X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;ds=sidebyside;f=docs%2FENVIRONMENT.md;h=f72ed20dd0fc094a2bcbe7c76134df614704eb96;hb=HEAD;hp=4d3b7a2636226b6762e6118eb3eb8543ab7223e3;hpb=5e575e4d923b3f4fce0d9a15264ae2631fd2c6c7;p=thirdparty%2Fsystemd.git diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index 4d3b7a26362..c4163704402 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -23,17 +23,17 @@ All tools: * `$SYSTEMD_OFFLINE=[0|1]` — if set to `1`, then `systemctl` will refrain from talking to PID 1; this has the same effect as the historical detection of `chroot()`. Setting this variable to `0` instead has a similar effect as - `$SYSTEMD_IGNORE_CHROOT=1`; i.e. tools will try to communicate with PID 1 + `$SYSTEMD_IN_CHROOT=0`; i.e. tools will try to communicate with PID 1 even if a `chroot()` environment is detected. You almost certainly want to set this to `1` if you maintain a package build system or similar and are trying to use a modern container system and not plain `chroot()`. -* `$SYSTEMD_IGNORE_CHROOT=1` — if set, don't check whether being invoked in a - `chroot()` environment. This is particularly relevant for systemctl, as it - will not alter its behaviour for `chroot()` environments if set. Normally it - refrains from talking to PID 1 in such a case; turning most operations such - as `start` into no-ops. If that's what's explicitly desired, you might - consider setting `$SYSTEMD_OFFLINE=1`. +* `$SYSTEMD_IN_CHROOT=0|1` — takes a boolean. If set, overrides chroot detection. + This is particularly relevant for systemctl, as it will not alter its behaviour + for `chroot()` environments if `SYSTEMD_IN_CHROOT=0`. Normally it refrains from + talking to PID 1 in such a case; turning most operations such as `start` into + no-ops. If that's what's explicitly desired, you might consider setting + `$SYSTEMD_OFFLINE=1`. * `$SYSTEMD_FIRST_BOOT=0|1` — if set, assume "first boot" condition to be false or true, instead of checking the flag file created by PID 1. @@ -183,6 +183,17 @@ All tools: expected format is six groups of two hexadecimal digits separated by colons, e.g. `SYSTEMD_NSPAWN_NETWORK_MAC=12:34:56:78:90:AB` +`systemd-vmspawn`: + +* `$SYSTEMD_VMSPAWN_NETWORK_MAC=...` — if set, allows users to set a specific MAC + address for a VM, ensuring that it uses the provided value instead of + generating a random one. It is effective when used with `--network-tap`. The + expected format is six groups of two hexadecimal digits separated by colons, + e.g. `SYSTEMD_VMSPAWN_NETWORK_MAC=12:34:56:78:90:AB` + +* `$SYSTEMD_VMSPAWN_QEMU_EXTRA=…` – may contain additional command line + arguments to append the qemu command line. + `systemd-logind`: * `$SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK=1` — if set, report that @@ -330,7 +341,7 @@ All tools: for cases where we don't need to track given unit type, e.g. `--user` manager often doesn't need to deal with device or swap units because they are handled by the `--system` manager (PID 1). Note that setting certain unit - type as unsupported may not prevent loading some units of that type if they + type as unsupported might not prevent loading some units of that type if they are referenced by other units of another supported type. * `$SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST` — can be set to override the mount @@ -348,12 +359,17 @@ All tools: `systemd-gpt-auto-generator` to ensure the root partition is mounted writable in accordance to the GPT partition flags. -`systemd-firstboot` and `localectl`: +`systemd-firstboot`, `localectl`, and `systemd-localed`: * `$SYSTEMD_LIST_NON_UTF8_LOCALES=1` — if set, non-UTF-8 locales are listed among the installed ones. By default non-UTF-8 locales are suppressed from the selection, since we are living in the 21st century. +* `$SYSTEMD_KEYMAP_DIRECTORIES=` — takes a colon (`:`) separated list of keymap + directories. The directories must be absolute and normalized. If unset, the + default keymap directories (/usr/share/keymaps/, /usr/share/kbd/keymaps/, and + /usr/lib/kbd/keymaps/) will be used. + `systemd-resolved`: * `$SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME` — if set to "0", `systemd-resolved` @@ -373,6 +389,13 @@ All tools: `$SYSTEMD_CONFEXT_HIERARCHIES` works for confext images and supports the systemd-confext multi-call functionality of sysext. +* `$SYSTEMD_SYSEXT_MUTABLE_MODE` — this variable may be used to override the + default mutability mode for hierarchies managed by `systemd-sysext`. It takes + the same values the `--mutable=` command line switch does. Note that the + command line still overrides the effect of the environment + variable. Similarly, `$SYSTEMD_CONFEXT_MUTABLE_MODE` works for confext images + and supports the systemd-confext multi-call functionality of sysext. + `systemd-tmpfiles`: * `$SYSTEMD_TMPFILES_FORCE_SUBVOL` — if unset, `v`/`q`/`Q` lines will create @@ -558,6 +581,14 @@ SYSTEMD_HOME_DEBUG_SUFFIX=foo \ `mkfs` when formatting LUKS home directories. There's one variable for each of the supported file systems for the LUKS home directory backend. +* `$SYSTEMD_HOME_LOCK_FREEZE_SESSION` - Takes a boolean. When false, the user's + session will not be frozen when the home directory is locked. Note that the kernel + may still freeze any task that tries to access data from the user's locked home + directory. This can lead to data loss, security leaks, or other undesired behavior + caused by parts of the session becoming unresponsive due to disk I/O while other + parts of the session continue running. Thus, we highly recommend that this variable + isn't used unless necessary. Defaults to true. + `kernel-install`: * `$KERNEL_INSTALL_BYPASS` – If set to "1", execution of kernel-install is skipped @@ -603,6 +634,10 @@ SYSTEMD_HOME_DEBUG_SUFFIX=foo \ * `$SYSTEMD_REPART_OVERRIDE_FSTYPE` – if set the value will override the file system type specified in Format= lines in partition definition files. + Additionally, the filesystem for all partitions with a specific designator can + be overridden via a correspondingly named environment variable. For example, + to override the filesystem type for all partitions with `Type=root`, you can + set `SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=ext4`. `systemd-nspawn`, `systemd-networkd`: @@ -610,6 +645,13 @@ SYSTEMD_HOME_DEBUG_SUFFIX=foo \ `nftables`. Selects the firewall backend to use. If not specified tries to use `nftables` and falls back to `iptables` if that's not available. +`systemd-networkd`: + +* `$SYSTEMD_NETWORK_PERSISTENT_STORAGE_READY` – takes a boolean. If true, + systemd-networkd tries to open the persistent storage on start. To make this + work, ProtectSystem=strict in systemd-networkd.service needs to be downgraded + or disabled. + `systemd-storagetm`: * `$SYSTEMD_NVME_MODEL`, `$SYSTEMD_NVME_FIRMWARE`, `$SYSTEMD_NVME_SERIAL`, @@ -631,6 +673,14 @@ SYSTEMD_HOME_DEBUG_SUFFIX=foo \ file (containing firmware measurement data) to read. This allows overriding the default of `/sys/kernel/security/tpm0/binary_bios_measurements`. +`systemd-sleep`: + +* `$SYSTEMD_SLEEP_FREEZE_USER_SESSIONS` - Takes a boolean. When true (the default), + `user.slice` will be frozen during sleep. When false it will not be. We recommend + against using this variable, because it can lead to undesired behavior, especially + for systems that use home directory encryption and for + `systemd-suspend-then-hibernate.service`. + Tools using the Varlink protocol (such as `varlinkctl`) or sd-bus (such as `busctl`): @@ -640,4 +690,41 @@ Tools using the Varlink protocol (such as `varlinkctl`) or sd-bus (such as * `$SYSTEMD_VARLINK_LISTEN` – interpreted by some tools that provide a Varlink service. Takes a file system path: if specified the tool will listen on an `AF_UNIX` stream socket on the specified path in addition to whatever else it - would listen on. + would listen on. If set to "-" the tool will turn stdin/stdout into a Varlink + connection. + +`systemd-mountfsd`: + +* `$SYSTEMD_MOUNTFSD_TRUSTED_DIRECTORIES` – takes a boolean argument. If true + disk images from the usual disk image directories (`/var/lib/machines/`, + `/var/lib/confexts/`, …) will be considered "trusted", i.e. are validated + with a more relaxed image policy (typically not requiring Verity signature + checking) than those from other directories (where Verity signature checks + are mandatory). If false all images are treated the same, regardless if + placed in the usual disk image directories or elsewhere. If not set defaults + to a compile time setting. + +* `$SYSTEMD_MOUNTFSD_IMAGE_POLICY_TRUSTED`, + `$SYSTEMD_MOUNTFSD_IMAGE_POLICY_UNTRUSTED` – the default image policy to + apply to trusted and untrusted disk images. An image is considered trusted if + placed in a trusted disk image directory (see above), or if suitable polkit + authentication was acquired. See `systemd.image-policy(7)` for the valid + syntax for image policy strings. + +`systemd-run`, `run0`, `systemd-nspawn`, `systemd-vmspawn`: + +* `$SYSTEMD_TINT_BACKGROUND` – Takes a boolean. When false the automatic + tinting of the background for containers, VMs, and interactive `systemd-run` + and `run0` invocations is turned off. Note that this environment variable has + no effect if the background color is explicitly selected via the relevant + `--background=` switch of the tool. + +* `$SYSTEMD_ADJUST_TERMINAL_TITLE` – Takes a boolean. When false the terminal + window title will not be updated for interactive invocation of the mentioned + tools. + +`systemd-hostnamed`, `systemd-importd`, `systemd-localed`, `systemd-machined`, +`systemd-portabled`, `systemd-timedated`: + +* `SYSTEMD_EXIT_ON_IDLE` – Takes a boolean. When false, the exit-on-idle logic + of these services is disabled, making it easier to debug them.