>-ENODATA</constant></term>
- <listitem><para>Given field is not available in the
+ <listitem><para>The given field is not available in the
credentials object <parameter>c</parameter>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><constant>-ENXIO</constant></term>
- <listitem><para>Given field is not specified for the described
+ <listitem><para>The given field is not specified for the described
process or peer. This will be returned by
<function>sd_bus_get_unit()</function>,
<function>sd_bus_get_slice()</function>,
slice, or logind session. It will also be returned by
<function>sd_bus_creds_get_exe()</function> and
<function>sd_bus_creds_get_cmdline()</function> for kernel
- threads (since these aren't started from an executable binary
- or have a command line),
+ threads (since these are not started from an executable binary,
+ nor have a command line), and by
<function>sd_bus_creds_get_audit_session_id()</function> and
<function>sd_bus_creds_get_audit_login_uid()</function> when
the process is not part of an audit session, and
<para><function>sd_bus_creds_new_from_pid()</function> creates a
new credentials object and fills it with information about the
process <parameter>pid</parameter>. The pointer to this object
- will be stored in <parameter>ret</parameter> pointer. Note that
+ will be stored in
the <parameter>ret</parameter> pointer. Note that
credential objects may also be created and retrieved via
<citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
<constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>,
<constant>SD_BUS_CREDS_TTY</constant>,
<constant>SD_BUS_CREDS_UNIQUE_NAME</constant>,
- <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>,
+ <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, and
<constant>SD_BUS_CREDS_DESCRIPTION</constant>. Use the special
value <constant>_SD_BUS_CREDS_ALL</constant> to request all
supported fields. The <constant>SD_BUS_CREDS_AUGMENT</constant>
- may not be ORed into the mask for invocations of
+ constant may not be ORed into the mask for invocations of
<function>sd_bus_creds_new_from_pid()</function>.</para>
<para>Fields can be retrieved from the credentials object using
subset of fields requested in <parameter>creds_mask</parameter>.
</para>
- <para>Similar to <function>sd_bus_creds_get_mask()</function> the
+ <para>Similar to <function>sd_bus_creds_get_mask()</function>, the
function <function>sd_bus_creds_get_augmented_mask()</function>
returns a bitmask of field constants. The mask indicates which
credential fields have been retrieved in a non-atomic fashion. For
credential objects created via
- <function>sd_bus_creds_new_from_pid()</function> this mask will be
+ <function>sd_bus_creds_new_from_pid()</function>, this mask will be
identical to the mask returned by
<function>sd_bus_creds_get_mask()</function>. However, for
credential objects retrieved via
- <function>sd_bus_get_name_creds()</function> this mask will be set
+ <function>sd_bus_get_name_creds()</function>, this mask will be set
for the credential fields that could not be determined atomically
at peer connection time, and which were later added by reading
augmenting credential data from
- <filename>/proc</filename>. Similar, for credential objects
- retrieved via <function>sd_bus_get_owner_creds()</function> the
+ <filename>/proc</filename>. Similarly, for credential objects
+ retrieved via <function>sd_bus_get_owner_creds()</function>, the
mask is set for the fields that could not be determined atomically
- at bus creation time, but have been augmented. Similar, for
+ at bus creation time, but have been augmented. Similarly, for
credential objects retrieved via
- <function>sd_bus_message_get_creds()</function> the mask is set
+ <function>sd_bus_message_get_creds()</function>, the mask is set
for the fields that could not be determined atomically at message
- send time, but have been augmented. The mask returned by
+ sending time, but have been augmented. The mask returned by
<function>sd_bus_creds_get_augmented_mask()</function> is always a
subset of (or identical to) the mask returned by
<function>sd_bus_creds_get_mask()</function> for the same
object. The latter call hence returns all credential fields
available in the credential object, the former then marks the
subset of those that have been augmented. Note that augmented
- fields are unsuitable for authorization decisions as they may be
- retrieved at different times, thus being subject to races. Hence
+ fields are unsuitable for authorization decisions, as they may be
+ retrieved at different times, thus being subject to races. Hence,
augmented fields should be used exclusively for informational
purposes.
</para>
connection object to the user bus when invoked in user context, or
to the system bus otherwise. The connection object is associated
with the calling thread. Each time the function is invoked from
- the same thread the same object is returned, but its reference
+ the same thread, the same object is returned, but its reference
count is increased by one, as long as at least one reference is
kept. When the last reference to the connection is dropped (using
the
call), the connection is terminated. Note that the connection is
not automatically terminated when the associated thread ends. It
is important to drop the last reference to the bus connection
- explicitly before the thread ends or otherwise the connection will
- be leaked. Also, queued but unread or unwritten messages keep the
+ explicitly before the thread ends, as otherwise, the connection will
+ leak. Also, queued but unread or unwritten messages keep the
bus referenced, see below.</para>
<para><function>sd_bus_default_user()</function> returns a user
<function>sd_bus_open_system()</function> does the same, but
connects to the system bus. In contrast to
<function>sd_bus_default()</function>,
- <function>sd_bus_default_user()</function>,
- <function>sd_bus_default_system()</function> these calls return
+ <function>sd_bus_default_user()</function>, and
+ <function>sd_bus_default_system()</function>, these calls return
new, independent connection objects that are not associated with
the invoking thread and are not shared between multiple
invocations. It is recommended to share connections per thread to
efficiently make use the available resources. Thus, it is
recommended to use <function>sd_bus_default()</function>,
- <function>sd_bus_default_user()</function>,
+ <function>sd_bus_default_user()</function> and
<function>sd_bus_default_system()</function> to connect to the
user or system buses.</para>
<para>Queued but unwritten/unread messages also keep a reference
to their bus connection object. For this reason, even if an
- application dropped all references to a bus connection it might
- not get destroyed right-away. Until all incoming queued
+ application dropped all references to a bus connection, it might
+ not get destroyed right away. Until all incoming queued
messages are read, and until all outgoing unwritten messages are
written, the bus object will stay
alive. <function>sd_bus_flush()</function> may be used to write
all outgoing queued messages so they drop their references. To
- flush the unread incoming messages use
+ flush the unread incoming messages, use
<function>sd_bus_close()</function>, which will also close the bus
- connection. When using the default bus logic it is a good idea to
+ connection. When using the default bus logic, it is a good idea to
first invoke <function>sd_bus_flush()</function> followed by
<function>sd_bus_close()</function> when a thread or process
terminates, and thus its bus connection object should be
freed.</para>
- <para>The life-cycle of the default bus connection should be the
+ <para>The life cycle of the default bus connection should be the
responsibility of the code that creates/owns the thread the
default bus connection object is associated with. Library code
should neither call <function>sd_bus_flush()</function> nor
<function>sd_bus_close()</function> on default bus objects unless
it does so in its own private, self-allocated thread. Library code
should not use the default bus object in other threads unless it
- is clear that the program using it will life-cycle the bus
+ is clear that the program using it will life cycle the bus
connection object and flush and close it before exiting from the
thread. In libraries where it is not clear that the calling
- program will life-cycle the bus connection object it is hence
+ program will life cycle the bus connection object, it is hence
recommended to use <function>sd_bus_open_system()</function>
instead of <function>sd_bus_default_system()</function> and
related calls.</para>
<citerefentry><refentrytitle>sd-bus-errors</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
but additional domain-specific errors may be defined by
applications. The <structfield>message</structfield> field usually
- contains a human readable string describing the details, but might
+ contains a human-readable string describing the details, but might
be NULL. An unset <structname>sd_bus_error</structname> structure
should have both fields initialized to NULL. Set an error
structure to <constant>SD_BUS_ERROR_NULL</constant> in order to
for a list of well-known error names. Additional error mappings
may be defined with
<citerefentry><refentrytitle>sd_bus_error_add_map</refentrytitle><manvolnum>3</manvolnum></citerefentry>. If
- <parameter>e</parameter> is NULL no error structure is initialized
+ <parameter>e</parameter> is NULL, no error structure is initialized,
but the error is still converted into an
<varname>errno</varname>-style error. If
<parameter>name</parameter> is <constant>NULL</constant>, it is
assumed that no error occurred, and 0 is returned. This means that
this function may be conveniently used in a
<function>return</function> statement. If
- <parameter>message</parameter> is NULL no message is set. This
+ <parameter>message</parameter> is NULL, no message is set. This
call can fail if no memory may be allocated for the name and
message strings, in which case an
<constant>SD_BUS_ERROR_NO_MEMORY</constant> error might be set
- instead and -ENOMEM returned. Do not use this call on error
+ instead and -ENOMEM be returned. Do not use this call on error
structures that are already initialized. If you intend to reuse an
- error structure free the old data stored in it with
+ error structure, free the old data stored in it with
<function>sd_bus_error_free()</function> first.</para>
<para><function>sd_bus_error_setf()</function> is similar to
are not copied internally, and must hence remain constant and
valid for the lifetime of <parameter>e</parameter>. Use this call
to avoid memory allocations when setting error structures. Since
- this call does not allocate memory it will not fail with an
- out-of-memory condition, as
+ this call does not allocate memory, it will not fail with an
+ out-of-memory condition as
<function>sd_bus_error_set()</function> can, as described
above. Alternatively, the
<constant>SD_BUS_ERROR_MAKE_CONST()</constant> macro may be used
convenient usage in <function>return</function> statements. This
call might fail due to lack of memory, in which case an
<constant>SD_BUS_ERROR_NO_MEMORY</constant> error is set instead,
- and -ENOMEM returned.</para>
+ and -ENOMEM is returned.</para>
<para><function>sd_bus_error_set_errnof()</function> is similar to
<function>sd_bus_error_set_errno()</function>, but in addition to
<parameter>format</parameter> and the arguments.</para>
<para><function>sd_bus_error_set_errnofv()</function> is similar to
- <function>sd_bus_error_set_errnof()</function> but takes the
+ <function>sd_bus_error_set_errnof()</function>, but takes the
format string parameters as <citerefentry
project='man-pages'><refentrytitle>va_arg</refentrytitle><manvolnum>3</manvolnum></citerefentry>
parameter list.</para>
<title>Return Value</title>
<para>The functions <function>sd_bus_error_set()</function>,
- <function>sd_bus_error_setf()</function>,
+ <function>sd_bus_error_setf()</function>, and
<function>sd_bus_error_set_const()</function>, when successful,
return the negative errno value corresponding to the
- <parameter>name</parameter> parameter. Functions
+ <parameter>name</parameter> parameter. The functions
<function>sd_bus_error_set_errno()</function>,
<function>sd_bus_error_set_errnof()</function> and
<function>sd_bus_error_set_errnofv()</function>, when successful,
<title>Reference ownership</title>
<para><structname>sd_bus_error</structname> is not reference
counted. Users should destroy resources held by it by calling
- <function>sd_bus_error_free()</function>. Usually error structures
+ <function>sd_bus_error_free()</function>. Usually, error structures
are allocated on the stack or passed in as function parameters,
but they may also be allocated dynamically, in which case it is
the duty of the caller to <citerefentry
<citerefentry><refentrytitle>sd_bus_error_set</refentrytitle><manvolnum>3</manvolnum></citerefentry>
or
<citerefentry><refentrytitle>sd_bus_error_get_errno</refentrytitle><manvolnum>3</manvolnum></citerefentry>. By
- default a number of generic, standardized mappings are known, as
+ default, a number of generic, standardized mappings are known, as
documented in
<citerefentry><refentrytitle>sd-bus-errors</refentrytitle><manvolnum>3</manvolnum></citerefentry>. Use
this call to add further, application-specific mappings.</para>
<para>The function takes a pointer to an array of
<structname>sd_bus_error_map</structname> structures. A reference
to the specified array is added to the lookup tables for error
- mappings. Note that the structure is not copied, it is hence
+ mappings. Note that the structure is not copied, and that it is hence
essential that the array stays available and constant during the
entire remaining runtime of the process.</para>
<para>The mapping array should be put together with a series of
- <constant>SD_BUS_ERROR_MAP()</constant> macro invocations, that
+ <constant>SD_BUS_ERROR_MAP()</constant> macro invocations that
take a literal name string and a (positive)
<varname>errno</varname>-style error number. The last entry of the
array should be an invocation of the
appends a sequence of fields to the D-Bus message object
<parameter>m</parameter>. The type string
<parameter>types</parameter> describes the types of the field
- arguments that follow. For each type specified in the type string
+ arguments that follow. For each type specified in the type string,
one or more arguments need to be specified, in the same order as
declared in the type string.</para>
<parameter>type</parameter>. However, as a special exception, if
the offset is specified as zero and the size specified as
UINT64_MAX the full memory file descriptor contents is used. The
- memory file descriptor is sealed by this call if it hasn't been
- sealed yet, and cannot be modified a after this call. See
+ memory file descriptor is sealed by this call if it has not been
+ sealed yet, and cannot be modified after this call. See
<citerefentry
project='man-pages'><refentrytitle>memfd_create</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for details about memory file descriptors. Appending arrays with
process. Not all protocol transports support passing memory file
descriptors between participants, in which case this call will
automatically fall back to copying. Also, as memory file
- descriptor passing is inefficient for smaller amounts of data
+ descriptor passing is inefficient for smaller amounts of data,
copying might still be enforced even where memory file descriptor
passing is supported.</para>
function appends an array of a trivial type to the message
<parameter>m</parameter>, similar to
<function>sd_bus_message_append_array()</function>. Contents of
- the IO vector array <parameter>iov</parameter> are used as the
+ the I
/O vector array <parameter>iov</parameter> are used as the
contents of the array. The total size of
<parameter>iov</parameter> payload (the sum of
<structfield>iov_len</structfield> fields) must be a multiple of
the size of the type <parameter>type</parameter>. The
<parameter>iov</parameter> argument must point to
- <parameter>n</parameter> IO vector structures. Each structure may
+ <parameter>n</parameter> I/O vector structures. Each structure may
have the <structname>iov_base</structname> field set, in which
case the memory pointed to will be copied into the message, or
unset (set to zero), in which case a block of zeros of length
copying items to the message, it returns a pointer to the
destination area to the caller in pointer
<parameter>p</parameter>. The caller should subsequently write the
- array contents to this memory. Modifications of the memory
+ array contents to this memory. Modifications to the memory
pointed to should only occur until the next operation on the bus
- message is invoked, most importantly the memory should not be
+ message is invoked. Most importantly, the memory should not be
altered anymore when another field has been added to the message
or the message has been sealed.</para>
</refsect1>
<citerefentry><refentrytitle>clock_gettime</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for details.</para>
- <para>Similar,
+ <para>Similarly,
<function>sd_bus_message_get_realtime_usec()</function> returns
the realtime (wallclock) timestamp of the time the message was
sent. This value is in microseconds since Jan 1st, 1970, i.e. in
<citerefentry><refentrytitle>sd_bus_message_get_realtime_usec</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_bus_message_get_seqnum</refentrytitle><manvolnum>3</manvolnum></citerefentry>
to query the timestamps of incoming messages. If negotiation is
- disabled or not supported these calls will fail with
+ disabled or not supported, these calls will fail with
<constant>-ENODATA</constant>. Note that not all transports
support timestamping of messages. Specifically, timestamping is
only available on the kdbus transport, but not on dbus1. The
<para><function>sd_bus_negotiate_creds()</function> controls
whether and which implicit sender credentials shall be attached
- automatically to all incoming messages. Takes a bus object, a
+ automatically to all incoming messages. Takes a bus object and a
boolean indicating whether to enable or disable the credential
parts encoded in the bit mask value argument. Note that not all
transports support attaching sender credentials to messages, or do
<citerefentry><refentrytitle>sd_bus_start</refentrytitle><manvolnum>3</manvolnum></citerefentry>. Both
<function>sd_bus_negotiate_timestamp()</function> and
<function>sd_bus_negotiate_creds()</function> may also be called
- after a connection has been set up. Note that when operating on a
+ after a connection has been set up. Note that, when operating on a
connection that is shared between multiple components of the same
program (for example via
- <citerefentry><refentrytitle>sd_bus_default</refentrytitle><manvolnum>3</manvolnum></citerefentry>)
+ <citerefentry><refentrytitle>sd_bus_default</refentrytitle><manvolnum>3</manvolnum></citerefentry>),
it is highly recommended to only enable additional per message
metadata fields, but never disable them again, in order not to
disable functionality needed by other components.</para>
or a related call, and then start the connection with
<citerefentry><refentrytitle>sd_bus_start</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
- <para>In most cases it's a better idea to invoke
+ <para>In most cases, it is a better idea to invoke
<citerefentry><refentrytitle>sd_bus_default_user</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_bus_default_system</refentrytitle><manvolnum>3</manvolnum></citerefentry>
or related calls instead of the more low-level
<para><function>sd_bus_path_encode_many()</function> works like
its counterpart <function>sd_bus_path_encode()</function>, but
- takes a path-template as argument and encodes multiple labels
+ takes a path template as argument and encodes multiple labels
according to its embedded directives. For each
<literal>%</literal> character found in the template, the caller
- must provide a string via var-args, which will be encoded and
+ must provide a string via varargs, which will be encoded and
embedded at the position of the <literal>%</literal> character.
Any other character in the template is copied verbatim into the
encoded path.</para>
<para><function>sd_bus_path_decode_many()</function> does the
reverse of <function>sd_bus_path_encode_many()</function>. It
- decodes the passed object path, according to the given
- path-template. For each <literal>%</literal> character in the
+ decodes the passed object path according to the given
+ path template. For each <literal>%</literal> character in the
template, the caller must provide an output storage
- (<literal>char **</literal>) via var-args. The decoded label
+ (<literal>char **</literal>) via varargs. The decoded label
will be stored there. Each <literal>%</literal> character will
only match the current label. It will never match across labels.
- Furthermore, only a single such directive is allowed per label.
+ Furthermore, only a single directive is allowed per label.
If <literal>NULL</literal> is passed as output storage, the
label is verified but not returned to the caller.</para>
</refsect1>
<varlistentry>
<term><constant>-EBUSY</constant></term>
- <listitem><para>An handler is already installed for this
+ <listitem><para>A handler is already installed for this
child.</para></listitem>
</varlistentry>
<refsect1>
<title>Description</title>
- <para>Those three functions add new event sources to an event loop
+ <para>These three functions add new event sources to an event loop
object. The event loop is specified in
<parameter>event</parameter>, the event source is returned in the
<parameter>source</parameter> parameter. The event sources are
<para><function>sd_event_add_signal()</function> adds a new signal
event source to an event loop object. The event loop is specified
- in <parameter>event</parameter>, the event source is returned in
+ in <parameter>event</parameter>, and the event source is returned in
the <parameter>source</parameter> parameter. The
<parameter>signal</parameter> parameter specifies the signal to be handled
(see
<varlistentry>
<term><constant>-EBUSY</constant></term>
- <listitem><para>An handler is already installed for this
+ <listitem><para>A handler is already installed for this
signal or the signal was not blocked previously.</para></listitem>
</varlistentry>
<function>sd_event_default()</function>, then releasing it, and
then acquiring a new one with
<function>sd_event_default()</function> will result in two
- distinct objects. Note that in order to free an event loop object,
+ distinct objects. Note that, in order to free an event loop object,
all remaining event sources of the event loop also need to be
freed as each keeps a reference to it.</para>
</refsect1>
<refname>sd_event_run</refname>
<refname>sd_event_loop</refname>
- <refpurpose>Run libsystemd event loop</refpurpose>
+ <refpurpose>Run the libsystemd event loop</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><function>sd_event_run()</function> can be used to run one
iteration of the event loop of libsystemd. This function waits
- until an event to process is available and dispatches a handler
- for it. Parameter <parameter>timeout</parameter> specifices the
+ until an event to process is available, and dispatches a handler
+ for it. The <parameter>timeout</parameter> parameter specifices the
maximum time (in microseconds) to wait. <constant>(uint64_t)
-1</constant> may be used to specify an infinite timeout.</para>
<varlistentry>
<term><constant>-EINVAL</constant></term>
- <listitem><para>Parameter <parameter>event</parameter> is
+ <listitem><para>The <parameter>event</parameter> parameter is
<constant>NULL</constant>.</para></listitem>
</varlistentry>
</variablelist>
- <para>Other errors are possible too.</para>
+ <para>Other errors are possible, too.</para>
</refsect1>
<refsect1>
<citerefentry><refentrytitle>sd_event_add_defer</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_event_add_exit</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_event_add_post</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
- <ulink url="https://developer.gnome.org/glib/unstable/glib-The-Main-Event-Loop.html">GLIb Main Event Loop</ulink>.
+ <ulink url="https://developer.gnome.org/glib/unstable/glib-The-Main-Event-Loop.html">GLib Main Event Loop</ulink>.
</para>
</refsect1>
<parameter>source</parameter>. This name will be used in error
messages generated by
<citerefentry><refentrytitle>sd-event</refentrytitle><manvolnum>3</manvolnum></citerefentry>
- for this source.
Specified <parameter>name</parameter> must point
+ for this source.
The <parameter>name</parameter> must point
to a <constant>NUL</constant>-terminated string or be
<constant>NULL</constant>. In the latter case, the name will be
unset. The string is copied internally, so the
<refsect1>
<title>Notes</title>
- <para>Functions described here are available as a
+ <para>The functions described here are available as a
shared library, which can be compiled and linked to with the
<constant>libsystemd</constant> <citerefentry
project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry>
<refname>sd_event_prepare</refname>
<refname>sd_event_dispatch</refname>
- <refpurpose>Run parts of libsystemd event loop</refpurpose>
+ <refpurpose>Run parts of the libsystemd event loop</refpurpose>
</refnamediv>
<refsynopsisdiv>
└──────────┘
</programlisting>
- <para>All three functions as the first argument take the event
- loop object <parameter>event</parameter> that is created with with
+ <para>All three functions take, as the first argument, the event
+ loop object <parameter>event</parameter> that is created with
<function>sd_event_new</function>. The timeout for
<function>sd_event_wait</function> is specified with
<parameter>timeout</parameter> in milliseconds.
<para>On success, these functions return 0 or a positive integer.
On failure, they return a negative errno-style error code. In case
of <function>sd_event_prepare</function> and
- <function>sd_event_wait</function> a positive value means that
+ <function>sd_event_wait</function>, a positive value means that
events are ready to be processed and 0 means that no events are
- ready. In case of <function>sd_event_dispatch</function> a
+ ready. In case of <function>sd_event_dispatch</function>, a
positive value means that the loop is again in the initial state
- and 0 means the loop is finished. For any of those functions, a
+ and 0 means the loop is finished. For any of these functions, a
negative return value means the loop must be aborted.</para>
</refsect1>
<varlistentry>
<term><constant>-EINVAL</constant></term>
- <listitem><para>Parameter <parameter>event</parameter> is
+ <listitem><para>The <parameter>event</parameter> parameter is
<constant>NULL</constant>.</para></listitem>
</varlistentry>
</variablelist>
- <para>Other errors are possible too.</para>
+ <para>Other errors are possible, too.</para>
</refsect1>
<refsect1>
<term><constant>-EINVAL</constant></term>
<listitem><para>An input parameter was invalid (out of range,
- or NULL, where that's not accepted).</para></listitem>
+ or NULL, where that is not accepted).</para></listitem>
</varlistentry>
<varlistentry>
and
<citerefentry><refentrytitle>sd_journal_get_data</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
Matches are of the form <literal>FIELD=value</literal>, where the
- field part is a short uppercase string consisting only of 0-9, A-Z
+ field part is a short uppercase string consisting only of 0–9, A–Z
and the underscore. It may not begin with two underscores or be
the empty string. The value part may be any value, including
binary. If a match is applied, only entries with this field set
<function>sd_journal_get_data()</function> or
<function>sd_journal_enumerate_data()</function>, or the read
pointer is altered. Note that the data returned will be prefixed
- with the field name and '='. Also note that by default data fields
+ with the field name and '='. Also note that, by default, data fields
larger than 64K might get truncated to 64K. This threshold may be
changed and turned off with
<function>sd_journal_set_data_threshold()</function> (see
certain latency. This call will return a positive value if the
journal changes are detected immediately and zero when they need
to be polled for and hence might be noticed only with a certain
- latency. Note that there's usually no need to invoke this function
+ latency. Note that there is usually no need to invoke this function
directly as <function>sd_journal_get_timeout()</function> on these
file systems will ask for timeouts explicitly anyway.</para>
</refsect1>
<para><function>sd_journal_open()</function> opens the log journal
for reading. It will find all journal files automatically and
interleave them automatically when reading. As first argument it
- takes a pointer to a <varname>sd_journal</varname> pointer, which
- on success will contain a journal context object. The second
+ takes a pointer to a <varname>sd_journal</varname> pointer, which,
+ on success, will contain a journal context object. The second
argument is a flags field, which may consist of the following
flags ORed together: <constant>SD_JOURNAL_LOCAL_ONLY</constant>
makes sure only journal files generated on the local machine will
be ignored.) The value can be of any size and format. It is highly
recommended to submit text strings formatted in the UTF-8
character encoding only, and submit binary fields only when
- formatting in UTF-8 strings is not sensible. A number of well
- known fields are defined, see
+ formatting in UTF-8 strings is not sensible. A number of
+ well-known fields are defined, see
<citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details, but additional application defined fields may be
used. A variable may be assigned more than one value per
<para><function>sd_journal_perror()</function> is a similar to
<citerefentry project='die-net'><refentrytitle>perror</refentrytitle><manvolnum>3</manvolnum></citerefentry>
and writes a message to the journal that consists of the passed
- string, suffixed with ": " and a human readable representation of
+ string, suffixed with ": " and a human-readable representation of
the current error code stored in
<citerefentry project='man-pages'><refentrytitle>errno</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
If the message string is passed as <constant>NULL</constant> or
daemon to check for file descriptors passed by the service manager as
part of the socket-based activation logic. It returns the number
of received file descriptors. If no file descriptors have been
- received zero is returned. The first file descriptor may be found
+ received, zero is returned. The first file descriptor may be found
at file descriptor number 3
(i.e. <constant>SD_LISTEN_FDS_START</constant>), the remaining
descriptors follow at 4, 5, 6, ..., if any.</para>
passed file descriptors to avoid further inheritance to children
of the calling process.</para>
- <para>If multiple socket units activate the same service the order
+ <para>If multiple socket units activate the same service, the order
of the file descriptors passed to its main process is undefined.
If additional file descriptors have been passed to the service
manager using
variables are no longer inherited by child processes.</para>
<para><function>sd_listen_fds_with_names()</function> is like
- <function>sd_listen_fds()</function> but optionally also returns
+ <function>sd_listen_fds()</function>, but optionally also returns
an array of strings with identification names for the passed file
- descriptors, if that is available, and the
+ descriptors, if that is available and the
<parameter>names</parameter> parameter is non-NULL. This
information is read from the <varname>$LISTEN_FDNAMES</varname>
variable, which may contain a colon-separated list of names. For
files, see
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. For file descriptors pushed into the file descriptor
- store (see above) the name is set via the
+ store (see above), the name is set via the
<varname>FDNAME=</varname> field transmitted via
<function>sd_pid_notify_with_fds()</function>. The primary usecase
for these names are services which accept a variety of file
<function>sd_is_socket()</function> and related calls is not
sufficient. Note that the names used are not unique in any
way. The returned array of strings has as many entries as file
- descriptors has been received, plus a final NULL pointer
+ descriptors have been received, plus a final NULL pointer
terminating the array. The caller needs to free the array itself
and each of its elements with libc's <function>free()</function>
call after use. If the <parameter>names</parameter> parameter is
- NULL the call is entirely equivalent to
+ NULL, the call is entirely equivalent to
<function>sd_listen_fds()</function>.</para>
- <para>Under specific conditions the following automatic file
+ <para>Under specific conditions, the following automatic file
descriptor names are returned:
<table>
<term><constant>-EINVAL</constant></term>
<listitem><para>An input parameter was invalid (out of range,
- or NULL, where that's not accepted). The specified category to
+ or NULL, where that is not accepted). The specified category to
watch is not known.</para></listitem>
</varlistentry>
<term><constant>-EINVAL</constant></term>
<listitem><para>An input parameter was invalid (out of range,
- or NULL, where that's not accepted).</para></listitem>
+ or NULL, where that is not accepted).</para></listitem>
</varlistentry>
<varlistentry>
<para><function>sd_notify()</function> may be called by a service
to notify the service manager about state changes. It can be used
to send arbitrary information, encoded in an
- environment-block-like string. Most importantly it can be used for
+ environment-block-like string. Most importantly, it can be used for
start-up completion notification.</para>
<para>If the <parameter>unset_environment</parameter> parameter is
to the service manager that describes the service state. This
is free-form and can be used for various purposes: general
state feedback, fsck-like programs could pass completion
- percentages and failing programs could pass a human readable
+ percentages and failing programs could pass a human-readable
error message. Example: <literal>STATUS=Completed 66% of file
system check...</literal></para></listitem>
</varlistentry>
<term>FDNAME=...</term>
<listitem><para>When used in combination with
- <varname>FDSTORE=1</varname> specifies a name for the
+ <varname>FDSTORE=1</varname>, specifies a name for the
submitted file descriptors. This name is passed to the service
during activation, and may be queried using
<citerefentry><refentrytitle>sd_listen_fds_with_names</refentrytitle><manvolnum>3</manvolnum></citerefentry>. File
descriptors submitted without this field set, will implicitly
- get the name <literal>stored</literal> assigned. Note that if
- multiple file descriptors are submitted at once the specified
+ get the name <literal>stored</literal> assigned. Note that, if
+ multiple file descriptors are submitted at once, the specified
name will be assigned to all of them. In order to assign
different names to submitted file descriptors, submit them in
seperate invocations of
<function>sd_pid_notify_with_fds()</function>. The name may
- consist of any ASCII characters, but must not contain control
+ consist of any ASCII character, but must not contain control
characters or <literal>:</literal>. It may not be longer than
255 characters. If a submitted name does not follow these
- restrictions it is ignored.</para></listitem>
+ restrictions, it is ignored.</para></listitem>
</varlistentry>
</variablelist>
use as originating PID for the message as first argument. This is
useful to send notification messages on behalf of other processes,
provided the appropriate privileges are available. If the PID
- argument is specified as 0 the process ID of the calling process
+ argument is specified as 0, the process ID of the calling process
is used, in which case the calls are fully equivalent to
<function>sd_notify()</function> and
<function>sd_notifyf()</function>.</para>
<xi:include href="libsystemd-pkgconfig.xml" xpointer="pkgconfig-text"/>
- <para>Internally, these functions send a single datagram with the
+ <para>These functions send a single datagram with the
state string as payload to the <constant>AF_UNIX</constant> socket
referenced in the <varname>$NOTIFY_SOCKET</varname> environment
variable. If the first character of
<para>To store an open file descriptor in the service manager,
in order to continue operation after a service restart without
- losing state use <literal>FDSTORE=1</literal>:</para>
+ losing state, use <literal>FDSTORE=1</literal>:</para>
<programlisting>sd_pid_notify_with_fds(0, 0, "FDSTORE=1\nFDNAME=foobar", &fd, 1);</programlisting>
</example>
not all processes are part of a login session (e.g. system service
processes, user processes that are shared between multiple
sessions of the same user, or kernel threads). For processes not
- being part of a login session this function will fail with
+ being part of a login session, this function will fail with
-ENODATA. The returned string needs to be freed with the libc
<citerefentry
project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>
unit name is a short string, suitable for usage in file system
paths. Note that not all processes are part of a system
unit/service (e.g. user processes, or kernel threads). For
- processes not being part of a systemd system unit this function
- will fail with -ENODATA (More specifically: this call will not
+ processes not being part of a systemd system unit, this function
+ will fail with -ENODATA. (More specifically, this call will not
work for kernel threads.) The returned string needs to be freed
with the libc <citerefentry
project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>
<para><function>sd_pid_get_user_unit()</function> may be used to
determine the systemd user unit (i.e. user service or scope unit)
identifier of a process identified by the specified PID. This is
- similar to <function>sd_pid_get_unit()</function> but applies to
+ similar to <function>sd_pid_get_unit()</function>, but applies to
user units instead of system units.</para>
<para><function>sd_pid_get_owner_uid()</function> may be used to
determine the Unix UID (user identifier) of the owner of the
session of a process identified the specified PID. Note that this
function will succeed for user processes which are shared between
- multiple login sessions of the same user, where
+ multiple login sessions of the same user, whereas
<function>sd_pid_get_session()</function> will fail. For processes
not being part of a login session and not being a shared process
- of a user this function will fail with -ENODATA.</para>
+ of a user, this function will fail with -ENODATA.</para>
<para><function>sd_pid_get_machine_name()</function> may be used
to determine the name of the VM or container is a member of. The
paths. The returned string needs to be freed with the libc
<citerefentry
project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>
- call after use. For processes not part of a VM or containers this
+ call after use. For processes not part of a VM or containers, this
function fails with -ENODATA.</para>
<para><function>sd_pid_get_slice()</function> may be used to
<citerefentry project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>
call after use.</para>
- <para>Similar, <function>sd_pid_get_user_slice()</function>
+ <para>Similarly, <function>sd_pid_get_user_slice()</function>
returns the user slice (as managed by the user's systemd instance)
of a process.</para>
group path of the specified process, relative to the root of the
hierarchy. Returns the path without trailing slash, except for
processes located in the root control group, where "/" is
- returned. To find the actual control group path in the file system
+ returned. To find the actual control group path in the file system,
the returned path needs to be prefixed with
<filename>/sys/fs/cgroup/</filename> (if the unified control group
setup is used), or
<varlistentry>
<term><constant>-ENODATA</constant></term>
- <listitem><para>Given field is not specified for the described
+ <listitem><para>The given field is not specified for the described
process or peer.</para>
</listitem>
</varlistentry>
<term><constant>-EINVAL</constant></term>
<listitem><para>An input parameter was invalid (out of range,
- or NULL, where that's not accepted).</para></listitem>
+ or NULL, where that is not accepted).</para></listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><constant>-ENODATA</constant></term>
- <listitem><para>Given field is not specified for the described
+ <listitem><para>The given field is not specified for the described
seat.</para>
</listitem>
</varlistentry>
<term><constant>-EINVAL</constant></term>
<listitem><para>An input parameter was invalid (out of range,
- or NULL, where that's not accepted).</para></listitem>
+ or NULL, where that is not accepted).</para></listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><constant>-ENODATA</constant></term>
- <listitem><para>Given field is not specified for the described
+ <listitem><para>The given field is not specified for the described
session.</para>
</listitem>
</varlistentry>
<term><constant>-EINVAL</constant></term>
<listitem><para>An input parameter was invalid (out of range,
- or NULL, where that's not accepted).</para></listitem>
+ or NULL, where that is not accepted).</para></listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><constant>-ENODATA</constant></term>
- <listitem><para>Given field is not specified for the described
+ <listitem><para>The given field is not specified for the described
user.</para>
</listitem>
</varlistentry>
<term><constant>-EINVAL</constant></term>
<listitem><para>An input parameter was invalid (out of range,
- or NULL, where that's not accepted). This is also returned if
+ or NULL, where that is not accepted). This is also returned if
the passed user ID is 0xFFFF or 0xFFFFFFFF, which are
undefined on Linux.</para></listitem>
</varlistentry>
systemd-41.</para>
<para><function>sd_watchdog_enabled()</function> function was
- added in systemd-209. Since that version the
+ added in systemd-209. Since that version, the
<varname>$WATCHDOG_PID</varname> variable is also set.</para>
</refsect1>
<refsection id='main-conf'>
<title>Configuration Directories and Precedence</title>
- <para>Default configuration is defined during compilation, so a
+ <para>The default configuration is defined during compilation, so a
configuration file is only needed when it is necessary to deviate
- from those defaults. By default the configuration file in
+ from those defaults. By default, the configuration file in
<filename>/etc/systemd/</filename> contains commented out entries
showing the defaults as a guide to the administrator. This file
can be edited to create local overrides.
</programlisting>
<para>This method applies settings when the module is
- loaded. Please note that unless the <filename>br_netfilter</filename>
+ loaded. Please note that, unless the <filename>br_netfilter</filename>
module is loaded, bridged packets will not be filtered by
- netfilter (starting with kernel 3.18), so simply not loading the
- module is suffient to avoid filtering.</para>
+ Netfilter (starting with kernel 3.18), so simply not loading the
+ module is sufficient to avoid filtering.</para>
</example>
<example>
</programlisting>
<para>This method forces the module to be always loaded. Please
- note that unless the <filename>br_netfilter</filename> module is
- loaded, bridged packets will not be filtered with netfilter
+ note that, unless the <filename>br_netfilter</filename> module is
+ loaded, bridged packets will not be filtered with Netfilter
(starting with kernel 3.18), so simply not loading the module is
- suffient to avoid filtering.</para>
+ sufficient to avoid filtering.</para>
</example>
</refsect1>
<listitem>
<para>The argument should be a comma-separated list of unit
LOAD, SUB, or ACTIVE states. When listing units, show only
- those in specified states. Use <option>--state=failed</option>
+ those in the specified states. Use <option>--state=failed</option>
to show only failed units.</para>
<para>As a special case, if one of the arguments is
<para>Properties for units vary by unit type, so showing any
unit (even a non-existent one) is a way to list properties
- pertaining to this type. Similarly showing any job will list
+ pertaining to this type. Similarly, showing any job will list
properties pertaining to all jobs. Properties for units are
documented in
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<!-- we do not document -failed here, as it has been made
redundant by -state=failed, which it predates. To keep
- things simple we only document the new switch, while
+ things simple, we only document the new switch, while
keeping the old one around for compatibility only. -->
<varlistentry>
<listitem>
<para>When used with <command>kill</command>, choose which
signal to send to selected processes. Must be one of the
- well known signal specifiers such as <constant>SIGTERM</constant>, <constant>SIGINT</constant> or
+ well-known signal specifiers such as <constant>SIGTERM</constant>, <constant>SIGINT</constant> or
<constant>SIGSTOP</constant>. If omitted, defaults to
<option>SIGTERM</option>.</para>
</listitem>
<listitem>
<para>When used with
<command>enable</command>/<command>disable</command>/<command>is-enabled</command>
- (and related commands), use alternative root path when
+ (and related commands), use an alternate root path when
looking for unit files.</para>
</listitem>
<listitem>
<para>When used with <command>list-dependencies</command>,
- the output is printed as a list instead of a tree.</para>
+ <command>list-units</command> or <command>list-machines</command>, the
+ the output is printed as a list instead of a tree, and the bullet
+ circles are omitted.</para>
</listitem>
</varlistentry>
<para>This function is intended to generate human-readable
output. If you are looking for computer-parsable output,
- use <command>show</command> instead. By default this
+ use <command>show</command> instead. By default, this
function only shows 10 lines of output and ellipsizes
lines to fit in the terminal window. This can be changes
with <option>--lines</option> and <option>--full</option>,
<para>Show properties of one or more units, jobs, or the
manager itself. If no argument is specified, properties of
the manager will be shown. If a unit name is specified,
- properties of the unit is shown, and if a job id is
+ properties of the unit is shown, and if a job ID is
specified, properties of the job is shown. By default, empty
properties are suppressed. Use <option>--all</option> to
show those too. To select specific properties to show, use
starting any of the units being enabled. If this
is desired, either <option>--now</option> should be used
together with this command, or an additional <command>start</command>
- command must be invoked for the unit. Also note that in case of
+ command must be invoked for the unit. Also note that, in case of
instance enablement, symlinks named the same as instances
are created in the install location, however they all point to the
same template unit file.</para>
</row>
<row>
<entry><literal>static</literal></entry>
- <entry>Unit file is not enabled, and has no provisions for enabling in the <literal>[Install]</literal> section.</entry>
+ <entry>The unit file is not enabled, and has no provisions for enabling in the <literal>[Install]</literal> section.</entry>
<entry>0</entry>
</row>
<row>
<entry><literal>indirect</literal></entry>
- <entry>Unit file itself is not enabled, but it has a non-empty <varname>Also=</varname> setting in the <literal>[Install]</literal> section, listing other unit files that might be enabled.</entry>
+ <entry>The unit file itself is not enabled, but it has a non-empty <varname>Also=</varname> setting in the <literal>[Install]</literal> section, listing other unit files that might be enabled.</entry>
<entry>0</entry>
</row>
<row>
<entry><literal>disabled</literal></entry>
- <entry>Unit file is not enabled.</entry>
+ <entry>The unit file is not enabled.</entry>
<entry>> 0</entry>
</row>
</tbody>
<listitem>
<para>Adds <literal>Wants=</literal> or <literal>Requires=</literal>
- dependency, respectively, to the specified
+ dependencies, respectively, to the specified
<replaceable>TARGET</replaceable> for one or more units. </para>
<para>This command honors <option>--system</option>,
<option>--user</option>, <option>--runtime</option> and
- <option>--global</option> in a similar way as
+ <option>--global</option> in a way similar to
<command>enable</command>.</para>
</listitem>
<para>Depending on whether <option>--system</option> (the default),
<option>--user</option>, or <option>--global</option> is specified,
- this creates a drop-in file for each unit either for the system,
- for the calling user or for all futures logins of all users. Then,
+ this command creates a drop-in file for each unit either for the system,
+ for the calling user, or for all futures logins of all users. Then,
the editor (see the "Environment" section below) is invoked on
temporary files which will be written to the real location if the
editor exits successfully.</para>
be made temporarily in <filename>/run</filename> and they will be
lost on the next reboot.</para>
- <para>If the temporary file is empty upon exit the modification of
- the related unit is canceled</para>
+ <para>If the temporary file is empty upon exit, the modification of
+ the related unit is canceled.</para>
<para>After the units have been edited, systemd configuration is
reloaded (in a way that is equivalent to <command>daemon-reload</command>).
<para>Note that this command cannot be used to remotely edit units
and that you cannot temporarily edit units which are in
- <filename>/etc</filename> since they take precedence over
+ <filename>/etc</filename>, since they take precedence over
<filename>/run</filename>.</para>
</listitem>
</varlistentry>
<term><command>daemon-reload</command></term>
<listitem>
- <para>Reload systemd manager configuration. This will
+ <para>Reload the systemd manager configuration. This will
rerun all generators (see
<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>),
reload all unit files, and recreate the entire dependency
maintenance mode, and with no failed services. Failure is
returned otherwise (exit code non-zero). In addition, the
current state is printed in a short string to standard
- output, see table below. Use <option>--quiet</option> to
+ output, see the table below. Use <option>--quiet</option> to
suppress this output.</para>
<table>
<para>Switches to a different root directory and executes a
new system manager process below it. This is intended for
usage in initial RAM disks ("initrd"), and will transition
- from the initrd's system manager process (a.k.a "init"
+ from the initrd's system manager process (a.k.a. "init"
process) to the main system manager process. This call takes two
arguments: the directory that is to become the new root directory, and
the path to the new system manager binary below it to
<title>Description</title>
<para><command>systemd-activate</command> can be used to
- launch a socket activated daemon from the command line for
+ launch a socket-activated daemon from the command line for
testing purposes. It can also be used to launch single instances
of the daemon per connection (inetd-style).
</para>
</example>
<example>
- <title>Run a socket activated instance of <citerefentry><refentrytitle>systemd-journal-gatewayd</refentrytitle><manvolnum>8</manvolnum></citerefentry></title>
+ <title>Run a socket-activated instance of <citerefentry><refentrytitle>systemd-journal-gatewayd</refentrytitle><manvolnum>8</manvolnum></citerefentry></title>
<programlisting>$ /usr/lib/systemd/systemd-activate -l 19531 /usr/lib/systemd/systemd-journal-gatewayd</programlisting>
</example>
<replaceable>TARGET</replaceable></command> changes the current log
target of the <command>systemd</command> daemon to
<replaceable>TARGET</replaceable> (accepts the same values as
- <option>--log-target=</option> described in
+ <option>--log-target=</option>, described in
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>).</para>
<para><command>systemd-analyze verify</command> will load unit
cache for the password. If set, then the tool will try to push
any collected passwords into the kernel keyring of the root
user, as a key of the specified name. If combined with
- <option>--accept-cached</option> it will also try to retrieve
- the such cached passwords from the key in the kernel keyring
- instead of querying the user right-away. By using this option
+ <option>--accept-cached</option>, it will also try to retrieve
+ such cached passwords from the key in the kernel keyring
+ instead of querying the user right away. By using this option,
the kernel keyring may be used as effective cache to avoid
repeatedly asking users for passwords, if there are multiple
objects that may be unlocked with the same password. The
<term><option>--accept-cached</option></term>
<listitem><para>If passed, accept cached passwords, i.e.
- passwords previously typed in. </para></listitem>
+ passwords previously entered.</para></listitem>
</varlistentry>
<varlistentry>
that restores the display backlight brightness at early boot and
saves it at shutdown. On disk, the backlight brightness is stored
in <filename>/var/lib/systemd/backlight/</filename>. During
- loading, if udev property <option>ID_BACKLIGHT_CLAMP</option> is
- not set to false value, the brightness is clamped to a value of at
+ loading, if the udev property <option>ID_BACKLIGHT_CLAMP</option> is
+ not set to false, the brightness is clamped to a value of at
least 1 or 5% of maximum brightness, whichever is greater. This
restriction will be removed when the kernel allows user space to
reliably set a brightness value which does not turn off the
<refsect1>
<title>Description</title>
- <para><filename>systemd-binfmt.service</filename> is an early-boot
+ <para><filename>systemd-binfmt.service</filename> is an early boot
service that registers additional binary formats for executables
in the kernel.</para>
and logging startup information in the background.
</para>
<para>
- After collecting a certain amount of data (usually 15-30
+ After collecting a certain amount of data (usually 15–30
seconds, default 20 s) the logging stops and a graph is
generated from the logged information. This graph contains vital
clues as to which resources are being used, in which order, and
<term><emphasis>Started as a standalone program</emphasis></term>
<listitem><para>One can execute
<command>systemd-bootchart</command> as normal application
- from the command line. In this mode it is highly recommended
+ from the command line. In this mode, it is highly recommended
to pass the <option>-r</option> flag in order to not graph the
time elapsed since boot and before systemd-bootchart was
started, as it may result in extremely large graphs. The time
<term><option>--freq <replaceable>f</replaceable></option></term>
<listitem><para>Specify the sample log frequency, a positive
real <replaceable>f</replaceable>, in Hz. Most systems can
- cope with values up to 25-50 without creating too much
+ cope with values up to 25–50 without creating too much
overhead.</para></listitem>
</varlistentry>
<citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
Defaults to <literal>info</literal>. Note that this simply
controls the default, individual lines may be logged with
- different levels if they are prefixed accordingly. For details
+ different levels if they are prefixed accordingly. For details,
see <option>--level-prefix=</option> below.</para></listitem>
</varlistentry>
<term><option>-r</option></term>
<term><option>--raw</option></term>
- <listitem><para>Format byte counts (as in memory usage and IO metrics)
+ <listitem><para>Format byte counts (as in memory usage and I/O metrics)
with raw numeric values rather than human-readable
numbers.</para></listitem>
</varlistentry>
<term><option>--cpu=time</option></term>
<listitem><para>Controls whether the CPU usage is shown as
- percentage or time. By default the CPU usage is shown as
+ percentage or time. By default, the CPU usage is shown as
percentage. This setting may also be toggled at runtime by
pressing the <keycap>%</keycap> key.</para></listitem>
</varlistentry>
<term><option>-P</option></term>
<listitem><para>Count only userspace processes instead of all
- tasks. By default all tasks are counted: each kernel thread
- and each userspace thread individually. With this setting
+ tasks. By default, all tasks are counted: each kernel thread
+ and each userspace thread individually. With this setting,
kernel threads are excluded from the counting and each
userspace process only counts as one, regardless how many
threads it consists of. This setting may also be toggled at
<term><option>-k</option></term>
<listitem><para>Count only userspace processes and kernel
- threads instead of all tasks. By default all tasks are
+ threads instead of all tasks. By default, all tasks are
counted: each kernel thread and each userspace thread
- individually. With this setting kernel threads are included in
+ individually. With this setting, kernel threads are included in
the counting and each userspace process only counts as on one,
regardless how many threads it consists of. This setting may
also be toggled at runtime by pressing the <keycap>k</keycap>
<listitem><para>Controls whether the number of processes shown
for a control group shall include all processes that are
contained in any of the child control groups as well. Takes a
- boolean argument, defaults to <literal>yes</literal>. If
- enabled the processes in child control groups are included, if
- disabled only the processes in the control group itself are
+ boolean argument, which defaults to <literal>yes</literal>. If
+ enabled, the processes in child control groups are included, if
+ disabled, only the processes in the control group itself are
counted. This setting may also be toggled at runtime by
pressing the <keycap>r</keycap> key. Note that this setting
only applies to process counting, i.e. when the
<term><keycap>i</keycap></term>
<listitem><para>Sort the control groups by path, number of
- tasks, CPU load, memory usage, or IO load, respectively. This
+ tasks, CPU load, memory usage, or I/O load, respectively. This
setting may also be controlled using the
<option>--order=</option> command line
switch.</para></listitem>
excluding processes in child control groups in control group
process counts. This setting may also be controlled using the
<option>--recursive=</option> command line switch. This key is
- not available of all tasks are counted, it is only available
+ not available if all tasks are counted, it is only available
if processes are counted, as enabled with the
<keycap>P</keycap> or <keycap>k</keycap>
keys.</para></listitem>
in <citerefentry project='man-pages'><refentrytitle>core</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
In particular, the coredump will only be processed when the
related resource limits are high enough. For programs started by
- <command>systemd</command> those may be set using
+ <command>systemd</command>, those may be set using
<varname>LimitCore=</varname> (see
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
</para>
system and the initrd.</para>
<para>If /etc/crypttab contains entries with the same UUID,
then the name, keyfile and options specified there will be
- used. Otherwise the device will have the name
+ used. Otherwise, the device will have the name
<literal>luks-UUID</literal>.</para>
<para>If /etc/crypttab exists, only those UUIDs
specified on the kernel command line
directories which contain "drop-in" files with configuration
snippets which augment the main configuration file. "Drop-in"
files can be overridden in the same way by placing files with the
- same name in a directory of higher priority (except that in case
+ same name in a directory of higher priority (except that, in case
of "drop-in" files, both the "drop-in" file name and the name of
the containing directory, which corresponds to the name of the
main configuration file, must match). For a fuller explanation,
technology and can distinguish full VM virtualization from
container virtualization. <filename>systemd-detect-virt</filename>
exits with a return value of 0 (success) if a virtualization
- technology is detected, and non-zero (error) otherwise. By default
+ technology is detected, and non-zero (error) otherwise. By default,
any type of virtualization is detected, and the options
<option>--container</option> and <option>--vm</option> can be used
to limit what types of virtualization are detected.</para>
<entry><varname>docker</varname></entry>
<entry>Docker container manager</entry>
</row>
+
+ <row>
+ <entry><varname>rkt</varname></entry>
+ <entry>rkt app container runtime</entry>
+ </row>
</tbody>
</tgroup>
</table>
<listitem><para>Detect whether invoked in a
<citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
- environment. In this mode no output is written, but the return
+ environment. In this mode, no output is written, but the return
value indicates whether the process was invoked in a
<function>chroot()</function>
environment or not.</para></listitem>
and will process them individually, one after the other. It will
output them separated by spaces to stdout.</para>
- <para>By default this command will escape the strings passed,
+ <para>By default, this command will escape the strings passed,
unless <option>--unescape</option> is passed which results in the
- inverse operation being applied. If <option>--mangle</option> a
- special mode of escaping is applied instead, which assumes a
- string to be already escaped but will escape everything that
+ inverse operation being applied. If <option>--mangle</option> is given, a
+ special mode of escaping is applied instead, which assumes the
+ string is already escaped but will escape everything that
appears obviously non-escaped.</para>
</refsect1>
<listitem><para>The root user's password</para></listitem>
</itemizedlist>
- <para>Each of the fields may either be queried interactively from
- the users, set non-interactively on the tool's command line, or be
+ <para>Each of the fields may either be queried interactively by
+ users, set non-interactively on the tool's command line, or be
copied from a host system that is used to set up the system
image.</para>
- <para>If a setting is already initialized it will not be
+ <para>If a setting is already initialized, it will not be
overwritten and the user will not be prompted for the
setting.</para>
<citerefentry project='die-net'><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>
file. This setting exists in two forms:
<option>--root-password=</option> accepts the password to set
- directly on the command line,
+ directly on the command line, and
<option>--root-password-file=</option> reads it from a file.
- Note that it is not recommended specifying passwords on the
- command line as other users might be able to see them simply
+ Note that it is not recommended to specify passwords on the
+ command line, as other users might be able to see them simply
by invoking
<citerefentry project='die-net'><refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
</varlistentry>
device that is configured for file system checking.
<filename>systemd-fsck-root.service</filename> is responsible for
file system checks on the root file system, but only if the
- root filesystem wasn't checked in the initramfs.
+ root filesystem was not checked in the initramfs.
<filename>systemd-fsck@.service</filename> is used for all other
file systems and for the root file system in the initramfs.</para>
- <para>Those services are started at boot if
+ <para>These services are started at boot if
<option>passno</option> in <filename>/etc/fstab</filename> for the
file system is set to a value greater than zero. The file system
check for root is performed before the other file systems. Other
- file systems may be checked in parallel, except when they are one
+ file systems may be checked in parallel, except when they are on
the same rotating disk.</para>
<para><filename>systemd-fsck</filename> does not know any details
<varname>mount.usr=</varname> will default to the value set in
<varname>root=</varname>.</para>
- <para>Otherwise this parameter defaults to the
+ <para>Otherwise, this parameter defaults to the
<filename>/usr</filename> entry found in
<filename>/etc/fstab</filename> on the root filesystem.</para>
<varname>mount.usrfstype=</varname> will default to the value
set in <varname>rootfstype=</varname>.</para>
- <para>Otherwise this value will be read from the
+ <para>Otherwise, this value will be read from the
<filename>/usr</filename> entry in
<filename>/etc/fstab</filename> on the root filesystem.</para>
<varname>mount.usrflags=</varname> will default to the value
set in <varname>rootflags=</varname>.</para>
- <para>Otherwise this value will be read from the
+ <para>Otherwise, this value will be read from the
<filename>/usr</filename> entry in
<filename>/etc/fstab</filename> on the root filesystem.</para>
</table>
<para>The <filename>/home</filename> and <filename>/srv</filename>
- partitions may be encrypted in LUKS format. In this case a device
+ partitions may be encrypted in LUKS format. In this case, a device
mapper device is set up under the names
<filename>/dev/mapper/home</filename> and
<filename>/dev/mapper/srv</filename>. Note that this might create
device name.</para>
<para>Mount and automount units for the EFI System Partition (ESP),
- mounting it to <filename>/boot</filename> are generated on EFI
- systems, where the boot loader communicates the used ESP to the operating
+ mounting it to <filename>/boot</filename>, are generated on EFI
+ systems where the boot loader communicates the used ESP to the operating
system. Since this generator creates an automount unit, the mount will
only be activated on-demand, when accessed. On systems where
<filename>/boot</filename> is an explicitly configured mount
<term><option>-r</option></term>
<term><option>--root=<replaceable>PATH</replaceable></option></term>
<listitem>
- <para>Alternative root path in the filesystem.</para>
+ <para>Alternate root path in the filesystem.</para>
</listitem>
</varlistentry>
</variablelist>
<programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
-out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
-cat >ca.conf <<EOF
+cat >ca.conf <<EOF
[ ca ]
default_ca = this
EOF
touch index
-echo 0001 > serial
+echo 0001 >serial
SERVER=server
CLIENT=client
<varname>ServerCertificateFile=</varname>,
<varname>ServerKeyFile=</varname>, in
<filename>/etc/systemd/journal-remote.conf</filename> and
- <filename>/etc/systemd/journal-upload.conf</filename>
+ <filename>/etc/systemd/journal-upload.conf</filename>,
respectively. The default locations can be queried by using
<command>systemd-journal-remote --help</command> and
<command>systemd-journal-upload --help</command>.</para>
<listitem><para>Sockets and other paths that
<command>systemd-journald</command> will listen on that are
- visible in the file system. In addition to those, journald can
+ visible in the file system. In addition to these, journald can
listen for audit events using netlink.</para></listitem>
</varlistentry>
</variablelist>
<refnamediv>
<refname>systemd-machine-id-commit.service</refname>
- <refpurpose>Commit a transient machine-id to disk</refpurpose>
+ <refpurpose>Commit a transient machine ID to disk</refpurpose>
</refnamediv>
<refsynopsisdiv>
<title>Description</title>
<para><filename>systemd-machine-id-commit.service</filename> is an
- early-boot service responsible for committing transient
+ early boot service responsible for committing transient
<filename>/etc/machine-id</filename> files to a writable disk file
system. See
<citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>
<para>The main use case of this service are systems where
<filename>/etc/machine-id</filename> is read-only and initially
- not initialized. In this case the system manager will generate a
+ not initialized. In this case, the system manager will generate a
transient machine ID file on a memory file system, and mount it
over <filename>/etc/machine-id</filename>, during the early boot
phase. This service is then invoked in a later boot phase, as soon
for more information about this file.</para>
<para>If the tool is invoked without the <option>--commit</option>
- switch <filename>/etc/machine-id</filename> is initialized with a
+ switch, <filename>/etc/machine-id</filename> is initialized with a
valid, new machined ID if it is missing or empty. The new machine
ID will be acquired in the following fashion:</para>
and is different for every booted instance of the
VM.</para></listitem>
- <listitem><para>Similar, if run inside a Linux container
- environment and a UUID is configured for the container this is
- used to initialize the machine ID. For details see the
+ <listitem><para>Similarly, if run inside a Linux container
+ environment and a UUID is configured for the container, this is
+ used to initialize the machine ID. For details, see the
documentation of the <ulink
url="http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface">Container
Interface</ulink>.</para></listitem>
- <listitem><para>Otherwise a new ID is randomly
+ <listitem><para>Otherwise, a new ID is randomly
generated.</para></listitem>
</orderedlist>
<para>This command is primarily used by the
<citerefentry><refentrytitle>systemd-machine-id-commit.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- early-boot service.</para></listitem>
+ early boot service.</para></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="help" />
<title>Description</title>
<para><filename>systemd-modules-load.service</filename> is an
- early-boot service that loads kernel modules based on static
+ early boot service that loads kernel modules based on static
configuration.</para>
<para>See
<varlistentry>
<term><option>--ignore=</option></term>
<listitem><para>Network interfaces to be ignored when deciding
- if the system is online. By default only the loopback
+ if the system is online. By default, only the loopback
interface is ignored. This option may be used more than once
to ignore multiple network interfaces. </para></listitem>
</varlistentry>
<para><command>systemd-notify</command> may be called by daemon
scripts to notify the init system about status changes. It can be
used to send arbitrary information, encoded in an
- environment-block-like list of strings. Most importantly it can be
+ environment-block-like list of strings. Most importantly, it can be
used for start-up completion notification.</para>
<para>This is mostly just a wrapper around
message is sent. This option is hence unrelated to the other
options. For details about the semantics of this option, see
<citerefentry><refentrytitle>sd_booted</refentrytitle><manvolnum>3</manvolnum></citerefentry>. An
- alternative way to check for this state is to call
+ alternate way to check for this state is to call
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
with the <command>is-system-running</command> command. It will
return <literal>offline</literal> if the system was not booted
<varlistentry>
<term><option>--private-users=</option></term>
- <listitem><para>Enables user namespacing. If enabled the
+ <listitem><para>Enables user namespacing. If enabled, the
container will run with its own private set of Unix user and
group ids (UIDs and GIDs). Takes none, one or two
colon-separated parameters: the first parameter specifies the
assigned. If the first parameter is also omitted (and hence
no parameter passed at all), the first UID assigned to the
container is read from the owner of the root directory of the
- container's directory tree. By default no user namespacing is
+ container's directory tree. By default, no user namespacing is
applied.</para>
<para>Note that user namespacing currently requires OS trees
must be shifted to the container UID base that is
used during container runtime.</para>
- <para>It is recommended to assign as least 65536 UIDs to each
+ <para>It is recommended to assign at least 65536 UIDs to each
container, so that the usable UID range in the container
- covers 16bit. For best security do not assign overlapping UID
+ covers 16 bit. For best security, do not assign overlapping UID
ranges to multiple containers. It is hence a good idea to use
- the upper 16bit of the host 32bit UIDs as container
- identifier, while the lower 16bit encode the container UID
+ the upper 16 bit of the host 32-bit UIDs as container
+ identifier, while the lower 16 bit encode the container UID
used.</para>
- <para>When user namespaces are used the GID range assigned to
+ <para>When user namespaces are used, the GID range assigned to
each container is always chosen identical to the UID
range.</para></listitem>
</varlistentry>
which case <literal>tcp</literal> is assumed. The container
port number and its colon may be omitted, in which case the
same port as the host port is implied. This option is only
- supported if private networking is used, such as
+ supported if private networking is used, such as with
<option>--network-veth</option> or
<option>--network-bridge=</option>.</para></listitem>
</varlistentry>
<term><option>--bind-ro=</option></term>
<listitem><para>Bind mount a file or directory from the host
- into the container. Takes one of: a path argument -- in which
+ into the container. Takes one of: a path argument — in which
case the specified path will be mounted from the host to the
- same path in the container --, or a colon-separated pair of
- paths -- in which case the first specified path is the source
+ same path in the container —, or a colon-separated pair of
+ paths — in which case the first specified path is the source
in the host, and the second path is the destination in the
- container --, or a colon-separated triple of source path,
- destination path and mount options. Mount options are comma
- separated and currently only "rbind" and "norbind"
- are allowed. Defaults to "rbind". Backslash escapes are interpreted so
+ container —, or a colon-separated triple of source path,
+ destination path and mount options. Mount options are
+ comma-separated and currently, only "rbind" and "norbind"
+ are allowed. Defaults to "rbind". Backslash escapes are interpreted, so
<literal>\:</literal> may be used to embed colons in either path.
This option may be specified multiple times for
creating multiple independent bind mount points. The
mount the tmpfs instance to (in which case the directory
access mode will be chosen as 0755, owned by root/root), or
optionally a colon-separated pair of path and mount option
- string, that is used for mounting (in which case the kernel
+ string that is used for mounting (in which case the kernel
default for access mode and owner will be chosen, unless
otherwise specified). This option is particularly useful for
mounting directories such as <filename>/var</filename> as
tmpfs, to allow state-less systems, in particular when
combined with <option>--read-only</option>.
- Backslash escapes are interpreted in the path so
+ Backslash escapes are interpreted in the path, so
<literal>\:</literal> may be used to embed colons in the path.
</para></listitem>
</varlistentry>
overlay file system. The left-most path is hence the lowest
directory tree, the second-to-last path the highest directory
tree in the stacking order. If <option>--overlay-ro=</option>
- is used instead of <option>--overlay=</option> a read-only
+ is used instead of <option>--overlay=</option>, a read-only
overlay file system is created. If a writable overlay file
- system is created all changes made to it are written to the
+ system is created, all changes made to it are written to the
highest directory tree in the stacking order, i.e. the
second-to-last specified.</para>
<listitem><para>Controls whether the container is registered
with
<citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
- Takes a boolean argument, defaults to <literal>yes</literal>.
+ Takes a boolean argument, which defaults to <literal>yes</literal>.
This option should be enabled when the container runs a full
Operating System (more specifically: an init system), and is
useful to ensure that the container is accessible via
<listitem><para>Boots the container in volatile mode. When no
mode parameter is passed or when mode is specified as
- <option>yes</option> full volatile mode is enabled. This
- means the root directory is mounted as mostly unpopulated
+ <option>yes</option>, full volatile mode is enabled. This
+ means the root directory is mounted as a mostly unpopulated
<literal>tmpfs</literal> instance, and
<filename>/usr</filename> from the OS tree is mounted into it,
read-only (the system thus starts up with read-only OS
resources, but pristine state and configuration, any changes
to the either are lost on shutdown). When the mode parameter
- is specified as <option>state</option> the OS tree is
+ is specified as <option>state</option>, the OS tree is
mounted read-only, but <filename>/var</filename> is mounted as
- <literal>tmpfs</literal> instance into it (the system thus
+ a <literal>tmpfs</literal> instance into it (the system thus
starts up with read-only OS resources and configuration, but
- pristine state, any changes to the latter are lost on
+ pristine state, and any changes to the latter are lost on
shutdown). When the mode parameter is specified as
- <option>no</option> (the default) the whole OS tree is made
+ <option>no</option> (the default), the whole OS tree is made
available writable.</para>
<para>Note that setting this to <option>yes</option> or
special values <option>override</option> or
<option>trusted</option>.</para>
- <para>If enabled (the default) a settings file named after the
+ <para>If enabled (the default), a settings file named after the
machine (as specified with the <option>--machine=</option>
setting, or derived from the directory or image file name)
with the suffix <filename>.nspawn</filename> is searched in
<filename>/etc/systemd/nspawn/</filename> and
<filename>/run/systemd/nspawn/</filename>. If it is found
there, its settings are read and used. If it is not found
- there it is subsequently searched in the same directory as the
+ there, it is subsequently searched in the same directory as the
image file or in the immediate parent of the root directory of
- the container. In this case, if the file is found its settings
+ the container. In this case, if the file is found, its settings
will be also read and used, but potentially unsafe settings
- are ignored. Note that in both these cases settings on the
+ are ignored. Note that in both these cases, settings on the
command line take precedence over the corresponding settings
from loaded <filename>.nspawn</filename> files, if both are
specified. Unsafe settings are considered all settings that
elevate the container's privileges or grant access to
additional resources such as files or directories of the
host. For details about the format and contents of
- <filename>.nspawn</filename> files consult
+ <filename>.nspawn</filename> files, consult
<citerefentry><refentrytitle>systemd.nspawn</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
- <para>If this option is set to <option>override</option> the
- file is searched, read and used the same way, however the order of
+ <para>If this option is set to <option>override</option>, the
+ file is searched, read and used the same way, however, the order of
precedence is reversed: settings read from the
<filename>.nspawn</filename> file will take precedence over
the corresponding command line options, if both are
specified.</para>
- <para>If this option is set to <option>trusted</option> the
+ <para>If this option is set to <option>trusted</option>, the
file is searched, read and used the same way, but regardless
- if found in <filename>/etc/systemd/nspawn/</filename>,
+ of being found in <filename>/etc/systemd/nspawn/</filename>,
<filename>/run/systemd/nspawn/</filename> or next to the image
file or container root directory, all settings will take
- effect, however command line arguments still take precedence
+ effect, however, command line arguments still take precedence
over corresponding settings.</para>
- <para>If disabled no <filename>.nspawn</filename> file is read
+ <para>If disabled, no <filename>.nspawn</filename> file is read
and no settings except the ones on the command line are in
effect.</para></listitem>
</varlistentry>
<citerefentry><refentrytitle>file-hierarchy</refentrytitle><manvolnum>7</manvolnum></citerefentry>
queriable.</para>
- <para>When invoked without arguments a list of known paths and
+ <para>When invoked without arguments, a list of known paths and
their current values is shown. When at least one argument is
- passed the path with this name is queried and its value shown.
+ passed, the path with this name is queried and its value shown.
The variables whose name begins with <literal>search-</literal>
- don't refer to individual paths, but instead to a list of
+ do not refer to individual paths, but instead to a list of
colon-separated search paths, in their order of precedence.</para>
</refsect1>
<title>Description</title>
<para><filename>systemd-random-seed.service</filename> is a
- service that restores the random seed of the system at early-boot
+ service that restores the random seed of the system at early boot
and saves it at shutdown. See
<citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry>
for details. Saving/restoring the random seed across boots
<title>Description</title>
<para><filename>systemd-remount-fs.service</filename> is an
- early-boot service that applies mount options listed in
+ early boot service that applies mount options listed in
<citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>
to the root file system, the <filename>/usr</filename> file system,
and the kernel API file systems. This is required so that the
<citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
and
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for details. To improve compatibility
+ for details. To improve compatibility,
<filename>/etc/resolv.conf</filename> is read in order to discover
- configured system DNS servers, however only if it is not a symlink
+ configured system DNS servers, but only if it is not a symlink
to <filename>/run/systemd/resolve/resolv.conf</filename> (see above).</para>
<para><command>systemd-resolved</command> synthesizes DNS RRs for the following cases:</para>
<para>If lookups are routed to multiple interfaces, the first
successful response is returned (thus effectively merging the
lookup zones on all matching interfaces). If the lookup failed on
- all interfaces the last failing response is returned.</para>
+ all interfaces, the last failing response is returned.</para>
<para>Routing of lookups may be influenced by configuring
- per-interface domain names, see
+ per-interface domain names. See
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. Lookups for a hostname ending in one of the
per-interface domains are exclusively routed to the matching
and thus shows up in the output of <command>systemctl
list-units</command> like any other unit. It will run in a clean
and detached execution environment, with the service manager as
- its parent process. In this mode <command>systemd-run</command>
+ its parent process. In this mode, <command>systemd-run</command>
will start the service asynchronously in the background and return
after the command has begun execution.</para>
<term><option>--pty</option></term>
<term><option>-t</option></term>
- <listitem><para>When invoking a command as service connects
+ <listitem><para>When invoking a command, the service connects
its standard input and output to the invoking tty via a
pseudo TTY device. This allows invoking binaries as services
that expect interactive user input, such as interactive
<para>The following command invokes the
<citerefentry project='man-pages'><refentrytitle>updatedb</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- tool, but lowers the block IO weight for it to 10. See
+ tool, but lowers the block I/O weight for it to 10. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for more information on the <varname>BlockIOWeight=</varname>
property.</para>
<refsect1>
<title>Description</title>
- <para><filename>systemd-sysctl.service</filename> is an early-boot
+ <para><filename>systemd-sysctl.service</filename> is an early boot
service that configures
<citerefentry project='man-pages'><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>
kernel parameters.</para>
resource limits for units. See
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for details. Use the string <varname>infinity</varname> to
- configure no limit on a specific resource. These settings may
- be overridden in individual units using the corresponding
+ configure no limit on a specific resource. The multiplicative suffixes
+ K (=1024), M (=1024*1024) and so on for G, T, P and E may be used for
+ resource limits measured in bytes (e.g. DefaultLimitAS=16G). These
+ settings may be overridden in individual units using the corresponding
LimitXXX= directives. Note that these resource limits are only
defaults for units, they are not applied to PID 1
itself.</para></listitem>
specified in
<citerefentry><refentrytitle>sysusers.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
are searched for a matching file. If the string
- <filename>-</filename> is specified as filenames entries from the
+ <filename>-</filename> is specified as filename, entries from the
standard input of the process are read.</para>
</refsect1>
<para><ulink url="http://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html">LSB headers</ulink>
in SysV init scripts are interpreted, and the ordering specified
in the header is turned into dependencies between the generated
- unit and other units. LSB facilities
+ unit and other units. The LSB facilities
<literal>$remote_fs</literal>, <literal>$network</literal>,
<literal>$named</literal>, <literal>$portmap</literal>,
<literal>$time</literal> are supported and will be turned into
<para>SysV runlevels have corresponding systemd targets
(<filename>runlevel<replaceable>X</replaceable>.target</filename>).
- Wrapper unit that is generated will be wanted by those targets
+ The wrapper unit that is generated will be wanted by those targets
which correspond to runlevels for which the script is
enabled.</para>
<term><filename>/var/lib/systemd/clock</filename></term>
<listitem>
- <para>This file contains the timestamp of last successful
+ <para>This file contains the timestamp of the last successful
synchronization.</para>
</listitem>
</varlistentry>
<term><option>--event-timeout=</option></term>
<listitem>
<para>Set the number of seconds to wait for events to finish. After
- this time the event will be terminated. The default is 180 seconds.</para>
+ this time, the event will be terminated. The default is 180 seconds.</para>
</listitem>
</varlistentry>
service that is invoked as part of the first boot after the vendor
operating system resources in <filename>/usr</filename> have been
updated. This is useful to implement offline updates of
- <filename>/usr</filename> which might requires updates to
+ <filename>/usr</filename> which might require updates to
<filename>/etc</filename> or <filename>/var</filename> on the
following boot.</para>
<para><filename>systemd-user-sessions.service</filename> is a
service that controls user logins through
<citerefentry project='man-pages'><refentrytitle>pam_nologin</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
- After basic system initialization is complete it removes
+ After basic system initialization is complete, it removes
<filename>/run/nologin</filename>, thus permitting logins. Before
- system shutdown it creates <filename>/run/nologin</filename>, thus
+ system shutdown, it creates <filename>/run/nologin</filename>, thus
prohibiting further logins.</para>
</refsect1>
<title>Description</title>
<para><filename>systemd-vconsole-setup.service</filename> is an
- early-boot service that configures the virtual console font and
+ early boot service that configures the virtual console font and
console keymap. Internally it calls
<citerefentry project='mankier'><refentrytitle>loadkeys</refentrytitle><manvolnum>1</manvolnum></citerefentry>
and
</varlistentry>
<varlistentry>
<term><varname>TimeoutIdleSec=</varname></term>
- <listitem><para>Configures an idleness timeout. Once the mount has been
+ <listitem><para>Configures an idle timeout. Once the mount has been
idle for the specified time, systemd will attempt to unmount. Takes a
unit-less value in seconds, or a time span value such as "5min 20s".
Pass 0 to disable the timeout logic. The timeout is disabled by
<listitem><para>Takes an absolute directory path, or the
special value <literal>~</literal>. Sets the working directory
- for executed processes. If set to <literal>~</literal> the
+ for executed processes. If set to <literal>~</literal>, the
home directory of the user specified in
<varname>User=</varname> is used. If not set, defaults to the
root directory when systemd is running as a system instance
<listitem><para>Sets the supplementary Unix groups the
processes are executed as. This takes a space-separated list
of group names or IDs. This option may be specified more than
- once in which case all listed groups are set as supplementary
- groups. When the empty string is assigned the list of
+ once, in which case all listed groups are set as supplementary
+ groups. When the empty string is assigned, the list of
supplementary groups is reset, and all assignments prior to
this one will have no effect. In any way, this option does not
override, but extends the list of supplementary groups
<varlistentry>
<term><varname>IOSchedulingClass=</varname></term>
- <listitem><para>Sets the IO scheduling class for executed
+ <listitem><para>Sets the I/O scheduling class for executed
processes. Takes an integer between 0 and 3 or one of the
strings <option>none</option>, <option>realtime</option>,
<option>best-effort</option> or <option>idle</option>. See
<varlistentry>
<term><varname>IOSchedulingPriority=</varname></term>
- <listitem><para>Sets the IO scheduling priority for executed
+ <listitem><para>Sets the I/O scheduling priority for executed
processes. Takes an integer between 0 (highest priority) and 7
(lowest priority). The available priorities depend on the
- selected IO scheduling class (see above). See
+ selected I/O scheduling class (see above). See
<citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for details.</para></listitem>
</varlistentry>
processes. Takes a list of CPU indices or ranges separated by
either whitespace or commas. CPU ranges are specified by the
lower and upper CPU indices separated by a dash.
- This option may be specified more than once in which case the
+ This option may be specified more than once, in which case the
specified CPU affinity masks are merged. If the empty string
is assigned, the mask is reset, all assignments prior to this
will have no effect. See
<listitem><para>Sets environment variables for executed
processes. Takes a space-separated list of variable
- assignments. This option may be specified more than once in
+ assignments. This option may be specified more than once, in
which case all listed variables will be set. If the same
variable is set twice, the later setting will override the
earlier setting. If the empty string is assigned to this
</varlistentry>
<varlistentry>
<term><varname>SyslogLevel=</varname></term>
- <listitem><para>Default syslog level to use when logging to
+ <listitem><para>The default syslog level to use when logging to
syslog or the kernel log buffer. One of
<option>emerg</option>,
<option>alert</option>,
different log level which can be used to override the default
log level specified here. The interpretation of these prefixes
may be disabled with <varname>SyslogLevelPrefix=</varname>,
- see below. For details see
+ see below. For details, see
<citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
Defaults to
of various resources for executed processes. See
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for details. Use the string <varname>infinity</varname> to
- configure no limit on a specific resource.</para></listitem>
+ configure no limit on a specific resource. The multiplicative suffixes
+ K (=1024), M (=1024*1024) and so on for G, T, P and E may be used for
+ resource limits measured in bytes (e.g. LimitAS=16G).</para></listitem>
<table>
<title>Limit directives and their equivalent with ulimit</title>
of what <varname>Capabilities=</varname> does. If this option
is not used, the capability bounding set is not modified on
process execution, hence no limits on the capabilities of the
- process are enforced. This option may appear more than once in
+ process are enforced. This option may appear more than once, in
which case the bounding sets are merged. If the empty string
is assigned to this option, the bounding set is reset to the
empty capability set, and all prior settings have no effect.
<option>no-setuid-fixup-locked</option>,
<option>noroot</option>, and
<option>noroot-locked</option>.
- This option may appear more than once in which case the secure
+ This option may appear more than once, in which case the secure
bits are ORed. If the empty string is assigned to this option,
the bits are reset to 0. See
<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
inaccessible for processes inside the namespace. Note that
restricting access with these options does not extend to
submounts of a directory that are created later on. These
- options may be specified more than once in which case all
+ options may be specified more than once, in which case all
directories listed will have limited access from within the
namespace. If the empty string is assigned to this option, the
specific list is reset, and all prior assignments have no
directories read-only for processes invoked by this unit. If
set to <literal>full</literal>, the <filename>/etc</filename>
directory is mounted read-only, too. This setting ensures that
- any modification of the vendor supplied operating system (and
+ any modification of the vendor-supplied operating system (and
optionally its configuration) is prohibited for the service.
It is recommended to enable this setting for all long-running
services, unless they are involved with system updates or need
invoked process must implement a
<command>getty</command>-compatible utmp/wtmp logic. If
<literal>login</literal> is set, first an
- <constant>INIT_PROCESS</constant> entry, followed by an
+ <constant>INIT_PROCESS</constant> entry, followed by a
<constant>LOGIN_PROCESS</constant> entry is generated. In
- this case the invoked process must implement a <citerefentry
+ this case, the invoked process must implement a <citerefentry
project='die-net'><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>-compatible
utmp/wtmp logic. If <literal>user</literal> is set, first an
<constant>INIT_PROCESS</constant> entry, then a
- <constant>LOGIN_PROCESS</constant> entry and finally an
+ <constant>LOGIN_PROCESS</constant> entry and finally a
<constant>USER_PROCESS</constant> entry is generated. In this
- case the invoked process may be any process that is suitable
+ case, the invoked process may be any process that is suitable
to be run as session leader. Defaults to
<literal>init</literal>.</para></listitem>
</varlistentry>
<listitem><para>Takes a <option>SMACK64</option> security
label as argument. The process executed by the unit will be
started under this label and SMACK will decide whether the
- process is allowed to run or not based on it. The process
+ process is allowed to run or not, based on it. The process
will continue to run under the label specified here unless the
executable has its own <option>SMACK64EXEC</option> label, in
which case the process will transition to run under that
<function>sigreturn</function>,
<function>exit_group</function>, <function>exit</function>
system calls are implicitly whitelisted and do not need to be
- listed explicitly. This option may be specified more than once
+ listed explicitly. This option may be specified more than once,
in which case the filter masks are merged. If the empty string
is assigned, the filter is reset, all prior assignments will
have no effect.</para>
<varlistentry>
<term><varname>SystemCallArchitectures=</varname></term>
- <listitem><para>Takes a space separated list of architecture
+ <listitem><para>Takes a space-separated list of architecture
identifiers to include in the system call filter. The known
architecture identifiers are <constant>x86</constant>,
<constant>x86-64</constant>, <constant>x32</constant>,
dynamically into native unit files.</para>
<para>Generators are loaded from a set of paths determined during
- compilation, listed above. System and user generators are loaded
+ compilation, as listed above. System and user generators are loaded
from directories with names ending in
<filename>system-generators/</filename> and
<filename>user-generators/</filename>, respectively. Generators
<filename>/dev/null</filename> or an empty file can be used to
mask a generator, thereby preventing it from running. Please note
that the order of the two directories with the highest priority is
- reversed with respect to the unit load path and generators in
+ reversed with respect to the unit load path, and generators in
<filename>/run</filename> overwrite those in
<filename>/etc</filename>.</para>
or <command>systemd</command> itself (this means: no
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>!). They
can however rely on the most basic kernel functionality to
- be available, including mounted <filename>/sys</filename>,
+ be available, including a mounted <filename>/sys</filename>,
<filename>/proc</filename>, <filename>/dev</filename>.
</para>
</listitem>
<listitem>
<para>
- Units written by generators are removed when configuration
+ Units written by generators are removed when the configuration
is reloaded. That means the lifetime of the generated
units is closely bound to the reload cycles of
<command>systemd</command> itself.
<para>
Generators should only be used to generate unit files, not
any other kind of configuration. Due to the lifecycle
- logic mentioned above generators are not a good fit to
+ logic mentioned above, generators are not a good fit to
generate dynamic configuration for other services. If you
- need to generate dynamic configuration for other services
+ need to generate dynamic configuration for other services,
do so in normal services you order before the service in
question.
</para>
<para>
Since
<citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
- is not available (see above) log messages have to be
+ is not available (see above), log messages have to be
written to <filename>/dev/kmsg</filename> instead.
</para>
</listitem>
Generators may write out dynamic unit files or just hook
unit files into other units with the usual
<filename>.wants/</filename> or
- <filename>.requires/</filename> symlinks. Often it is
+ <filename>.requires/</filename> symlinks. Often, it is
nicer to simply instantiate a template unit file from
<filename>/usr</filename> with a generator instead of
- writing out entirely dynamic unit files. Of course this
+ writing out entirely dynamic unit files. Of course, this
works only if a single parameter is to be used.
</para>
</listitem>
<listitem>
<para>
- If you are careful you can implement generators in shell
+ If you are careful, you can implement generators in shell
scripts. We do recommend C code however, since generators
- delay are executed synchronously and hence delay the
+ are executed synchronously and hence delay the
entire boot if they are slow.
</para>
</listitem>
<para>
Instead of heading off now and writing all kind of
generators for legacy configuration file formats, please
- think twice! It's often a better idea to just deprecate
+ think twice! It is often a better idea to just deprecate
old stuff instead of keeping it artificially alive.
</para>
</listitem>
temporarily redirects <filename>default.target</filename> to
<filename>system-update.target</filename> if a system update is
scheduled. Since this needs to override the default user
- configuration for <filename>default.target</filename> it uses
+ configuration for <filename>default.target</filename>, it uses
argv[2]. For details about this logic, see
<ulink url="http://www.freedesktop.org/wiki/Software/systemd/SystemUpdates">Implementing
Offline System Updates</ulink>.</para>
<citerefentry project='man-pages'><refentrytitle>signal</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
Defaults to <constant>SIGTERM</constant>. </para>
- <para>Note that right after sending the signal specified in
- this setting systemd will always send
+ <para>Note that, right after sending the signal specified in
+ this setting, systemd will always send
<constant>SIGCONT</constant>, to ensure that even suspended
tasks can be terminated cleanly.</para>
</listitem>
name in <filename>/usr/lib</filename>. This can be used to
override a system-supplied link file with a local file if needed.
As a special case, an empty file (file size 0) or symlink with the
- same name pointing to <filename>/dev/null</filename>, disable the
+ same name pointing to <filename>/dev/null</filename> disables the
configuration file entirely (it is "masked").</para>
<para>The link file contains a <literal>[Match]</literal> section,
generated which is guaranteed to be the same on every
boot for the given machine and the given device, but
which is otherwise random. This feature depends on ID_NET_NAME_*
- properties existing for the link, on hardware where these
- properties are not set the generation of a persistent MAC address
+ properties to exist for the link. On hardware where these
+ properties are not set, the generation of a persistent MAC address
will fail.</para>
</listitem>
</varlistentry>
<para>If the kernel is using a random MAC address,
nothing is done. Otherwise, a new address is randomly
generated each time the device appears, typically at
- boot. Either way the random address will have the
+ boot. Either way, the random address will have the
<literal>unicast</literal> and
<literal>locally administered</literal> bits set.</para>
</listitem>
<varlistentry>
<term><option>x-systemd.idle-timeout=</option></term>
- <listitem><para>Configures the idleness timeout of the
+ <listitem><para>Configures the idle timeout of the
automount unit. See <varname>TimeoutIdleSec=</varname> in
<citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details.</para></listitem>
<listitem><para>Configure how long systemd should wait for a
device to show up before giving up on an entry from
<filename>/etc/fstab</filename>. Specify a time in seconds or
- explicitly append a unit as <literal>s</literal>,
+ explicitly append a unit such as <literal>s</literal>,
<literal>min</literal>, <literal>h</literal>,
<literal>ms</literal>.</para>
<para>Note that this option can only be used in
<filename>/etc/fstab</filename>, and will be
- ignored when part of <varname>Options=</varname>
+ ignored when part of the <varname>Options=</varname>
setting in a unit file.</para>
</listitem>
</varlistentry>
<filename>local-fs.target</filename> or
<filename>remote-fs.target</filename>. This means that it will
not be mounted automatically during boot, unless it is pulled
- in by some other unit. Option <option>auto</option> has the
+ in by some other unit. The <option>auto</option> option has the
opposite meaning and is the default.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>nofail</option></term>
- <listitem><para>With <option>nofail</option> this mount will
+ <listitem><para>With <option>nofail</option>, this mount will
be only wanted, not required, by
<filename>local-fs.target</filename> or
<filename>remote-fs.target</filename>. This means that the
<varlistentry>
<term><varname>SmackFileSystemRootLabel=</varname></term>
- <listitem><para>Takes a string for the smack label.
+ <listitem><para>Takes a string for the SMACK label.
This option specifies the label to assign the root of the
- file system if it lacks the Smack extended attribute.
+ file system if it lacks the SMACK extended attribute.
Note that this option will be ignored if kernel does not
- support the Smack feature.
+ support the SMACK feature.
See <ulink
url="https://www.kernel.org/doc/Documentation/security/Smack.txt">Smack.txt</ulink>
for details. </para></listitem>
name in <filename>/usr/lib</filename>. This can be used to
override a system-supplied configuration file with a local file if
needed. As a special case, an empty file (file size 0) or symlink
- with the same name pointing to <filename>/dev/null</filename>,
- disable the configuration file entirely (it is "masked").</para>
+ with the same name pointing to <filename>/dev/null</filename>
+ disables the configuration file entirely (it is "masked").</para>
</refsect1>
<refsect1>
<entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">Linux Ethernet Bonding Driver HOWTO</ulink> for details.Local configuration</entry></row>
<row><entry><varname>bridge</varname></entry>
- <entry>A bridge device is a software switch, each of its slave devices and the bridge itself are ports of the switch.</entry></row>
+ <entry>A bridge device is a software switch, and each of its slave devices and the bridge itself are ports of the switch.</entry></row>
<row><entry><varname>dummy</varname></entry>
<entry>A dummy device drops all packets sent to it.</entry></row>
<entry>A persistent Level 3 tunnel between a network device and a device node.</entry></row>
<row><entry><varname>veth</varname></entry>
- <entry>An ethernet tunnel between a pair of network devices.</entry></row>
+ <entry>An Ethernet tunnel between a pair of network devices.</entry></row>
<row><entry><varname>vlan</varname></entry>
<entry>A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See <ulink url="http://www.ieee802.org/1/pages/802.1Q.html">IEEE 802.1Q</ulink> for details.</entry></row>
<para>The <literal>[Bridge]</literal> section only applies for
netdevs of kind <literal>bridge</literal>, and accepts the
- following key:</para>
+ following keys:</para>
<variablelist class='network-directives'>
<varlistentry>
<term><varname>HelloTimeSec=</varname></term>
<listitem>
- <para>HelloTimeSec specifies the number of seconds a hello packet is
+ <para>HelloTimeSec specifies the number of seconds between two hello packets
sent out by the root bridge and the designated bridges. Hello packets are
used to communicate information about the topology throughout the entire
bridged local area network.</para>
<term><varname>TTL=</varname></term>
<listitem>
<para>A fixed Time To Live N on Virtual eXtensible Local
- Area Network packets. N is a number in the range 1-255. 0
+ Area Network packets. N is a number in the range 1–255. 0
is a special value meaning that packets inherit the TTL
value.</para>
</listitem>
<term><varname>FDBAgeingSec=</varname></term>
<listitem>
<para>The lifetime of Forwarding Database entry learnt by
- the kernel in seconds.</para>
+ the kernel, in seconds.</para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>ARPProxy=</varname></term>
<listitem>
- <para>A boolean. When true, enables ARP proxy.</para>
+ <para>A boolean. When true, enables ARP proxying.</para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>L3MissNotification=</varname></term>
<listitem>
- <para>A boolean. When true, enables netlink IP ADDR miss
+ <para>A boolean. When true, enables netlink IP address miss
notifications.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>RouteShortCircuit=</varname></term>
<listitem>
- <para>A boolean. When true route short circuit is turned
+ <para>A boolean. When true, route short circuiting is turned
on.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>UDPCheckSum=</varname></term>
<listitem>
- <para>A boolean. When true transmitting UDP checksums when doing VXLAN/IPv4 is turned on.</para>
+ <para>A boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>UDP6ZeroChecksumTx=</varname></term>
<listitem>
- <para>A boolean. When true sending zero checksums in VXLAN/IPv6 is turned on.</para>
+ <para>A boolean. When true, sending zero checksums in VXLAN/IPv6 is turned on.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>UDP6ZeroCheckSumRx=</varname></term>
<listitem>
- <para>A boolean. When true receiving zero checksums in VXLAN/IPv6 is turned on.</para>
+ <para>A boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>GroupPolicyExtension=</varname></term>
<listitem>
- <para>A boolean. When true it enables Group Policy VXLAN extension security label mechanism
- across network peers based on VXLAN. For details about the Group Policy VXLAN see the
+ <para>A boolean. When true, it enables Group Policy VXLAN extension security label mechanism
+ across network peers based on VXLAN. For details about the Group Policy VXLAN, see the
<ulink url="https://tools.ietf.org/html/draft-smith-vxlan-group-policy">
VXLAN Group Policy </ulink> document. Defaults to false.</para>
</listitem>
<term><varname>TOS=</varname></term>
<listitem>
<para>The Type Of Service byte value for a tunnel interface.
- For details about the TOS see the
+ For details about the TOS, see the
<ulink url="http://tools.ietf.org/html/rfc1349"> Type of
Service in the Internet Protocol Suite </ulink> document.
</para>
<term><varname>TTL=</varname></term>
<listitem>
<para>A fixed Time To Live N on tunneled packets. N is a
- number in the range 1-255. 0 is a special value meaning that
+ number in the range 1–255. 0 is a special value meaning that
packets inherit the TTL value. The default value for IPv4
- tunnels is: inherit. The default value for IPv6 tunnels is:
+ tunnels is: inherit. The default value for IPv6 tunnels is
64.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>IPv6FlowLabel=</varname></term>
<listitem>
- <para>Configures
The 20-bit Flow Label (see <ulink url="https://tools.ietf.org/html/rfc6437">
+ <para>Configures
the 20-bit flow label (see <ulink url="https://tools.ietf.org/html/rfc6437">
RFC 6437</ulink>) field in the IPv6 header (see <ulink url="https://tools.ietf.org/html/rfc2460">
- RFC 2460</ulink>), is used by a node to label packets of a flow.
- It's only used for IPv6 Tunnels.
- A Flow Label of zero is used to indicate packets that have
- not been labeled. Takes following values.
- When <literal>inherit</literal> it uses the original flowlabel,
- or can be configured to any value between 0 to 0xFFFFF.</para>
+ RFC 2460</ulink>), which is used by a node to label packets of a flow.
+ It is only used for IPv6 tunnels.
+ A flow label of zero is used to indicate packets that have
+ not been labeled.
+ It can be configured to a value in the range 0–0xFFFFF, or be
+ set to <literal>inherit</literal>, in which case the original flowlabel is used.</para>
</listitem>
</varlistentry>
<varlistentry>
value of zero means that a packet carrying that option may not enter
another tunnel before exiting the current tunnel.
(see <ulink url="https://tools.ietf.org/html/rfc2473#section-4.1.1"> RFC 2473</ulink>).
- The valid range is 0-255 and <literal>none</literal>. Defaults to 4.
+ The valid range is 0–255 and <literal>none</literal>. Defaults to 4.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Mode=</varname></term>
<listitem>
- <para>An <literal>ip6tnl</literal> tunnels can have three
+ <para>An <literal>ip6tnl</literal> tunnel can be in one of three
modes
<literal>ip6ip6</literal> for IPv6 over IPv6,
<literal>ipip6</literal> for IPv4 over IPv6 or
<para>The <literal>[Peer]</literal> section only applies for
netdevs of kind <literal>veth</literal> and accepts the
- following key:</para>
+ following keys:</para>
<variablelist class='network-directives'>
<varlistentry>
<varlistentry>
<term><varname>MACAddress=</varname></term>
<listitem>
- <para>The peer MACAddress, if not set it is generated in
+ <para>The peer MACAddress, if not set, it is generated in
the same way as the MAC address of the main
interface.</para>
</listitem>
<term><varname>PacketInfo=</varname></term>
<listitem><para>Takes a boolean argument. Configures whether
packets should be prepended with four extra bytes (two flag
- bytes and two protocol bytes). If disabled it indicates that
+ bytes and two protocol bytes). If disabled, it indicates that
the packets will be pure IP packets. Defaults to
<literal>no</literal>.</para>
</listitem>
<term><varname>LearnPacketIntervalSec=</varname></term>
<listitem>
<para>Specifies the number of seconds between instances where the bonding
- driver sends learning packets to each slaves peer switch.
- The valid range is 1 - 0x7fffffff; the default value is 1. This Option
- has effect only in balance-tlb and balance-alb modes.</para>
+ driver sends learning packets to each slave peer switch.
+ The valid range is 1–0x7fffffff; the default value is 1. This option
+ has an effect only for the balance-tlb and balance-alb modes.</para>
</listitem>
</varlistentry>
<listitem>
<para>Specifies the 802.3ad aggregation selection logic to use. Possible values are
<literal>stable</literal>,
- <literal>bandwidth</literal>,
- <literal>count</literal>
+ <literal>bandwidth</literal> and
+ <literal>count</literal>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>FailOverMACPolicy=</varname></term>
<listitem>
- <para>Specifies whether active-backup mode should set all slaves to
- the same MAC address at enslavement or, when enabled, perform special handling of the
+ <para>Specifies whether the active-backup mode should set all slaves to
+ the same MAC address at the time of enslavement or, when enabled, to perform special handling of the
bond's MAC address in accordance with the selected policy. The default policy is none.
Possible values are
<literal>none</literal>,
- <literal>active</literal>,
- <literal>follow</literal>
+ <literal>active</literal> and
+ <literal>follow</literal>.
</para>
</listitem>
</varlistentry>
monitoring purposes. Possible values are
<literal>none</literal>,
<literal>active</literal>,
- <literal>backup</literal>,
- <literal>all</literal>
+ <literal>backup</literal> and
+ <literal>all</literal>.
</para>
</listitem>
</varlistentry>
<para>Specifies the IP addresses to use as ARP monitoring peers when
ARPIntervalSec is greater than 0. These are the targets of the ARP request
sent to determine the health of the link to the targets.
- Specify these values in ipv4 dotted decimal format. At least one IP
+ Specify these values in IPv4 dotted decimal format. At least one IP
address must be given for ARP monitoring to function. The
maximum number of targets that can be specified is 16. The
default value is no IP addresses.
in order for the ARP monitor to consider a slave as being up.
This option affects only active-backup mode for slaves with
ARPValidate enabled. Possible values are
- <literal>any</literal>,
- <literal>all</literal>
+ <literal>any</literal> and
+ <literal>all</literal>.
</para>
</listitem>
</varlistentry>
occurs. This option is designed to prevent flip-flopping between
the primary slave and other slaves. Possible values are
<literal>always</literal>,
- <literal>better</literal>,
- <literal>failure</literal>
+ <literal>better</literal> and
+ <literal>failure</literal>.
</para>
</listitem>
</varlistentry>
<para>Specifies the number of IGMP membership reports to be issued after
a failover event. One membership report is issued immediately after
the failover, subsequent packets are sent in each 200ms interval.
- The valid range is (0 - 255). Defaults to 1. A value of 0
+ The valid range is 0–255. Defaults to 1. A value of 0
prevents the IGMP membership report from being issued in response
to the failover event.
</para>
<varlistentry>
<term><varname>PacketsPerSlave=</varname></term>
<listitem>
- <para> Specify the number of packets to transmit through a slave before
- moving to the next one. When set to 0 then a slave is chosen at
- random. The valid range is (0 - 65535). Defaults to 1. This option
- has effect only in balance-rr mode.
+ <para>Specify the number of packets to transmit through a slave before
+ moving to the next one. When set to 0, then a slave is chosen at
+ random. The valid range is 0–65535. Defaults to 1. This option
+ only has effect when in balance-rr mode.
</para>
</listitem>
</varlistentry>
<listitem>
<para>Specify the number of peer notifications (gratuitous ARPs and
unsolicited IPv6 Neighbor Advertisements) to be issued after a
- failover event. As soon as the link is up on the new slave
+ failover event. As soon as the link is up on the new slave,
a peer notification is sent on the bonding device and each
VLAN sub-device. This is repeated at each link monitor interval
(ARPIntervalSec or MIIMonitorSec, whichever is active) if the number is
- greater than 1. The valid range is (0 - 255). Default value is 1.
+ greater than 1. The valid range is 0–255. The default value is 1.
These options affect only the active-backup mode.
</para>
</listitem>
<varlistentry>
<term><varname>AllSlavesActive=</varname></term>
<listitem>
- <para> A boolean. Specifies that duplicate frames (received on inactive ports)
- should be dropped false or delivered true. Normally, bonding will drop
+ <para>A boolean. Specifies that duplicate frames (received on inactive ports)
+ should be dropped when false, or delivered when true. Normally, bonding will drop
duplicate frames (received on inactive ports), which is desirable for
most users. But there are some times it is nice to allow duplicate
frames to be delivered. The default value is false (drop duplicate frames
name in <filename>/usr/lib</filename>. This can be used to
override a system-supplied configuration file with a local file if
needed. As a special case, an empty file (file size 0) or symlink
- with the same name pointing to <filename>/dev/null</filename>,
- disable the configuration file entirely (it is "masked").</para>
+ with the same name pointing to <filename>/dev/null</filename>
+ disables the configuration file entirely (it is "masked").</para>
</refsect1>
<refsect1>
<literal>yes</literal>, <literal>no</literal>,
<literal>ipv4</literal>, or <literal>ipv6</literal>.</para>
- <para>Please note that by default the domain name
+ <para>Please note that, by default, the domain name
specified through DHCP is not used for name resolution.
See option <option>UseDomains=</option> below.</para>
</listitem>
<term><varname>IPv6Token=</varname></term>
<listitem>
<para>An IPv6 address with the top 64 bits unset. When set, indicates the
- 64 bits interface part of SLAAC IPv6 addresses for this link. By default
+ 64-bit interface part of SLAAC IPv6 addresses for this link. By default,
it is autogenerated.</para>
</listitem>
</varlistentry>
<term><varname>LLMNR=</varname></term>
<listitem>
<para>A boolean or <literal>resolve</literal>. When true, enables
- Link-Local Multicast Name Resolution on the link, when set to
- <literal>resolve</literal> only resolution is enabled, but not
+ Link-Local Multicast Name Resolution on the link. When set to
+ <literal>resolve</literal>, only resolution is enabled, but not
announcement. Defaults to true.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>IPForward=</varname></term>
<listitem><para>Configures IP forwarding for the network
- interface. If enabled incoming packets on the network
+ interface. If enabled, incoming packets on the network
interface will be forwarded to other interfaces according to
the routing table. Takes either a boolean argument, or the
values <literal>ipv4</literal> or <literal>ipv6</literal>,
<varlistentry>
<term><varname>IPMasquerade=</varname></term>
<listitem><para>Configures IP masquerading for the network
- interface. If enabled packets forwarded from the network
+ interface. If enabled, packets forwarded from the network
interface will be appear as coming from the local host.
Takes a boolean argument. Implies
<varname>IPForward=ipv4</varname>. Defaults to
Privacy Extensions for Stateless Address Autoconfiguration
in IPv6). Takes a boolean or the special values
<literal>prefer-public</literal> and
- <literal>kernel</literal>. When true enables the privacy
+ <literal>kernel</literal>. When true, enables the privacy
extensions and prefers temporary addresses over public
- addresses. When <literal>prefer-public</literal> enables the
+ addresses. When <literal>prefer-public</literal>, enables the
privacy extensions, but prefers public addresses over
temporary addresses. When false, the privacy extensions
- remain disabled. When <literal>kernel</literal> the kernel's
+ remain disabled. When <literal>kernel</literal>, the kernel's
default setting will be left in place. Defaults to
<literal>no</literal>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>IPv6AcceptRouterAdvertisements=</varname></term>
- <listitem><para>Force the setting of <filename>accept_ra</filename>
+ <listitem><para>Force the setting of the <filename>accept_ra</filename>
(router advertisements) setting for the interface.
When unset, the kernel default is used, and router
advertisements are accepted only when local forwarding
</varlistentry>
<varlistentry>
<term><varname>IPv6DuplicateAddressDetection=</varname></term>
- <listitem><para>Configures amount of IPv6 Duplicate
- Address Detection probes to se(DAD). Defaults to unset.
+ <listitem><para>Configures the amount of IPv6 Duplicate
+ Address Detection (DAD) probes to send. Defaults to unset.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>Destination=</varname></term>
<listitem>
<para>The destination prefix of the route. Possibly
- followed by a slash and the prefixlength. If omitted, a
+ followed by a slash and the prefix length. If omitted, a
full-length host route is assumed.</para>
</listitem>
</varlistentry>
<term><varname>Source=</varname></term>
<listitem>
<para>The source prefix of the route. Possibly followed by
- a slash and the prefixlength. If omitted, a full-length
+ a slash and the prefix length. If omitted, a full-length
host route is assumed.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Metric=</varname></term>
<listitem>
- <para>The metric of the route. An unsigned integer</para>
+ <para>The metric of the route (an unsigned integer).</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Scope=</varname></term>
<listitem>
- <para>The scope of the route. One of the values <literal>global</literal>,
+ <para>The scope of the route, which can be <literal>global</literal>,
<literal>link</literal> or <literal>host</literal>. Defaults to
<literal>global</literal>.</para>
</listitem>
<listitem>
<para>When true (the default), the static routes will be
requested from the DHCP server and added to the routing
- table with metric of 1024.</para>
+ table with a metric of 1024.</para>
</listitem>
</varlistentry>
address. <varname>PoolOffset=</varname> takes the offset of the pool
from the start of subnet, or zero to use the default value.
<varname>PoolSize=</varname> takes the number of IP addresses in the
- pool or zero to use the default value. By default the pool starts at
+ pool or zero to use the default value. By default, the pool starts at
the first address after the subnet address and takes up the rest of
the subnet, excluding the broadcast address. If the pool includes
the server address (the default), this is reserved and not handed
another common time unit, depending on the suffix. The default
lease time is used for clients that did not ask for a specific
lease time. If a client asks for a lease time longer than the
- maximum lease time it is automatically shortened to the
+ maximum lease time, it is automatically shortened to the
specified time. The default lease time defaults to 1h, the
maximum lease time to 12h. Shorter lease times are beneficial
if the configuration data in DHCP leases changes frequently
pass to clients may be configured with the
<varname>DNS=</varname> option, which takes a list of IPv4
addresses. If the <varname>EmitDNS=</varname> option is
- enabled but no servers configured the servers are
+ enabled but no servers configured, the servers are
automatically propagated from an "uplink" interface that has
appropriate servers set. The "uplink" interface is determined
by the default route of the system with the highest
into account that acquire DNS or NTP server information at a
later point. DNS server propagation does not take
<filename>/etc/resolv.conf</filename> into account. Also, note
- that the leases are not refreshed if uplink network
+ that the leases are not refreshed if the uplink network
configuration changes. To ensure clients regularly acquire the
- most current uplink DNS server information it is thus
+ most current uplink DNS server information, it is thus
advisable to shorten the DHCP lease time via
<varname>MaxLeaseTimeSec=</varname> described
above.</para></listitem>
<term><varname>NTP=</varname></term>
<listitem><para>Similar to the <varname>EmitDNS=</varname> and
- <varname>DNS=</varname> settings described above these
+ <varname>DNS=</varname> settings described above, these
settings configure whether and what NTP server information
shall be emitted as part of the DHCP lease. The same syntax,
propagation semantics and defaults apply as for
<varname>Timezone=</varname> setting takes a timezone string
(such as <literal>Europe/Berlin</literal> or
<literal>UTC</literal>) to pass to clients. If no explicit
- timezone is set the system timezone of the local host is
+ timezone is set, the system timezone of the local host is
propagated, as determined by the
<filename>/etc/localtime</filename> symlink.</para></listitem>
</varlistentry>
<term><varname>FastLeave=</varname></term>
<listitem>
<para>A boolean. This flag allows the bridge to immediately stop multicast
- traffic on a port that receives IGMP Leave message. It is only used with
+ traffic on a port that receives an IGMP Leave message. It is only used with
IGMP snooping if enabled on the bridge. Defaults to off.</para>
</listitem>
</varlistentry>
<term><varname>Cost=</varname></term>
<listitem>
<para>Sets the "cost" of sending packets of this interface.
- Each port in a bridge may have different speed and the cost
+ Each port in a bridge may have a different speed and the cost
is used to decide which link to use. Faster interfaces
should have lower costs.</para>
</listitem>
<varlistentry>
<term><varname>VLANId=</varname></term>
<listitem>
- <para>The VLAN Id for the new static MAC table entry. If
- omitted, no VLAN Id info is appended to the new static MAC
+ <para>The VLAN ID for the new static MAC table entry. If
+ omitted, no VLAN ID info is appended to the new static MAC
table entry.</para>
</listitem>
</varlistentry>
to specific containers. The syntax of these files is inspired by
<filename>.desktop</filename> files following the <ulink
url="http://standards.freedesktop.org/desktop-entry-spec/latest/">XDG
- Desktop Entry Specification</ulink>, which are in turn inspired by
+ Desktop Entry Specification</ulink>, which in turn are inspired by
Microsoft Windows <filename>.ini</filename> files.</para>
<para>Boolean arguments used in these settings files can be
- written in various formats. For positive settings the strings
+ written in various formats. For positive settings, the strings
<option>1</option>, <option>yes</option>, <option>true</option>
and <option>on</option> are equivalent. For negative settings, the
strings <option>0</option>, <option>no</option>,
directory or image file name. This file is first searched in
<filename>/etc/systemd/nspawn/</filename> and
<filename>/run/systemd/nspawn/</filename>. If found in these
- directories its settings are read and all of them take full effect
+ directories, its settings are read and all of them take full effect
(but are possibly overridden by corresponding command line
- arguments). If not found the file will then be searched next to
+ arguments). If not found, the file will then be searched next to
the image file or in the immediate parent of the root directory of
- the container. If the file is found there only a subset of the
+ the container. If the file is found there, only a subset of the
settings will take effect however. All settings that possibly
elevate privileges or grant additional access to resources of the
host (such as files or directories) are ignored. To which options
this applies is documented below.</para>
- <para>Persistent settings file created and maintained by the
+ <para>Persistent settings files created and maintained by the
administrator (and thus trusted) should be placed in
<filename>/etc/systemd/nspawn/</filename>, while automatically
downloaded (and thus potentially untrusted) settings files are
placed in <filename>/var/lib/machines/</filename> instead (next to
the container images), where their security impact is limited. In
order to add privileged settings to <filename>.nspawn</filename>
- files acquired from the image vendor it is recommended to copy the
+ files acquired from the image vendor, it is recommended to copy the
settings files into <filename>/etc/systemd/nspawn/</filename> and
edit them there, so that the privileged options become
- available. The precise algorithm how the files are searched and
+ available. The precise algorithm for how the files are searched and
interpreted may be configured with
<command>systemd-nspawn</command>'s <option>--settings=</option>
switch, see
<varlistentry>
<term><varname>Boot=</varname></term>
- <listitem><para>Takes a boolean argument, defaults to off. If
- enabled <command>systemd-nspawn</command> will automatically
+ <listitem><para>Takes a boolean argument, which defaults to off. If
+ enabled, <command>systemd-nspawn</command> will automatically
search for an <filename>init</filename> executable and invoke
- it. In this case the specified parameters using
+ it. In this case, the specified parameters using
<varname>Parameters=</varname> are passed as additional
arguments to the <filename>init</filename> process. This
setting corresponds to the <option>--boot</option> switch on
<varlistentry>
<term><varname>Parameters=</varname></term>
- <listitem><para>Takes a space separated list of
+ <listitem><para>Takes a space-separated list of
arguments. This is either a command line, beginning with the
binary name to execute, or – if <varname>Boot=</varname> is
enabled – the list of arguments to pass to the init
<term><varname>Capability=</varname></term>
<term><varname>DropCapability=</varname></term>
- <listitem><para>Takes a space separated list of Linux process
+ <listitem><para>Takes a space-separated list of Linux process
capabilities (see
<citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details). The <varname>Capability=</varname> setting
<filename>.nspawn</filename> files in
<filename>/etc/systemd/nspawn/</filename> and
<filename>/run/system/nspawn/</filename> (see above). On the
- other hand <varname>DropCapability=</varname> takes effect in
+ other hand, <varname>DropCapability=</varname> takes effect in
all cases.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>MachineID=</varname></term>
- <listitem><para>Configures the 128bit machine ID (UUID) to pass to
+ <listitem><para>Configures the 128-bit machine ID (UUID) to pass to
the container. This is equivalent to the
<option>--uuid=</option> command line switch. This option is
privileged (see above). </para></listitem>
<varlistentry>
<term><varname>ReadOnly=</varname></term>
- <listitem><para>Takes a boolean argument, defaults to off. If
- specified the container will be run with a read-only file
+ <listitem><para>Takes a boolean argument, which defaults to off. If
+ specified, the container will be run with a read-only file
system. This setting corresponds to the
<option>--read-only</option> command line
switch.</para></listitem>
<varlistentry>
<term><varname>Private=</varname></term>
- <listitem><para>Takes a boolean argument, defaults to off. If
- enabled the container will run in its own network namespace
+ <listitem><para>Takes a boolean argument, which defaults to off. If
+ enabled, the container will run in its own network namespace
and not share network interfaces and configuration with the
host. This setting corresponds to the
<option>--private-network</option> command line
<term><varname>VirtualEthernet=</varname></term>
<listitem><para>Takes a boolean argument. Configures whether
- to create a virtual ethernet connection
+ to create a virtual Ethernet connection
(<literal>veth</literal>) between host and the container. This
setting implies <varname>Private=yes</varname>. This setting
corresponds to the <option>--network-veth</option> command
<varlistentry>
<term><varname>Interface=</varname></term>
- <listitem><para>Takes a space separated list of interfaces to
+ <listitem><para>Takes a space-separated list of interfaces to
add to the container. This option corresponds to the
<option>--network-interface=</option> command line switch and
implies <varname>Private=yes</varname>. This option is
<term><varname>MACVLAN=</varname></term>
<term><varname>IPVLAN=</varname></term>
- <listitem><para>Takes a space separated list of interfaces to
+ <listitem><para>Takes a space-separated list of interfaces to
add MACLVAN or IPVLAN interfaces to, which are then added to
the container. These options correspond to the
<option>--network-macvlan=</option> and
or T, the specified memory size is parsed as Kilobytes,
Megabytes, Gigabytes, or Terabytes (with the base 1024),
respectively. If assigned the special value
- <literal>infinity</literal> no memory limit is applied. This
+ <literal>infinity</literal>, no memory limit is applied. This
controls the <literal>memory.limit_in_bytes</literal>
control group attribute. For details about this control
group attribute, see <ulink
created in the unit. This ensures that the number of tasks
accounted for the unit (see above) stays below a specific
limit. If assigned the special value
- <literal>infinity</literal> no tasks limit is applied. This
+ <literal>infinity</literal>, no tasks limit is applied. This
controls the <literal>pids.max</literal> control group
attribute. For details about this control group attribute,
see <ulink
<term><varname>BlockIOAccounting=</varname></term>
<listitem>
- <para>Turn on Block IO accounting for this unit. Takes a
- boolean argument. Note that turning on block IO accounting
+ <para>Turn on Block I/O accounting for this unit. Takes a
+ boolean argument. Note that turning on block I/O accounting
for one unit will also implicitly turn it on for all units
contained in the same slice and all for its parent slices
and the units contained therein. The system default for this
<term><varname>BlockIOWeight=<replaceable>weight</replaceable></varname></term>
<term><varname>StartupBlockIOWeight=<replaceable>weight</replaceable></varname></term>
- <listitem><para>Set the default overall block IO weight for
+ <listitem><para>Set the default overall block I/O weight for
the executed processes. Takes a single weight value (between
- 10 and 1000) to set the default block IO weight. This controls
+ 10 and 1000) to set the default block I/O weight. This controls
the <literal>blkio.weight</literal> control group attribute,
which defaults to 500. For details about this control group
attribute, see <ulink
url="https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.
- The available IO bandwidth is split up among all units within
- one slice relative to their block IO weight.</para>
+ The available I/O bandwidth is split up among all units within
+ one slice relative to their block I/O weight.</para>
<para>While <varname>StartupBlockIOWeight=</varname> only
applies to the startup phase of the system,
<term><varname>BlockIODeviceWeight=<replaceable>device</replaceable> <replaceable>weight</replaceable></varname></term>
<listitem>
- <para>Set the per-device overall block IO weight for the
+ <para>Set the per-device overall block I/O weight for the
executed processes. Takes a space-separated pair of a file
path and a weight value to specify the device specific
weight value, between 10 and 1000. (Example: "/dev/sda
<term><varname>BlockIOWriteBandwidth=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term>
<listitem>
- <para>Set the per-device overall block IO bandwidth limit
+ <para>Set the per-device overall block I/O bandwidth limit
for the executed processes. Takes a space-separated pair of
a file path and a bandwidth value (in bytes per second) to
specify the device specific bandwidth. The file path may be
<para>Turns on delegation of further resource control
partitioning to processes of the unit. For unprivileged
services (i.e. those using the <varname>User=</varname>
- setting) this allows processes to create a subhierarchy
+ setting), this allows processes to create a subhierarchy
beneath its control group path. For privileged services and
- scopes this ensures the processes will have all control
+ scopes, this ensures the processes will have all control
group controllers enabled.</para>
</listitem>
</varlistentry>
for, and its node will be bind-mounted over the default bus
node location, so the service can only access the bus through
its own endpoint. Note that custom bus endpoints default to a
- 'deny all' policy. Hence, if at least one
+ "deny all" policy. Hence, if at least one
<varname>BusPolicy=</varname> directive is given, you have to
make sure to add explicit rules for everything the service
should be able to do.</para>
<term><varname>ExecStart=</varname></term>
<listitem><para>Commands with their arguments that are
executed when this service is started. The value is split into
- zero or more command lines is according to the rules described
+ zero or more command lines according to the rules described
below (see section "Command Lines" below).
</para>
<para><varname>ExecStartPost=</varname> commands are only run after
the service has started, as determined by <varname>Type=</varname>
- (i.e. The process has been started for <varname>Type=simple</varname>
+ (i.e. the process has been started for <varname>Type=simple</varname>
or <varname>Type=idle</varname>, the process exits successfully for
<varname>Type=oneshot</varname>, the initial process exits successfully
for <varname>Type=forking</varname>, <literal>READY=1</literal> is sent
<para>Note that it is usually not sufficient to specify a
command for this setting that only asks the service to
- terminate (for example by queuing some form of termination
+ terminate (for example, by queuing some form of termination
signal for it), but does not wait for it to do so. Since the
remaining processes of the services are killed using
<constant>SIGKILL</constant> immediately after the command
- exited this would not result in a clean stop. The specified
+ exited, this would not result in a clean stop. The specified
command should hence be a synchronous operation, not an
asynchronous one.</para></listitem>
</varlistentry>
</tgroup>
</table>
- <para>As exceptions to the setting above the service will not
+ <para>As exceptions to the setting above, the service will not
be restarted if the exit code or signal is specified in
<varname>RestartPreventExitStatus=</varname> (see below).
Also, the services will always be restarted if the exit code
<varlistentry>
<term><varname>SuccessExitStatus=</varname></term>
- <listitem><para>Takes a list of exit status definitions that
- when returned by the main service process will be considered
+ <listitem><para>Takes a list of exit status definitions that,
+ when returned by the main service process, will be considered
successful termination, in addition to the normal successful
exit code 0 and the signals <constant>SIGHUP</constant>,
<constant>SIGINT</constant>, <constant>SIGTERM</constant>, and
<varlistentry>
<term><varname>RestartPreventExitStatus=</varname></term>
- <listitem><para>Takes a list of exit status definitions that
- when returned by the main service process will prevent
+ <listitem><para>Takes a list of exit status definitions that,
+ when returned by the main service process, will prevent
automatic service restarts, regardless of the restart setting
configured with <varname>Restart=</varname>. Exit status
definitions can either be numeric exit codes or termination
<varlistentry>
<term><varname>RestartForceExitStatus=</varname></term>
- <listitem><para>Takes a list of exit status definitions that
- when returned by the main service process will force automatic
+ <listitem><para>Takes a list of exit status definitions that,
+ when returned by the main service process, will force automatic
service restarts, regardless of the restart setting configured
with <varname>Restart=</varname>. The argument format is
similar to
<term><varname>Sockets=</varname></term>
<listitem><para>Specifies the name of the socket units this
service shall inherit socket file descriptors from when the
- service is started. Normally it should not be necessary to use
- this setting as all socket file descriptors whose unit shares
+ service is started. Normally, it should not be necessary to use
+ this setting, as all socket file descriptors whose unit shares
the same name as the service (subject to the different unit
name suffix of course) are passed to the spawned
process.</para>
to multiple processes simultaneously. Also note that a
different service may be activated on incoming socket traffic
than the one which is ultimately configured to inherit the
- socket file descriptors. Or in other words: the
+ socket file descriptors. Or, in other words: the
<varname>Service=</varname> setting of
<filename>.socket</filename> units does not have to match the
inverse of the <varname>Sockets=</varname> setting of the
<option>reboot-immediate</option> causes immediate execution
of the
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
- system call, which might result in data loss. Similar,
+ system call, which might result in data loss. Similarly,
<option>poweroff</option>, <option>poweroff-force</option>,
<option>poweroff-immediate</option> have the effect of
powering down the system with similar semantics. Defaults to
<ulink
url="https://www.kernel.org/doc/Documentation/usb/functionfs.txt">USB
FunctionFS</ulink> descriptors, for implementation of USB
- gadget functions. This is is used only in conjunction with a
+ gadget functions. This is used only in conjunction with a
socket unit with <varname>ListenUSBFunction=</varname>
- configured. The contents of this file is written to the
+ configured. The contents of this file are written to the
<filename>ep0</filename> file after it is
opened.</para></listitem>
</varlistentry>
contains, resulting in a single argument. Use
<literal>$FOO</literal> as a separate word on the command line, in
which case it will be replaced by the value of the environment
- variable split at whitespace resulting in zero or more arguments.
+ variable split at whitespace, resulting in zero or more arguments.
For this type of expansion, quotes are respected when splitting
into words, and afterwards removed.</para>
<example>
<title>Oneshot service</title>
- <para>Sometimes units should just execute an action without
+ <para>Sometimes, units should just execute an action without
keeping active processes, such as a filesystem check or a
cleanup action on boot. For this,
<varname>Type=</varname><option>oneshot</option> exists. Units
WantedBy=multi-user.target</programlisting>
<para>Note that systemd will consider the unit to be in the
- state 'starting' until the program has terminated, so ordered
+ state "starting" until the program has terminated, so ordered
dependencies will wait for the program to finish before starting
- themselves. The unit will revert to the 'inactive' state after
- the execution is done, never reaching the 'active' state. That
+ themselves. The unit will revert to the "inactive" state after
+ the execution is done, never reaching the "active" state. That
means another request to start the unit will perform the action
again.</para>
<para>Similarly to the oneshot services, there are sometimes
units that need to execute a program to set up something and
then execute another to shut it down, but no process remains
- active while they are considered 'started'. Network
+ active while they are considered "started". Network
configuration can sometimes fall into this category. Another use
- case is if a oneshot service shall not be executed a each time
+ case is if a oneshot service shall not be executed each time
when they are pulled in as a dependency, but only the first
time.</para>
types, but is most useful with
<varname>Type=</varname><option>oneshot</option> and
<varname>Type=</varname><option>simple</option>. With
- <varname>Type=</varname><option>oneshot</option> systemd waits
+ <varname>Type=</varname><option>oneshot</option>, systemd waits
until the start action has completed before it considers the
unit to be active, so dependencies start only after the start
action has succeeded. With
- <varname>Type=</varname><option>simple</option> dependencies
+ <varname>Type=</varname><option>simple</option>, dependencies
will start immediately after the start action has been
dispatched. The following unit provides an example for a simple
static firewall.</para>
<varname>RemainAfterExit=</varname><option>no</option>), the
service is considered started.</para>
- <para>Often a traditional daemon only consists of one process.
+ <para>Often, a traditional daemon only consists of one process.
Therefore, if only one process is left after the original
process terminates, systemd will consider that process the main
process of the service. In that case, the
traditional PID file, systemd will be able to read the main PID
from there. Please set <varname>PIDFile=</varname> accordingly.
Note that the daemon should write that file before finishing
- with its initialization, otherwise systemd might try to read the
+ with its initialization. Otherwise, systemd might try to read the
file before it exists.</para>
<para>The following example shows a simple daemon that forks and
[Install]
WantedBy=multi-user.target</programlisting>
- <para>For <emphasis>bus-activatable</emphasis> services, don't
+ <para>For <emphasis>bus-activatable</emphasis> services, do not
include a <literal>[Install]</literal> section in the systemd
service file, but use the <varname>SystemdService=</varname>
option in the corresponding DBus service file, for example
WantedBy=multi-user.target</programlisting>
<para>Note that the daemon has to support systemd's notification
- protocol, else systemd will think the service hasn't started yet
+ protocol, else systemd will think the service has not started yet
and kill it after a timeout. For an example of how to update
daemons to support this protocol transparently, take a look at
<citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
refers to TCP sockets, <constant>SOCK_DGRAM</constant> (i.e.
<varname>ListenDatagram=</varname>) to UDP.</para>
- <para>These options may be specified more than once in which
+ <para>These options may be specified more than once, in which
case incoming traffic on any of the sockets will trigger
service activation, and all listed sockets will be passed to
the service, regardless of whether there is incoming traffic
implementation of USB gadget functions. This expects an
absolute file system path as the argument. Behavior otherwise
is very similar to the <varname>ListenFIFO=</varname>
- directive above. Use this to open FunctionFS endpoint
+ directive above. Use this to open the FunctionFS endpoint
<filename>ep0</filename>. When using this option, the
activated service has to have the
<varname>USBFunctionDescriptors=</varname> and
to work unmodified with systemd socket
activation.</para>
- <para>For IPv4 and IPv6 connections the <varname>REMOTE_ADDR</varname>
- environment variable will contain the remote IP, and <varname>REMOTE_PORT</varname>
+ <para>For IPv4 and IPv6 connections, the <varname>REMOTE_ADDR</varname>
+ environment variable will contain the remote IP address, and <varname>REMOTE_PORT</varname>
will contain the remote port. This is the same as the format used by CGI.
- For SOCK_RAW the port is the IP protocol.</para></listitem>
+ For SOCK_RAW, the port is the IP protocol.</para></listitem>
</varlistentry>
<varlistentry>
<listitem><para>Takes a boolean argument. May only be used in
conjunction with <varname>ListenSpecial=</varname>. If true,
the specified special file is opened in read-write mode, if
- false in read-only mode. Defaults to false.</para></listitem>
+ false, in read-only mode. Defaults to false.</para></listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>KeepAliveTimeSec=</varname></term>
- <listitem><para>Takes time (in seconds) as argument . The connection needs to remain
+ <listitem><para>Takes time (in seconds) as argument. The connection needs to remain
idle before TCP starts sending keepalive probes. This controls the TCP_KEEPIDLE
socket option (see
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
<term><varname>KeepAliveIntervalSec=</varname></term>
<listitem><para>Takes time (in seconds) as argument between
individual keepalive probes, if the socket option SO_KEEPALIVE
- has been set on this socket seconds as argument. This controls
+ has been set on this socket. This controls
the TCP_KEEPINTVL socket option (see
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
and the <ulink
<varlistentry>
<term><varname>KeepAliveProbes=</varname></term>
- <listitem><para>Takes integer as argument. It's the number of
+ <listitem><para>Takes an integer as argument. It is the number of
unacknowledged probes to send before considering the
connection dead and notifying the application layer. This
controls the TCP_KEEPCNT socket option (see
<term><varname>FileDescriptorName=</varname></term>
<listitem><para>Assigns a name to all file descriptors this
socket unit encapsulates. This is useful to help activated
- services to identify specific file descriptors, if multiple
+ services identify specific file descriptors, if multiple fds
are passed. Services may use the
<citerefentry><refentrytitle>sd_listen_fds_with_names</refentrytitle><manvolnum>3</manvolnum></citerefentry>
call to acquire the names configured for the received file
descriptors. Names may contain any ASCII character, but must
- exclude control characters or <literal>:</literal>, and must
+ exclude control characters and <literal>:</literal>, and must
be at most 255 characters in length. If this setting is not
- used the file descriptor name defaults to the name of the
+ used, the file descriptor name defaults to the name of the
socket unit, including its <filename>.socket</filename>
suffix.</para></listitem>
</varlistentry>
for this target unit to all services (except for those with
<varname>DefaultDependencies=no</varname>).</para>
- <para>Usually this should pull-in all local mount points plus
+ <para>Usually, this should pull-in all local mount points plus
<filename>/var</filename>, <filename>/tmp</filename> and
<filename>/var/tmp</filename>, swap devices, sockets, timers,
path units and other basic initialization necessary for general
<term><filename>ctrl-alt-del.target</filename></term>
<listitem>
<para>systemd starts this target whenever Control+Alt+Del is
- pressed on the console. Usually this should be aliased
+ pressed on the console. Usually, this should be aliased
(symlinked) to <filename>reboot.target</filename>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>default.target</filename></term>
<listitem>
- <para>The default unit systemd starts at bootup. Usually
+ <para>The default unit systemd starts at bootup. Usually,
this should be aliased (symlinked) to
<filename>multi-user.target</filename> or
<filename>graphical.target</filename>.</para>
<varlistentry>
<term><filename>display-manager.service</filename></term>
<listitem>
- <para>The display manager service. Usually this should be
+ <para>The display manager service. Usually, this should be
aliased (symlinked) to <filename>gdm.service</filename> or a
similar display manager service.</para>
</listitem>
signal when running as user service daemon.</para>
<para>Normally, this (indirectly) pulls in
- <filename>shutdown.target</filename> which in turn should be
+ <filename>shutdown.target</filename>, which in turn should be
conflicted by all units that want to be scheduled for
shutdown when the service manager starts to exit.</para>
</listitem>
<filename>/etc/fstab</filename> and a unit file, the configuration
in the latter takes precedence.</para>
- <para>When reading <filename>/etc/fstab</filename> a few special
+ <para>When reading <filename>/etc/fstab</filename>, a few special
options are understood by systemd which influence how dependencies
are created for swap units.</para>
<term><option>noauto</option></term>
<term><option>auto</option></term>
- <listitem><para>With <option>noauto</option> the swap unit
+ <listitem><para>With <option>noauto</option>, the swap unit
will not be added as a dependency for
<filename>swap.target</filename>. This means that it will not
be activated automatically during boot, unless it is pulled in
- by some other unit. Option <option>auto</option> has the
+ by some other unit. The <option>auto</option> option has the
opposite meaning and is the default.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>nofail</option></term>
- <listitem><para>With <option>nofail</option> the swap unit
+ <listitem><para>With <option>nofail</option>, the swap unit
will be only wanted, not required by
<filename>swap.target</filename>. This means that the boot
will continue even if this swap device is not activated
<listitem><para>Swap priority to use when activating the swap
device or file. This takes an integer. This setting is
- optional and ignored when priority is set by <option>pri=</option> in the
- <varname>Options=</varname> option.</para></listitem>
+ optional and ignored when the priority is set by <option>pri=</option> in the
+ <varname>Options=</varname> key.</para></listitem>
</varlistentry>
<varlistentry>
<refsect1>
<title>Parsing Timestamps</title>
- <para>When parsing systemd will accept a similar syntax, but
+ <para>When parsing, systemd will accept a similar syntax, but
expects no timezone specification, unless it is given as the
- literal string "UTC". In this case the time is considered in UTC,
+ literal string "UTC". In this case, the time is considered in UTC,
otherwise in the local timezone. The weekday specification is
- optional, but when the weekday is specified it must either be in
+ optional, but when the weekday is specified, it must either be in
the abbreviated (<literal>Wed</literal>) or non-abbreviated
(<literal>Wednesday</literal>) English language form (case does
not matter), and is not subject to the locale choice of the user.
placeholders instead of timestamps: <literal>now</literal> may be
used to refer to the current time (or of the invocation of the
command that is currently executed). <literal>today</literal>,
- <literal>yesterday</literal>, <literal>tomorrow</literal> refer to
- 00:00:00 of the current day, the day before or the next day,
+ <literal>yesterday</literal>, and <literal>tomorrow</literal> refer to
+ 00:00:00 of the current day, the day before, or the next day,
respectively.</para>
<para>When parsing, systemd will also accept relative time
<para>Note that timestamps printed by systemd will not be parsed
correctly by systemd, as the timezone specification is not
accepted, and printing timestamps is subject to locale settings
- for the weekday while parsing only accepts English weekday
+ for the weekday, while parsing only accepts English weekday
names.</para>
<para>In some cases, systemd will display a relative timestamp
<literal>Mon *-*-* 00:00:00</literal>,
<literal>*-01-01 00:00:00</literal>,
<literal>*-01,04,07,10-01 00:00:00</literal> and
- <literal>*-01,07-01 00:00:00</literal> respectively.
+ <literal>*-01,07-01 00:00:00</literal>, respectively.
</para>
<para>Examples for valid timestamps and their
be parsed after the file itself is parsed. This is useful to alter
or add configuration settings to a unit, without having to modify
their unit files. Make sure that the file that is included has the
- appropriate section headers before any directive. Note that for
- instanced units this logic will first look for the instance
+ appropriate section headers before any directive. Note that, for
+ instanced units, this logic will first look for the instance
<literal>.d/</literal> subdirectory and read its
<literal>.conf</literal> files, followed by the template
<literal>.d/</literal> subdirectory and reads its
device node <filename noindex='true'>/dev/sda</filename> in the
file system namespace. If this applies, a special way to escape
the path name is used, so that the result is usable as part of a
- filename. Basically, given a path, "/" is replaced by "-" and all
+ filename. Basically, given a path, "/" is replaced by "-", and all
other characters which are not ASCII alphanumerics are replaced by
C-style "\x2d" escapes (except that "_" is never replaced and "."
is only replaced when it would be the first character in the
<refsect1>
<title>[Unit] Section Options</title>
- <para>Unit file may include a [Unit] section, which carries
+ <para>The unit file may include a [Unit] section, which carries
generic information about the unit that is not dependent on the
type of unit:</para>
with <varname>After=</varname> or <varname>Before=</varname>,
then both units will be started simultaneously and without any
delay between them if <filename>foo.service</filename> is
- activated. Often it is a better choice to use
+ activated. Often, it is a better choice to use
<varname>Wants=</varname> instead of
<varname>Requires=</varname> in order to achieve a system that
is more robust when dealing with failing services.</para>
<para>Note that dependencies of this type may also be
configured outside of the unit configuration file by adding a
symlink to a <filename>.requires/</filename> directory
- accompanying the unit file. For details see
+ accompanying the unit file. For details, see
above.</para></listitem>
</varlistentry>
<listitem><para>Takes a boolean argument. If
<option>true</option>, this unit will be stopped when it is no
- longer used. Note that in order to minimize the work to be
+ longer used. Note that, in order to minimize the work to be
executed, systemd will not stop units by default unless they
are conflicting with other units, or the user explicitly
requested their shut down. If this option is set, a unit will
<term><varname>JobTimeoutAction=</varname></term>
<term><varname>JobTimeoutRebootArgument=</varname></term>
- <listitem><para>When a job for this unit is queued a time-out
+ <listitem><para>When a job for this unit is queued, a time-out
may be configured. If this time limit is reached, the job will
be cancelled, the unit however will not change state or even
enter the <literal>failed</literal> mode. This value defaults
<term><varname>ConditionFileNotEmpty=</varname></term>
<term><varname>ConditionFileIsExecutable=</varname></term>
- <!-- We don't document ConditionNull=
- here as it is not particularly
+ <!-- We do not document ConditionNull=
+ here, as it is not particularly
useful and probably just
confusing. -->
<varname>lxc</varname>,
<varname>lxc-libvirt</varname>,
<varname>systemd-nspawn</varname>,
- <varname>docker</varname> to test
+ <varname>docker</varname>,
+ <varname>rkt</varname> to test
against a specific implementation. See
<citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
for a full list of known virtualization technologies and their
<para><varname>ConditionSecurity=</varname> may be used to
check whether the given security module is enabled on the
- system. Currently the recognized values values are
+ system. Currently, the recognized values values are
<varname>selinux</varname>,
<varname>apparmor</varname>,
<varname>ima</varname>,
<listitem><para>Similar to the
<varname>ConditionArchitecture=</varname>,
- <varname>ConditionVirtualization=</varname>, ... condition
- settings described above these settings add assertion checks
+ <varname>ConditionVirtualization=</varname>, etc., condition
+ settings described above, these settings add assertion checks
to the start-up of the unit. However, unlike the conditions
- settings any assertion setting that is not met results in
+ settings, any assertion setting that is not met results in
failure of the start job it was triggered
by.</para></listitem>
</varlistentry>
run a system instance, even if the process ID is not 1, i.e.
systemd is not run as init process. <option>--user</option>
does the opposite, running a user instance even if the process
- ID is 1. Normally it should not be necessary to pass these
+ ID is 1. Normally, it should not be necessary to pass these
options, as systemd automatically detects the mode it is
started in. These options are hence of little use except for
debugging. Note that it is not supported booting and
<term><option>--crash-vt=</option><replaceable>VT</replaceable></term>
<listitem><para>Switch to a specific virtual console (VT) on
- crash. Takes a positive integer in the range 1..63, or a
+ crash. Takes a positive integer in the range 1–63, or a
boolean argument. If an integer is passed, selects which VT to
switch to. If <constant>yes</constant>, the VT kernel messages
are written to is selected. If <constant>no</constant>, no VT
<orderedlist>
<listitem><para>Service units, which start and control daemons
- and the processes they consist of. For details see
+ and the processes they consist of. For details, see
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
<listitem><para>Socket units, which encapsulate local IPC or
network sockets in the system, useful for socket-based
- activation. For details about socket units see
+ activation. For details about socket units, see
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
for details on socket-based activation and other forms of
activation, see
<listitem><para>Device units expose kernel devices in systemd
and may be used to implement device-based activation. For
- details see
+ details, see
<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
<listitem><para>Mount units control mount points in the file
<listitem><para>Snapshot units can be used to temporarily save
the state of the set of systemd units, which later may be
restored by activating the saved snapshot unit. For more
- information see
+ information, see
<citerefentry><refentrytitle>systemd.snapshot</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
<listitem><para>Timer units are useful for triggering activation
<para>On boot systemd activates the target unit
<filename>default.target</filename> whose job is to activate
on-boot services and other on-boot units by pulling them in via
- dependencies. Usually the unit name is just an alias (symlink) for
+ dependencies. Usually, the unit name is just an alias (symlink) for
either <filename>graphical.target</filename> (for fully-featured
boots into the UI) or <filename>multi-user.target</filename> (for
limited console-only boots for use in embedded or server
<para>Units may be generated dynamically at boot and system
manager reload time, for example based on other configuration
- files or parameters passed on the kernel command line. For details see
+ files or parameters passed on the kernel command line. For details, see
<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
<para>Systems which invoke systemd in a container or initrd
<filename>ctrl-alt-del.target</filename> unit. This is mostly
equivalent to <command>systemctl start
ctl-alt-del.target</command>. If this signal is received more
- often than 7 times per 2s an immediate reboot is triggered.
+ than 7 times per 2s, an immediate reboot is triggered.
Note that pressing Ctrl-Alt-Del on the console will trigger
- this signal. Hence, if a reboot is hanging pressing
+ this signal. Hence, if a reboot is hanging, pressing
Ctrl-Alt-Del more than 7 times in 2s is a relatively safe way
to trigger an immediate reboot.</para>
<term><constant>SIGUSR2</constant></term>
<listitem><para>When this signal is received the systemd
- manager will log its complete state in human readable form.
+ manager will log its complete state in human-readable form.
The data logged is the same as printed by
<command>systemd-analyze dump</command>.</para></listitem>
</varlistentry>
<term><varname>systemd.crash_chvt=</varname></term>
<listitem><para>Takes a positive integer, or a boolean
- argument. If a positive integer (in the range 1..63) is
- specified the system manager (PID 1) will activate the specified
+ argument. If a positive integer (in the range 1–63) is
+ specified, the system manager (PID 1) will activate the specified
virtual terminal (VT) when it crashes. Defaults to
<constant>no</constant>, meaning that no such switch is
- attempted. If set to <constant>yes</constant> the VT the
+ attempted. If set to <constant>yes</constant>, the VT the
kernel messages are written to is selected.</para></listitem>
</varlistentry>
like <option>false</option> until a service fails or there is
a significant delay in boot. Defaults to
<option>yes</option>, unless <option>quiet</option> is passed
- as kernel command line option in which case it defaults to
+ as kernel command line option, in which case it defaults to
<constant>auto</constant>.</para></listitem>
</varlistentry>
<listitem><para>Set the system locale to use. This overrides
the settings in <filename>/etc/locale.conf</filename>. For
- more information see
+ more information, see
<citerefentry project='man-pages'><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
and
<citerefentry project='man-pages'><refentrytitle>locale</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
<term><varname>r</varname></term>
<listitem><para>Add a range of numeric UIDs/GIDs to the pool
to allocate new UIDs and GIDs from. If no line of this type
- is specified the range of UIDs/GIDs is set to some
+ is specified, the range of UIDs/GIDs is set to some
compiled-in default. Note that both UIDs and GIDs are
allocated from the same pool, in order to ensure that users
and groups of the same name are likely to carry the same
all system and group names with the underscore, and avoiding too
generic names.</para>
- <para>For <varname>m</varname> lines this field should contain
+ <para>For <varname>m</varname> lines, this field should contain
the user name to add to a group.</para>
- <para>For lines of type <varname>r</varname> this field should
+ <para>For lines of type <varname>r</varname>, this field should
be set to <literal>-</literal>.</para>
</refsect2>
<refsect2>
<title>ID</title>
- <para>For <varname>u</varname> and <varname>g</varname> the
- numeric 32bit UID or GID of the user/group. Do not use IDs 65535
+ <para>For <varname>u</varname> and <varname>g</varname>, the
+ numeric 32-bit UID or GID of the user/group. Do not use IDs 65535
or 4294967295, as they have special placeholder meanings.
Specify <literal>-</literal> for automatic UID/GID allocation
for the user or group. Alternatively, specify an absolute path
- in the file system. In this case the UID/GID is read from the
+ in the file system. In this case, the UID/GID is read from the
path's owner/group. This is useful to create users whose UID/GID
match the owners of pre-existing files (such as SUID or SGID
binaries).</para>
- <para>For <varname>m</varname> lines this field should contain
+ <para>For <varname>m</varname> lines, this field should contain
the group name to add to a user to.</para>
- <para>For lines of type <varname>r</varname> this field should
+ <para>For lines of type <varname>r</varname>, this field should
be set to a UID/GID range in the format
- <literal>FROM-TO</literal> where both values are formatted as
+ <literal>FROM-TO</literal>, where both values are formatted as
decimal ASCII numbers. Alternatively, a single UID/GID may be
specified formatted as decimal ASCII numbers.</para>
</refsect2>
<refsect2>
<title>Home Directory</title>
- <para>The home directory for a new system user. If omitted
+ <para>The home directory for a new system user. If omitted,
defaults to the root directory. It is recommended to not
unnecessarily specify home directories for system users, unless
software strictly requires one to be set.</para>
<para>Note that <command>systemd-sysusers</command> will do
nothing if the specified users or groups already exist, so
- normally there no reason to override
+ normally, there is no reason to override
<filename>sysusers.d</filename> vendor configuration, except to
block certain users or groups from being created.</para>
</refsect1>
on. Note that whether network time synchronization is on
simply reflects whether the
<filename>systemd-timesyncd.service</filename> unit is
- enabled. Even if this command shows the status as off a
+ enabled. Even if this command shows the status as off, a
different service might still synchronize the clock with the
network.</para></listitem>
</varlistentry>
<para>Note that even if time synchronization is turned off
with this command, another unrelated system service might
- still synchronize the clock with the network. Also note that
- strictly speaking
+ still synchronize the clock with the network. Also note that,
+ strictly speaking,
<filename>systemd-timesyncd.service</filename> does more than
- just network time synchronization as it ensures a monotonic
+ just network time synchronization, as it ensures a monotonic
clock on systems without RTC even if no network is
available. See
<citerefentry><refentrytitle>systemd-timesyncd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<varlistentry>
<term><varname>NTP=</varname></term>
- <listitem><para>A space separated list of NTP server host
+ <listitem><para>A space-separated list of NTP server host
names or IP addresses. During runtime this list is combined
with any per-interface NTP servers acquired from
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
<varlistentry>
<term><varname>FallbackNTP=</varname></term>
- <listitem><para>A space separated list of NTP server host
+ <listitem><para>A space-separated list of NTP server host
names or IP addresses to be used as the fallback NTP servers.
Any per-interface NTP servers obtained from
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
prefix and suffix of each other, then the prefix is always
processed first, the suffix later. Lines that take globs are
applied after those accepting no globs. If multiple operations
- shall be applied on the same file (such as ACL, xattr, file
- attribute adjustments) these are always done in the same fixed
+ shall be applied on the same file, (such as ACL, xattr, file
+ attribute adjustments), these are always done in the same fixed
order. Otherwise, the files/directories are processed in the order
they are listed.</para>
<term><varname>v</varname></term>
<listitem><para>Create a subvolume if the path does not
exist yet and the file system supports this
- (btrfs). Otherwise create a normal directory, in the same
+ (btrfs). Otherwise, create a normal directory, in the same
way as <varname>d</varname>. A subvolume created with this
line type is not assigned to any higher-level quota
- group. For that use <varname>q</varname> or
- <varname>Q</varname> which allow creating simple quota group
+ group. For that, use <varname>q</varname> or
+ <varname>Q</varname>, which allow creating simple quota group
hierarchies, see below.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>q</varname></term>
- <listitem><para>Similar to <varname>v</varname>, however
+ <listitem><para>Similar to <varname>v</varname>. However,
makes sure that the subvolume will be assigned to the same
higher-level quota groups as the subvolume it has been
created in. This ensures that higher-level limits and
specified subvolume. On non-btrfs file systems, this line
type is identical to <varname>d</varname>. If the subvolume
already exists and is already assigned to one or more higher
- level quota groups no change to the quota hierarchy is
+ level quota groups, no change to the quota hierarchy is
made. Also see <varname>Q</varname> below. See <citerefentry
project='die-net'><refentrytitle>btrfs-qgroup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
for details about the btrfs quota group
<varlistentry>
<term><varname>Q</varname></term>
- <listitem><para>Similar to <varname>q</varname>, however
+ <listitem><para>Similar to <varname>q</varname>. However,
instead of copying the higher-level quota group assignments
from the parent as-is, the lowest quota group of the parent
subvolume is determined that is not the leaf quota
enforce limits and accounting to the specified subvolume and
children subvolume created within it. Thus, by creating
subvolumes only via <varname>q</varname> and
- <varname>Q</varname> a concept of "subtree quotas" is
+ <varname>Q</varname>, a concept of "subtree quotas" is
implemented. Each subvolume for which <varname>Q</varname>
is set will get a "subtree" quota group created, and all
child subvolumes created within it will be assigned to
<varname>+</varname> (the default one) causes the
attribute(s) to be added; <varname>-</varname> causes the
attribute(s) to be removed; <varname>=</varname> causes the
- attributes to set exactly as the following letters. The
+ attributes to be set exactly as the following letters. The
letters <literal>aAcCdDeijsStTu</literal> select the new
attributes for the files, see
- <citerefentry><refentrytitle>chattr</refentrytitle>
+ <citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle>
<manvolnum>1</manvolnum></citerefentry> for further information.
</para>
<para>Passing only <varname>=</varname> as argument resets
all the file attributes listed above. It has to be pointed
- out that the <varname>=</varname> prefix, limits itself to
+ out that the <varname>=</varname> prefix limits itself to
the attributes corresponding to the letters listed here. All
other attributes will be left untouched. Does not follow
symlinks.</para>
<term><varname>a</varname></term>
<term><varname>a+</varname></term>
<listitem><para>Set POSIX ACLs (access control lists). If
- suffixed with <varname>+</varname>, specified entries will
+ suffixed with <varname>+</varname>, the specified entries will
be added to the existing set.
<command>systemd-tmpfiles</command> will automatically add
the required base entries for user and group based on the
<para>The user and group to use for this file or directory. This
may either be a numeric user/group ID or a user or group
name. If omitted or when set to <literal>-</literal>, the
- default 0 (root) is used. For <varname>z</varname>,
+ default 0 (root) is used. For <varname>z</varname> and
<varname>Z</varname> lines, when omitted or when set to
<literal>-</literal>, the file ownership will not be
modified. These parameters are ignored for <varname>x</varname>,
delete when cleaning. If a file or directory is older than the
current time minus the age field, it is deleted. The field
format is a series of integers each followed by one of the
- following postfixes for the respective time units:
+ following suffixes for the respective time units:
<constant>s</constant>,
<constant>m</constant> or <constant>min</constant>,
<constant>h</constant>,
<constant>d</constant>,
<constant>w</constant>,
- <constant>ms</constant>,
+ <constant>ms</constant>, and
<constant>us</constant>,
- respectively meaning seconds, minutes, hours, days, weeks,
- milliseconds, and microseconds. Full names of the time units can
+ meaning seconds, minutes, hours, days, weeks,
+ milliseconds, and microseconds, respectively. Full names of the time units can
be used too.
</para>
<title>Argument</title>
<para>For <varname>L</varname> lines determines the destination
- path of the symlink. For <varname>c</varname>,
- <varname>b</varname> determines the major/minor of the device
+ path of the symlink. For <varname>c</varname> and
+ <varname>b</varname>, determines the major/minor of the device
node, with major and minor formatted as integers, separated by
<literal>:</literal>, e.g. <literal>1:3</literal>. For
<varname>f</varname>, <varname>F</varname>, and
- <varname>w</varname> may be used to specify a short string that
+ <varname>w</varname>, the argument may be used to specify a short string that
is written to the file, suffixed by a newline. For
<varname>C</varname>, specifies the source file or
- directory. For <varname>t</varname>, <varname>T</varname>
+ directory. For <varname>t</varname> and <varname>T</varname>,
determines extended attributes to be set. For
- <varname>a</varname>, <varname>A</varname> determines ACL
- attributes to be set. For <varname>h</varname>,
- <varname>H</varname> determines the file attributes to
+ <varname>a</varname> and <varname>A</varname>, determines ACL
+ attributes to be set. For <varname>h</varname> and
+ <varname>H</varname>, determines the file attributes to
set. Ignored for all other lines.</para>
</refsect2>
<term><literal>program</literal></term>
<listitem>
<para>Execute an external program specified as the assigned
- value and if it returns successfully
+ value and, if it returns successfully,
import its output, which must be in environment key
format. Path specification, command/argument separation,
and quoting work like in <varname>RUN</varname>.</para>
<varlistentry>
<term><option>string_escape=<replaceable>none|replace</replaceable></option></term>
<listitem>
- <para>Usually control and other possibly unsafe characters are replaced
+ <para>Usually, control and other possibly unsafe characters are replaced
in strings used for device naming. The mode of replacement can be specified
with this option.</para>
</listitem>
<function>udev_device_get_parent_with_subsystem_devtype()</function>
return a pointer to the parent device. No additional reference
to this device is acquired, but the child device owns a reference
- to such parent device. On failure, <constant>NULL</constant>
+ to such a parent device. On failure, <constant>NULL</constant>
is returned.</para>
<para>On success, <function>udev_device_get_is_initialized()</function>
<function>udev_device_new_from_subsystem_sysname</function>, and
<function>udev_device_new_from_device_id</function>
create the device object based on information found in
- <filename>/sys</filename> annotated with properties from the udev-internal
+ <filename>/sys</filename>, annotated with properties from the udev-internal
device database. A syspath is any subdirectory of <filename>/sys</filename>,
with the restriction that a subdirectory of <filename>/sys/devices</filename>
(or a symlink to one) represents a real device and as such must contain
and
<citerefentry><refentrytitle>udev_device_get_sysname</refentrytitle><manvolnum>3</manvolnum></citerefentry>)
and <function>udev_device_new_from_device_id</function> looks up devices based on the provided
- device id which is a special string in one of the following four forms:
+ device ID, which is a special string in one of the following four forms:
<table>
<title>Device ID strings</title>
<constant>NULL</constant> is returned.</para>
<para><function>udev_enumerate_get_udev()</function> always
- returns a pointer to the udev context that this enumerate
+ returns a pointer to the udev context that this enumerated
object is associated with.</para>
</refsect1>
<function>udev_list_entry_get_name()</function> and
<function>udev_list_entry_get_value()</function> return a
pointer to a constant string representing the requested value.
- The string is bound to the lifetime of the list-entry itself.
+ The string is bound to the lifetime of the list entry itself.
On failure, <constant>NULL</constant> is returned.</para>
</refsect1>
</varlistentry>
</variablelist>
- <para>In addition an optional positional argument can be used
+ <para>In addition, an optional positional argument can be used
to specify a device name or a sys path. It must start with
<filename>/dev</filename> or <filename>/sys</filename>
respectively.</para>
<term><option>--name-match=<replaceable>NAME</replaceable></option></term>
<listitem>
<para>Trigger events for devices with a matching
- device path. This options can be specified multiple
+ device path. This option can be specified multiple
times.</para>
</listitem>
</varlistentry>
</varlistentry>
</variablelist>
- <para>In addition optional positional arguments can be used
+ <para>In addition, optional positional arguments can be used
to specify device names or sys paths. They must start with
<filename>/dev</filename> or <filename>/sys</filename>
respectively.</para>
# Copyright (C) 2015 systemd author and translators.
# This file is distributed under the same license as the systemd package.
# Seong-ho Cho <shcho@gnome.org>, 2015.
+# Dongsu Park <dongsu@endocode.com>, 2015.
#
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: https://github.com/systemd/systemd/issues\n"
"POT-Creation-Date: 2015-09-25 22:52+0900\n"
-"PO-Revision-Date: 2015-09-25 23:50+0900\n"
-"Last-Translator: Seong-ho Cho <shcho@gnome.org>\n"
+"PO-Revision-Date: 2015-11-03 13:19+0100\n"
+"Last-Translator: Dongsu Park <dongsu@endocode.com>\n"
"Language-Team: GNOME Korea <gnome-kr@googlegroups.com>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.5.5\n"
+"X-Generator: Gtranslator 2.91.7\n"
"Plural-Forms: nplurals=1; plural=0;\n"
"Language: ko\n"
"X-Poedit-SourceCharset: UTF-8\n"
#: ../src/login/org.freedesktop.login1.policy.in.h:23
msgid "Flush device to seat attachments"
-msgstr "ì\8b\9cí\8a¸ë¡\9cë¶\80í\84° ì\9e¥ì¹\98 í\83\88ê±° 허용"
+msgstr "ì\8b\9cí\8a¸ë¡\9cë¶\80í\84° ì\9e¥ì¹\98 í\95´ì \9c 허용"
#: ../src/login/org.freedesktop.login1.policy.in.h:24
msgid ""
#: ../src/login/org.freedesktop.login1.policy.in.h:53
msgid "Allow indication to the firmware to boot to setup interface"
-msgstr "ì\9d¸í\84°í\8e\98ì\9d´ì\8a¤ë¥¼ ì\84¤ì \95í\95\98ë\8f\84ë¡\9d í\8e\8cì\9b¨ì\96´ ë¶\80í\8c\85 지시 허용"
+msgstr "ì\84¤ì \95 í\99\94ë©´ì\9c¼ë¡\9c ë¶\80í\8c\85í\95\98ë\8f\84ë¡\9d í\8e\8cì\9b¨ì\96´ì\97\90ê²\8c 지시 허용"
#: ../src/login/org.freedesktop.login1.policy.in.h:54
msgid ""
"Authentication is required to indicate to the firmware to boot to setup "
"interface."
-msgstr "ì\9d¸í\84°í\8e\98ì\9d´ì\8a¤ë¥¼ ì\84¤ì \95í\95\98ë\8f\84ë¡\9d í\8e\8cì\9b¨ì\96´ ë¶\80í\8c\85ì\9d\84 지시하려면 인증이 필요합니다."
+msgstr "ì\84¤ì \95 í\99\94ë©´ì\9c¼ë¡\9c ë¶\80í\8c\85í\95\98ë\8f\84ë¡\9d í\8e\8cì\9b¨ì\96´ì\97\90ê²\8c 지시하려면 인증이 필요합니다."
#: ../src/login/org.freedesktop.login1.policy.in.h:55
msgid "Set a wall message"
#: ../src/machine/org.freedesktop.machine1.policy.in.h:11
msgid "Acquire a pseudo TTY on the local host"
-msgstr "ë¡\9c컬 í\98¸ì\8a¤í\8a¸ì\97\90ì\84\9c ì\9d\98사 TTY 획득"
+msgstr "ë¡\9c컬 í\98¸ì\8a¤í\8a¸ì\97\90ì\84\9c ì\9c 사 TTY 획득"
#: ../src/machine/org.freedesktop.machine1.policy.in.h:12
msgid "Authentication is required to acquire a pseudo TTY on the local host."
fi
local -A VERBS=(
- [ALL_UNITS]='is-active is-failed is-enabled status show cat mask preset help list-dependencies edit'
+ [ALL_UNITS]='is-active is-failed is-enabled status show cat mask preset help list-dependencies edit set-property'
[ENABLED_UNITS]='disable'
[DISABLED_UNITS]='enable'
[REENABLABLE_UNITS]='reenable'
_cleanup_free_ char *value = NULL;
const char *clamp;
- if (!shall_restore_state())
+ if (shall_restore_state() == 0)
return EXIT_SUCCESS;
if (!validate_device(udev, device))
assert(keep_capabilities & (1ULL << (i - 1)));
if (cap_set_flag(d, CAP_EFFECTIVE, j, bits, CAP_SET) < 0 ||
- cap_set_flag(d, CAP_PERMITTED, j, bits, CAP_SET) < 0) {
- log_error_errno(errno, "Failed to enable capabilities bits: %m");
- return -errno;
- }
+ cap_set_flag(d, CAP_PERMITTED, j, bits, CAP_SET) < 0)
+ return log_error_errno(errno, "Failed to enable capabilities bits: %m");
if (cap_set_proc(d) < 0)
return log_error_errno(errno, "Failed to increase capabilities: %m");
#include "cpu-set-util.h"
#include "extract-word.h"
#include "parse-util.h"
+#include "string-util.h"
#include "util.h"
cpu_set_t* cpu_set_malloc(unsigned *ncpus) {
* the watchdog pings will keep the loop busy. */
#define DEFAULT_EXIT_USEC (30*USEC_PER_SEC)
+/* The default value for the net.unix.max_dgram_qlen sysctl */
+#define DEFAULT_UNIX_MAX_DGRAM_QLEN 512UL
+
#define SYSTEMD_CGROUP_CONTROLLER "name=systemd"
#define SIGNALS_CRASH_HANDLER SIGSEGV,SIGILL,SIGFPE,SIGBUS,SIGQUIT,SIGABRT
#define SIGNALS_IGNORE SIGPIPE
-#define DIGITS "0123456789"
-#define LOWERCASE_LETTERS "abcdefghijklmnopqrstuvwxyz"
-#define UPPERCASE_LETTERS "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-#define LETTERS LOWERCASE_LETTERS UPPERCASE_LETTERS
-#define ALPHANUMERICAL LETTERS DIGITS
-
#define REBOOT_PARAM_FILE "/run/systemd/reboot-param"
#ifdef HAVE_SPLIT_USR
#define NOTIFY_FD_MAX 768
#define NOTIFY_BUFFER_MAX PIPE_BUF
+
+/* Return a nulstr for a standard cascade of configuration directories,
+ * suitable to pass to conf_files_list_nulstr or config_parse_many. */
+#define CONF_DIRS_NULSTR(n) \
+ "/etc/" n ".d\0" \
+ "/run/" n ".d\0" \
+ "/usr/local/lib/" n ".d\0" \
+ "/usr/lib/" n ".d\0" \
+ CONF_DIR_SPLIT_USR(n)
+
+#ifdef HAVE_SPLIT_USR
+#define CONF_DIR_SPLIT_USR(n) "/lib/" n ".d\0"
+#else
+#define CONF_DIR_SPLIT_USR(n)
+#endif
#include "alloc-util.h"
#include "escape.h"
#include "hexdecoct.h"
+#include "string-util.h"
#include "utf8.h"
#include "util.h"
#include "alloc-util.h"
#include "escape.h"
+#include "extract-word.h"
+#include "string-util.h"
#include "utf8.h"
#include "util.h"
-#include "extract-word.h"
int extract_first_word(const char **p, char **ret, const char *separators, ExtractFlags flags) {
_cleanup_free_ char *s = NULL;
#include <glob.h>
#include "glob-util.h"
+#include "string-util.h"
#include "strv.h"
#include "util.h"
#include <string.h>
#include "macro.h"
-#include "util.h"
+#include "string-util.h"
int glob_exists(const char *path);
int glob_extend(char ***strv, const char *path);
static int write_to_kmsg(
int level,
int error,
- const char*file,
+ const char *file,
int line,
const char *func,
const char *object_field,
static int write_to_journal(
int level,
int error,
- const char*file,
+ const char *file,
int line,
const char *func,
const char *object_field,
int log_internalv(
int level,
int error,
- const char*file,
+ const char *file,
int line,
const char *func,
const char *format,
int log_internal(
int level,
int error,
- const char*file,
+ const char *file,
int line,
const char *func,
const char *format, ...) {
int log_object_internalv(
int level,
int error,
- const char*file,
+ const char *file,
int line,
const char *func,
const char *object_field,
int log_object_internal(
int level,
int error,
- const char*file,
+ const char *file,
int line,
const char *func,
const char *object_field,
_found; \
})
-/* Return a nulstr for a standard cascade of configuration directories,
- * suitable to pass to conf_files_list_nulstr or config_parse_many. */
-#define CONF_DIRS_NULSTR(n) \
- "/etc/" n ".d\0" \
- "/run/" n ".d\0" \
- "/usr/local/lib/" n ".d\0" \
- "/usr/lib/" n ".d\0" \
- CONF_DIR_SPLIT_USR(n)
-
-#ifdef HAVE_SPLIT_USR
-#define CONF_DIR_SPLIT_USR(n) "/lib/" n ".d\0"
-#else
-#define CONF_DIR_SPLIT_USR(n)
-#endif
-
/* Define C11 thread_local attribute even on older gcc compiler
* version */
#ifndef thread_local
return 0;
}
+int parse_ifindex(const char *s, int *ret) {
+ int ifi, r;
+
+ r = safe_atoi(s, &ifi);
+ if (r < 0)
+ return r;
+ if (ifi <= 0)
+ return -EINVAL;
+
+ *ret = ifi;
+ return 0;
+}
+
int parse_size(const char *t, uint64_t base, uint64_t *size) {
/* Soo, sometimes we want to parse IEC binary suffixes, and
int parse_boolean(const char *v) _pure_;
int parse_pid(const char *s, pid_t* ret_pid);
int parse_mode(const char *s, mode_t *ret);
+int parse_ifindex(const char *s, int *ret);
int parse_size(const char *t, uint64_t base, uint64_t *size);
int parse_range(const char *t, unsigned *lower, unsigned *upper);
#include "parse-util.h"
#include "proc-cmdline.h"
#include "process-util.h"
+#include "special.h"
#include "string-util.h"
#include "util.h"
#include "virt.h"
if (r == 0)
return true;
- return parse_boolean(value) != 0;
+ return parse_boolean(value);
+}
+
+static const char * const rlmap[] = {
+ "emergency", SPECIAL_EMERGENCY_TARGET,
+ "-b", SPECIAL_EMERGENCY_TARGET,
+ "rescue", SPECIAL_RESCUE_TARGET,
+ "single", SPECIAL_RESCUE_TARGET,
+ "-s", SPECIAL_RESCUE_TARGET,
+ "s", SPECIAL_RESCUE_TARGET,
+ "S", SPECIAL_RESCUE_TARGET,
+ "1", SPECIAL_RESCUE_TARGET,
+ "2", SPECIAL_MULTI_USER_TARGET,
+ "3", SPECIAL_MULTI_USER_TARGET,
+ "4", SPECIAL_MULTI_USER_TARGET,
+ "5", SPECIAL_GRAPHICAL_TARGET,
+};
+
+const char* runlevel_to_target(const char *word) {
+ size_t i;
+
+ if (!word)
+ return NULL;
+
+ for (i = 0; i < ELEMENTSOF(rlmap); i += 2)
+ if (streq(word, rlmap[i]))
+ return rlmap[i+1];
+
+ return NULL;
}
int get_proc_cmdline_key(const char *parameter, char **value);
int shall_restore_state(void);
+const char* runlevel_to_target(const char *rl);
#include "alloc-util.h"
#include "macro.h"
-#include "util.h"
#include "replace-var.h"
-#include "def.h"
+#include "string-util.h"
+#include "util.h"
/*
* Generic infrastructure for replacing @FOO@ style variables in
#include "alloc-util.h"
#include "gunicode.h"
+#include "string-util.h"
#include "utf8.h"
#include "util.h"
-#include "string-util.h"
int strcmp_ptr(const char *a, const char *b) {
return 1;
}
-void string_erase(char *x) {
+#pragma GCC push_options
+#pragma GCC optimize("O0")
+
+void* memory_erase(void *p, size_t l) {
+ volatile uint8_t* x = (volatile uint8_t*) p;
+
+ /* This basically does what memset() does, but hopefully isn't
+ * optimized away by the compiler. One of those days, when
+ * glibc learns memset_s() we should replace this call by
+ * memset_s(), but until then this has to do. */
+
+ for (; l > 0; l--)
+ *(x++) = 'x';
+
+ return p;
+}
+
+#pragma GCC pop_options
+
+char* string_erase(char *x) {
if (!x)
- return;
+ return NULL;
/* A delicious drop of snake-oil! To be called on memory where
* we stored passphrases or so, after we used them. */
- memory_erase(x, strlen(x));
+ return memory_erase(x, strlen(x));
}
char *string_free_erase(char *s) {
- if (!s)
- return NULL;
-
- string_erase(s);
- return mfree(s);
+ return mfree(string_erase(s));
}
bool string_is_safe(const char *p) {
#include "macro.h"
+/* What is interpreted as whitespace? */
+#define WHITESPACE " \t\n\r"
+#define NEWLINE "\n\r"
+#define QUOTES "\"\'"
+#define COMMENTS "#;"
+#define GLOB_CHARS "*?["
+#define DIGITS "0123456789"
+#define LOWERCASE_LETTERS "abcdefghijklmnopqrstuvwxyz"
+#define UPPERCASE_LETTERS "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+#define LETTERS LOWERCASE_LETTERS UPPERCASE_LETTERS
+#define ALPHANUMERICAL LETTERS DIGITS
+
#define streq(a,b) (strcmp((a),(b)) == 0)
#define strneq(a, b, n) (strncmp((a), (b), (n)) == 0)
#define strcaseeq(a,b) (strcasecmp((a),(b)) == 0)
return memmem(haystack, haystacklen, needle, needlelen);
}
-#define memory_erase(p, l) memset((p), 'x', (l))
-void string_erase(char *x);
+void* memory_erase(void *p, size_t l);
+char *string_erase(char *x);
char *string_free_erase(char *s);
DEFINE_TRIVIAL_CLEANUP_FUNC(char *, string_free_erase);
assert_se(sigaction(SIGHUP, &sa_old, NULL) == 0);
- /* Sometimes it makes sense to ignore TIOCSCTTY
+ /* Sometimes, it makes sense to ignore TIOCSCTTY
* returning EPERM, i.e. when very likely we already
* are have this controlling terminal. */
if (r < 0 && r == -EPERM && ignore_tiocstty_eperm)
struct tm *localtime_or_gmtime_r(const time_t *t, struct tm *tm, bool utc) {
return utc ? gmtime_r(t, tm) : localtime_r(t, tm);
}
+
+unsigned long usec_to_jiffies(usec_t u) {
+ static thread_local unsigned long hz = 0;
+ long r;
+
+ if (hz == 0) {
+ r = sysconf(_SC_CLK_TCK);
+
+ assert(r > 0);
+ hz = (unsigned long) r;
+ }
+
+ return DIV_ROUND_UP(u , USEC_PER_SEC / hz);
+}
time_t mktime_or_timegm(struct tm *tm, bool utc);
struct tm *localtime_or_gmtime_r(const time_t *t, struct tm *tm, bool utc);
+
+unsigned long usec_to_jiffies(usec_t usec);
* /blah/blah is converted to blah-blah.mount, anything else is left alone,
* except that @suffix is appended if a valid unit suffix is not present.
*
- * If @allow_globs, globs characters are preserved. Otherwise they are escaped.
+ * If @allow_globs, globs characters are preserved. Otherwise, they are escaped.
*/
int unit_name_mangle_with_suffix(const char *name, UnitNameMangle allow_globs, const char *suffix, char **ret) {
char *s, *t;
#include "missing.h"
#include "time-util.h"
-/* What is interpreted as whitespace? */
-#define WHITESPACE " \t\n\r"
-#define NEWLINE "\n\r"
-#define QUOTES "\"\'"
-#define COMMENTS "#;"
-#define GLOB_CHARS "*?["
-
size_t page_size(void) _pure_;
#define PAGE_ALIGN(l) ALIGN_TO((l), page_size())
static int detect_vm_cpuid(void) {
- /* Both CPUID and DMI are x86 specific interfaces... */
+ /* CPUID is an x86 specific interface. */
#if defined(__i386__) || defined(__x86_64__)
static const struct {
}
static int detect_vm_dmi(void) {
-
- /* Both CPUID and DMI are x86 specific interfaces... */
-#if defined(__i386__) || defined(__x86_64__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
static const char *const dmi_vendors[] = {
+ "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */
"/sys/class/dmi/id/sys_vendor",
"/sys/class/dmi/id/board_vendor",
"/sys/class/dmi/id/bios_vendor"
const char *vendor;
int id;
} dmi_vendor_table[] = {
+ { "KVM", VIRTUALIZATION_KVM },
{ "QEMU", VIRTUALIZATION_QEMU },
/* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
{ "VMware", VIRTUALIZATION_VMWARE },
if (cached_found >= 0)
return cached_found;
- /* Try xen capabilities file first, if not found try
- * high-level hypervisor sysfs file:
- *
- * https://bugs.freedesktop.org/show_bug.cgi?id=77271 */
-
- r = detect_vm_xen();
+ r = detect_vm_cpuid();
if (r < 0)
return r;
if (r != VIRTUALIZATION_NONE)
if (r != VIRTUALIZATION_NONE)
goto finish;
- r = detect_vm_cpuid();
+ /* x86 xen will most likely be detected by cpuid. If not (most likely
+ * because we're not an x86 guest), then we should try the xen capabilities
+ * file next. If that's not found, then we check for the high-level
+ * hypervisor sysfs file:
+ *
+ * https://bugs.freedesktop.org/show_bug.cgi?id=77271 */
+
+ r = detect_vm_xen();
if (r < 0)
return r;
if (r != VIRTUALIZATION_NONE)
{ "lxc-libvirt", VIRTUALIZATION_LXC_LIBVIRT },
{ "systemd-nspawn", VIRTUALIZATION_SYSTEMD_NSPAWN },
{ "docker", VIRTUALIZATION_DOCKER },
+ { "rkt", VIRTUALIZATION_RKT },
};
static thread_local int cached_found = _VIRTUALIZATION_INVALID;
[VIRTUALIZATION_LXC] = "lxc",
[VIRTUALIZATION_OPENVZ] = "openvz",
[VIRTUALIZATION_DOCKER] = "docker",
+ [VIRTUALIZATION_RKT] = "rkt",
[VIRTUALIZATION_CONTAINER_OTHER] = "container-other",
};
VIRTUALIZATION_LXC,
VIRTUALIZATION_OPENVZ,
VIRTUALIZATION_DOCKER,
+ VIRTUALIZATION_RKT,
VIRTUALIZATION_CONTAINER_OTHER,
VIRTUALIZATION_CONTAINER_LAST = VIRTUALIZATION_CONTAINER_OTHER,
#include "alloc-util.h"
#include "conf-files.h"
+#include "def.h"
#include "fd-util.h"
#include "fileio.h"
#include "log.h"
if (feof(f))
break;
- log_error_errno(errno, "Failed to read file '%s', ignoring: %m", path);
- return -errno;
+ return log_error_errno(errno, "Failed to read file '%s', ignoring: %m", path);
}
p = strstrip(l);
#include "alloc-util.h"
#include "bootchart.h"
#include "conf-parser.h"
+#include "def.h"
#include "fd-util.h"
#include "fileio.h"
#include "io-util.h"
SD_BUS_PROPERTY("MainPID", "u", bus_property_get_pid, offsetof(Service, main_pid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("ControlPID", "u", bus_property_get_pid, offsetof(Service, control_pid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("BusName", "s", NULL, offsetof(Service, bus_name), SD_BUS_VTABLE_PROPERTY_CONST),
- SD_BUS_PROPERTY("FileDescriptorStoreMax", "u", NULL, offsetof(Service, n_fd_store_max), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("FileDescriptorStoreMax", "u", bus_property_get_unsigned, offsetof(Service, n_fd_store_max), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("NFileDescriptorStore", "u", bus_property_get_unsigned, offsetof(Service, n_fd_store), 0),
SD_BUS_PROPERTY("StatusText", "s", NULL, offsetof(Service, status_text), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("StatusErrno", "i", NULL, offsetof(Service, status_errno), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Service, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
hn = "localhost";
}
- if (sethostname_idempotent(hn) < 0)
- return log_warning_errno(errno, "Failed to set hostname to <%s>: %m", hn);
+ r = sethostname_idempotent(hn);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to set hostname to <%s>: %m", hn);
log_info("Set hostname to <%s>.", hn);
return 0;
$1.SystemCallErrorNumber, config_parse_warn_compat, DISABLED_CONFIGURATION, 0
$1.RestrictAddressFamilies, config_parse_warn_compat, DISABLED_CONFIGURATION, 0')
$1.LimitCPU, config_parse_limit, RLIMIT_CPU, offsetof($1, exec_context.rlimit)
-$1.LimitFSIZE, config_parse_limit, RLIMIT_FSIZE, offsetof($1, exec_context.rlimit)
-$1.LimitDATA, config_parse_limit, RLIMIT_DATA, offsetof($1, exec_context.rlimit)
-$1.LimitSTACK, config_parse_limit, RLIMIT_STACK, offsetof($1, exec_context.rlimit)
-$1.LimitCORE, config_parse_limit, RLIMIT_CORE, offsetof($1, exec_context.rlimit)
-$1.LimitRSS, config_parse_limit, RLIMIT_RSS, offsetof($1, exec_context.rlimit)
+$1.LimitFSIZE, config_parse_bytes_limit, RLIMIT_FSIZE, offsetof($1, exec_context.rlimit)
+$1.LimitDATA, config_parse_bytes_limit, RLIMIT_DATA, offsetof($1, exec_context.rlimit)
+$1.LimitSTACK, config_parse_bytes_limit, RLIMIT_STACK, offsetof($1, exec_context.rlimit)
+$1.LimitCORE, config_parse_bytes_limit, RLIMIT_CORE, offsetof($1, exec_context.rlimit)
+$1.LimitRSS, config_parse_bytes_limit, RLIMIT_RSS, offsetof($1, exec_context.rlimit)
$1.LimitNOFILE, config_parse_limit, RLIMIT_NOFILE, offsetof($1, exec_context.rlimit)
-$1.LimitAS, config_parse_limit, RLIMIT_AS, offsetof($1, exec_context.rlimit)
+$1.LimitAS, config_parse_bytes_limit, RLIMIT_AS, offsetof($1, exec_context.rlimit)
$1.LimitNPROC, config_parse_limit, RLIMIT_NPROC, offsetof($1, exec_context.rlimit)
-$1.LimitMEMLOCK, config_parse_limit, RLIMIT_MEMLOCK, offsetof($1, exec_context.rlimit)
+$1.LimitMEMLOCK, config_parse_bytes_limit, RLIMIT_MEMLOCK, offsetof($1, exec_context.rlimit)
$1.LimitLOCKS, config_parse_limit, RLIMIT_LOCKS, offsetof($1, exec_context.rlimit)
$1.LimitSIGPENDING, config_parse_limit, RLIMIT_SIGPENDING, offsetof($1, exec_context.rlimit)
-$1.LimitMSGQUEUE, config_parse_limit, RLIMIT_MSGQUEUE, offsetof($1, exec_context.rlimit)
+$1.LimitMSGQUEUE, config_parse_bytes_limit, RLIMIT_MSGQUEUE, offsetof($1, exec_context.rlimit)
$1.LimitNICE, config_parse_limit, RLIMIT_NICE, offsetof($1, exec_context.rlimit)
$1.LimitRTPRIO, config_parse_limit, RLIMIT_RTPRIO, offsetof($1, exec_context.rlimit)
$1.LimitRTTIME, config_parse_limit, RLIMIT_RTTIME, offsetof($1, exec_context.rlimit)
return 0;
}
+int config_parse_bytes_limit(const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ struct rlimit **rl = data;
+ uint64_t bytes;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ rl += ltype;
+
+ if (streq(rvalue, "infinity"))
+ bytes = (uint64_t) RLIM_INFINITY;
+ else {
+ int r;
+
+ r = parse_size(rvalue, 1024, &bytes);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse resource value, ignoring: %s", rvalue);
+ return 0;
+ }
+ }
+
+ if (!*rl) {
+ *rl = new(struct rlimit, 1);
+ if (!*rl)
+ return log_oom();
+ }
+
+ (*rl)->rlim_cur = (*rl)->rlim_max = (rlim_t) bytes;
+ return 0;
+}
+
#ifdef HAVE_SYSV_COMPAT
int config_parse_sysv_priority(const char *unit,
const char *filename,
void *userdata) {
Service *s = data;
- const char *word, *state;
- size_t l;
+ const char *p;
int r;
assert(filename);
assert(rvalue);
assert(data);
- FOREACH_WORD_QUOTED(word, l, rvalue, state) {
- _cleanup_free_ char *t = NULL, *k = NULL;
+ p = rvalue;
+ for(;;) {
+ _cleanup_free_ char *word = NULL, *k = NULL;
- t = strndup(word, l);
- if (!t)
+ r = extract_first_word(&p, &word, NULL, 0);
+ if (r == 0)
+ break;
+ if (r == -ENOMEM)
return log_oom();
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Trailing garbage in sockets, ignoring: %s", rvalue);
+ break;
+ }
- r = unit_name_printf(UNIT(s), t, &k);
+ r = unit_name_printf(UNIT(s), word, &k);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers, ignoring: %m");
continue;
if (r < 0)
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
}
- if (!isempty(state))
- log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
return 0;
}
int offset;
r = extract_first_word(&cur, &word, NULL, EXTRACT_QUOTES);
+ if (r == 0)
+ break;
+ if (r == -ENOMEM)
+ return log_oom();
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring: %s", prev);
+ log_syntax(unit, LOG_ERR, filename, line, r, "Trailing garbage, ignoring: %s", prev);
return 0;
}
- if (r == 0)
- break;
if (!utf8_is_valid(word)) {
log_syntax_invalid_utf8(unit, LOG_ERR, filename, line, word);
int config_parse_exec_secure_bits(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_bounding_set(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_limit(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_bytes_limit(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_sysv_priority(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_kill_signal(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_exec_mount_flags(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
static int parse_proc_cmdline_item(const char *key, const char *value) {
- static const char * const rlmap[] = {
- "emergency", SPECIAL_EMERGENCY_TARGET,
- "-b", SPECIAL_EMERGENCY_TARGET,
- "rescue", SPECIAL_RESCUE_TARGET,
- "single", SPECIAL_RESCUE_TARGET,
- "-s", SPECIAL_RESCUE_TARGET,
- "s", SPECIAL_RESCUE_TARGET,
- "S", SPECIAL_RESCUE_TARGET,
- "1", SPECIAL_RESCUE_TARGET,
- "2", SPECIAL_MULTI_USER_TARGET,
- "3", SPECIAL_MULTI_USER_TARGET,
- "4", SPECIAL_MULTI_USER_TARGET,
- "5", SPECIAL_GRAPHICAL_TARGET,
- };
int r;
assert(key);
log_set_target(LOG_TARGET_CONSOLE);
} else if (!in_initrd() && !value) {
- unsigned i;
+ const char *target;
/* SysV compatibility */
- for (i = 0; i < ELEMENTSOF(rlmap); i += 2)
- if (streq(key, rlmap[i]))
- return free_and_strdup(&arg_default_unit, rlmap[i+1]);
+ target = runlevel_to_target(key);
+ if (target)
+ return free_and_strdup(&arg_default_unit, target);
}
return 0;
{ "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst },
{ "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment },
{ "Manager", "DefaultLimitCPU", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CPU] },
- { "Manager", "DefaultLimitFSIZE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_FSIZE] },
- { "Manager", "DefaultLimitDATA", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_DATA] },
- { "Manager", "DefaultLimitSTACK", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_STACK] },
- { "Manager", "DefaultLimitCORE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CORE] },
- { "Manager", "DefaultLimitRSS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RSS] },
+ { "Manager", "DefaultLimitFSIZE", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_FSIZE] },
+ { "Manager", "DefaultLimitDATA", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_DATA] },
+ { "Manager", "DefaultLimitSTACK", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_STACK] },
+ { "Manager", "DefaultLimitCORE", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_CORE] },
+ { "Manager", "DefaultLimitRSS", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_RSS] },
{ "Manager", "DefaultLimitNOFILE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NOFILE] },
- { "Manager", "DefaultLimitAS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_AS] },
+ { "Manager", "DefaultLimitAS", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_AS] },
{ "Manager", "DefaultLimitNPROC", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NPROC] },
- { "Manager", "DefaultLimitMEMLOCK", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_MEMLOCK] },
+ { "Manager", "DefaultLimitMEMLOCK", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_MEMLOCK] },
{ "Manager", "DefaultLimitLOCKS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_LOCKS] },
{ "Manager", "DefaultLimitSIGPENDING", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_SIGPENDING] },
- { "Manager", "DefaultLimitMSGQUEUE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_MSGQUEUE] },
+ { "Manager", "DefaultLimitMSGQUEUE", config_parse_bytes_limit, 0, &arg_default_rlimit[RLIMIT_MSGQUEUE] },
{ "Manager", "DefaultLimitNICE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NICE] },
{ "Manager", "DefaultLimitRTPRIO", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RTPRIO] },
{ "Manager", "DefaultLimitRTTIME", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RTTIME] },
return 0;
}
-static void test_mtab(void) {
-
- static const char ok[] =
- "/proc/self/mounts\0"
- "/proc/mounts\0"
- "../proc/self/mounts\0"
- "../proc/mounts\0";
-
- _cleanup_free_ char *p = NULL;
- int r;
-
- /* Check that /etc/mtab is a symlink to the right place or
- * non-existing. But certainly not a file, or a symlink to
- * some weird place... */
-
- r = readlink_malloc("/etc/mtab", &p);
- if (r == -ENOENT)
- return;
- if (r >= 0 && nulstr_contains(ok, p))
- return;
-
- log_error("/etc/mtab is not a symlink or not pointing to /proc/self/mounts. "
- "This is not supported anymore. "
- "Please replace /etc/mtab with a symlink to /proc/self/mounts.");
- freeze_or_reboot();
-}
-
static void test_usr(void) {
/* Check that /usr is not a separate fs */
static int write_container_id(void) {
const char *c;
+ int r;
c = getenv("container");
if (isempty(c))
return 0;
- return write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
+ r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to write /run/systemd/container, ignoring: %m");
+
+ return 1;
+}
+
+static int bump_unix_max_dgram_qlen(void) {
+ _cleanup_free_ char *qlen = NULL;
+ unsigned long v;
+ int r;
+
+ /* Let's bump the net.unix.max_dgram_qlen sysctl. The kernel
+ * default of 16 is simply too low. We set the value really
+ * really early during boot, so that it is actually applied to
+ * all our sockets, including the $NOTIFY_SOCKET one. */
+
+ r = read_one_line_file("/proc/sys/net/unix/max_dgram_qlen", &qlen);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to read AF_UNIX datagram queue length, ignoring: %m");
+
+ r = safe_atolu(qlen, &v);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to parse AF_UNIX datagram queue length, ignoring: %m");
+
+ if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN)
+ return 0;
+
+ qlen = mfree(qlen);
+ if (asprintf(&qlen, "%lu\n", DEFAULT_UNIX_MAX_DGRAM_QLEN) < 0)
+ return log_oom();
+
+ r = write_string_file("/proc/sys/net/unix/max_dgram_qlen", qlen, 0);
+ if (r < 0)
+ return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
+ "Failed to bump AF_UNIX datagram queue length, ignoring: %m");
+
+ return 1;
}
int main(int argc, char *argv[]) {
hostname_setup();
machine_id_setup(NULL);
loopback_setup();
+ bump_unix_max_dgram_qlen();
- test_mtab();
test_usr();
}
if (other->from_fragment)
return UNIT(other);
- /* Otherwise make everybody follow the unit that's named after
+ /* Otherwise, make everybody follow the unit that's named after
* the swap device in the kernel */
if (streq_ptr(s->what, s->devnode))
#include "unit-name.h"
#include "unit.h"
#include "user-util.h"
+#include "virt.h"
static const UnitActiveState state_translation_table[_TIMER_STATE_MAX] = {
[TIMER_DEAD] = UNIT_INACTIVE,
break;
case TIMER_BOOT:
- /* CLOCK_MONOTONIC equals the uptime on Linux */
- base = 0;
- break;
-
+ if (detect_container() <= 0) {
+ /* CLOCK_MONOTONIC equals the uptime on Linux */
+ base = 0;
+ break;
+ }
+ /* In a container we don't want to include the time the host
+ * was already up when the container started, so count from
+ * our own startup. Fall through. */
case TIMER_STARTUP:
base = UNIT(t)->manager->userspace_timestamp.monotonic;
break;
if (errno == -ENOENT)
return 0;
- log_error_errno(errno, "Failed to enumerate D-Bus activated services: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to enumerate D-Bus activated services: %m");
}
r = 0;
return r;
fail:
- log_error_errno(errno, "Failed to read D-Bus services directory: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to read D-Bus services directory: %m");
}
static int link_busnames_target(const char *units) {
#include "mkdir.h"
#include "parse-util.h"
#include "proc-cmdline.h"
+#include "special.h"
#include "string-util.h"
#include "strv.h"
#include "unit-name.h"
#include "util.h"
+static char *arg_default_unit = NULL;
static const char *arg_dest = "/tmp";
static char **arg_mask = NULL;
static char **arg_wants = NULL;
arg_debug_shell = r;
} else
arg_debug_shell = true;
+ } else if (streq(key, "systemd.unit")) {
+
+ if (!value)
+ log_error("Missing argument for systemd.unit= kernel command line parameter.");
+ else {
+ r = free_and_strdup(&arg_default_unit, value);
+ if (r < 0)
+ return log_error_errno(r, "Failed to set default unit %s: %m", value);
+ }
+ } else if (!value) {
+ const char *target;
+
+ target = runlevel_to_target(key);
+ if (target) {
+ r = free_and_strdup(&arg_default_unit, target);
+ if (r < 0)
+ return log_error_errno(r, "Failed to set default unit %s: %m", target);
+ }
}
return 0;
STRV_FOREACH(u, arg_wants) {
_cleanup_free_ char *p = NULL, *f = NULL;
- p = strjoin(arg_dest, "/default.target.wants/", *u, NULL);
+ p = strjoin(arg_dest, "/", arg_default_unit, ".wants/", *u, NULL);
if (!p)
return log_oom();
umask(0022);
+ r = free_and_strdup(&arg_default_unit, SPECIAL_DEFAULT_TARGET);
+ if (r < 0) {
+ log_error_errno(r, "Failed to set default unit %s: %m", SPECIAL_DEFAULT_TARGET);
+ goto finish;
+ }
+
r = parse_proc_cmdline(parse_proc_cmdline_item);
if (r < 0)
log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
if (errno == ENOENT)
return 0;
- log_error_errno(errno, "Failed to open %s: %m", path);
- return -errno;
+ return log_error_errno(errno, "Failed to open %s: %m", path);
}
for (;;) {
if (!errno)
errno = EIO;
- log_error_errno(errno, "Failed to find shadow entry for root: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to find shadow entry for root: %m");
}
r = write_root_shadow(etc_shadow, p);
item.sp_pwdp = crypt(arg_root_password, salt);
if (!item.sp_pwdp) {
if (!errno)
- errno = -EINVAL;
+ errno = EINVAL;
- log_error_errno(errno, "Failed to encrypt password: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to encrypt password: %m");
}
item.sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
if (!b) {
if (errno == 0)
return log_oom();
- log_error_errno(errno, "Failed to allocate prober: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to allocate prober: %m");
}
blkid_probe_enable_superblocks(b, 1);
if (!b) {
if (errno == 0)
return log_oom();
- log_error_errno(errno, "Failed to allocate prober: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to allocate prober: %m");
}
blkid_probe_enable_partitions(b, 1);
r = chattr_fd(converted_fd, FS_NOCOW_FL, FS_NOCOW_FL);
if (r < 0)
- log_warning_errno(errno, "Failed to set file attributes on %s: %m", t);
+ log_warning_errno(r, "Failed to set file attributes on %s: %m", t);
log_info("Unpacking QCOW2 file.");
r = chattr_fd(i->output_fd, FS_NOCOW_FL, FS_NOCOW_FL);
if (r < 0)
- log_warning_errno(errno, "Failed to set file attributes on %s: %m", i->temp_path);
+ log_warning_errno(r, "Failed to set file attributes on %s: %m", i->temp_path);
return 0;
}
if (mkdir(i->temp_path, 0755) < 0)
return log_error_errno(errno, "Failed to create directory %s: %m", i->temp_path);
} else if (r < 0)
- return log_error_errno(errno, "Failed to create subvolume %s: %m", i->temp_path);
+ return log_error_errno(r, "Failed to create subvolume %s: %m", i->temp_path);
else
(void) import_assign_pool_quota_and_warn(i->temp_path);
r = chattr_fd(converted_fd, FS_NOCOW_FL, FS_NOCOW_FL);
if (r < 0)
- log_warning_errno(errno, "Failed to set file attributes on %s: %m", t);
+ log_warning_errno(r, "Failed to set file attributes on %s: %m", t);
log_info("Unpacking QCOW2 file.");
* writes. */
r = chattr_fd(dfd, FS_NOCOW_FL, FS_NOCOW_FL);
if (r < 0)
- log_warning_errno(errno, "Failed to set file attributes on %s: %m", tp);
+ log_warning_errno(r, "Failed to set file attributes on %s: %m", tp);
r = copy_bytes(i->raw_job->disk_fd, dfd, (uint64_t) -1, true);
if (r < 0) {
r = rename(tp, p);
if (r < 0) {
+ r = log_error_errno(errno, "Failed to move writable image into place: %m");
unlink(tp);
- return log_error_errno(errno, "Failed to move writable image into place: %m");
+ return r;
}
log_info("Created new local image '%s'.", i->local);
r = chattr_fd(j->disk_fd, FS_NOCOW_FL, FS_NOCOW_FL);
if (r < 0)
- log_warning_errno(errno, "Failed to set file attributes on %s: %m", i->temp_path);
+ log_warning_errno(r, "Failed to set file attributes on %s: %m", i->temp_path);
return 0;
}
if (mkdir(i->temp_path, 0755) < 0)
return log_error_errno(errno, "Failed to create directory %s: %m", i->temp_path);
} else if (r < 0)
- return log_error_errno(errno, "Failed to create subvolume %s: %m", i->temp_path);
+ return log_error_errno(r, "Failed to create subvolume %s: %m", i->temp_path);
else
(void) import_assign_pool_quota_and_warn(i->temp_path);
if (errno == EAGAIN)
return 0;
- log_warning_errno(errno, "Failed to read from fifo: %m");
- return -errno;
+ return log_warning_errno(errno, "Failed to read from fifo: %m");
}
f->bytes_read += l;
#include "alloc-util.h"
#include "conf-parser.h"
+#include "def.h"
#include "escape.h"
#include "fd-util.h"
#include "fileio.h"
r = spawn_child("curl", argv);
if (r < 0)
- log_error_errno(errno, "Failed to spawn curl: %m");
+ log_error_errno(r, "Failed to spawn curl: %m");
return r;
}
r = spawn_child(words[0], words);
if (r < 0)
- log_error_errno(errno, "Failed to spawn getter %s: %m", getter);
+ log_error_errno(r, "Failed to spawn getter %s: %m", getter);
return r;
}
#include "alloc-util.h"
#include "conf-parser.h"
+#include "def.h"
#include "fd-util.h"
#include "fileio.h"
#include "formats-util.h"
PARSER = argparse.ArgumentParser()
PARSER.add_argument('n', type=int)
PARSER.add_argument('--dots', action='store_true')
+PARSER.add_argument('--data-size', type=int, default=4000)
+PARSER.add_argument('--data-type', choices={'random', 'simple'})
OPTIONS = PARSER.parse_args()
template = """\
src = open('/dev/urandom', 'rb')
bytes = 0
+counter = 0
for i in range(OPTIONS.n):
message = repr(src.read(2000))
- data = repr(src.read(4000))
+ if OPTIONS.data_type == 'random':
+ data = repr(src.read(OPTIONS.data_size))
+ else:
+ # keep the pattern non-repeating so we get a different blob every time
+ data = '{:0{}}'.format(counter, OPTIONS.data_size)
+ counter += 1
entry = template.format(m=m,
realtime_ts=realtime_ts,
r = catalog_file_lang(path, &deflang);
if (r < 0)
- log_error_errno(errno, "Failed to determine language for file %s: %m", path);
+ log_error_errno(r, "Failed to determine language for file %s: %m", path);
if (r == 1)
log_debug("File %s has language %s.", path, deflang);
if (feof(f))
break;
- log_error_errno(errno, "Failed to read file %s: %m", path);
- return -errno;
+ return log_error_errno(errno, "Failed to read file %s: %m", path);
}
n++;
return 0;
}
-static long write_catalog(const char *database, Hashmap *h, struct strbuf *sb,
- CatalogItem *items, size_t n) {
+static int64_t write_catalog(const char *database, struct strbuf *sb,
+ CatalogItem *items, size_t n) {
CatalogHeader header;
_cleanup_fclose_ FILE *w = NULL;
int r;
memcpy(header.signature, CATALOG_SIGNATURE, sizeof(header.signature));
header.header_size = htole64(ALIGN_TO(sizeof(CatalogHeader), 8));
header.catalog_item_size = htole64(sizeof(CatalogItem));
- header.n_items = htole64(hashmap_size(h));
+ header.n_items = htole64(n);
r = -EIO;
goto error;
}
- return ftell(w);
+ return ftello(w);
error:
(void) unlink(p);
CatalogItem *i;
Iterator j;
unsigned n;
- long r;
+ int r;
+ int64_t sz;
h = hashmap_new(&catalog_hash_ops);
sb = strbuf_new();
assert(n == hashmap_size(h));
qsort_safe(items, n, sizeof(CatalogItem), catalog_compare_func);
- r = write_catalog(database, h, sb, items, n);
- if (r < 0)
- log_error_errno(r, "Failed to write %s: %m", database);
- else
- log_debug("%s: wrote %u items, with %zu bytes of strings, %ld total size.",
- database, n, sb->len, r);
+ sz = write_catalog(database, sb, items, n);
+ if (sz < 0)
+ r = log_error_errno(sz, "Failed to write %s: %m", database);
+ else {
+ r = 0;
+ log_debug("%s: wrote %u items, with %zu bytes of strings, %"PRIi64" total size.",
+ database, n, sb->len, sz);
+ }
finish:
- if (sb)
- strbuf_cleanup(sb);
+ strbuf_cleanup(sb);
- return r < 0 ? r : 0;
+ return r;
}
static int open_mmap(const char *database, int *_fd, struct stat *_st, void **_p) {
_cleanup_(acl_freep) acl_t acl = NULL;
acl_entry_t entry;
acl_permset_t permset;
+ int r;
assert(fd >= 0);
}
if (acl_get_permset(entry, &permset) < 0 ||
- acl_add_perm(permset, ACL_READ) < 0 ||
- calc_acl_mask_if_needed(&acl) < 0) {
- log_warning_errno(errno, "Failed to patch ACL: %m");
- return -errno;
- }
+ acl_add_perm(permset, ACL_READ) < 0)
+ return log_warning_errno(errno, "Failed to patch ACL: %m");
+
+ r = calc_acl_mask_if_needed(&acl);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to patch ACL: %m");
if (acl_set_fd(fd, acl) < 0)
return log_error_errno(errno, "Failed to apply ACL: %m");
fdt = mkostemp_safe(temp, O_WRONLY|O_CLOEXEC);
if (fdt < 0)
- return log_error_errno(errno, "Failed to create temporary file: %m");
+ return log_error_errno(fdt, "Failed to create temporary file: %m");
log_debug("Created temporary file %s", temp);
fd = fdt;
r = wait_for_terminate(pid, &st);
if (r < 0) {
- log_error_errno(errno, "Failed to wait for gdb: %m");
+ log_error_errno(r, "Failed to wait for gdb: %m");
goto finish;
}
#define COMPRESSION_SIZE_THRESHOLD (512ULL)
/* This is the minimum journal file size */
-#define JOURNAL_FILE_SIZE_MIN (4ULL*1024ULL*1024ULL) /* 4 MiB */
+#define JOURNAL_FILE_SIZE_MIN (512ULL*1024ULL) /* 512 KiB */
/* These are the lower and upper bounds if we deduce the max_use value
* from the file system size */
}
if (f->last_stat.st_size < (off_t) HEADER_SIZE_MIN) {
- r = -EIO;
+ r = -ENODATA;
goto fail;
}
Hashmap *directories_by_path;
Hashmap *directories_by_wd;
- Set *errors;
+ Hashmap *errors;
};
char *journal_make_match_string(sd_journal *j);
data_fd = open_tmpfile("/var/tmp", O_RDWR | O_CLOEXEC);
if (data_fd < 0) {
- r = log_error_errno(errno, "Failed to create data file: %m");
+ r = log_error_errno(data_fd, "Failed to create data file: %m");
goto fail;
}
entry_fd = open_tmpfile("/var/tmp", O_RDWR | O_CLOEXEC);
if (entry_fd < 0) {
- r = log_error_errno(errno, "Failed to create entry file: %m");
+ r = log_error_errno(entry_fd, "Failed to create entry file: %m");
goto fail;
}
entry_array_fd = open_tmpfile("/var/tmp", O_RDWR | O_CLOEXEC);
if (entry_array_fd < 0) {
- r = log_error_errno(errno,
+ r = log_error_errno(entry_array_fd,
"Failed to create entry array file: %m");
goto fail;
}
safe_close(fd);
fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
if (fd < 0) {
- r = log_error_errno(errno, "Failed to open %s: %m", k);
+ r = log_error_errno(fd, "Failed to open %s: %m", k);
goto finish;
}
* writing and in-place updating */
r = chattr_fd(fd, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL);
if (r < 0)
- log_warning_errno(errno, "Failed to set file attributes: %m");
+ log_warning_errno(r, "Failed to set file attributes: %m");
zero(h);
memcpy(h.signature, "KSHHRHLP", 8);
static int access_check(sd_journal *j) {
Iterator it;
void *code;
+ char *path;
int r = 0;
assert(j);
- if (set_isempty(j->errors)) {
+ if (hashmap_isempty(j->errors)) {
if (ordered_hashmap_isempty(j->files))
log_notice("No journal files were found.");
return 0;
}
- if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
+ if (hashmap_contains(j->errors, INT_TO_PTR(-EACCES))) {
(void) access_check_var_log_journal(j);
if (ordered_hashmap_isempty(j->files))
r = log_error_errno(EACCES, "No journal files were opened due to insufficient permissions.");
}
- SET_FOREACH(code, j->errors, it) {
+ HASHMAP_FOREACH_KEY(path, code, j->errors, it) {
int err;
- err = -PTR_TO_INT(code);
- assert(err > 0);
+ err = abs(PTR_TO_INT(code));
- if (err == EACCES)
+ switch (err) {
+ case EACCES:
continue;
- log_warning_errno(err, "Error was encountered while opening journal files: %m");
- if (r == 0)
- r = -err;
+ case ENODATA:
+ log_warning_errno(err, "Journal file %s is truncated, ignoring file.", path);
+ break;
+
+ case EPROTONOSUPPORT:
+ log_warning_errno(err, "Journal file %s uses an unsupported feature, ignoring file.", path);
+ break;
+
+ case EBADMSG:
+ log_warning_errno(err, "Journal file %s corrupted, ignoring file.", path);
+ break;
+
+ default:
+ log_warning_errno(err, "An error was encountered while opening journal file %s, ignoring file.", path);
+ break;
+ }
}
return r;
fd = open_terminal(tty, O_WRONLY|O_NOCTTY|O_CLOEXEC);
if (fd < 0) {
- log_debug_errno(errno, "Failed to open %s for logging: %m", tty);
+ log_debug_errno(fd, "Failed to open %s for logging: %m", tty);
return;
}
if (errno == EAGAIN || errno == EINTR || errno == EPIPE)
return 0;
- log_error_errno(errno, "Failed to read from kernel: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to read from kernel: %m");
}
dev_kmsg_record(s, buffer, l);
int server_open_kernel_seqnum(Server *s) {
_cleanup_close_ int fd;
uint64_t *p;
+ int r;
assert(s);
return 0;
}
- if (posix_fallocate(fd, 0, sizeof(uint64_t)) < 0) {
- log_error_errno(errno, "Failed to allocate sequential number file, ignoring: %m");
+ r = posix_fallocate(fd, 0, sizeof(uint64_t));
+ if (r != 0) {
+ log_error_errno(r, "Failed to allocate sequential number file, ignoring: %m");
return 0;
}
r = readlink_malloc(sl, &k);
if (r < 0) {
- log_error_errno(errno, "readlink(%s) failed: %m", sl);
+ log_error_errno(r, "readlink(%s) failed: %m", sl);
return;
}
n = pread(fd, p, st.st_size, 0);
if (n < 0)
- log_error_errno(n, "Failed to read file, ignoring: %m");
+ log_error_errno(errno, "Failed to read file, ignoring: %m");
else if (n > 0)
server_process_native_message(s, p, n, ucred, tv, label, label_len);
}
/* We do not recalculate the mask unconditionally here,
* so that the fchmod() mask above stays intact. */
if (acl_get_permset(entry, &permset) < 0 ||
- acl_add_perm(permset, ACL_READ) < 0 ||
- calc_acl_mask_if_needed(&acl) < 0) {
+ acl_add_perm(permset, ACL_READ) < 0) {
log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
return;
}
+ r = calc_acl_mask_if_needed(&acl);
+ if (r < 0) {
+ log_warning_errno(r, "Failed to patch ACL on %s, ignoring: %m", f->path);
+ return;
+ }
+
if (acl_set_fd(f->fd, acl) < 0)
log_warning_errno(errno, "Failed to set ACL on %s, ignoring: %m", f->path);
}
/* The $NOTIFY_SOCKET is writable again, now send exactly one
- * message on it. Either it's the initial READY=1 event or an
- * stdout stream event. If there's nothing to write anymore,
- * turn our event source off. The next time there's something
- * to send it will be turned on again. */
+ * message on it. Either it's the wtachdog event, the initial
+ * READY=1 event or an stdout stream event. If there's nothing
+ * to write anymore, turn our event source off. The next time
+ * there's something to send it will be turned on again. */
if (!s->sent_notify_ready) {
static const char p[] =
s->sent_notify_ready = true;
log_debug("Sent READY=1 notification.");
+ } else if (s->send_watchdog) {
+
+ static const char p[] =
+ "WATCHDOG=1";
+
+ ssize_t l;
+
+ l = send(s->notify_fd, p, strlen(p), MSG_DONTWAIT);
+ if (l < 0) {
+ if (errno == EAGAIN)
+ return 0;
+
+ return log_error_errno(errno, "Failed to send WATCHDOG=1 notification message: %m");
+ }
+
+ s->send_watchdog = false;
+ log_debug("Sent WATCHDOG=1 notification.");
+
} else if (s->stdout_streams_notify_queue)
/* Dispatch one stream notification event */
stdout_stream_send_notify(s->stdout_streams_notify_queue);
/* Leave us enabled if there's still more to to do. */
- if (s->stdout_streams_notify_queue)
+ if (s->send_watchdog || s->stdout_streams_notify_queue)
return 0;
/* There was nothing to do anymore, let's turn ourselves off. */
return 0;
}
+static int dispatch_watchdog(sd_event_source *es, uint64_t usec, void *userdata) {
+ Server *s = userdata;
+ int r;
+
+ assert(s);
+
+ s->send_watchdog = true;
+
+ r = sd_event_source_set_enabled(s->notify_event_source, SD_EVENT_ON);
+ if (r < 0)
+ log_warning_errno(r, "Failed to turn on notify event source: %m");
+
+ r = sd_event_source_set_time(s->watchdog_event_source, usec + s->watchdog_usec / 2);
+ if (r < 0)
+ return log_error_errno(r, "Failed to restart watchdog event source: %m");
+
+ r = sd_event_source_set_enabled(s->watchdog_event_source, SD_EVENT_ON);
+ if (r < 0)
+ return log_error_errno(r, "Failed to enable watchdog event source: %m");
+
+ return 0;
+}
+
static int server_connect_notify(Server *s) {
union sockaddr_union sa = {
.un.sun_family = AF_UNIX,
if (r < 0)
return log_error_errno(r, "Failed to watch notification socket: %m");
+ if (sd_watchdog_enabled(false, &s->watchdog_usec) > 0) {
+ s->send_watchdog = true;
+
+ r = sd_event_add_time(s->event, &s->watchdog_event_source, CLOCK_MONOTONIC, now(CLOCK_MONOTONIC) + s->watchdog_usec/2, s->watchdog_usec*3/4, dispatch_watchdog, s);
+ if (r < 0)
+ return log_error_errno(r, "Failed to add watchdog time event: %m");
+ }
+
/* This should fire pretty soon, which we'll use to send the
* READY=1 event. */
s->compress = true;
s->seal = true;
+ s->watchdog_usec = USEC_INFINITY;
+
s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
s->sync_scheduled = false;
sd_event_source_unref(s->sigint_event_source);
sd_event_source_unref(s->hostname_event_source);
sd_event_source_unref(s->notify_event_source);
+ sd_event_source_unref(s->watchdog_event_source);
sd_event_unref(s->event);
safe_close(s->syslog_fd);
sd_event_source *sigint_event_source;
sd_event_source *hostname_event_source;
sd_event_source *notify_event_source;
+ sd_event_source *watchdog_event_source;
JournalFile *runtime_journal;
JournalFile *system_journal;
MMapCache *mmap;
- bool dev_kmsg_readable;
+ struct udev *udev;
uint64_t *kernel_seqnum;
+ bool dev_kmsg_readable:1;
- struct udev *udev;
-
- bool sent_notify_ready;
- bool sync_scheduled;
+ bool send_watchdog:1;
+ bool sent_notify_ready:1;
+ bool sync_scheduled:1;
char machine_id_field[sizeof("_MACHINE_ID=") + 32];
char boot_id_field[sizeof("_BOOT_ID=") + 32];
/* Cached cgroup root, so that we don't have to query that all the time */
char *cgroup_root;
+
+ usec_t watchdog_usec;
};
#define SERVER_MACHINE_ID(s) ((s)->machine_id_field + strlen("_MACHINE_ID="))
if (errno == EAGAIN)
return 0;
- log_error_errno(errno, "Failed to accept stdout connection: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to accept stdout connection: %m");
}
if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) {
return j->original_pid != getpid();
}
-/* We return an error here only if we didn't manage to
- memorize the real error. */
-static int set_put_error(sd_journal *j, int r) {
+static int journal_put_error(sd_journal *j, int r, const char *path) {
+ char *copy;
int k;
+ /* Memorize an error we encountered, and store which
+ * file/directory it was generated from. Note that we store
+ * only *one* path per error code, as the error code is the
+ * key into the hashmap, and the path is the value. This means
+ * we keep track only of all error kinds, but not of all error
+ * locations. This has the benefit that the hashmap cannot
+ * grow beyond bounds.
+ *
+ * We return an error here only if we didn't manage to
+ * memorize the real error. */
+
if (r >= 0)
return r;
- k = set_ensure_allocated(&j->errors, NULL);
+ k = hashmap_ensure_allocated(&j->errors, NULL);
if (k < 0)
return k;
- return set_put(j->errors, INT_TO_PTR(r));
+ if (path) {
+ copy = strdup(path);
+ if (!copy)
+ return -ENOMEM;
+ } else
+ copy = NULL;
+
+ k = hashmap_put(j->errors, INT_TO_PTR(r), copy);
+ if (k < 0) {
+ free(copy);
+
+ if (k == -EEXIST)
+ return 0;
+
+ return k;
+ }
+
+ return 0;
}
static void detach_location(sd_journal *j) {
}
static bool file_type_wanted(int flags, const char *filename) {
+ assert(filename);
+
if (!endswith(filename, ".journal") && !endswith(filename, ".journal~"))
return false;
static int add_any_file(sd_journal *j, const char *path) {
JournalFile *f = NULL;
- int r;
+ int r, k;
assert(j);
assert(path);
return 0;
if (ordered_hashmap_size(j->files) >= JOURNAL_FILES_MAX) {
- log_warning("Too many open journal files, not adding %s.", path);
- return set_put_error(j, -ETOOMANYREFS);
+ log_debug("Too many open journal files, not adding %s.", path);
+ r = -ETOOMANYREFS;
+ goto fail;
}
r = journal_file_open(path, O_RDONLY, 0, false, false, NULL, j->mmap, NULL, &f);
- if (r < 0)
- return r;
+ if (r < 0) {
+ log_debug_errno(r, "Failed to open journal file %s: %m", path);
+ goto fail;
+ }
/* journal_file_dump(f); */
r = ordered_hashmap_put(j->files, f->path, f);
if (r < 0) {
journal_file_close(f);
- return r;
+ goto fail;
}
log_debug("File %s added.", f->path);
j->current_invalidate_counter ++;
return 0;
+
+fail:
+ k = journal_put_error(j, r, path);
+ if (k < 0)
+ return k;
+
+ return r;
}
static int add_file(sd_journal *j, const char *prefix, const char *filename) {
- _cleanup_free_ char *path = NULL;
- int r;
+ const char *path;
assert(j);
assert(prefix);
!file_type_wanted(j->flags, filename))
return 0;
- path = strjoin(prefix, "/", filename, NULL);
- if (!path)
- return -ENOMEM;
-
- r = add_any_file(j, path);
- if (r == -ENOENT)
- return 0;
- return r;
+ path = strjoina(prefix, "/", filename);
+ return add_any_file(j, path);
}
-static int remove_file(sd_journal *j, const char *prefix, const char *filename) {
- _cleanup_free_ char *path;
+static void remove_file(sd_journal *j, const char *prefix, const char *filename) {
+ const char *path;
JournalFile *f;
assert(j);
assert(prefix);
assert(filename);
- path = strjoin(prefix, "/", filename, NULL);
- if (!path)
- return -ENOMEM;
-
+ path = strjoina(prefix, "/", filename);
f = ordered_hashmap_get(j->files, path);
if (!f)
- return 0;
+ return;
remove_file_real(j, f);
- return 0;
}
static void remove_file_real(sd_journal *j, JournalFile *f) {
j->current_invalidate_counter ++;
}
+static int dirname_is_machine_id(const char *fn) {
+ sd_id128_t id, machine;
+ int r;
+
+ r = sd_id128_get_machine(&machine);
+ if (r < 0)
+ return r;
+
+ r = sd_id128_from_string(fn, &id);
+ if (r < 0)
+ return r;
+
+ return sd_id128_equal(id, machine);
+}
+
static int add_directory(sd_journal *j, const char *prefix, const char *dirname) {
_cleanup_free_ char *path = NULL;
- int r;
_cleanup_closedir_ DIR *d = NULL;
- sd_id128_t id, mid;
+ struct dirent *de = NULL;
Directory *m;
+ int r, k;
assert(j);
assert(prefix);
log_debug("Considering %s/%s.", prefix, dirname);
if ((j->flags & SD_JOURNAL_LOCAL_ONLY) &&
- (sd_id128_from_string(dirname, &id) < 0 ||
- sd_id128_get_machine(&mid) < 0 ||
- !(sd_id128_equal(id, mid) || path_startswith(prefix, "/run"))))
+ !(dirname_is_machine_id(dirname) > 0 || path_startswith(prefix, "/run")))
return 0;
path = strjoin(prefix, "/", dirname, NULL);
- if (!path)
- return -ENOMEM;
+ if (!path) {
+ r = -ENOMEM;
+ goto fail;
+ }
d = opendir(path);
if (!d) {
- log_debug_errno(errno, "Failed to open %s: %m", path);
- if (errno == ENOENT)
- return 0;
- return -errno;
+ r = log_debug_errno(errno, "Failed to open directory %s: %m", path);
+ goto fail;
}
m = hashmap_get(j->directories_by_path, path);
if (!m) {
m = new0(Directory, 1);
- if (!m)
- return -ENOMEM;
+ if (!m) {
+ r = -ENOMEM;
+ goto fail;
+ }
m->is_root = false;
m->path = path;
if (hashmap_put(j->directories_by_path, m->path, m) < 0) {
free(m);
- return -ENOMEM;
+ r = -ENOMEM;
+ goto fail;
}
path = NULL; /* avoid freeing in cleanup */
inotify_rm_watch(j->inotify_fd, m->wd);
}
- for (;;) {
- struct dirent *de;
-
- errno = 0;
- de = readdir(d);
- if (!de && errno != 0) {
- r = -errno;
- log_debug_errno(errno, "Failed to read directory %s: %m", m->path);
- return r;
- }
- if (!de)
- break;
+ FOREACH_DIRENT_ALL(de, d, return log_debug_errno(errno, "Failed to read directory %s: %m", m->path)) {
if (dirent_is_file_with_suffix(de, ".journal") ||
- dirent_is_file_with_suffix(de, ".journal~")) {
- r = add_file(j, m->path, de->d_name);
- if (r < 0) {
- log_debug_errno(r, "Failed to add file %s/%s: %m",
- m->path, de->d_name);
- r = set_put_error(j, r);
- if (r < 0)
- return r;
- }
- }
+ dirent_is_file_with_suffix(de, ".journal~"))
+ (void) add_file(j, m->path, de->d_name);
}
check_network(j, dirfd(d));
return 0;
+
+fail:
+ k = journal_put_error(j, r, path ?: dirname);
+ if (k < 0)
+ return k;
+
+ return r;
}
-static int add_root_directory(sd_journal *j, const char *p) {
+static int add_root_directory(sd_journal *j, const char *p, bool missing_ok) {
_cleanup_closedir_ DIR *d = NULL;
+ struct dirent *de;
Directory *m;
- int r;
+ int r, k;
assert(j);
assert(p);
p = strjoina(j->prefix, p);
d = opendir(p);
- if (!d)
- return -errno;
+ if (!d) {
+ if (errno == ENOENT && missing_ok)
+ return 0;
+
+ r = log_debug_errno(errno, "Failed to open root directory %s: %m", p);
+ goto fail;
+ }
m = hashmap_get(j->directories_by_path, p);
if (!m) {
m = new0(Directory, 1);
- if (!m)
- return -ENOMEM;
+ if (!m) {
+ r = -ENOMEM;
+ goto fail;
+ }
m->is_root = true;
m->path = strdup(p);
if (!m->path) {
free(m);
- return -ENOMEM;
+ r = -ENOMEM;
+ goto fail;
}
if (hashmap_put(j->directories_by_path, m->path, m) < 0) {
free(m->path);
free(m);
- return -ENOMEM;
+ r = -ENOMEM;
+ goto fail;
}
j->current_invalidate_counter ++;
if (j->no_new_files)
return 0;
- for (;;) {
- struct dirent *de;
+ FOREACH_DIRENT_ALL(de, d, return log_debug_errno(errno, "Failed to read directory %s: %m", m->path)) {
sd_id128_t id;
- errno = 0;
- de = readdir(d);
- if (!de && errno != 0) {
- r = -errno;
- log_debug_errno(errno, "Failed to read directory %s: %m", m->path);
- return r;
- }
- if (!de)
- break;
-
if (dirent_is_file_with_suffix(de, ".journal") ||
- dirent_is_file_with_suffix(de, ".journal~")) {
- r = add_file(j, m->path, de->d_name);
- if (r < 0) {
- log_debug_errno(r, "Failed to add file %s/%s: %m",
- m->path, de->d_name);
- r = set_put_error(j, r);
- if (r < 0)
- return r;
- }
- } else if ((de->d_type == DT_DIR || de->d_type == DT_LNK || de->d_type == DT_UNKNOWN) &&
- sd_id128_from_string(de->d_name, &id) >= 0) {
-
- r = add_directory(j, m->path, de->d_name);
- if (r < 0)
- log_debug_errno(r, "Failed to add directory %s/%s: %m", m->path, de->d_name);
- }
+ dirent_is_file_with_suffix(de, ".journal~"))
+ (void) add_file(j, m->path, de->d_name);
+ else if (IN_SET(de->d_type, DT_DIR, DT_LNK, DT_UNKNOWN) &&
+ sd_id128_from_string(de->d_name, &id) >= 0)
+ (void) add_directory(j, m->path, de->d_name);
}
check_network(j, dirfd(d));
return 0;
+
+fail:
+ k = journal_put_error(j, r, p);
+ if (k < 0)
+ return k;
+
+ return r;
}
static void remove_directory(sd_journal *j, Directory *d) {
}
static int add_search_paths(sd_journal *j) {
- int r;
- const char search_paths[] =
+
+ static const char search_paths[] =
"/run/log/journal\0"
"/var/log/journal\0";
const char *p;
/* We ignore most errors here, since the idea is to only open
* what's actually accessible, and ignore the rest. */
- NULSTR_FOREACH(p, search_paths) {
- r = add_root_directory(j, p);
- if (r < 0 && r != -ENOENT) {
- r = set_put_error(j, r);
- if (r < 0)
- return r;
- }
- }
+ NULSTR_FOREACH(p, search_paths)
+ (void) add_root_directory(j, p, true);
return 0;
}
if (!dir)
return -ENOMEM;
- r = add_root_directory(j, dir);
- if (r < 0) {
- set_put_error(j, r);
+ r = add_root_directory(j, dir, true);
+ if (r < 0)
return r;
- }
}
return 0;
}
-
static int allocate_inotify(sd_journal *j) {
assert(j);
if (!j)
return -ENOMEM;
- r = add_root_directory(j, path);
- if (r < 0) {
- set_put_error(j, r);
+ r = add_root_directory(j, path, false);
+ if (r < 0)
goto fail;
- }
*ret = j;
return 0;
STRV_FOREACH(path, paths) {
r = add_any_file(j, *path);
- if (r < 0) {
- log_error_errno(r, "Failed to open %s: %m", *path);
+ if (r < 0)
goto fail;
- }
}
j->no_new_files = true;
_public_ void sd_journal_close(sd_journal *j) {
Directory *d;
JournalFile *f;
+ char *p;
if (!j)
return;
mmap_cache_unref(j->mmap);
}
+ while ((p = hashmap_steal_first(j->errors)))
+ free(p);
+ hashmap_free(j->errors);
+
free(j->path);
free(j->prefix);
free(j->unique_field);
- set_free(j->errors);
free(j);
}
if (j->no_new_files)
r = add_current_paths(j);
else if (j->path)
- r = add_root_directory(j, j->path);
+ r = add_root_directory(j, j->path, true);
else
r = add_search_paths(j);
if (r < 0)
static void process_inotify_event(sd_journal *j, struct inotify_event *e) {
Directory *d;
- int r;
assert(j);
assert(e);
/* Event for a journal file */
- if (e->mask & (IN_CREATE|IN_MOVED_TO|IN_MODIFY|IN_ATTRIB)) {
- r = add_file(j, d->path, e->name);
- if (r < 0) {
- log_debug_errno(r, "Failed to add file %s/%s: %m",
- d->path, e->name);
- set_put_error(j, r);
- }
-
- } else if (e->mask & (IN_DELETE|IN_MOVED_FROM|IN_UNMOUNT)) {
-
- r = remove_file(j, d->path, e->name);
- if (r < 0)
- log_debug_errno(r, "Failed to remove file %s/%s: %m", d->path, e->name);
- }
+ if (e->mask & (IN_CREATE|IN_MOVED_TO|IN_MODIFY|IN_ATTRIB))
+ (void) add_file(j, d->path, e->name);
+ else if (e->mask & (IN_DELETE|IN_MOVED_FROM|IN_UNMOUNT))
+ remove_file(j, d->path, e->name);
} else if (!d->is_root && e->len == 0) {
/* Event for root directory */
- if (e->mask & (IN_CREATE|IN_MOVED_TO|IN_MODIFY|IN_ATTRIB)) {
- r = add_directory(j, d->path, e->name);
- if (r < 0)
- log_debug_errno(r, "Failed to add directory %s/%s: %m", d->path, e->name);
- }
+ if (e->mask & (IN_CREATE|IN_MOVED_TO|IN_MODIFY|IN_ATTRIB))
+ (void) add_directory(j, d->path, e->name);
}
return;
if (e->mask & IN_IGNORED)
return;
- log_warning("Unknown inotify event.");
+ log_debug("Unknown inotify event.");
}
static int determine_change(sd_journal *j) {
int r;
assert_return(optlen > 1, -ENODATA);
- assert_return(optval[optlen] == '\0', -EINVAL);
+ assert_return(optval[optlen - 1] == '\0', -EINVAL);
while (pos < optlen) {
_cleanup_free_ char *ret = NULL;
p = m->pdu;
- /* extract ethernet header */
+ /* extract Ethernet header */
memcpy(&m->mac, p, ETH_ALEN);
p += sizeof(struct ether_header);
expected_hlen = ETH_ALEN;
expected_chaddr = (const struct ether_addr *) &client->mac_addr;
} else {
- /* Non-ethernet links expect zero chaddr */
+ /* Non-Ethernet links expect zero chaddr */
expected_hlen = 0;
expected_chaddr = &zero_mac;
}
#include "dns-domain.h"
#include "fd-util.h"
#include "fileio.h"
+#include "hexdecoct.h"
#include "hostname-util.h"
#include "in-addr-util.h"
#include "network-internal.h"
-#include "hexdecoct.h"
#include "parse-util.h"
+#include "string-util.h"
#include "unaligned.h"
int sd_dhcp_lease_get_address(sd_dhcp_lease *lease, struct in_addr *addr) {
if (address) {
r = inet_pton(AF_INET, address, &lease->address);
if (r <= 0)
- log_debug_errno(errno, "Failed to parse address %s, ignoring: %m", address);
+ log_debug("Failed to parse address %s, ignoring.", address);
}
if (router) {
r = inet_pton(AF_INET, router, &lease->router);
if (r <= 0)
- log_debug_errno(errno, "Failed to parse router %s, ignoring: %m", router);
+ log_debug("Failed to parse router %s, ignoring.", router);
}
if (netmask) {
r = inet_pton(AF_INET, netmask, &lease->subnet_mask);
if (r <= 0)
- log_debug_errno(errno, "Failed to parse netmask %s, ignoring: %m", netmask);
+ log_debug("Failed to parse netmask %s, ignoring.", netmask);
else
lease->have_subnet_mask = true;
}
if (server_address) {
r = inet_pton(AF_INET, server_address, &lease->server_address);
if (r <= 0)
- log_debug_errno(errno, "Failed to parse netmask %s, ignoring: %m", server_address);
+ log_debug("Failed to parse server address %s, ignoring.", server_address);
}
if (next_server) {
r = inet_pton(AF_INET, next_server, &lease->next_server);
if (r <= 0)
- log_debug_errno(errno, "Failed to parse next server %s, ignoring: %m", next_server);
+ log_debug("Failed to parse next server %s, ignoring.", next_server);
}
if (broadcast) {
r = inet_pton(AF_INET, broadcast, &lease->broadcast);
if (r <= 0)
- log_debug_errno(errno, "Failed to parse broadcast address %s, ignoring: %m", broadcast);
+ log_debug("Failed to parse broadcast address %s, ignoring.", broadcast);
else
lease->have_broadcast = true;
}
+++ /dev/null
-/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
-
-/***
- This file is part of systemd.
-
- Copyright (C) 2014 Tom Gundersen
-
- systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- systemd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-/* See RFC 2516 */
-
-#include <net/if.h>
-#include <netinet/in.h>
-#include <sys/ioctl.h>
-#include <linux/if_pppox.h>
-#include <linux/ppp_defs.h>
-#include <linux/ppp-ioctl.h>
-
-#include "sd-pppoe.h"
-
-#include "alloc-util.h"
-#include "async.h"
-#include "event-util.h"
-#include "fd-util.h"
-#include "random-util.h"
-#include "socket-util.h"
-#include "sparse-endian.h"
-#include "string-util.h"
-#include "utf8.h"
-#include "util.h"
-
-#define PPPOE_MAX_PACKET_SIZE 1484
-#define PPPOE_MAX_PADR_RESEND 16
-
-/* TODO: move this to socket-util.h without getting into
- * a mess with the includes */
-union sockaddr_union_pppox {
- struct sockaddr sa;
- struct sockaddr_pppox pppox;
-};
-
-typedef enum PPPoEState {
- PPPOE_STATE_INITIALIZING,
- PPPOE_STATE_REQUESTING,
- PPPOE_STATE_RUNNING,
- PPPOE_STATE_STOPPED,
- _PPPOE_STATE_MAX,
- _PPPOE_STATE_INVALID = -1,
-} PPPoEState;
-
-typedef struct PPPoETags {
- char *service_name;
- char *ac_name;
- uint8_t *host_uniq;
- size_t host_uniq_len;
- uint8_t *cookie;
- size_t cookie_len;
-} PPPoETags;
-
-struct sd_pppoe {
- unsigned n_ref;
-
- PPPoEState state;
- uint64_t host_uniq;
-
- int ifindex;
- char *ifname;
-
- sd_event *event;
- int event_priority;
- int fd;
- sd_event_source *io;
- sd_event_source *timeout;
- int padr_resend_count;
-
- char *service_name;
- struct ether_addr peer_mac;
- be16_t session_id;
-
- int pppoe_fd;
- int channel;
-
- sd_pppoe_cb_t cb;
- void *userdata;
-
- PPPoETags tags;
-};
-
-#define PPPOE_PACKET_LENGTH(header) \
- be16toh((header)->length)
-
-#define PPPOE_PACKET_TAIL(packet) \
- (struct pppoe_tag*)((uint8_t*)(packet) + sizeof(struct pppoe_hdr) + PPPOE_PACKET_LENGTH(packet))
-
-#define PPPOE_TAG_LENGTH(tag) \
- be16toh((tag)->tag_len)
-
-#define PPPOE_TAG_TYPE(tag) \
- (tag)->tag_type
-
-#define PPPOE_TAG_NEXT(tag) \
- (struct pppoe_tag *)((uint8_t *)(tag) + sizeof(struct pppoe_tag) + PPPOE_TAG_LENGTH(tag))
-
-#define PPPOE_TAGS_FOREACH(tag, header) \
- for (tag = (header)->tag; \
- ((uint8_t *)(tag) + sizeof(struct pppoe_tag) < (uint8_t*)PPPOE_PACKET_TAIL(header)) && \
- (PPPOE_TAG_NEXT(tag) <= PPPOE_PACKET_TAIL(header)) && \
- (tag >= (header)->tag) && \
- (PPPOE_TAG_TYPE(tag) != PTT_EOL); \
- tag = PPPOE_TAG_NEXT(tag))
-
-static void pppoe_tags_clear(PPPoETags *tags) {
- free(tags->service_name);
- free(tags->ac_name);
- free(tags->host_uniq);
- free(tags->cookie);
-
- zero(*tags);
-}
-
-int sd_pppoe_set_ifindex(sd_pppoe *ppp, int ifindex) {
- assert_return(ppp, -EINVAL);
- assert_return(ifindex > 0, -EINVAL);
-
- ppp->ifindex = ifindex;
-
- return 0;
-}
-
-int sd_pppoe_set_ifname(sd_pppoe *ppp, const char *ifname) {
- char *name;
-
- assert_return(ppp, -EINVAL);
- assert_return(ifname, -EINVAL);
-
- if (strlen(ifname) > IFNAMSIZ)
- return -EINVAL;
-
- name = strdup(ifname);
- if (!name)
- return -ENOMEM;
-
- free(ppp->ifname);
- ppp->ifname = name;
-
- return 0;
-}
-
-int sd_pppoe_set_service_name(sd_pppoe *ppp, const char *service_name) {
- _cleanup_free_ char *name = NULL;
-
- assert_return(ppp, -EINVAL);
-
- if (service_name) {
- name = strdup(service_name);
- if (!name)
- return -ENOMEM;
- }
-
- free(ppp->service_name);
- ppp->service_name = name;
- name = NULL;
-
- return 0;
-}
-
-int sd_pppoe_attach_event(sd_pppoe *ppp, sd_event *event, int priority) {
- int r;
-
- assert_return(ppp, -EINVAL);
- assert_return(!ppp->event, -EBUSY);
-
- if (event)
- ppp->event = sd_event_ref(event);
- else {
- r = sd_event_default(&ppp->event);
- if (r < 0)
- return r;
- }
-
- ppp->event_priority = priority;
-
- return 0;
-}
-
-int sd_pppoe_detach_event(sd_pppoe *ppp) {
- assert_return(ppp, -EINVAL);
-
- ppp->event = sd_event_unref(ppp->event);
-
- return 0;
-}
-
-sd_pppoe *sd_pppoe_ref(sd_pppoe *ppp) {
-
- if (!ppp)
- return NULL;
-
- assert(ppp->n_ref > 0);
- ppp->n_ref++;
-
- return ppp;
-}
-
-sd_pppoe *sd_pppoe_unref(sd_pppoe *ppp) {
-
- if (!ppp)
- return NULL;
-
- assert(ppp->n_ref > 0);
- ppp->n_ref--;
-
- if (ppp->n_ref > 0)
- return NULL;
-
- pppoe_tags_clear(&ppp->tags);
- free(ppp->ifname);
- free(ppp->service_name);
- sd_pppoe_stop(ppp);
- sd_pppoe_detach_event(ppp);
-
- free(ppp);
- return NULL;
-}
-
-int sd_pppoe_new (sd_pppoe **ret) {
- sd_pppoe *ppp;
-
- assert_return(ret, -EINVAL);
-
- ppp = new0(sd_pppoe, 1);
- if (!ppp)
- return -ENOMEM;
-
- ppp->n_ref = 1;
- ppp->state = _PPPOE_STATE_INVALID;
- ppp->ifindex = -1;
- ppp->fd = -1;
- ppp->pppoe_fd = -1;
- ppp->padr_resend_count = PPPOE_MAX_PADR_RESEND;
-
- *ret = ppp;
-
- return 0;
-}
-
-int sd_pppoe_get_channel(sd_pppoe *ppp, int *channel) {
- assert_return(ppp, -EINVAL);
- assert_return(channel, -EINVAL);
- assert_return(ppp->pppoe_fd != -1, -EUNATCH);
- assert_return(ppp->state == PPPOE_STATE_RUNNING, -EUNATCH);
-
- *channel = ppp->channel;
-
- return 0;
-}
-
-int sd_pppoe_set_callback(sd_pppoe *ppp, sd_pppoe_cb_t cb, void *userdata) {
- assert_return(ppp, -EINVAL);
-
- ppp->cb = cb;
- ppp->userdata = userdata;
-
- return 0;
-}
-
-static void pppoe_tag_append(struct pppoe_hdr *packet, size_t packet_size, be16_t tag_type, const void *tag_data, uint16_t tag_len) {
- struct pppoe_tag *tag;
-
- assert(packet);
- assert(sizeof(struct pppoe_hdr) + PPPOE_PACKET_LENGTH(packet) + sizeof(struct pppoe_tag) + tag_len <= packet_size);
- assert(!(!tag_data ^ !tag_len));
-
- tag = PPPOE_PACKET_TAIL(packet);
-
- tag->tag_len = htobe16(tag_len);
- tag->tag_type = tag_type;
- if (tag_data)
- memcpy(tag->tag_data, tag_data, tag_len);
-
- packet->length = htobe16(PPPOE_PACKET_LENGTH(packet) + sizeof(struct pppoe_tag) + tag_len);
-}
-
-static int pppoe_send(sd_pppoe *ppp, uint8_t code) {
- union sockaddr_union link = {
- .ll = {
- .sll_family = AF_PACKET,
- .sll_protocol = htons(ETH_P_PPP_DISC),
- .sll_halen = ETH_ALEN,
- },
- };
- _cleanup_free_ struct pppoe_hdr *packet = NULL;
- int r;
-
- assert(ppp);
- assert(ppp->fd != -1);
- assert(IN_SET(code, PADI_CODE, PADR_CODE, PADT_CODE));
-
- link.ll.sll_ifindex = ppp->ifindex;
- if (code == PADI_CODE)
- memset(&link.ll.sll_addr, 0xff, ETH_ALEN);
- else
- memcpy(&link.ll.sll_addr, &ppp->peer_mac, ETH_ALEN);
-
- packet = malloc0(PPPOE_MAX_PACKET_SIZE);
- if (!packet)
- return -ENOMEM;
-
- packet->ver = 0x1;
- packet->type = 0x1;
- packet->code = code;
- if (code == PADT_CODE)
- packet->sid = ppp->session_id;
-
- /* Service-Name */
- pppoe_tag_append(packet, PPPOE_MAX_PACKET_SIZE, PTT_SRV_NAME,
- ppp->service_name, ppp->service_name ? strlen(ppp->service_name) : 0);
-
- /* AC-Cookie */
- if (code == PADR_CODE && ppp->tags.cookie)
- pppoe_tag_append(packet, PPPOE_MAX_PACKET_SIZE, PTT_AC_COOKIE,
- ppp->tags.cookie, ppp->tags.cookie_len);
-
- /* Host-Uniq */
- if (code != PADT_CODE) {
- ppp->host_uniq = random_u64();
-
- pppoe_tag_append(packet, PPPOE_MAX_PACKET_SIZE, PTT_HOST_UNIQ,
- &ppp->host_uniq, sizeof(ppp->host_uniq));
- }
-
- r = sendto(ppp->fd, packet, sizeof(struct pppoe_hdr) + PPPOE_PACKET_LENGTH(packet),
- 0, &link.sa, sizeof(link.ll));
- if (r < 0)
- return -errno;
-
- return 0;
-}
-
-static int pppoe_timeout(sd_event_source *s, uint64_t usec, void *userdata);
-
-static int pppoe_arm_timeout(sd_pppoe *ppp) {
- _cleanup_event_source_unref_ sd_event_source *timeout = NULL;
- usec_t next_timeout = 0;
- int r;
-
- assert(ppp);
-
- r = sd_event_now(ppp->event, clock_boottime_or_monotonic(), &next_timeout);
- if (r < 0)
- return r;
-
- next_timeout += 500 * USEC_PER_MSEC;
-
- r = sd_event_add_time(ppp->event, &timeout, clock_boottime_or_monotonic(), next_timeout,
- 10 * USEC_PER_MSEC, pppoe_timeout, ppp);
- if (r < 0)
- return r;
-
- r = sd_event_source_set_priority(timeout, ppp->event_priority);
- if (r < 0)
- return r;
-
- sd_event_source_unref(ppp->timeout);
- ppp->timeout = timeout;
- timeout = NULL;
-
- return 0;
-}
-
-static int pppoe_send_initiation(sd_pppoe *ppp) {
- int r;
-
- r = pppoe_send(ppp, PADI_CODE);
- if (r < 0)
- return r;
-
- log_debug("PPPoE: sent DISCOVER (Service-Name: %s)",
- strna(ppp->service_name));
-
- pppoe_arm_timeout(ppp);
-
- return r;
-}
-
-static int pppoe_send_request(sd_pppoe *ppp) {
- int r;
-
- r = pppoe_send(ppp, PADR_CODE);
- if (r < 0)
- return r;
-
- log_debug("PPPoE: sent REQUEST");
-
- ppp->padr_resend_count --;
-
- pppoe_arm_timeout(ppp);
-
- return 0;
-}
-
-static int pppoe_send_terminate(sd_pppoe *ppp) {
- int r;
-
- r = pppoe_send(ppp, PADT_CODE);
- if (r < 0)
- return r;
-
- log_debug("PPPoE: sent TERMINATE");
-
- return 0;
-}
-
-static int pppoe_timeout(sd_event_source *s, uint64_t usec, void *userdata) {
- sd_pppoe *ppp = userdata;
- int r;
-
- assert(ppp);
-
- switch (ppp->state) {
- case PPPOE_STATE_INITIALIZING:
- r = pppoe_send_initiation(ppp);
- if (r < 0)
- log_warning_errno(r, "PPPoE: sending PADI failed: %m");
-
- break;
- case PPPOE_STATE_REQUESTING:
- if (ppp->padr_resend_count <= 0) {
- log_debug("PPPoE: PADR timed out, restarting PADI");
-
- r = pppoe_send_initiation(ppp);
- if (r < 0)
- log_warning_errno(r, "PPPoE: sending PADI failed: %m");
-
- ppp->padr_resend_count = PPPOE_MAX_PADR_RESEND;
- ppp->state = PPPOE_STATE_INITIALIZING;
- } else {
- r = pppoe_send_request(ppp);
- if (r < 0)
- log_warning_errno(r, "PPPoE: sending PADR failed: %m");
- }
-
- break;
- default:
- assert_not_reached("timeout in invalid state");
- }
-
- return 0;
-}
-
-static int pppoe_tag_parse_binary(struct pppoe_tag *tag, uint8_t **ret, size_t *length) {
- uint8_t *data;
-
- assert(ret);
- assert(length);
-
- data = memdup(tag->tag_data, PPPOE_TAG_LENGTH(tag));
- if (!data)
- return -ENOMEM;
-
- free(*ret);
- *ret = data;
- *length = PPPOE_TAG_LENGTH(tag);
-
- return 0;
-}
-
-static int pppoe_tag_parse_string(struct pppoe_tag *tag, char **ret) {
- char *string;
-
- assert(ret);
-
- string = strndup(tag->tag_data, PPPOE_TAG_LENGTH(tag));
- if (!string)
- return -ENOMEM;
-
- free(*ret);
- *ret = string;
-
- return 0;
-}
-
-static int pppoe_payload_parse(PPPoETags *tags, struct pppoe_hdr *header) {
- struct pppoe_tag *tag;
- int r;
-
- assert(tags);
-
- pppoe_tags_clear(tags);
-
- PPPOE_TAGS_FOREACH(tag, header) {
- switch (PPPOE_TAG_TYPE(tag)) {
- case PTT_SRV_NAME:
- r = pppoe_tag_parse_string(tag, &tags->service_name);
- if (r < 0)
- return r;
-
- break;
- case PTT_AC_NAME:
- r = pppoe_tag_parse_string(tag, &tags->ac_name);
- if (r < 0)
- return r;
-
- break;
- case PTT_HOST_UNIQ:
- r = pppoe_tag_parse_binary(tag, &tags->host_uniq, &tags->host_uniq_len);
- if (r < 0)
- return r;
-
- break;
- case PTT_AC_COOKIE:
- r = pppoe_tag_parse_binary(tag, &tags->cookie, &tags->cookie_len);
- if (r < 0)
- return r;
-
- break;
- case PTT_SRV_ERR:
- case PTT_SYS_ERR:
- case PTT_GEN_ERR:
- {
- _cleanup_free_ char *error = NULL;
-
- /* TODO: do something more sensible with the error messages */
- r = pppoe_tag_parse_string(tag, &error);
- if (r < 0)
- return r;
-
- if (strlen(error) > 0 && utf8_is_valid(error))
- log_debug("PPPoE: error - '%s'", error);
- else
- log_debug("PPPoE: error");
-
- break;
- }
- default:
- log_debug("PPPoE: ignoring unknown PPPoE tag type: 0x%.2x", PPPOE_TAG_TYPE(tag));
- }
- }
-
- return 0;
-}
-
-static int pppoe_open_pppoe_socket(sd_pppoe *ppp) {
- int s;
-
- assert(ppp);
- assert(ppp->pppoe_fd == -1);
-
- s = socket(AF_PPPOX, SOCK_STREAM, 0);
- if (s < 0)
- return -errno;
-
- ppp->pppoe_fd = s;
-
- return 0;
-}
-
-static int pppoe_connect_pppoe_socket(sd_pppoe *ppp) {
- union sockaddr_union_pppox link = {
- .pppox = {
- .sa_family = AF_PPPOX,
- .sa_protocol = PX_PROTO_OE,
- },
- };
- int r, channel;
-
- assert(ppp);
- assert(ppp->pppoe_fd != -1);
- assert(ppp->session_id);
- assert(ppp->ifname);
-
- link.pppox.sa_addr.pppoe.sid = ppp->session_id;
- memcpy(link.pppox.sa_addr.pppoe.dev, ppp->ifname, strlen(ppp->ifname));
- memcpy(link.pppox.sa_addr.pppoe.remote, &ppp->peer_mac, ETH_ALEN);
-
- r = connect(ppp->pppoe_fd, &link.sa, sizeof(link.pppox));
- if (r < 0)
- return r;
-
- r = ioctl(ppp->pppoe_fd, PPPIOCGCHAN, &channel);
- if (r < 0)
- return -errno;
-
- ppp->channel = channel;
-
- return 0;
-}
-
-static int pppoe_handle_message(sd_pppoe *ppp, struct pppoe_hdr *packet, struct ether_addr *mac) {
- int r;
-
- assert(packet);
-
- if (packet->ver != 0x1 || packet->type != 0x1)
- return 0;
-
- r = pppoe_payload_parse(&ppp->tags, packet);
- if (r < 0)
- return 0;
-
- switch (ppp->state) {
- case PPPOE_STATE_INITIALIZING:
- if (packet->code != PADO_CODE)
- return 0;
-
- if (ppp->tags.host_uniq_len != sizeof(ppp->host_uniq) ||
- memcmp(ppp->tags.host_uniq, &ppp->host_uniq, sizeof(ppp->host_uniq)) != 0)
- return 0;
-
- log_debug("PPPoE: got OFFER (Peer: "
- "%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx; "
- "Service-Name: '%s'; AC-Name: '%s')",
- mac->ether_addr_octet[0],
- mac->ether_addr_octet[1],
- mac->ether_addr_octet[2],
- mac->ether_addr_octet[3],
- mac->ether_addr_octet[4],
- mac->ether_addr_octet[5],
- strempty(ppp->tags.service_name),
- strempty(ppp->tags.ac_name));
-
- memcpy(&ppp->peer_mac, mac, ETH_ALEN);
-
- r = pppoe_open_pppoe_socket(ppp);
- if (r < 0) {
- log_warning("PPPoE: could not open socket");
- return r;
- }
-
- r = pppoe_send_request(ppp);
- if (r < 0)
- return 0;
-
- ppp->state = PPPOE_STATE_REQUESTING;
-
- break;
- case PPPOE_STATE_REQUESTING:
- if (packet->code != PADS_CODE)
- return 0;
-
- if (ppp->tags.host_uniq_len != sizeof(ppp->host_uniq) ||
- memcmp(ppp->tags.host_uniq, &ppp->host_uniq,
- sizeof(ppp->host_uniq)) != 0)
- return 0;
-
- if (memcmp(&ppp->peer_mac, mac, ETH_ALEN) != 0)
- return 0;
-
- ppp->session_id = packet->sid;
-
- log_debug("PPPoE: got CONFIRMATION (Session ID: %"PRIu16")",
- be16toh(ppp->session_id));
-
- r = pppoe_connect_pppoe_socket(ppp);
- if (r < 0) {
- log_warning("PPPoE: could not connect socket");
- return r;
- }
-
- ppp->state = PPPOE_STATE_RUNNING;
-
- ppp->timeout = sd_event_source_unref(ppp->timeout);
- assert(ppp->cb);
- ppp->cb(ppp, SD_PPPOE_EVENT_RUNNING, ppp->userdata);
-
- break;
- case PPPOE_STATE_RUNNING:
- if (packet->code != PADT_CODE)
- return 0;
-
- if (memcmp(&ppp->peer_mac, mac, ETH_ALEN) != 0)
- return 0;
-
- if (ppp->session_id != packet->sid)
- return 0;
-
- log_debug("PPPoE: got TERMINATE");
-
- ppp->state = PPPOE_STATE_STOPPED;
-
- assert(ppp->cb);
- ppp->cb(ppp, SD_PPPOE_EVENT_STOPPED, ppp->userdata);
-
- break;
- case PPPOE_STATE_STOPPED:
- break;
- default:
- assert_not_reached("PPPoE: invalid state when receiving message");
- }
-
- return 0;
-}
-
-static int pppoe_receive_message(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
- sd_pppoe *ppp = userdata;
- _cleanup_free_ struct pppoe_hdr *packet = NULL;
- union sockaddr_union link = {};
- socklen_t addrlen = sizeof(link);
- int buflen = 0, len, r;
-
- assert(ppp);
- assert(fd != -1);
-
- r = ioctl(fd, FIONREAD, &buflen);
- if (r < 0)
- return r;
-
- if (buflen < 0)
- /* this can't be right */
- return -EIO;
-
- packet = malloc0(buflen);
- if (!packet)
- return -ENOMEM;
-
- len = recvfrom(fd, packet, buflen, 0, &link.sa, &addrlen);
- if (len < 0) {
- log_warning_errno(r, "PPPoE: could not receive message from raw socket: %m");
- return 0;
- } else if ((size_t)len < sizeof(struct pppoe_hdr))
- return 0;
- else if ((size_t)len != sizeof(struct pppoe_hdr) + PPPOE_PACKET_LENGTH(packet))
- return 0;
-
- if (link.ll.sll_halen != ETH_ALEN)
- /* not ethernet? */
- return 0;
-
- r = pppoe_handle_message(ppp, packet, (struct ether_addr*)&link.ll.sll_addr);
- if (r < 0)
- return r;
-
- return 1;
-}
-
-int sd_pppoe_start(sd_pppoe *ppp) {
- union sockaddr_union link = {
- .ll = {
- .sll_family = AF_PACKET,
- .sll_protocol = htons(ETH_P_PPP_DISC),
- },
- };
- _cleanup_close_ int s = -1;
- _cleanup_event_source_unref_ sd_event_source *io = NULL;
- int r;
-
- assert_return(ppp, -EINVAL);
- assert_return(ppp->fd == -1, -EBUSY);
- assert_return(!ppp->io, -EBUSY);
- assert_return(ppp->ifindex > 0, -EUNATCH);
- assert_return(ppp->ifname, -EUNATCH);
- assert_return(ppp->event, -EUNATCH);
- assert_return(ppp->cb, -EUNATCH);
-
- s = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 0);
- if (s < 0)
- return -errno;
-
- link.ll.sll_ifindex = ppp->ifindex;
-
- r = bind(s, &link.sa, sizeof(link.ll));
- if (r < 0)
- return r;
-
- r = sd_event_add_io(ppp->event, &io,
- s, EPOLLIN, pppoe_receive_message,
- ppp);
- if (r < 0)
- return r;
-
- r = sd_event_source_set_priority(io, ppp->event_priority);
- if (r < 0)
- return r;
-
- ppp->fd = s;
- s = -1;
- ppp->io = io;
- io = NULL;
-
- r = pppoe_send_initiation(ppp);
- if (r < 0)
- return r;
-
- ppp->state = PPPOE_STATE_INITIALIZING;
-
- return 0;
-}
-
-int sd_pppoe_stop(sd_pppoe *ppp) {
- assert_return(ppp, -EINVAL);
-
- if (ppp->state == PPPOE_STATE_RUNNING)
- pppoe_send_terminate(ppp);
-
- ppp->io = sd_event_source_unref(ppp->io);
- ppp->timeout = sd_event_source_unref(ppp->timeout);
- ppp->fd = asynchronous_close(ppp->fd);
- ppp->pppoe_fd = asynchronous_close(ppp->pppoe_fd);
-
- return 0;
-}
.ether_type = htons(ETHERTYPE_LLDP),
};
- /* Append ethernet header */
+ /* Append Ethernet header */
memcpy(ðer.ether_dhost, lldp_dst, ETHER_ADDR_LEN);
memcpy(ðer.ether_shost, &mac_addr, ETHER_ADDR_LEN);
+++ /dev/null
-/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
-
-/***
- This file is part of systemd.
-
- Copyright (C) 2014 Tom Gundersen <teg@jklm.no>
-
- systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- systemd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <linux/veth.h>
-#include <net/if.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <sched.h>
-
-#include "sd-event.h"
-#include "sd-netlink.h"
-#include "sd-pppoe.h"
-
-#include "event-util.h"
-#include "process-util.h"
-#include "util.h"
-
-static void pppoe_handler(sd_pppoe *ppp, int event, void *userdata) {
- static int pppoe_state = -1;
- sd_event *e = userdata;
-
- assert_se(ppp);
- assert_se(e);
-
- switch (event) {
- case SD_PPPOE_EVENT_RUNNING:
- assert_se(pppoe_state == -1);
- log_info("running");
- break;
- case SD_PPPOE_EVENT_STOPPED:
- assert_se(pppoe_state == SD_PPPOE_EVENT_RUNNING);
- log_info("stopped");
- assert_se(sd_event_exit(e, 0) >= 0);
- break;
- default:
- assert_not_reached("invalid pppoe event");
- }
-
- pppoe_state = event;
-}
-
-static int client_run(const char *client_name, sd_event *e) {
- sd_pppoe *pppoe;
- int client_ifindex;
-
- client_ifindex = (int) if_nametoindex(client_name);
- assert_se(client_ifindex > 0);
-
- assert_se(sd_pppoe_new(&pppoe) >= 0);
- assert_se(sd_pppoe_attach_event(pppoe, e, 0) >= 0);
-
- assert_se(sd_pppoe_set_ifname(pppoe, "pppoe-client") >= 0);
- assert_se(sd_pppoe_set_ifindex(pppoe, client_ifindex) >= 0);
- assert_se(sd_pppoe_set_callback(pppoe, pppoe_handler, e) >= 0);
-
- log_info("starting PPPoE client, it will exit when the server times out and sends PADT");
-
- assert_se(sd_pppoe_start(pppoe) >= 0);
-
- assert_se(sd_event_loop(e) >= 0);
-
- assert_se(!sd_pppoe_unref(pppoe));
-
- return EXIT_SUCCESS;
-}
-
-static int test_pppoe_server(sd_event *e) {
- sd_netlink *rtnl;
- sd_netlink_message *m;
- pid_t pid;
- int r, client_ifindex, server_ifindex;
-
- r = unshare(CLONE_NEWNET);
- if (r < 0 && errno == EPERM)
- return EXIT_TEST_SKIP;
-
- assert_se(r >= 0);
-
- assert_se(sd_netlink_open(&rtnl) >= 0);
- assert_se(sd_netlink_attach_event(rtnl, e, 0) >= 0);
-
- assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0) >= 0);
- assert_se(sd_netlink_message_append_string(m, IFLA_IFNAME, "pppoe-server") >= 0);
- assert_se(sd_netlink_message_open_container(m, IFLA_LINKINFO) >= 0);
- assert_se(sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "veth") >= 0);
- assert_se(sd_netlink_message_open_container(m, VETH_INFO_PEER) >= 0);
- assert_se(sd_netlink_message_append_string(m, IFLA_IFNAME, "pppoe-client") >= 0);
- assert_se(sd_netlink_message_close_container(m) >= 0);
- assert_se(sd_netlink_message_close_container(m) >= 0);
- assert_se(sd_netlink_message_close_container(m) >= 0);
- assert_se(sd_netlink_call(rtnl, m, 0, NULL) >= 0);
-
- client_ifindex = (int) if_nametoindex("pppoe-client");
- assert_se(client_ifindex > 0);
- server_ifindex = (int) if_nametoindex("pppoe-server");
- assert_se(server_ifindex > 0);
-
- m = sd_netlink_message_unref(m);
- assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, client_ifindex) >= 0);
- assert_se(sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP) >= 0);
- assert_se(sd_netlink_call(rtnl, m, 0, NULL) >= 0);
-
- m = sd_netlink_message_unref(m);
- assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, server_ifindex) >= 0);
- assert_se(sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP) >= 0);
- assert_se(sd_netlink_call(rtnl, m, 0, NULL) >= 0);
-
- pid = fork();
- assert_se(pid >= 0);
- if (pid == 0) {
- /* let the client send some discover messages before the server is started */
- sleep(2);
-
- /* TODO: manage pppoe-server-options */
- execlp("pppoe-server", "pppoe-server", "-F",
- "-I", "pppoe-server",
- "-C", "Test-AC",
- "-S", "Service-Default",
- "-S", "Service-First-Auxiliary",
- "-S", "Service-Second-Auxiliary",
- NULL);
- assert_not_reached("failed to execute pppoe-server. not installed?");
- }
-
- client_run("pppoe-client", e);
-
- assert_se(kill(pid, SIGTERM) >= 0);
- assert_se(wait_for_terminate(pid, NULL) >= 0);
-
- assert_se(!sd_netlink_message_unref(m));
- assert_se(!sd_netlink_unref(rtnl));
-
- return EXIT_SUCCESS;
-}
-
-int main(int argc, char *argv[]) {
- _cleanup_event_unref_ sd_event *e = NULL;
-
- log_set_max_level(LOG_DEBUG);
- log_parse_environment();
- log_open();
-
- assert_se(sd_event_new(&e) >= 0);
-
- if (argc == 1) {
- log_info("running PPPoE client against local server");
-
- return test_pppoe_server(e);
- } else if (argc == 2) {
- log_info("running PPPoE client over '%s'", argv[1]);
-
- return client_run(argv[1], e);
- } else {
- log_error("This program takes one or no arguments.\n"
- "\t %s [<ifname>]", program_invocation_short_name);
- return EXIT_FAILURE;
- }
-}
const char *bus_error_message(const sd_bus_error *e, int error) {
if (e) {
- /* Sometimes the D-Bus server is a little bit too verbose with
+ /* Sometimes, the D-Bus server is a little bit too verbose with
* its error messages, so let's override them here */
if (sd_bus_error_has_name(e, SD_BUS_ERROR_ACCESS_DENIED))
return "Access denied";
_public_ int sd_listen_fds(int unset_environment) {
const char *e;
- unsigned n;
- int r, fd;
+ int n, r, fd;
pid_t pid;
e = getenv("LISTEN_PID");
goto finish;
}
- r = safe_atou(e, &n);
+ r = safe_atoi(e, &n);
if (r < 0)
goto finish;
- for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) n; fd ++) {
+ assert_cc(SD_LISTEN_FDS_START < INT_MAX);
+ if (n <= 0 || n > INT_MAX - SD_LISTEN_FDS_START) {
+ r = -EINVAL;
+ goto finish;
+ }
+
+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) {
r = fd_cloexec(fd, true);
if (r < 0)
goto finish;
}
- r = (int) n;
+ r = n;
finish:
unsetenv_all(unset_environment);
r = safe_atou64(s, &u);
if (r < 0)
goto finish;
- if (u <= 0) {
+ if (u <= 0 || u >= USEC_INFINITY) {
r = -EINVAL;
goto finish;
}
assert(device);
assert(_ifindex);
- r = safe_atoi(_ifindex, &ifindex);
+ r = parse_ifindex(_ifindex, &ifindex);
if (r < 0)
return r;
- if (ifindex <= 0)
- return -EINVAL;
-
r = device_add_property_internal(device, "IFINDEX", _ifindex);
if (r < 0)
return r;
struct ifreq ifr = {};
int ifindex;
- r = safe_atoi(&id[1], &ifr.ifr_ifindex);
+ r = parse_ifindex(&id[1], &ifr.ifr_ifindex);
if (r < 0)
return r;
- else if (ifr.ifr_ifindex <= 0)
- return -EINVAL;
sk = socket(PF_INET, SOCK_DGRAM, 0);
if (sk < 0)
*(char*) (mempcpy(buf, word, l)) = 0;
- if (safe_atoi(buf, &ifi) < 0)
- continue;
- if (ifi <= 0)
+ if (parse_ifindex(buf, &ifi) < 0)
continue;
if (!GREEDY_REALLOC(ni, allocated, nr+1)) {
}
/* Now terminate them and wait until they are gone. */
- for (i = 0; i < resolve->n_valid_workers; i++) {
- for (;;) {
- if (pthread_join(resolve->workers[i], NULL) != EINTR)
- break;
- }
- }
+ for (i = 0; i < resolve->n_valid_workers; i++)
+ pthread_join(resolve->workers[i], NULL);
/* Close all communication channels */
for (i = 0; i < _FD_MAX; i++)
if (err >= 0)
monitor_set_nl_address(udev_monitor);
- else {
- log_debug_errno(errno, "bind failed: %m");
- return -errno;
- }
+ else
+ return log_debug_errno(errno, "bind failed: %m");
/* enable receiving of sender credentials */
err = setsockopt(udev_monitor->sock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on));
sprintf(path, "/dev/tty%u", s->vtnr);
s->vtfd = open_terminal(path, O_RDWR | O_CLOEXEC | O_NONBLOCK | O_NOCTTY);
if (s->vtfd < 0)
- return log_error_errno(errno, "cannot open VT %s of session %s: %m", path, s->id);
+ return log_error_errno(s->vtfd, "cannot open VT %s of session %s: %m", path, s->id);
return s->vtfd;
}
#include "bus-error.h"
#include "bus-util.h"
#include "conf-parser.h"
+#include "def.h"
#include "dirent-util.h"
#include "fd-util.h"
#include "formats-util.h"
if (errno == ENOENT)
return 0;
- log_error_errno(errno, "Failed to open /run/systemd/seats: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to open /run/systemd/seats: %m");
}
FOREACH_DIRENT(de, d, return -errno) {
if (errno == ENOENT)
return 0;
- log_error_errno(errno, "Failed to open /var/lib/systemd/linger/: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to open /var/lib/systemd/linger/: %m");
}
FOREACH_DIRENT(de, d, return -errno) {
if (errno == ENOENT)
return 0;
- log_error_errno(errno, "Failed to open /run/systemd/users: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to open /run/systemd/users: %m");
}
FOREACH_DIRENT(de, d, return -errno) {
if (errno == ENOENT)
return 0;
- log_error_errno(errno, "Failed to open /run/systemd/sessions: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to open /run/systemd/sessions: %m");
}
FOREACH_DIRENT(de, d, return -errno) {
if (errno == ENOENT)
return 0;
- log_error_errno(errno, "Failed to open /run/systemd/inhibit: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to open /run/systemd/inhibit: %m");
}
FOREACH_DIRENT(de, d, return -errno) {
if (errno == ENOENT)
return 0;
- log_error_errno(errno, "Failed to open /sys/class/tty/tty0/active: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to open /sys/class/tty/tty0/active: %m");
}
r = sd_event_add_io(m->event, &m->console_active_event_source, m->console_active_fd, 0, manager_dispatch_console, m);
r = extract_first_word(&p, &word, NULL, 0);
if (r == 0)
break;
- else if (r == -ENOMEM)
+ if (r == -ENOMEM)
return log_oom();
- else if (r < 0) {
+ if (r < 0) {
log_warning_errno(r, "Failed to parse NETIF: %s", netif);
- continue;
+ break;
}
- if (safe_atoi(word, &ifi) < 0)
- continue;
- if (ifi <= 0)
+ if (parse_ifindex(word, &ifi) < 0)
continue;
if (!GREEDY_REALLOC(ni, allocated, nr+1)) {
return 0;
}
- /* Otherwise make PID 1 do it for us, for the entire cgroup */
+ /* Otherwise, make PID 1 do it for us, for the entire cgroup */
return manager_kill_unit(m->manager, m->unit, signo, NULL);
}
if (errno == ENOENT)
return 0;
- log_error_errno(errno, "Failed to open /run/systemd/machines: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to open /run/systemd/machines: %m");
}
FOREACH_DIRENT(de, d, return -errno) {
#include <sys/stat.h>
#include "conf-files.h"
+#include "def.h"
#include "fd-util.h"
#include "fileio.h"
#include "log.h"
if (feof(f))
break;
- log_error_errno(errno, "Failed to read file '%s', ignoring: %m", path);
- return -errno;
+ return log_error_errno(errno, "Failed to read file '%s', ignoring: %m", path);
}
l = strstrip(line);
assert(rtnl);
assert(name);
- if (safe_atoi(name, &ifindex) >= 0 && ifindex > 0)
+ if (parse_ifindex(name, &ifindex) >= 0)
r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, ifindex);
else {
r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, 0);
return address_add_internal(link, &link->addresses_foreign, family, in_addr, prefixlen, ret);
}
-static int address_add(Link *link, int family, const union in_addr_union *in_addr, unsigned char prefixlen, Address **ret) {
+int address_add(Link *link, int family, const union in_addr_union *in_addr, unsigned char prefixlen, Address **ret) {
+ Address *address;
int r;
- r = address_add_internal(link, &link->addresses, family, in_addr, prefixlen, ret);
- if (r < 0)
+ r = address_get(link, family, in_addr, prefixlen, &address);
+ if (r == -ENOENT) {
+ /* Address does not exist, create a new one */
+ r = address_add_internal(link, &link->addresses, family, in_addr, prefixlen, &address);
+ if (r < 0)
+ return r;
+ } else if (r == 0) {
+ /* Take over a foreign address */
+ r = set_ensure_allocated(&link->addresses, &address_hash_ops);
+ if (r < 0)
+ return r;
+
+ r = set_put(link->addresses, address);
+ if (r < 0)
+ return r;
+
+ set_remove(link->addresses_foreign, address);
+ } else if (r == 1) {
+ /* Already exists, do nothing */
+ ;
+ } else
return r;
- link_update_operstate(link);
- link_dirty(link);
+ if (ret)
+ *ret = address;
return 0;
}
address->scope = scope;
address->cinfo = *cinfo;
- if (!ready && address_is_ready(address) && address->link)
- link_check_ready(address->link);
+ if (address->link) {
+ link_update_operstate(address->link);
+
+ if (!ready && address_is_ready(address))
+ link_check_ready(address->link);
+ }
return 0;
}
address.prefixlen = prefixlen;
existing = set_get(link->addresses, &address);
- if (!existing) {
+ if (existing) {
+ *ret = existing;
+
+ return 1;
+ } else {
existing = set_get(link->addresses_foreign, &address);
if (!existing)
return -ENOENT;
int address_new(Address **ret);
void address_free(Address *address);
int address_add_foreign(Link *link, int family, const union in_addr_union *in_addr, unsigned char prefixlen, Address **ret);
+int address_add(Link *link, int family, const union in_addr_union *in_addr, unsigned char prefixlen, Address **ret);
int address_get(Link *link, int family, const union in_addr_union *in_addr, unsigned char prefixlen, Address **ret);
int address_update(Address *address, unsigned char flags, unsigned char scope, struct ifa_cacheinfo *cinfo);
int address_drop(Address *address);
* route for the gw host so that we can route no matter the
* netmask or existing kernel route tables. */
route_gw->family = AF_INET;
- route_gw->dst_addr.in = gateway;
+ route_gw->dst.in = gateway;
route_gw->dst_prefixlen = 32;
- route_gw->prefsrc_addr.in = address;
+ route_gw->prefsrc.in = address;
route_gw->scope = RT_SCOPE_LINK;
route_gw->protocol = RTPROT_DHCP;
- route_gw->metrics = link->network->dhcp_route_metric;
+ route_gw->priority = link->network->dhcp_route_metric;
r = route_configure(route_gw, link, &dhcp4_route_handler);
if (r < 0)
link->dhcp4_messages ++;
route->family = AF_INET;
- route->in_addr.in = gateway;
- route->prefsrc_addr.in = address;
- route->metrics = link->network->dhcp_route_metric;
+ route->gw.in = gateway;
+ route->prefsrc.in = address;
+ route->priority = link->network->dhcp_route_metric;
r = route_configure(route, link, &dhcp4_route_handler);
if (r < 0) {
route->family = AF_INET;
route->protocol = RTPROT_DHCP;
- route->in_addr.in = static_routes[i].gw_addr;
- route->dst_addr.in = static_routes[i].dst_addr;
+ route->gw.in = static_routes[i].gw_addr;
+ route->dst.in = static_routes[i].dst_addr;
route->dst_prefixlen = static_routes[i].dst_prefixlen;
- route->metrics = link->network->dhcp_route_metric;
+ route->priority = link->network->dhcp_route_metric;
r = route_configure(route, link, &dhcp4_route_handler);
if (r < 0)
r = route_new(&route);
if (r >= 0) {
route->family = AF_INET;
- route->in_addr.in = routes[i].gw_addr;
- route->dst_addr.in = routes[i].dst_addr;
+ route->gw.in = routes[i].gw_addr;
+ route->dst.in = routes[i].dst_addr;
route->dst_prefixlen = routes[i].dst_prefixlen;
route_remove(route, link,
r = route_new(&route_gw);
if (r >= 0) {
route_gw->family = AF_INET;
- route_gw->dst_addr.in = gateway;
+ route_gw->dst.in = gateway;
route_gw->dst_prefixlen = 32;
route_gw->scope = RT_SCOPE_LINK;
r = route_new(&route);
if (r >= 0) {
route->family = AF_INET;
- route->in_addr.in = gateway;
+ route->gw.in = gateway;
route_remove(route, link,
&link_route_remove_handler);
assert(link->network);
assert(link->network->dhcp & ADDRESS_FAMILY_IPV4);
- r = sd_dhcp_client_new(&link->dhcp_client);
- if (r < 0)
- return r;
+ if (!link->dhcp_client) {
+ r = sd_dhcp_client_new(&link->dhcp_client);
+ if (r < 0)
+ return r;
+ }
r = sd_dhcp_client_attach_event(link->dhcp_client, NULL, 0);
if (r < 0)
route->family = AF_INET;
route->scope = RT_SCOPE_LINK;
- route->metrics = IPV4LL_ROUTE_METRIC;
+ route->priority = IPV4LL_ROUTE_METRIC;
route_remove(route, link, &link_route_remove_handler);
route->family = AF_INET;
route->scope = RT_SCOPE_LINK;
route->protocol = RTPROT_STATIC;
- route->metrics = IPV4LL_ROUTE_METRIC;
+ route->priority = IPV4LL_ROUTE_METRIC;
r = route_configure(route, link, ipv4ll_route_handler);
if (r < 0)
assert(link->network);
assert(link->network->link_local & ADDRESS_FAMILY_IPV4);
- r = sd_ipv4ll_new(&link->ipv4ll);
- if (r < 0)
- return r;
+ if (!link->ipv4ll) {
+ r = sd_ipv4ll_new(&link->ipv4ll);
+ if (r < 0)
+ return r;
+ }
if (link->udev_device) {
r = net_get_unique_predictable_data(link->udev_device, seed);
if (r < 0)
return 0;
- r = safe_atoi(identifier, &ifindex);
+ r = parse_ifindex(identifier, &ifindex);
if (r < 0)
return 0;
#include "alloc-util.h"
#include "bus-util.h"
#include "dhcp-lease-internal.h"
+#include "event-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "netlink-util.h"
if (r < 0)
return r;
- r = network_get(link->manager, link->udev_device, link->ifname,
- &link->mac, &network);
- if (r == -ENOENT) {
- link_enter_unmanaged(link);
- return 1;
- } else if (r < 0)
- return r;
+ if (!link->network) {
+ r = network_get(link->manager, link->udev_device, link->ifname,
+ &link->mac, &network);
+ if (r == -ENOENT) {
+ link_enter_unmanaged(link);
+ return 1;
+ } else if (r < 0)
+ return r;
- if (link->flags & IFF_LOOPBACK) {
- if (network->link_local != ADDRESS_FAMILY_NO)
- log_link_debug(link, "Ignoring link-local autoconfiguration for loopback link");
+ if (link->flags & IFF_LOOPBACK) {
+ if (network->link_local != ADDRESS_FAMILY_NO)
+ log_link_debug(link, "Ignoring link-local autoconfiguration for loopback link");
- if (network->dhcp != ADDRESS_FAMILY_NO)
- log_link_debug(link, "Ignoring DHCP clients for loopback link");
+ if (network->dhcp != ADDRESS_FAMILY_NO)
+ log_link_debug(link, "Ignoring DHCP clients for loopback link");
- if (network->dhcp_server)
- log_link_debug(link, "Ignoring DHCP server for loopback link");
- }
+ if (network->dhcp_server)
+ log_link_debug(link, "Ignoring DHCP server for loopback link");
+ }
- r = network_apply(link->manager, network, link);
- if (r < 0)
- return r;
+ r = network_apply(link->manager, network, link);
+ if (r < 0)
+ return r;
+ }
r = link_new_bound_to_list(link);
if (r < 0)
return 0;
}
+static int link_load(Link *link) {
+ _cleanup_free_ char *network_file = NULL,
+ *addresses = NULL,
+ *routes = NULL,
+ *dhcp4_address = NULL,
+ *ipv4ll_address = NULL;
+ union in_addr_union address;
+ union in_addr_union route_dst;
+ const char *p;
+ int r;
+
+ assert(link);
+
+ r = parse_env_file(link->state_file, NEWLINE,
+ "NETWORK_FILE", &network_file,
+ "ADDRESSES", &addresses,
+ "ROUTES", &routes,
+ "DHCP4_ADDRESS", &dhcp4_address,
+ "IPV4LL_ADDRESS", &ipv4ll_address,
+ NULL);
+ if (r < 0 && r != -ENOENT)
+ return log_link_error_errno(link, r, "Failed to read %s: %m", link->state_file);
+
+ if (network_file) {
+ Network *network;
+ char *suffix;
+
+ /* drop suffix */
+ suffix = strrchr(network_file, '.');
+ if (!suffix) {
+ log_link_debug(link, "Failed to get network name from %s", network_file);
+ goto network_file_fail;
+ }
+ *suffix = '\0';
+
+ r = network_get_by_name(link->manager, basename(network_file), &network);
+ if (r < 0) {
+ log_link_debug_errno(link, r, "Failed to get network %s: %m", basename(network_file));
+ goto network_file_fail;
+ }
+
+ r = network_apply(link->manager, network, link);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Failed to apply network %s: %m", basename(network_file));
+ }
+
+network_file_fail:
+
+ if (addresses) {
+ p = addresses;
+
+ for (;;) {
+ _cleanup_free_ char *address_str = NULL;
+ char *prefixlen_str;
+ int family;
+ unsigned char prefixlen;
+
+ r = extract_first_word(&p, &address_str, NULL, 0);
+ if (r < 0) {
+ log_link_debug_errno(link, r, "Failed to extract next address string: %m");
+ continue;
+ } if (r == 0)
+ break;
+
+ prefixlen_str = strchr(address_str, '/');
+ if (!prefixlen_str) {
+ log_link_debug(link, "Failed to parse address and prefix length %s", address_str);
+ continue;
+ }
+
+ *prefixlen_str ++ = '\0';
+
+ r = sscanf(prefixlen_str, "%hhu", &prefixlen);
+ if (r != 1) {
+ log_link_error(link, "Failed to parse prefixlen %s", prefixlen_str);
+ continue;
+ }
+
+ r = in_addr_from_string_auto(address_str, &family, &address);
+ if (r < 0) {
+ log_link_debug_errno(link, r, "Failed to parse address %s: %m", address_str);
+ continue;
+ }
+
+ r = address_add(link, family, &address, prefixlen, NULL);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Failed to add address: %m");
+ }
+ }
+
+ if (routes) {
+ for (;;) {
+ Route *route;
+ _cleanup_free_ char *route_str = NULL;
+ _cleanup_event_source_unref_ sd_event_source *expire = NULL;
+ usec_t lifetime;
+ char *prefixlen_str;
+ int family;
+ unsigned char prefixlen, tos, table;
+ uint32_t priority;
+
+ r = extract_first_word(&p, &route_str, NULL, 0);
+ if (r < 0) {
+ log_link_debug_errno(link, r, "Failed to extract next route string: %m");
+ continue;
+ } if (r == 0)
+ break;
+
+ prefixlen_str = strchr(route_str, '/');
+ if (!prefixlen_str) {
+ log_link_debug(link, "Failed to parse route %s", route_str);
+ continue;
+ }
+
+ *prefixlen_str ++ = '\0';
+
+ r = sscanf(prefixlen_str, "%hhu/%hhu/%"SCNu32"/%hhu/"USEC_FMT, &prefixlen, &tos, &priority, &table, &lifetime);
+ if (r != 5) {
+ log_link_debug(link,
+ "Failed to parse destination prefix length, tos, priority, table or expiration %s",
+ prefixlen_str);
+ continue;
+ }
+
+ r = in_addr_from_string_auto(route_str, &family, &route_dst);
+ if (r < 0) {
+ log_link_debug_errno(link, r, "Failed to parse route destination %s: %m", route_str);
+ continue;
+ }
+
+ r = route_add(link, family, &route_dst, prefixlen, tos, priority, table, &route);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Failed to add route: %m");
+
+ if (lifetime != USEC_INFINITY) {
+ r = sd_event_add_time(link->manager->event, &expire, clock_boottime_or_monotonic(), lifetime,
+ 0, route_expire_handler, route);
+ if (r < 0)
+ log_link_warning_errno(link, r, "Could not arm route expiration handler: %m");
+ }
+
+ route->lifetime = lifetime;
+ sd_event_source_unref(route->expire);
+ route->expire = expire;
+ expire = NULL;
+ }
+ }
+
+ if (dhcp4_address) {
+ r = in_addr_from_string(AF_INET, dhcp4_address, &address);
+ if (r < 0) {
+ log_link_debug_errno(link, r, "Falied to parse DHCPv4 address %s: %m", dhcp4_address);
+ goto dhcp4_address_fail;
+ }
+
+ r = sd_dhcp_client_new(&link->dhcp_client);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Falied to create DHCPv4 client: %m");
+
+ r = sd_dhcp_client_set_request_address(link->dhcp_client, &address.in);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Falied to set inital DHCPv4 address %s: %m", dhcp4_address);
+ }
+
+dhcp4_address_fail:
+
+ if (ipv4ll_address) {
+ r = in_addr_from_string(AF_INET, ipv4ll_address, &address);
+ if (r < 0) {
+ log_link_debug_errno(link, r, "Falied to parse IPv4LL address %s: %m", ipv4ll_address);
+ goto ipv4ll_address_fail;
+ }
+
+ r = sd_ipv4ll_new(&link->ipv4ll);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Falied to create IPv4LL client: %m");
+
+ r = sd_ipv4ll_set_address(link->ipv4ll, &address.in);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Falied to set inital IPv4LL address %s: %m", ipv4ll_address);
+ }
+
+ipv4ll_address_fail:
+
+ return 0;
+}
+
int link_add(Manager *m, sd_netlink_message *message, Link **ret) {
Link *link;
_cleanup_udev_device_unref_ struct udev_device *device = NULL;
log_link_debug(link, "Link %d added", link->ifindex);
+ r = link_load(link);
+ if (r < 0)
+ return r;
+
if (detect_container() <= 0) {
/* not in a container, udev will be around */
sprintf(ifindex_str, "n%d", link->ifindex);
_cleanup_fclose_ FILE *f = NULL;
const char *admin_state, *oper_state;
Address *a;
+ Route *route;
Iterator i;
int r;
}
}
- fputs("\n", f);
+ fputc('\n', f);
- fprintf(f, "NTP=");
+ fputs("NTP=", f);
space = false;
STRV_FOREACH(address, link->network->ntp) {
if (space)
}
}
- fputs("\n", f);
+ fputc('\n', f);
- fprintf(f, "DOMAINS=");
+ fputs("DOMAINS=", f);
space = false;
STRV_FOREACH(domain, link->network->domains) {
if (space)
}
}
- fputs("\n", f);
+ fputc('\n', f);
fprintf(f, "WILDCARD_DOMAIN=%s\n",
yes_no(link->network->wildcard_domain));
fprintf(f, "LLMNR=%s\n",
resolve_support_to_string(link->network->llmnr));
- fprintf(f, "ADDRESSES=");
+ fputs("ADDRESSES=", f);
space = false;
SET_FOREACH(a, link->addresses, i) {
_cleanup_free_ char *address_str = NULL;
space = true;
}
- fputs("\n", f);
+ fputc('\n', f);
+
+ fputs("ROUTES=", f);
+ space = false;
+ SET_FOREACH(route, link->routes, i) {
+ _cleanup_free_ char *route_str = NULL;
+
+ r = in_addr_to_string(route->family, &route->dst, &route_str);
+ if (r < 0)
+ goto fail;
+
+ fprintf(f, "%s%s/%hhu/%hhu/%"PRIu32"/%hhu/"USEC_FMT, space ? " " : "", route_str,
+ route->dst_prefixlen, route->tos, route->priority, route->table, route->lifetime);
+ space = true;
+ }
+
+ fputc('\n', f);
}
if (!hashmap_isempty(link->bound_to_links)) {
space = true;
}
- fputs("\n", f);
+ fputc('\n', f);
}
if (!hashmap_isempty(link->bound_by_links)) {
space = true;
}
- fputs("\n", f);
+ fputc('\n', f);
}
if (link->dhcp_lease) {
+ struct in_addr address;
const char *tz = NULL;
+ assert(link->network);
+
r = sd_dhcp_lease_get_timezone(link->dhcp_lease, &tz);
if (r >= 0)
fprintf(f, "TIMEZONE=%s\n", tz);
- }
- if (link->dhcp_lease) {
- assert(link->network);
+ r = sd_dhcp_lease_get_address(link->dhcp_lease, &address);
+ if (r >= 0) {
+ fputs("DHCP4_ADDRESS=", f);
+ serialize_in_addrs(f, &address, 1);
+ fputc('\n', f);
+ }
r = dhcp_lease_save(link->dhcp_lease, link->lease_file);
if (r < 0)
} else
unlink(link->lease_file);
+ if (link->ipv4ll) {
+ struct in_addr address;
+
+ r = sd_ipv4ll_get_address(link->ipv4ll, &address);
+ if (r >= 0) {
+ fputs("IPV4LL_ADDRESS=", f);
+ serialize_in_addrs(f, &address, 1);
+ fputc('\n', f);
+ }
+ }
+
if (link->lldp) {
assert(link->network);
Set *addresses;
Set *addresses_foreign;
+ Set *routes;
+ Set *routes_foreign;
sd_dhcp_client *dhcp_client;
sd_dhcp_lease *dhcp_lease;
return 0;
}
+int manager_rtnl_process_route(sd_netlink *rtnl, sd_netlink_message *message, void *userdata) {
+ Manager *m = userdata;
+ Link *link = NULL;
+ uint16_t type;
+ uint32_t ifindex, priority = 0;
+ unsigned char protocol, scope, tos, table;
+ int family;
+ unsigned char dst_prefixlen, src_prefixlen;
+ union in_addr_union dst = {}, gw = {}, src = {}, prefsrc = {};
+ Route *route = NULL;
+ int r;
+
+ assert(rtnl);
+ assert(message);
+ assert(m);
+
+ if (sd_netlink_message_is_error(message)) {
+ r = sd_netlink_message_get_errno(message);
+ if (r < 0)
+ log_warning_errno(r, "rtnl: failed to receive route: %m");
+
+ return 0;
+ }
+
+ r = sd_netlink_message_get_type(message, &type);
+ if (r < 0) {
+ log_warning_errno(r, "rtnl: could not get message type: %m");
+ return 0;
+ } else if (type != RTM_NEWROUTE && type != RTM_DELROUTE) {
+ log_warning("rtnl: received unexpected message type when processing route");
+ return 0;
+ }
+
+ r = sd_netlink_message_read_u32(message, RTA_OIF, &ifindex);
+ if (r == -ENODATA) {
+ log_debug("rtnl: received route without ifindex, ignoring");
+ return 0;
+ } else if (r < 0) {
+ log_warning_errno(r, "rtnl: could not get ifindex from route, ignoring: %m");
+ return 0;
+ } else if (ifindex <= 0) {
+ log_warning("rtnl: received route message with invalid ifindex, ignoring: %d", ifindex);
+ return 0;
+ } else {
+ r = link_get(m, ifindex, &link);
+ if (r < 0 || !link) {
+ /* when enumerating we might be out of sync, but we will
+ * get the route again, so just ignore it */
+ if (!m->enumerating)
+ log_warning("rtnl: received route for nonexistent link (%d), ignoring", ifindex);
+ return 0;
+ }
+ }
+
+ r = sd_rtnl_message_route_get_family(message, &family);
+ if (r < 0 || !IN_SET(family, AF_INET, AF_INET6)) {
+ log_link_warning(link, "rtnl: received address with invalid family, ignoring.");
+ return 0;
+ }
+
+ r = sd_rtnl_message_route_get_protocol(message, &protocol);
+ if (r < 0) {
+ log_warning_errno(r, "rtnl: could not get route protocol: %m");
+ return 0;
+ }
+
+ switch (family) {
+ case AF_INET:
+ r = sd_netlink_message_read_in_addr(message, RTA_DST, &dst.in);
+ if (r < 0 && r != -ENODATA) {
+ log_link_warning_errno(link, r, "rtnl: received route without valid destination, ignoring: %m");
+ return 0;
+ }
+
+ r = sd_netlink_message_read_in_addr(message, RTA_GATEWAY, &gw.in);
+ if (r < 0 && r != -ENODATA) {
+ log_link_warning_errno(link, r, "rtnl: received route with invalid gateway, ignoring: %m");
+ return 0;
+ }
+
+ r = sd_netlink_message_read_in_addr(message, RTA_SRC, &src.in);
+ if (r < 0 && r != -ENODATA) {
+ log_link_warning_errno(link, r, "rtnl: received route with invalid source, ignoring: %m");
+ return 0;
+ }
+
+ r = sd_netlink_message_read_in_addr(message, RTA_PREFSRC, &prefsrc.in);
+ if (r < 0 && r != -ENODATA) {
+ log_link_warning_errno(link, r, "rtnl: received route with invalid preferred source, ignoring: %m");
+ return 0;
+ }
+
+ break;
+
+ case AF_INET6:
+ r = sd_netlink_message_read_in6_addr(message, RTA_DST, &dst.in6);
+ if (r < 0 && r != -ENODATA) {
+ log_link_warning_errno(link, r, "rtnl: received route without valid destination, ignoring: %m");
+ return 0;
+ }
+
+ r = sd_netlink_message_read_in6_addr(message, RTA_GATEWAY, &gw.in6);
+ if (r < 0 && r != -ENODATA) {
+ log_link_warning_errno(link, r, "rtnl: received route with invalid gateway, ignoring: %m");
+ return 0;
+ }
+
+ r = sd_netlink_message_read_in6_addr(message, RTA_SRC, &src.in6);
+ if (r < 0 && r != -ENODATA) {
+ log_link_warning_errno(link, r, "rtnl: received route with invalid source, ignoring: %m");
+ return 0;
+ }
+
+ r = sd_netlink_message_read_in6_addr(message, RTA_PREFSRC, &prefsrc.in6);
+ if (r < 0 && r != -ENODATA) {
+ log_link_warning_errno(link, r, "rtnl: received route with invalid preferred source, ignoring: %m");
+ return 0;
+ }
+
+ break;
+
+ default:
+ log_link_debug(link, "rtnl: ignoring unsupported address family: %d", family);
+ return 0;
+ }
+
+ r = sd_rtnl_message_route_get_dst_prefixlen(message, &dst_prefixlen);
+ if (r < 0) {
+ log_link_warning_errno(link, r, "rtnl: received route with invalid destination prefixlen, ignoring: %m");
+ return 0;
+ }
+
+ r = sd_rtnl_message_route_get_src_prefixlen(message, &src_prefixlen);
+ if (r < 0) {
+ log_link_warning_errno(link, r, "rtnl: received route with invalid source prefixlen, ignoring: %m");
+ return 0;
+ }
+
+ r = sd_rtnl_message_route_get_scope(message, &scope);
+ if (r < 0) {
+ log_link_warning_errno(link, r, "rtnl: received route with invalid scope, ignoring: %m");
+ return 0;
+ }
+
+ r = sd_rtnl_message_route_get_tos(message, &tos);
+ if (r < 0) {
+ log_link_warning_errno(link, r, "rtnl: received route with invalid tos, ignoring: %m");
+ return 0;
+ }
+
+ r = sd_rtnl_message_route_get_table(message, &table);
+ if (r < 0) {
+ log_link_warning_errno(link, r, "rtnl: received route with invalid table, ignoring: %m");
+ return 0;
+ }
+
+ r = sd_netlink_message_read_u32(message, RTA_PRIORITY, &priority);
+ if (r < 0 && r != -ENODATA) {
+ log_link_warning_errno(link, r, "rtnl: received route with invalid priority, ignoring: %m");
+ return 0;
+ }
+
+ route_get(link, family, &dst, dst_prefixlen, tos, priority, table, &route);
+
+ switch (type) {
+ case RTM_NEWROUTE:
+ if (!route) {
+ /* A route appeared that we did not request */
+ r = route_add_foreign(link, family, &dst, dst_prefixlen, tos, priority, table, &route);
+ if (r < 0)
+ return 0;
+ }
+
+ route_update(route, &src, src_prefixlen, &gw, &prefsrc, scope, protocol);
+
+ break;
+
+ case RTM_DELROUTE:
+
+ if (route)
+ route_drop(route);
+
+ break;
+ default:
+ assert_not_reached("Received invalid RTNL message type");
+ }
+
+ return 1;
+}
+
int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, void *userdata) {
Manager *m = userdata;
Link *link = NULL;
break;
default:
- assert_not_reached("invalid address family");
+ log_link_debug(link, "rtnl: ignoring unsupported address family: %d", family);
}
if (!inet_ntop(family, &in_addr, buf, INET6_ADDRSTRLEN)) {
if (r < 0)
return r;
+ r = sd_netlink_add_match(m->rtnl, RTM_NEWROUTE, &manager_rtnl_process_route, m);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_add_match(m->rtnl, RTM_DELROUTE, &manager_rtnl_process_route, m);
+ if (r < 0)
+ return r;
+
return 0;
}
return r;
}
+int manager_rtnl_enumerate_routes(Manager *m) {
+ _cleanup_netlink_message_unref_ sd_netlink_message *req = NULL, *reply = NULL;
+ sd_netlink_message *route;
+ int r;
+
+ assert(m);
+ assert(m->rtnl);
+
+ r = sd_rtnl_message_new_route(m->rtnl, &req, RTM_GETROUTE, 0, 0);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_request_dump(req, true);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_call(m->rtnl, req, 0, &reply);
+ if (r < 0)
+ return r;
+
+ for (route = reply; route; route = sd_netlink_message_next(route)) {
+ int k;
+
+ m->enumerating = true;
+
+ k = manager_rtnl_process_route(m->rtnl, route, m);
+ if (k < 0)
+ r = k;
+
+ m->enumerating = false;
+ }
+
+ return r;
+}
+
int manager_address_pool_acquire(Manager *m, int family, unsigned prefixlen, union in_addr_union *found) {
AddressPool *p;
int r;
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_INFO_DATA attribute: %m");
+ /* convert to jiffes */
if (b->forward_delay > 0) {
- r = sd_netlink_message_append_u32(req, IFLA_BR_FORWARD_DELAY, b->forward_delay / USEC_PER_SEC);
+ r = sd_netlink_message_append_u32(req, IFLA_BR_FORWARD_DELAY, usec_to_jiffies(b->forward_delay));
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_BR_FORWARD_DELAY attribute: %m");
}
if (b->hello_time > 0) {
- r = sd_netlink_message_append_u32(req, IFLA_BR_HELLO_TIME, b->hello_time / USEC_PER_SEC );
+ r = sd_netlink_message_append_u32(req, IFLA_BR_HELLO_TIME, usec_to_jiffies(b->hello_time));
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_BR_HELLO_TIME attribute: %m");
}
if (b->max_age > 0) {
- r = sd_netlink_message_append_u32(req, IFLA_BR_MAX_AGE, b->max_age / USEC_PER_SEC);
+ r = sd_netlink_message_append_u32(req, IFLA_BR_MAX_AGE, usec_to_jiffies(b->max_age));
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_BR_MAX_AGE attribute: %m");
}
int network_apply(Manager *manager, Network *network, Link *link) {
int r;
+ assert(manager);
+ assert(network);
+ assert(link);
+
link->network = network;
if (network->ipv4ll_route) {
if (r < 0)
return r;
- r = inet_pton(AF_INET, "169.254.0.0", &route->dst_addr.in);
+ r = inet_pton(AF_INET, "169.254.0.0", &route->dst.in);
if (r == 0)
return -EINVAL;
if (r < 0)
route->family = AF_INET;
route->dst_prefixlen = 16;
route->scope = RT_SCOPE_LINK;
- route->metrics = IPV4LL_ROUTE_METRIC;
+ route->priority = IPV4LL_ROUTE_METRIC;
route->protocol = RTPROT_STATIC;
}
#include "alloc-util.h"
#include "conf-parser.h"
+#include "event-util.h"
#include "in-addr-util.h"
#include "netlink-util.h"
#include "networkd-route.h"
#include "networkd.h"
#include "parse-util.h"
+#include "set.h"
#include "string-util.h"
#include "util.h"
route->scope = RT_SCOPE_UNIVERSE;
route->protocol = RTPROT_UNSPEC;
route->table = RT_TABLE_DEFAULT;
+ route->lifetime = USEC_INFINITY;
*ret = route;
route = NULL;
UINT_TO_PTR(route->section));
}
+ if (route->link) {
+ set_remove(route->link->routes, route);
+ set_remove(route->link->routes_foreign, route);
+ }
+
+ sd_event_source_unref(route->expire);
+
free(route);
}
case AF_INET6:
/* Equality of routes are given by the 4-touple
(dst_prefix,dst_prefixlen,tos,priority,table) */
- siphash24_compress(&route->dst_addr, FAMILY_ADDRESS_SIZE(route->family), state);
+ siphash24_compress(&route->dst, FAMILY_ADDRESS_SIZE(route->family), state);
siphash24_compress(&route->dst_prefixlen, sizeof(route->dst_prefixlen), state);
siphash24_compress(&route->tos, sizeof(route->tos), state);
siphash24_compress(&route->priority, sizeof(route->priority), state);
switch (a->family) {
case AF_INET:
case AF_INET6:
- //TODO: check IPv6 routes
if (a->dst_prefixlen < b->dst_prefixlen)
return -1;
if (a->dst_prefixlen > b->dst_prefixlen)
if (a->table > b->table)
return 1;
- return memcmp(&a->dst_addr, &b->dst_addr, FAMILY_ADDRESS_SIZE(a->family));
+ return memcmp(&a->dst, &b->dst, FAMILY_ADDRESS_SIZE(a->family));
default:
/* treat any other address family as AF_UNSPEC */
return 0;
.compare = route_compare_func
};
+int route_get(Link *link,
+ int family,
+ union in_addr_union *dst,
+ unsigned char dst_prefixlen,
+ unsigned char tos,
+ uint32_t priority,
+ unsigned char table,
+ Route **ret) {
+ Route route = {
+ .family = family,
+ .dst_prefixlen = dst_prefixlen,
+ .tos = tos,
+ .priority = priority,
+ .table = table,
+ }, *existing;
+
+ assert(link);
+ assert(dst);
+ assert(ret);
+
+ route.dst = *dst;
+
+ existing = set_get(link->routes, &route);
+ if (existing) {
+ *ret = existing;
+ return 1;
+ } else {
+ existing = set_get(link->routes_foreign, &route);
+ if (!existing)
+ return -ENOENT;
+ }
+
+ *ret = existing;
+
+ return 0;
+}
+
+static int route_add_internal(Link *link, Set **routes,
+ int family,
+ union in_addr_union *dst,
+ unsigned char dst_prefixlen,
+ unsigned char tos,
+ uint32_t priority,
+ unsigned char table, Route **ret) {
+ _cleanup_route_free_ Route *route = NULL;
+ int r;
+
+ assert(link);
+ assert(routes);
+ assert(dst);
+
+ r = route_new(&route);
+ if (r < 0)
+ return r;
+
+ route->family = family;
+ route->dst = *dst;
+ route->dst_prefixlen = dst_prefixlen;
+ route->tos = tos;
+ route->priority = priority;
+ route->table = table;
+
+ r = set_ensure_allocated(routes, &route_hash_ops);
+ if (r < 0)
+ return r;
+
+ r = set_put(*routes, route);
+ if (r < 0)
+ return r;
+
+ route->link = link;
+
+ if (ret)
+ *ret = route;
+
+ route = NULL;
+
+ return 0;
+}
+
+int route_add_foreign(Link *link,
+ int family,
+ union in_addr_union *dst,
+ unsigned char dst_prefixlen,
+ unsigned char tos,
+ uint32_t priority,
+ unsigned char table, Route **ret) {
+ return route_add_internal(link, &link->routes_foreign, family, dst, dst_prefixlen, tos, priority, table, ret);
+}
+
+int route_add(Link *link,
+ int family,
+ union in_addr_union *dst,
+ unsigned char dst_prefixlen,
+ unsigned char tos,
+ uint32_t priority,
+ unsigned char table, Route **ret) {
+ Route *route;
+ int r;
+
+ r = route_get(link, family, dst, dst_prefixlen, tos, priority, table, &route);
+ if (r == -ENOENT) {
+ /* Route does not exist, create a new one */
+ r = route_add_internal(link, &link->routes, family, dst, dst_prefixlen, tos, priority, table, &route);
+ if (r < 0)
+ return r;
+ } else if (r == 0) {
+ /* Take over a foreign route */
+ r = set_ensure_allocated(&link->routes, &route_hash_ops);
+ if (r < 0)
+ return r;
+
+ r = set_put(link->routes, route);
+ if (r < 0)
+ return r;
+
+ set_remove(link->routes_foreign, route);
+ } else if (r == 1) {
+ /* Route exists, do nothing */
+ ;
+ } else
+ return r;
+
+ *ret = route;
+
+ return 0;
+}
+
+int route_update(Route *route,
+ union in_addr_union *src,
+ unsigned char src_prefixlen,
+ union in_addr_union *gw,
+ union in_addr_union *prefsrc,
+ unsigned char scope,
+ unsigned char protocol) {
+ assert(route);
+ assert(src);
+ assert(gw);
+ assert(prefsrc);
+
+ route->src = *src;
+ route->src_prefixlen = src_prefixlen;
+ route->gw = *gw;
+ route->prefsrc = *prefsrc;
+ route->scope = scope;
+ route->protocol = protocol;
+
+ return 0;
+}
+
+void route_drop(Route *route) {
+ assert(route);
+
+ route_free(route);
+}
+
int route_remove(Route *route, Link *link,
sd_netlink_message_handler_t callback) {
_cleanup_netlink_message_unref_ sd_netlink_message *req = NULL;
if (r < 0)
return log_error_errno(r, "Could not create RTM_DELROUTE message: %m");
- if (!in_addr_is_null(route->family, &route->in_addr)) {
+ if (!in_addr_is_null(route->family, &route->gw)) {
if (route->family == AF_INET)
- r = sd_netlink_message_append_in_addr(req, RTA_GATEWAY, &route->in_addr.in);
+ r = sd_netlink_message_append_in_addr(req, RTA_GATEWAY, &route->gw.in);
else if (route->family == AF_INET6)
- r = sd_netlink_message_append_in6_addr(req, RTA_GATEWAY, &route->in_addr.in6);
+ r = sd_netlink_message_append_in6_addr(req, RTA_GATEWAY, &route->gw.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_GATEWAY attribute: %m");
}
if (route->dst_prefixlen) {
if (route->family == AF_INET)
- r = sd_netlink_message_append_in_addr(req, RTA_DST, &route->dst_addr.in);
+ r = sd_netlink_message_append_in_addr(req, RTA_DST, &route->dst.in);
else if (route->family == AF_INET6)
- r = sd_netlink_message_append_in6_addr(req, RTA_DST, &route->dst_addr.in6);
+ r = sd_netlink_message_append_in6_addr(req, RTA_DST, &route->dst.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_DST attribute: %m");
if (route->src_prefixlen) {
if (route->family == AF_INET)
- r = sd_netlink_message_append_in_addr(req, RTA_SRC, &route->src_addr.in);
+ r = sd_netlink_message_append_in_addr(req, RTA_SRC, &route->src.in);
else if (route->family == AF_INET6)
- r = sd_netlink_message_append_in6_addr(req, RTA_SRC, &route->src_addr.in6);
+ r = sd_netlink_message_append_in6_addr(req, RTA_SRC, &route->src.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_DST attribute: %m");
return log_error_errno(r, "Could not set source prefix length: %m");
}
- if (!in_addr_is_null(route->family, &route->prefsrc_addr)) {
+ if (!in_addr_is_null(route->family, &route->prefsrc)) {
if (route->family == AF_INET)
- r = sd_netlink_message_append_in_addr(req, RTA_PREFSRC, &route->prefsrc_addr.in);
+ r = sd_netlink_message_append_in_addr(req, RTA_PREFSRC, &route->prefsrc.in);
else if (route->family == AF_INET6)
- r = sd_netlink_message_append_in6_addr(req, RTA_PREFSRC, &route->prefsrc_addr.in6);
+ r = sd_netlink_message_append_in6_addr(req, RTA_PREFSRC, &route->prefsrc.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_PREFSRC attribute: %m");
}
if (r < 0)
return log_error_errno(r, "Could not set scope: %m");
- r = sd_netlink_message_append_u32(req, RTA_PRIORITY, route->metrics);
+ r = sd_netlink_message_append_u32(req, RTA_PRIORITY, route->priority);
if (r < 0)
return log_error_errno(r, "Could not append RTA_PRIORITY attribute: %m");
return 0;
}
+int route_expire_handler(sd_event_source *s, uint64_t usec, void *userdata) {
+ Route *route = userdata;
+ int r;
+
+ assert(route);
+
+ r = route_remove(route, route->link, NULL);
+ if (r < 0)
+ log_warning_errno(r, "Could not remove route: %m");
+
+ return 1;
+}
+
int route_configure(Route *route, Link *link,
sd_netlink_message_handler_t callback) {
_cleanup_netlink_message_unref_ sd_netlink_message *req = NULL;
+ _cleanup_event_source_unref_ sd_event_source *expire = NULL;
+ usec_t lifetime;
int r;
assert(link);
if (r < 0)
return log_error_errno(r, "Could not create RTM_NEWROUTE message: %m");
- if (!in_addr_is_null(route->family, &route->in_addr)) {
+ if (!in_addr_is_null(route->family, &route->gw)) {
if (route->family == AF_INET)
- r = sd_netlink_message_append_in_addr(req, RTA_GATEWAY, &route->in_addr.in);
+ r = sd_netlink_message_append_in_addr(req, RTA_GATEWAY, &route->gw.in);
else if (route->family == AF_INET6)
- r = sd_netlink_message_append_in6_addr(req, RTA_GATEWAY, &route->in_addr.in6);
+ r = sd_netlink_message_append_in6_addr(req, RTA_GATEWAY, &route->gw.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_GATEWAY attribute: %m");
}
if (route->dst_prefixlen) {
if (route->family == AF_INET)
- r = sd_netlink_message_append_in_addr(req, RTA_DST, &route->dst_addr.in);
+ r = sd_netlink_message_append_in_addr(req, RTA_DST, &route->dst.in);
else if (route->family == AF_INET6)
- r = sd_netlink_message_append_in6_addr(req, RTA_DST, &route->dst_addr.in6);
+ r = sd_netlink_message_append_in6_addr(req, RTA_DST, &route->dst.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_DST attribute: %m");
if (route->src_prefixlen) {
if (route->family == AF_INET)
- r = sd_netlink_message_append_in_addr(req, RTA_SRC, &route->src_addr.in);
+ r = sd_netlink_message_append_in_addr(req, RTA_SRC, &route->src.in);
else if (route->family == AF_INET6)
- r = sd_netlink_message_append_in6_addr(req, RTA_SRC, &route->src_addr.in6);
+ r = sd_netlink_message_append_in6_addr(req, RTA_SRC, &route->src.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_SRC attribute: %m");
return log_error_errno(r, "Could not set source prefix length: %m");
}
- if (!in_addr_is_null(route->family, &route->prefsrc_addr)) {
+ if (!in_addr_is_null(route->family, &route->prefsrc)) {
if (route->family == AF_INET)
- r = sd_netlink_message_append_in_addr(req, RTA_PREFSRC, &route->prefsrc_addr.in);
+ r = sd_netlink_message_append_in_addr(req, RTA_PREFSRC, &route->prefsrc.in);
else if (route->family == AF_INET6)
- r = sd_netlink_message_append_in6_addr(req, RTA_PREFSRC, &route->prefsrc_addr.in6);
+ r = sd_netlink_message_append_in6_addr(req, RTA_PREFSRC, &route->prefsrc.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_PREFSRC attribute: %m");
}
if (r < 0)
return log_error_errno(r, "Could not set scope: %m");
- r = sd_netlink_message_append_u32(req, RTA_PRIORITY, route->metrics);
+ r = sd_netlink_message_append_u32(req, RTA_PRIORITY, route->priority);
if (r < 0)
return log_error_errno(r, "Could not append RTA_PRIORITY attribute: %m");
link_ref(link);
+ lifetime = route->lifetime;
+
+ r = route_add(link, route->family, &route->dst, route->dst_prefixlen, route->tos, route->priority, route->table, &route);
+ if (r < 0)
+ return log_error_errno(r, "Could not add route: %m");
+
+ /* TODO: drop expiration handling once it can be pushed into the kernel */
+ route->lifetime = lifetime;
+
+ if (route->lifetime != USEC_INFINITY) {
+ r = sd_event_add_time(link->manager->event, &expire, clock_boottime_or_monotonic(),
+ route->lifetime, 0, route_expire_handler, route);
+ if (r < 0)
+ return log_error_errno(r, "Could not arm expiration timer: %m");
+ }
+
+ sd_event_source_unref(route->expire);
+ route->expire = expire;
+ expire = NULL;
+
return 0;
}
}
n->family = f;
- n->in_addr = buffer;
+ n->gw = buffer;
n = NULL;
return 0;
}
n->family = f;
- n->prefsrc_addr = buffer;
+ n->prefsrc = buffer;
n = NULL;
return 0;
n->family = f;
if (streq(lvalue, "Destination")) {
- n->dst_addr = buffer;
+ n->dst = buffer;
n->dst_prefixlen = prefixlen;
} else if (streq(lvalue, "Source")) {
- n->src_addr = buffer;
+ n->src = buffer;
n->src_prefixlen = prefixlen;
} else
assert_not_reached(lvalue);
if (r < 0)
return r;
- r = config_parse_unsigned(unit, filename, line, section,
- section_line, lvalue, ltype,
- rvalue, &n->metrics, userdata);
+ r = config_parse_uint32(unit, filename, line, section,
+ section_line, lvalue, ltype,
+ rvalue, &n->priority, userdata);
if (r < 0)
return r;
Network *network;
unsigned section;
+ Link *link;
+
int family;
unsigned char dst_prefixlen;
unsigned char src_prefixlen;
unsigned char scope;
- uint32_t metrics;
unsigned char protocol; /* RTPROT_* */
unsigned char tos;
- unsigned char priority;
+ uint32_t priority; /* note that ip(8) calls this 'metric' */
unsigned char table;
- union in_addr_union in_addr;
- union in_addr_union dst_addr;
- union in_addr_union src_addr;
- union in_addr_union prefsrc_addr;
+ union in_addr_union gw;
+ union in_addr_union dst;
+ union in_addr_union src;
+ union in_addr_union prefsrc;
+
+ usec_t lifetime;
+ sd_event_source *expire;
LIST_FIELDS(Route, routes);
};
int route_configure(Route *route, Link *link, sd_netlink_message_handler_t callback);
int route_remove(Route *route, Link *link, sd_netlink_message_handler_t callback);
+int route_get(Link *link, int family, union in_addr_union *dst, unsigned char dst_prefixlen, unsigned char tos, uint32_t priority, unsigned char table, Route **ret);
+int route_add(Link *link, int family, union in_addr_union *dst, unsigned char dst_prefixlen, unsigned char tos, uint32_t priority, unsigned char table, Route **ret);
+int route_add_foreign(Link *link, int family, union in_addr_union *dst, unsigned char dst_prefixlen, unsigned char tos, uint32_t priority, unsigned char table, Route **ret);
+int route_update(Route *route, union in_addr_union *src, unsigned char src_prefixlen, union in_addr_union *gw, union in_addr_union *prefsrc, unsigned char scope, unsigned char protocol);
+void route_drop(Route *route);
+
+int route_expire_handler(sd_event_source *s, uint64_t usec, void *userdata);
+
DEFINE_TRIVIAL_CLEANUP_FUNC(Route*, route_free);
#define _cleanup_route_free_ _cleanup_(route_freep)
if (streq(rvalue, "kernel"))
s = _ADDRESS_FAMILY_BOOLEAN_INVALID;
else {
- log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse IPForwarding= option, ignoring: %s", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse IPForward= option, ignoring: %s", rvalue);
return 0;
}
}
goto out;
}
+ r = manager_rtnl_enumerate_routes(m);
+ if (r < 0) {
+ log_error_errno(r, "Could not enumerate routes: %m");
+ goto out;
+ }
+
log_info("Enumeration completed");
sd_notify(false,
int manager_rtnl_enumerate_links(Manager *m);
int manager_rtnl_enumerate_addresses(Manager *m);
+int manager_rtnl_enumerate_routes(Manager *m);
int manager_rtnl_process_address(sd_netlink *nl, sd_netlink_message *message, void *userdata);
+int manager_rtnl_process_route(sd_netlink *nl, sd_netlink_message *message, void *userdata);
int manager_send_changed(Manager *m, const char *property, ...) _sentinel_;
void manager_dirty(Manager *m);
if (r < 0)
return log_error_errno(r, "Failed to make parents of %s: %m", where);
} else {
- log_error_errno(errno, "Failed to stat %s: %m", where);
- return -errno;
+ return log_error_errno(errno, "Failed to stat %s: %m", where);
}
/* Create the mount point. Any non-directory file can be
unsigned n_mounts,
int kill_signal,
char **properties,
- bool keep_unit) {
+ bool keep_unit,
+ const char *service) {
_cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_bus_flush_close_unref_ sd_bus *bus = NULL;
"sayssusai",
machine_name,
SD_BUS_MESSAGE_APPEND_ID128(uuid),
- "nspawn",
+ service,
"container",
(uint32_t) pid,
strempty(directory),
"sayssusai",
machine_name,
SD_BUS_MESSAGE_APPEND_ID128(uuid),
- "nspawn",
+ service,
"container",
(uint32_t) pid,
strempty(directory),
#include "nspawn-mount.h"
-int register_machine(const char *machine_name, pid_t pid, const char *directory, sd_id128_t uuid, int local_ifindex, const char *slice, CustomMount *mounts, unsigned n_mounts, int kill_signal, char **properties, bool keep_unit);
+int register_machine(const char *machine_name, pid_t pid, const char *directory, sd_id128_t uuid, int local_ifindex, const char *slice, CustomMount *mounts, unsigned n_mounts, int kill_signal, char **properties, bool keep_unit, const char *service);
int terminate_machine(pid_t pid);
static SettingsMask arg_settings_mask = 0;
static int arg_settings_trusted = -1;
static char **arg_parameters = NULL;
+static const char *arg_container_service_name = "systemd-nspawn";
static void help(void) {
printf("%s [OPTIONS...] [PATH] [ARGUMENTS...]\n\n"
" --network-ipvlan=INTERFACE\n"
" Create a ipvlan network interface based on an\n"
" existing network interface to the container\n"
- " -n --network-veth Add a virtual ethernet connection between host\n"
+ " -n --network-veth Add a virtual Ethernet connection between host\n"
" and container\n"
" --network-bridge=INTERFACE\n"
- " Add a virtual ethernet connection between host\n"
+ " Add a virtual Ethernet connection between host\n"
" and container and add it to an existing bridge on\n"
" the host\n"
" -p --port=[PROTOCOL:]HOSTPORT[:CONTAINERPORT]\n"
};
int c, r;
- const char *p;
+ const char *p, *e;
uint64_t plus = 0, minus = 0;
bool mask_all_settings = false, mask_no_settings = false;
if (r < 0)
return r;
+ e = getenv("SYSTEMD_NSPAWN_CONTAINER_SERVICE");
+ if (e)
+ arg_container_service_name = e;
+
return 1;
}
static int setup_pts(const char *dest) {
_cleanup_free_ char *options = NULL;
const char *p;
+ int r;
#ifdef HAVE_SELINUX
if (arg_selinux_apifs_context)
return log_error_errno(errno, "Failed to create /dev/pts: %m");
if (mount("devpts", p, "devpts", MS_NOSUID|MS_NOEXEC, options) < 0)
return log_error_errno(errno, "Failed to mount /dev/pts: %m");
- if (userns_lchown(p, 0, 0) < 0)
- return log_error_errno(errno, "Failed to chown /dev/pts: %m");
+ r = userns_lchown(p, 0, 0);
+ if (r < 0)
+ return log_error_errno(r, "Failed to chown /dev/pts: %m");
/* Create /dev/ptmx symlink */
p = prefix_roota(dest, "/dev/ptmx");
if (symlink("pts/ptmx", p) < 0)
return log_error_errno(errno, "Failed to create /dev/ptmx symlink: %m");
- if (userns_lchown(p, 0, 0) < 0)
- return log_error_errno(errno, "Failed to chown /dev/ptmx: %m");
+ r = userns_lchown(p, 0, 0);
+ if (r < 0)
+ return log_error_errno(r, "Failed to chown /dev/ptmx: %m");
/* And fix /dev/pts/ptmx ownership */
p = prefix_roota(dest, "/dev/pts/ptmx");
- if (userns_lchown(p, 0, 0) < 0)
- return log_error_errno(errno, "Failed to chown /dev/pts/ptmx: %m");
+ r = userns_lchown(p, 0, 0);
+ if (r < 0)
+ return log_error_errno(r, "Failed to chown /dev/pts/ptmx: %m");
return 0;
}
r = userns_mkdir(directory, p, 0755, 0, 0);
if (r < 0)
- log_warning_errno(errno, "Failed to create directory %s: %m", q);
+ log_warning_errno(r, "Failed to create directory %s: %m", q);
return 0;
}
if (errno == ENOTDIR) {
log_error("%s already exists and is neither a symlink nor a directory", p);
return r;
- } else {
- log_error_errno(errno, "Failed to remove %s: %m", p);
- return -errno;
- }
+ } else
+ return log_error_errno(errno, "Failed to remove %s: %m", p);
}
- } else if (r != -ENOENT) {
- log_error_errno(errno, "readlink(%s) failed: %m", p);
- return r;
- }
+ } else if (r != -ENOENT)
+ return log_error_errno(r, "readlink(%s) failed: %m", p);
if (arg_link_journal == LINK_GUEST) {
if (arg_link_journal_try) {
log_debug_errno(errno, "Failed to symlink %s to %s, skipping journal setup: %m", q, p);
return 0;
- } else {
- log_error_errno(errno, "Failed to symlink %s to %s: %m", q, p);
- return -errno;
- }
+ } else
+ return log_error_errno(errno, "Failed to symlink %s to %s: %m", q, p);
}
r = userns_mkdir(directory, p, 0755, 0, 0);
if (r < 0)
- log_warning_errno(errno, "Failed to create directory %s: %m", q);
+ log_warning_errno(r, "Failed to create directory %s: %m", q);
return 0;
}
if (arg_link_journal_try) {
log_debug_errno(errno, "Failed to create %s, skipping journal setup: %m", p);
return 0;
- } else {
- log_error_errno(errno, "Failed to create %s: %m", p);
- return r;
- }
+ } else
+ return log_error_errno(errno, "Failed to create %s: %m", p);
}
} else if (access(p, F_OK) < 0)
log_warning("%s is not empty, proceeding anyway.", q);
r = userns_mkdir(directory, p, 0755, 0, 0);
- if (r < 0) {
- log_error_errno(errno, "Failed to create %s: %m", q);
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to create %s: %m", q);
if (mount(p, q, NULL, MS_BIND, NULL) < 0)
return log_error_errno(errno, "Failed to bind mount journal from host into guest: %m");
static int setup_propagate(const char *root) {
const char *p, *q;
+ int r;
(void) mkdir_p("/run/systemd/nspawn/", 0755);
(void) mkdir_p("/run/systemd/nspawn/propagate", 0600);
p = strjoina("/run/systemd/nspawn/propagate/", arg_machine);
(void) mkdir_p(p, 0600);
- if (userns_mkdir(root, "/run/systemd", 0755, 0, 0) < 0)
- return log_error_errno(errno, "Failed to create /run/systemd: %m");
+ r = userns_mkdir(root, "/run/systemd", 0755, 0, 0);
+ if (r < 0)
+ return log_error_errno(r, "Failed to create /run/systemd: %m");
- if (userns_mkdir(root, "/run/systemd/nspawn", 0755, 0, 0) < 0)
- return log_error_errno(errno, "Failed to create /run/systemd/nspawn: %m");
+ r = userns_mkdir(root, "/run/systemd/nspawn", 0755, 0, 0);
+ if (r < 0)
+ return log_error_errno(r, "Failed to create /run/systemd/nspawn: %m");
- if (userns_mkdir(root, "/run/systemd/nspawn/incoming", 0600, 0, 0) < 0)
- return log_error_errno(errno, "Failed to create /run/systemd/nspawn/incoming: %m");
+ r = userns_mkdir(root, "/run/systemd/nspawn/incoming", 0600, 0, 0);
+ if (r < 0)
+ return log_error_errno(r, "Failed to create /run/systemd/nspawn/incoming: %m");
q = prefix_roota(root, "/run/systemd/nspawn/incoming");
if (mount(p, q, NULL, MS_BIND, NULL) < 0)
}
if (!S_ISREG(st.st_mode)) {
- log_error_errno(errno, "%s is not a regular file or block device: %m", arg_image);
+ log_error("%s is not a regular file or block device.", arg_image);
return -EINVAL;
}
if (errno == 0)
return log_oom();
- log_error_errno(errno, "Failed to set device on blkid probe: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to set device on blkid probe: %m");
}
blkid_probe_enable_partitions(b, 1);
} else if (r != 0) {
if (errno == 0)
errno = EIO;
- log_error_errno(errno, "Failed to probe: %m");
- return -errno;
+ return log_error_errno(errno, "Failed to probe: %m");
}
(void) blkid_probe_lookup_value(b, "PTTYPE", &pttype, NULL);
if (!errno)
errno = ENOMEM;
- log_error_errno(errno, "Failed to get partition device of %s: %m", arg_image);
- return -errno;
+ return log_error_errno(errno, "Failed to get partition device of %s: %m", arg_image);
}
qn = udev_device_get_devnum(q);
if (!b) {
if (errno == 0)
return log_oom();
- log_error_errno(errno, "Failed to allocate prober for %s: %m", what);
- return -errno;
+ return log_error_errno(errno, "Failed to allocate prober for %s: %m", what);
}
blkid_probe_enable_superblocks(b, 1);
} else if (r != 0) {
if (errno == 0)
errno = EIO;
- log_error_errno(errno, "Failed to probe %s: %m", what);
- return -errno;
+ return log_error_errno(errno, "Failed to probe %s: %m", what);
}
errno = 0;
FDSet *fds) {
_cleanup_free_ char *home = NULL;
- unsigned n_env = 2;
+ unsigned n_env = 1;
const char *envp[] = {
"PATH=" DEFAULT_PATH_SPLIT_USR,
- "container=systemd-nspawn", /* LXC sets container=lxc, so follow the scheme here */
+ NULL, /* container */
NULL, /* TERM */
NULL, /* HOME */
NULL, /* USER */
rtnl_socket = safe_close(rtnl_socket);
}
- if (drop_capabilities() < 0)
- return log_error_errno(errno, "drop_capabilities() failed: %m");
+ r = drop_capabilities();
+ if (r < 0)
+ return log_error_errno(r, "drop_capabilities() failed: %m");
setup_hostname();
if (r < 0)
return r;
+ /* LXC sets container=lxc, so follow the scheme here */
+ envp[n_env++] = strjoina("container=", arg_container_service_name);
+
envp[n_env] = strv_find_prefix(environ, "TERM=");
if (envp[n_env])
n_env ++;
execle("/bin/sh", "-sh", NULL, env_use);
}
+ r = -errno;
(void) log_open();
- return log_error_errno(errno, "execv() failed: %m");
+ return log_error_errno(r, "execv() failed: %m");
}
static int outer_child(
p = j;
j = NULL;
- /* By default we trust configuration from /etc and /run */
+ /* By default, we trust configuration from /etc and /run */
if (arg_settings_trusted < 0)
arg_settings_trusted = true;
if (!f && errno != ENOENT)
return log_error_errno(errno, "Failed to open %s: %m", p);
- /* By default we do not trust configuration from /var/lib/machines */
+ /* By default, we do not trust configuration from /var/lib/machines */
if (arg_settings_trusted < 0)
arg_settings_trusted = false;
}
arg_custom_mounts, arg_n_custom_mounts,
arg_kill_signal,
arg_property,
- arg_keep_unit);
+ arg_keep_unit,
+ arg_container_service_name);
if (r < 0)
goto finish;
}
if (errno == EEXIST)
return 0;
- log_error_errno(errno, "Failed to create symlink %s: %m", to);
- return -errno;
+ return log_error_errno(errno, "Failed to create symlink %s: %m", to);
}
return 1;
percent = strchr(s, '%');
if (percent) {
- r = safe_atoi(percent+1, &ifi);
- if (r < 0 || ifi <= 0) {
+ if (parse_ifindex(percent+1, &ifi) < 0) {
ifi = if_nametoindex(percent+1);
if (ifi <= 0)
return -EINVAL;
case 'i': {
int ifi;
- if (safe_atoi(optarg, &ifi) >= 0 && ifi > 0)
+ if (parse_ifindex(optarg, &ifi) >= 0)
arg_ifindex = ifi;
else {
ifi = if_nametoindex(optarg);
#include "alloc-util.h"
#include "conf-parser.h"
+#include "def.h"
#include "extract-word.h"
#include "parse-util.h"
#include "resolved-conf.h"
/* Empty assignment means clear the list */
manager_flush_dns_servers(m, ltype);
else {
- /* Otherwise add to the list */
+ /* Otherwise, add to the list */
r = manager_parse_dns_server(m, ltype, rvalue);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse DNS server string '%s'. Ignoring.", rvalue);
assert(udev);
assert(event);
- if (!shall_restore_state())
+ if (shall_restore_state() == 0)
return 0;
r = find_device(udev, event, &device);
fd = mkostemp_safe(temp, O_WRONLY|O_CLOEXEC);
if (fd < 0) {
- r = -errno;
+ r = fd;
goto finish;
}
if (errno == ENOENT)
return 0;
- log_warning_errno(errno, "Failed to open /proc/sysvipc/shm: %m");
- return -errno;
+ return log_warning_errno(errno, "Failed to open /proc/sysvipc/shm: %m");
}
FOREACH_LINE(line, f, goto fail) {
return ret;
fail:
- log_warning_errno(errno, "Failed to read /proc/sysvipc/shm: %m");
- return -errno;
+ return log_warning_errno(errno, "Failed to read /proc/sysvipc/shm: %m");
}
static int clean_sysvipc_sem(uid_t delete_uid) {
if (errno == ENOENT)
return 0;
- log_warning_errno(errno, "Failed to open /proc/sysvipc/sem: %m");
- return -errno;
+ return log_warning_errno(errno, "Failed to open /proc/sysvipc/sem: %m");
}
FOREACH_LINE(line, f, goto fail) {
return ret;
fail:
- log_warning_errno(errno, "Failed to read /proc/sysvipc/sem: %m");
- return -errno;
+ return log_warning_errno(errno, "Failed to read /proc/sysvipc/sem: %m");
}
static int clean_sysvipc_msg(uid_t delete_uid) {
if (errno == ENOENT)
return 0;
- log_warning_errno(errno, "Failed to open /proc/sysvipc/msg: %m");
- return -errno;
+ return log_warning_errno(errno, "Failed to open /proc/sysvipc/msg: %m");
}
FOREACH_LINE(line, f, goto fail) {
return ret;
fail:
- log_warning_errno(errno, "Failed to read /proc/sysvipc/msg: %m");
- return -errno;
+ return log_warning_errno(errno, "Failed to read /proc/sysvipc/msg: %m");
}
static int clean_posix_shm_internal(DIR *dir, uid_t uid) {
if (errno == ENOENT)
return 0;
- log_warning_errno(errno, "Failed to open /dev/shm: %m");
- return -errno;
+ return log_warning_errno(errno, "Failed to open /dev/shm: %m");
}
return clean_posix_shm_internal(dir, uid);
if (errno == ENOENT)
return 0;
- log_warning_errno(errno, "Failed to open /dev/mqueue: %m");
- return -errno;
+ return log_warning_errno(errno, "Failed to open /dev/mqueue: %m");
}
FOREACH_DIRENT(de, dir, goto fail) {
return ret;
fail:
- log_warning_errno(errno, "Failed to read /dev/mqueue: %m");
- return -errno;
+ return log_warning_errno(errno, "Failed to read /dev/mqueue: %m");
}
int clean_ipc(uid_t uid) {
if (b.f_bavail > b.f_blocks / 3)
return 0;
- /* Calculate how much we are willing to add at maximum */
+ /* Calculate how much we are willing to add at most */
max_add = ((uint64_t) a.f_bavail * (uint64_t) a.f_bsize) - VAR_LIB_MACHINES_FREE_MIN;
/* Calculate the old size */
#include "alloc-util.h"
#include "conf-parser.h"
+#include "def.h"
#include "fd-util.h"
#include "fileio.h"
#include "log.h"
+#include "parse-util.h"
#include "sleep-config.h"
#include "string-util.h"
#include "strv.h"
#include "util.h"
-#include "parse-util.h"
#define USE(x, y) do{ (x) = (y); (y) = NULL; } while(0)
#include <string.h>
#include "conf-files.h"
+#include "def.h"
#include "fd-util.h"
#include "fileio.h"
#include "hashmap.h"
if (feof(f))
break;
- log_error_errno(errno, "Failed to read file '%s', ignoring: %m", path);
- return -errno;
+ return log_error_errno(errno, "Failed to read file '%s', ignoring: %m", path);
}
p = strstrip(l);
+++ /dev/null
-/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
-
-#ifndef foosdpppoefoo
-#define foosdpppoefoo
-
-/***
- This file is part of systemd.
-
- Copyright (C) 2014 Tom Gundersen
-
- systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- systemd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <net/ethernet.h>
-
-#include "sd-event.h"
-#include "_sd-common.h"
-
-_SD_BEGIN_DECLARATIONS;
-
-enum {
- SD_PPPOE_EVENT_RUNNING = 0,
- SD_PPPOE_EVENT_STOPPED = 1,
-};
-
-typedef struct sd_pppoe sd_pppoe;
-typedef void (*sd_pppoe_cb_t)(sd_pppoe *ppp, int event, void *userdata);
-
-int sd_pppoe_detach_event(sd_pppoe *ppp);
-int sd_pppoe_attach_event(sd_pppoe *ppp, sd_event *event, int priority);
-int sd_pppoe_get_channel(sd_pppoe *ppp, int *channel);
-int sd_pppoe_set_callback(sd_pppoe *ppp, sd_pppoe_cb_t cb, void *userdata);
-int sd_pppoe_set_ifindex(sd_pppoe *ppp, int ifindex);
-int sd_pppoe_set_ifname(sd_pppoe *ppp, const char *ifname);
-int sd_pppoe_set_service_name(sd_pppoe *ppp, const char *service_name);
-int sd_pppoe_start(sd_pppoe *ppp);
-int sd_pppoe_stop(sd_pppoe *ppp);
-sd_pppoe *sd_pppoe_ref(sd_pppoe *ppp);
-sd_pppoe *sd_pppoe_unref(sd_pppoe *ppp);
-int sd_pppoe_new (sd_pppoe **ret);
-
-_SD_END_DECLARATIONS;
-
-#endif
#include "alloc-util.h"
#include "conf-files.h"
#include "copy.h"
+#include "def.h"
+#include "fd-util.h"
#include "fileio-label.h"
#include "formats-util.h"
#include "hashmap.h"
#include "string-util.h"
#include "strv.h"
#include "uid-range.h"
+#include "user-util.h"
#include "utf8.h"
#include "util.h"
-#include "fd-util.h"
-#include "user-util.h"
typedef enum ItemType {
ADD_USER = 'u',
}
}
- /* Otherwise try to reuse the group ID */
+ /* Otherwise, try to reuse the group ID */
if (!i->uid_set && i->gid_set) {
r = uid_is_ok((uid_t) i->gid, i->name);
if (r < 0)
--- /dev/null
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+ This file is part of systemd.
+
+ Copyright 2015 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include "string-util.h"
+
+static void test_string_erase(void) {
+ char *x;
+
+ x = strdupa("");
+ assert_se(streq(string_erase(x), ""));
+
+ x = strdupa("1");
+ assert_se(streq(string_erase(x), "x"));
+
+ x = strdupa("12");
+ assert_se(streq(string_erase(x), "xx"));
+
+ x = strdupa("123");
+ assert_se(streq(string_erase(x), "xxx"));
+
+ x = strdupa("1234");
+ assert_se(streq(string_erase(x), "xxxx"));
+
+ x = strdupa("12345");
+ assert_se(streq(string_erase(x), "xxxxx"));
+
+ x = strdupa("123456");
+ assert_se(streq(string_erase(x), "xxxxxx"));
+
+ x = strdupa("1234567");
+ assert_se(streq(string_erase(x), "xxxxxxx"));
+
+ x = strdupa("12345678");
+ assert_se(streq(string_erase(x), "xxxxxxxx"));
+
+ x = strdupa("123456789");
+ assert_se(streq(string_erase(x), "xxxxxxxxx"));
+}
+
+int main(int argc, char *argv[]) {
+ test_string_erase();
+ return 0;
+}
{ "test/dev", "/dev", "failed to mount test /dev" },
{ "test/run", "/run", "failed to mount test /run" },
{ "test/run", "/etc/udev/rules.d", "failed to mount empty /etc/udev/rules.d" },
- { "test/run", "/usr/lib/udev/rules.d", "failed to mount empty /usr/lib/udev/rules.d" },
+ { "test/run", UDEVLIBEXECDIR "/rules.d","failed to mount empty " UDEVLIBEXECDIR "/rules.d" },
};
unsigned int i;
int err;
err = mount(fakefss[i].src, fakefss[i].target, NULL, MS_BIND, NULL);
if (err < 0) {
err = -errno;
- fprintf(stderr, "%s %m", fakefss[i].error);
+ fprintf(stderr, "%s %m\n", fakefss[i].error);
return err;
}
}
#include "process-util.h"
#include "rm-rf.h"
#include "signal-util.h"
+#include "special.h"
#include "stat-util.h"
#include "string-util.h"
#include "strv.h"
assert_se(rmdir(t) >= 0);
}
+static void test_runlevel_to_target(void) {
+ assert_se(streq_ptr(runlevel_to_target(NULL), NULL));
+ assert_se(streq_ptr(runlevel_to_target("unknown-runlevel"), NULL));
+ assert_se(streq_ptr(runlevel_to_target("3"), SPECIAL_MULTI_USER_TARGET));
+}
+
int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
test_tempfn();
test_strcmp_ptr();
test_fgetxattrat_fake();
+ test_runlevel_to_target();
return 0;
}
***/
#include "alloc-util.h"
+#include "def.h"
+#include "extract-word.h"
#include "string-util.h"
+#include "timesyncd-conf.h"
#include "timesyncd-manager.h"
#include "timesyncd-server.h"
-#include "timesyncd-conf.h"
-#include "extract-word.h"
int manager_parse_server_string(Manager *m, ServerType type, const char *string) {
ServerName *first;
r = clock_adjtime(CLOCK_REALTIME, &tmx);
if (r < 0)
- return r;
+ return -errno;
touch("/var/lib/systemd/clock");
m->sync = true;
r = manager_adjust_clock(m, offset, leap_sec);
if (r < 0)
- log_error_errno(errno, "Failed to call clock_adjtime(): %m");
+ log_error_errno(r, "Failed to call clock_adjtime(): %m");
}
log_debug("interval/delta/delay/jitter/drift " USEC_FMT "s/%+.3fs/%.3fs/%.3fs/%+ippm%s",
#include "chattr-util.h"
#include "conf-files.h"
#include "copy.h"
+#include "def.h"
#include "escape.h"
#include "fd-util.h"
#include "fileio.h"
if (errno == ENOENT)
return 0;
- return log_error_errno(errno, "Failed top open /run/systemd/ask-password: %m");
+ return log_error_errno(errno, "Failed to open /run/systemd/ask-password: %m");
}
FOREACH_DIRENT_ALL(de, d, return log_error_errno(errno, "Failed to read directory: %m")) {
* http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames
*
* Two character prefixes based on the type of interface:
- * en -- ethernet
+ * en -- Ethernet
* sl -- serial line IP (slip)
* wl -- wlan
* ww -- wwan
* exported.
* The usual USB configuration == 1 and interface == 0 values are suppressed.
*
- * PCI ethernet card with firmware index "1":
+ * PCI Ethernet card with firmware index "1":
* ID_NET_NAME_ONBOARD=eno1
* ID_NET_NAME_ONBOARD_LABEL=Ethernet Port 1
*
- * PCI ethernet card in hotplug slot with firmware index number:
+ * PCI Ethernet card in hotplug slot with firmware index number:
* /sys/devices/pci0000:00/0000:00:1c.3/0000:05:00.0/net/ens1
* ID_NET_NAME_MAC=enx000000000466
* ID_NET_NAME_PATH=enp5s0
* ID_NET_NAME_SLOT=ens1
*
- * PCI ethernet multi-function card with 2 ports:
+ * PCI Ethernet multi-function card with 2 ports:
* /sys/devices/pci0000:00/0000:00:1c.0/0000:02:00.0/net/enp2s0f0
* ID_NET_NAME_MAC=enx78e7d1ea46da
* ID_NET_NAME_PATH=enp2s0f0
r = devnode_acl(path, true, false, 0, true, uid);
if (r < 0) {
- log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
+ log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
goto finish;
}
execve(argv[0], argv, envp);
/* exec failed */
- log_error_errno(errno, "failed to execute '%s' '%s': %m", argv[0], cmd);
-
- return -errno;
+ return log_error_errno(errno, "failed to execute '%s' '%s': %m", argv[0], cmd);
}
static void spawn_read(struct udev_event *event,
mode |= S_IFCHR;
if (lstat(devnode, &stats) != 0) {
- err = -errno;
- log_debug_errno(errno, "can not stat() node '%s' (%m)", devnode);
+ err = log_debug_errno(errno, "can not stat() node '%s' (%m)", devnode);
goto out;
}
r = sd_event_default(&manager->event);
if (r < 0)
- return log_error_errno(errno, "could not allocate event loop: %m");
+ return log_error_errno(r, "could not allocate event loop: %m");
r = sd_event_add_signal(manager->event, NULL, SIGINT, on_sigterm, manager);
if (r < 0)
fd = open_terminal(vc, O_RDWR|O_CLOEXEC);
if (fd < 0) {
- log_error_errno(errno, "Failed to open %s: %m", vc);
+ log_error_errno(fd, "Failed to open %s: %m", vc);
return EXIT_FAILURE;
}
# Fair Queue CoDel packet scheduler to fight bufferbloat
net.core.default_qdisc = fq_codel
-# Make sure we can queue more than just a few datagrams in AF_UNIX sockets.
-net.unix.max_dgram_qlen = 512
-
# Enable hard and soft link protection
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
grep 'hello\.service' /root/list-jobs.txt && exit 1
systemctl stop sleep.service hello-after-sleep.target || exit 1
-# Test for a crash when enqueueing a JOB_NOP when other job already exists
+# Test for a crash when enqueuing a JOB_NOP when other job already exists
systemctl start --no-block hello-after-sleep.target || exit 1
# hello.service should still be waiting, so these try-restarts will collapse
# into NOPs.
Description=Test for SystemCallErrorNumber
[Service]
-ExecStart=/usr/bin/uname -a
+ExecStart=/bin/sh -c 'uname -a'
SystemCallFilter=~uname
SystemCallErrorNumber=EACCES
inst $ROOTLIBDIR/system/dbus.service
find \
- /etc/dbus-1 -xtype f \
+ /etc/dbus-1 /usr/share/dbus-1 -xtype f \
| while read file; do
inst $file
done
NotifyAccess=all
StandardOutput=null
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
+WatchdogSec=3min
FileDescriptorStoreMax=1024
# Increase the default a bit in order to allow many simultaneous
[Socket]
ReceiveBuffer=8M
-ListenNetlink=route 273
+ListenNetlink=route 1361
PassCredentials=yes
[Install]
projects / thirdparty / systemd.git / commitdiff
