-<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
+<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!--
+ SPDX-License-Identifier: LGPL-2.1+
+ Copyright © 2014 Jason St. John
+-->
+
<refentry id="udev">
<refentryinfo>
<title>udev</title>
<productname>systemd</productname>
- <authorgroup>
- <author>
- <contrib>Developer</contrib>
- <firstname>Greg</firstname>
- <surname>Kroah-Hartmann</surname>
- <email>greg@kroah.com</email>
- </author>
- <author>
- <contrib>Developer</contrib>
- <firstname>Kay</firstname>
- <surname>Sievers</surname>
- <email>kay@vrfy.org</email>
- </author>
- </authorgroup>
</refentryinfo>
<refmeta>
<para>Starting daemons or other long-running processes is not appropriate
for udev; the forked processes, detached or not, will be unconditionally
killed after the event handling has finished.</para>
+ <para>Note that running programs that access the network or mount/unmount
+ filesystems is not allowed inside of udev rules, due to the default sandbox
+ that is enforced on <filename>systemd-udevd.service</filename>.</para>
</listitem>
</varlistentry>
<term><literal>program</literal></term>
<listitem>
<para>Execute an external program specified as the assigned
- value and if it returns successfully
+ value and, if it returns successfully,
import its output, which must be in environment key
format. Path specification, command/argument separation,
and quoting work like in <varname>RUN</varname>.</para>
<varlistentry>
<term><option>string_escape=<replaceable>none|replace</replaceable></option></term>
<listitem>
- <para>Usually control and other possibly unsafe characters are replaced
+ <para>Usually, control and other possibly unsafe characters are replaced
in strings used for device naming. The mode of replacement can be specified
with this option.</para>
</listitem>
<para>The <varname>NAME</varname>, <varname>SYMLINK</varname>,
<varname>PROGRAM</varname>, <varname>OWNER</varname>,
- <varname>GROUP</varname>, <varname>MODE</varname>, and
- <varname>RUN</varname> fields support simple string substitutions.
+ <varname>GROUP</varname>, <varname>MODE</varname>, <varname>SECLABEL</varname>,
+ and <varname>RUN</varname> fields support simple string substitutions.
The <varname>RUN</varname> substitutions are performed after all rules
have been processed, right before the program is executed, allowing for
the use of device properties set by earlier matching rules. For all other