<listitem><para>The maximum line length to permit when converting stream logs into record logs. When a systemd
unit's standard output/error are connected to the journal via a stream socket, the data read is split into
- individual log records at newline (<literal>\n</literal>, ASCII 10) and NUL characters. If no such delimiter is
+ individual log records at newline (<literal>\n</literal>, ASCII 10) and <constant>NUL</constant> characters. If no such delimiter is
read for the specified number of bytes a hard log record boundary is artificially inserted, breaking up overly
long lines into multiple log records. Selecting overly large values increases the possible memory usage of the
Journal daemon for each stream client, as in the worst case the journal daemon needs to buffer the specified
<title>Session limits</title>
<para>PAM modules earlier in the stack, that is those that come before <command>pam_systemd.so</command>,
- can set session scope limits using the PAM context objects. The data for these objects is provided as NUL-terminated C strings
+ can set session scope limits using the PAM context objects. The data for these objects is provided as <constant>NUL</constant>-terminated C strings
and maps directly to the respective unit resource control directives. Note that these limits apply to individual sessions of the user,
they do not apply to all user processes as a combined whole. In particular, the per-user <command>user@.service</command> unit instance,
which runs the <command>systemd --user</command> manager process and its children, and is tracked outside of any session, being shared
<programlisting>#define SD_MESSAGE_COREDUMP SD_ID128_MAKE(fc,2e,22,bc,6e,e6,47,b6,b9,07,29,ab,34,a2,50,b1)</programlisting>
- <para><function>SD_ID128_NULL</function> may be used to refer to the 128bit ID consisting of only NUL
- bytes.</para>
+ <para><constant>SD_ID128_NULL</constant> may be used to refer to the 128bit ID consisting of only
+ <constant>NUL</constant> bytes.</para>
<para><function>SD_ID128_MAKE_STR()</function> is similar to <function>SD_ID128_MAKE()</function>, but creates a
<type>const char*</type> expression that can be conveniently used in message formats and such:</para>
puts("Match for coredumps: %s", SD_ID128_CONST_STR(SD_MESSAGE_COREDUMP));
}</programlisting>
- <para><function>SD_ID128_FORMAT_STR()</function> and
- <function>SD_ID128_FORMAT_VAL()</function> may be used to format a
- 128-bit ID in a
+ <para><constant>SD_ID128_FORMAT_STR</constant> and <function>SD_ID128_FORMAT_VAL()</function> may
+ be used to format a 128-bit ID in a
<citerefentry project='man-pages'><refentrytitle>printf</refentrytitle><manvolnum>3</manvolnum></citerefentry>
format string, as shown in the following example:</para>
return 0;
}</programlisting>
- <para><function>SD_ID128_UUID_FORMAT_STR()</function> is similar to
- <function>SD_ID128_FORMAT_STR()</function> but includes separating hyphens to conform to the
+ <para><constant>SD_ID128_UUID_FORMAT_STR</constant> is similar to
+ <constant>SD_ID128_FORMAT_STR</constant> but includes separating hyphens to conform to the
"<ulink url="https://en.wikipedia.org/wiki/Universally_unique_identifier#Format">canonical representation</ulink>".
</para>
return 0;
}</programlisting>
- <para>Use <function>sd_id128_is_null()</function> to check if an 128bit ID consists of only NUL bytes:</para>
+ <para>Use <function>sd_id128_is_null()</function> to check if an 128bit ID consists of only
+ <constant>NUL</constant> bytes:</para>
<programlisting>int main(int argc, char *argv[]) {
assert(sd_id128_is_null(SD_ID128_NULL));
<varlistentry>
<term><constant>-EPROTOTYPE</constant></term>
- <listitem><para><function>sd_bus_add_object_vtable</function> and
- <function>sd_bus_add_fallback_vtable</function> have been both called for the same bus
+ <listitem><para><function>sd_bus_add_object_vtable()</function> and
+ <function>sd_bus_add_fallback_vtable()</function> have been both called for the same bus
object path, which is not allowed.</para></listitem>
</varlistentry>
<refsect2 id='errors'>
<title>Errors</title>
+ <para>When <function>sd_bus_call()</function> internally receives a D-Bus error reply, it will set
+ <parameter>ret_error</parameter> if it is not <constant>NULL</constant>, and will return a negative
+ value mapped from the error reply, see
+ <citerefentry><refentrytitle>sd_bus_error_get_errno</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+ </para>
+
<para>Returned errors may indicate the following problems:</para>
<variablelist>
<citerefentry><refentrytitle>sd_bus_call_method</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_bus_call_method_async</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_bus_message_new_method_call</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>sd_bus_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>
</para>
</refsect1>
<refsect1>
<title>Description</title>
- <para><function>sd_bus_can_send</function> is mostly used for checking if file descriptor
+ <para><function>sd_bus_can_send()</function> is mostly used for checking if file descriptor
passing is available on the given bus. <parameter>type</parameter> can be any of the
<constant>SD_BUS_TYPE</constant> constants.</para>
</refsect1>
is provided that combines them into one.</para>
<para><function>sd_bus_default_flush_close()</function> is similar to
- <function>sd_bus_flush_close_unref</function>, but does not take a bus pointer argument and
+ <function>sd_bus_flush_close_unref()</function>, but does not take a bus pointer argument and
instead iterates over any of the "default" buses opened by
<citerefentry><refentrytitle>sd_bus_default</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_bus_default_user</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<para>All functions that take a <parameter>const
char**</parameter> parameter will store the answer there as an
- address of a NUL-terminated string. It will be valid as long as
+ address of a <constant>NUL</constant>-terminated string. It will be valid as long as
<parameter>c</parameter> remains valid, and should not be freed or
modified by the caller.</para>
<para>All functions that take a <parameter>char***</parameter>
parameter will store the answer there as an address of an array
- of strings. Each individual string is NUL-terminated, and the
- array is NULL-terminated as a whole. It will be valid as long as
+ of strings. Each individual string is <constant>NUL</constant>-terminated, and the
+ array is <constant>NULL</constant>-terminated as a whole. It will be valid as long as
<parameter>c</parameter> remains valid, and should not be freed or
modified by the caller.</para>
</refsect1>
but additional domain-specific errors may be defined by
applications. The <structfield>message</structfield> field usually
contains a human-readable string describing the details, but might
- be NULL. An unset <structname>sd_bus_error</structname> structure
- should have both fields initialized to NULL. Set an error
+ be <constant>NULL</constant>. An unset <structname>sd_bus_error</structname> structure
+ should have both fields initialized to <constant>NULL</constant>. Set an error
structure to <constant>SD_BUS_ERROR_NULL</constant> in order to
- reset both fields to NULL. When no longer necessary, resources
+ reset both fields to <constant>NULL</constant>. When no longer necessary, resources
held by the <structname>sd_bus_error</structname> structure should
be destroyed with <function>sd_bus_error_free()</function>.</para>
for a list of well-known error names. Additional error mappings
may be defined with
<citerefentry><refentrytitle>sd_bus_error_add_map</refentrytitle><manvolnum>3</manvolnum></citerefentry>. If
- <parameter>e</parameter> is NULL, no error structure is initialized,
+ <parameter>e</parameter> is <constant>NULL</constant>, no error structure is initialized,
but the error is still converted into an
<varname>errno</varname>-style error. If
<parameter>name</parameter> is <constant>NULL</constant>, it is
assumed that no error occurred, and 0 is returned. This means that
this function may be conveniently used in a
<function>return</function> statement. If
- <parameter>message</parameter> is NULL, no message is set. This
+ <parameter>message</parameter> is <constant>NULL</constant>, no message is set. This
call can fail if no memory may be allocated for the name and
message strings, in which case an
<constant>SD_BUS_ERROR_NO_MEMORY</constant> error might be set
will not be deallocated, and must be <citerefentry
project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>d
by the caller if necessary. The function may also be called safely
- on unset errors (error structures with both fields set to NULL),
+ on unset errors (error structures with both fields set to <constant>NULL</constant>),
in which case it performs no operation. This call will reset the
error structure after freeing the data, so that all fields are set
- to NULL. The structure may be reused afterwards.</para>
+ to <constant>NULL</constant>. The structure may be reused afterwards.</para>
</refsect1>
<refsect1>
<title>Return Value</title>
<para>Those functions return 1 if the argument is a valid interface / service / member name or object
- path, and 0 if it is not. If the argument is NULL, an error is returned.</para>
+ path, and 0 if it is not. If the argument is <constant>NULL</constant>, an error is returned.</para>
<refsect2>
<title>Errors</title>
<title>Description</title>
<para>The functions
- <function>sd_bus_message_append_string_memfd</function> and
- <function>sd_bus_message_append_string_iovec</function> can be
+ <function>sd_bus_message_append_string_memfd()</function> and
+ <function>sd_bus_message_append_string_iovec()</function> can be
used to append a single string (item of type <literal>s</literal>)
to message <parameter>m</parameter>.</para>
<para>In case of
- <function>sd_bus_message_append_string_memfd</function>, the
+ <function>sd_bus_message_append_string_memfd()</function>, the
contents of <parameter>memfd</parameter> are the string. They must
satisfy the same constraints as described for the
<literal>s</literal> type in
<citerefentry><refentrytitle>sd_bus_message_append_basic</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
<para>In case of
- <function>sd_bus_message_append_string_iovec</function>, the
+ <function>sd_bus_message_append_string_iovec()</function>, the
payload of <parameter>iov</parameter> is the string. It must
satisfy the same constraints as described for the
<literal>s</literal> type in
after this call.</para>
<para>The
- <function>sd_bus_message_append_string_space</function> function appends
+ <function>sd_bus_message_append_string_space()</function> function appends
space for a string to message <parameter>m</parameter>. It behaves
- similar to <function>sd_bus_message_append_basic</function> with
+ similar to <function>sd_bus_message_append_basic()</function> with
type <literal>s</literal>, but instead of copying a string into
the message, it returns a pointer to the destination area to
the caller in pointer <parameter>p</parameter>. Space for the string
<refsect1>
<title>Description</title>
- <para>The <function>sd_bus_message_append</function> function can be
+ <para>The <function>sd_bus_message_append()</function> function can be
used to append an array of strings to message
<parameter>m</parameter>. The parameter <parameter>l</parameter>
shall point to a <constant>NULL</constant>-terminated array of pointers
<para>Message <parameter>call</parameter> is not a method call
message.</para>
- <para>The error <parameter>error</parameter> parameter to
- <function>sd_bus_message_new_method_error</function> is not set, see
+ <para>The error <parameter>e</parameter> parameter to
+ <function>sd_bus_message_new_method_error()</function> is not set, see
<citerefentry><refentrytitle>sd_bus_error_is_set</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
</listitem>
will be stored there. Each <literal>%</literal> character will
only match the current label. It will never match across labels.
Furthermore, only a single directive is allowed per label.
- If <literal>NULL</literal> is passed as output storage, the
+ If <constant>NULL</constant> is passed as output storage, the
label is verified but not returned to the caller.</para>
</refsect1>
argument. On success, <function>sd_bus_path_decode()</function>
returns a positive value if the prefixed matched, or 0 if it
did not. If the prefix matched, the external identifier is returned
- in the return parameter. If it did not match, NULL is returned in
+ in the return parameter. If it did not match, <constant>NULL</constant> is returned in
the return parameter. On failure, a negative errno-style error
number is returned by either function. The returned strings must
be
<parameter>ret</parameter> is not <constant>NULL</constant> and the call processed a message,
<parameter>*ret</parameter> is set to this message. The caller owns a reference to this message and should call
<citerefentry><refentrytitle>sd_bus_message_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry> when the
- message is no longer needed. If <parameter>ret</parameter> is not NULL, progress was made, but no message was
+ message is no longer needed. If <parameter>ret</parameter> is not <constant>NULL</constant>, progress was made, but no message was
processed, <parameter>*ret</parameter> is set to <constant>NULL</constant>.</para>
<para>If a the bus object is connected to an
<para>Message <parameter>call</parameter> is not attached to a bus.</para>
- <para>The error parameter <parameter>error</parameter> to
- <function>sd_bus_reply_method_error</function> is not set, see
+ <para>The error parameter <parameter>e</parameter> to
+ <function>sd_bus_reply_method_error()</function> is not set, see
<citerefentry><refentrytitle>sd_bus_error_is_set</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
</listitem>
<citerefentry><refentrytitle>sd_bus_open</refentrytitle><manvolnum>3</manvolnum></citerefentry> and
similar calls, based on environment variables or built-in defaults.</para>
- <para><function>sd_bus_set_exec</function> is a shorthand function for setting a
+ <para><function>sd_bus_set_exec()</function> is a shorthand function for setting a
<literal>unixexec</literal> address that spawns the given executable with the given arguments.
If <parameter>argv</parameter> is <constant>NULL</constant>, the given executable is spawned
without any extra arguments.</para>
<para>See the
<citerefentry><refentrytitle>sd_bus_call_method</refentrytitle><manvolnum>3</manvolnum></citerefentry>
- man page for a list of possible errors</para>
+ man page for a list of possible errors.</para>
</refsect2>
</refsect1>
<function>sd_bus_track_add_sender()</function>. They may be dropped again via
<function>sd_bus_track_remove_name()</function> and
<function>sd_bus_track_remove_sender()</function>. Alternatively, references on peers are removed automatically
- when they disconnect from the bus. If non-NULL the <parameter>handler</parameter> may specify a function that is
- invoked whenever the last reference is dropped, regardless whether the reference is dropped explicitly via
- <function>sd_bus_track_remove_name()</function> or implicitly because the peer disconnected from the bus. The final
- argument <parameter>userdata</parameter> may be used to attach a generic user data pointer to the object. This
- pointer is passed to the handler callback when it is invoked.</para>
+ when they disconnect from the bus. If non-<constant>NULL</constant> the <parameter>handler</parameter> may specify
+ a function that is invoked whenever the last reference is dropped, regardless whether the reference is dropped
+ explicitly via <function>sd_bus_track_remove_name()</function> or implicitly because the peer disconnected from the
+ bus. The final argument <parameter>userdata</parameter> may be used to attach a generic user data pointer to the
+ object. This pointer is passed to the handler callback when it is invoked.</para>
<para><function>sd_bus_track_ref()</function> creates a new reference to a bus peer tracking object. This object
will not be destroyed until <function>sd_bus_track_unref()</function> has been called as many times plus once
<para>On success, <function>sd_event_source_get_event()</function>
returns the associated event loop object. On failure, it returns
- NULL.</para>
+ <constant>NULL</constant>.</para>
</refsect1>
<xi:include href="libsystemd-pkgconfig.xml" />
when the event source was created. The event source will be disabled
if the callback function returns a negative error code. The callback
function may be used to reconfigure the precise events to wait for.
- If the <parameter>callback</parameter> parameter is passed as NULL
+ If the <parameter>callback</parameter> parameter is passed as <constant>NULL</constant>
the callback function is reset. </para>
<para>Event source objects have no preparation callback associated
<function>sd_event_source_set_userdata()</function> and
<function>sd_event_source_get_userdata()</function> return the
previously set user data pointer. On failure, they return
- NULL.</para>
+ <constant>NULL</constant>.</para>
</refsect1>
<xi:include href="libsystemd-pkgconfig.xml" />
<para><function>sd_get_seats()</function> may be used to determine
all currently available local seats. Returns the number of seat
- identifiers and if the input pointer is non-NULL, a
+ identifiers and if the input pointer is non-<constant>NULL</constant>, a
<constant>NULL</constant>-terminated array of seat identifiers
is stored at the address.
The returned array and all strings it references need to be freed
<citerefentry><refentrytitle>hwdb</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
details.</para>
- <para>The <function>SD_HWDB_FOREACH_PROPERTY</function> macro combines
+ <para>The <function>SD_HWDB_FOREACH_PROPERTY()</function> macro combines
<function>sd_hwdb_seek()</function> and <function>sd_hwdb_enumerate()</function>. No error handling is
performed and iteration simply stops on error. See the example below.</para>
</refsect1>
<para><function>sd_id128_from_string()</function> implements the reverse operation: it takes a 33 character string
with 32 hexadecimal digits (either lowercase or uppercase, terminated by <constant>NUL</constant>) and parses them
back into a 128-bit ID returned in <parameter>ret</parameter>. Alternatively, this call can also parse a
- 37-character string with a 128-bit ID formatted as RFC UUID. If <parameter>ret</parameter> is passed as NULL the
- function will validate the passed ID string, but not actually return it in parsed form.</para>
+ 37-character string with a 128-bit ID formatted as RFC UUID. If <parameter>ret</parameter> is passed as
+ <constant>NULL</constant> the function will validate the passed ID string, but not actually return it in parsed
+ form.</para>
<para>For more information about the <literal>sd_id128_t</literal>
type see
easier to use a format string for
<citerefentry project='man-pages'><refentrytitle>printf</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
This is easily done using the
- <function>SD_ID128_FORMAT_STR</function> and
- <function>SD_ID128_FORMAT_VAL()</function> macros. For more
- information see
+ <constant>SD_ID128_FORMAT_STR</constant> and <function>SD_ID128_FORMAT_VAL()</function> macros. For
+ more information see
<citerefentry><refentrytitle>sd-id128</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
</refsect1>
<para><function>sd_id128_to_string()</function> always succeeds
and returns a pointer to the string array passed in.
- <function>sd_id128_from_string</function> returns 0 on success, in
+ <function>sd_id128_from_string()</function> returns 0 on success, in
which case <parameter>ret</parameter> is filled in, or a negative
errno-style error code.</para>
</refsect1>
<refsect1>
<title>Examples</title>
- <para>Use the <function>SD_JOURNAL_FOREACH_FIELD</function> macro to iterate through all field names in use in the
+ <para>Use the <function>SD_JOURNAL_FOREACH_FIELD()</function> macro to iterate through all field names in use in the
current journal.</para>
<programlisting>#include <stdio.h>
<function>sd_journal_get_data()</function>.</para>
<para>Use the
- <function>SD_JOURNAL_FOREACH_DATA</function> macro to
+ <function>SD_JOURNAL_FOREACH_DATA()</function> macro to
iterate through all fields of the current journal
entry:</para>
<title>Return value</title>
<para>Both <function>sd_journal_has_runtime_files()</function>
and <function>sd_journal_has_persistent_files()</function> return -EINVAL
- if their argument is NULL.
+ if their argument is <constant>NULL</constant>.
</para>
</refsect1>
<constant>SD_JOURNAL_SUPPRESS_LOCATION</constant> before including <filename>sd-journal.h</filename>.
</para>
- <para><function>sd_journal_print_with_location</function>,
- <function>sd_journal_printv_with_location</function>, <function>sd_journal_send_with_location</function>,
- <function>sd_journal_sendv_with_location</function>, and
- <function>sd_journal_perror_with_location</function> are similar to their counterparts without
+ <para><function>sd_journal_print_with_location()</function>,
+ <function>sd_journal_printv_with_location()</function>, <function>sd_journal_send_with_location()</function>,
+ <function>sd_journal_sendv_with_location()</function>, and
+ <function>sd_journal_perror_with_location()</function> are similar to their counterparts without
<literal>_with_location</literal>, but accept additional parameters to explicitly set the source file
name, function, and line. Those arguments must contain valid journal entries including the variable name,
e.g. <literal>CODE_FILE=src/foo.c</literal>, <literal>CODE_LINE=666</literal>,
<citerefentry project='man-pages'><refentrytitle>signal-safety</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para>
- <para><function>sd_journal_print</function>,
- <function>sd_journal_printv</function>,
- <function>sd_journal_send</function>,
- <function>sd_journal_perror</function>,
+ <para><function>sd_journal_print()</function>,
+ <function>sd_journal_printv()</function>,
+ <function>sd_journal_send()</function>,
+ <function>sd_journal_perror()</function>,
and their counterparts with <literal>_with_location</literal>
are not async signal safe.</para>
</refsect1>
<refsect1>
<title>Examples</title>
- <para>Use the <function>SD_JOURNAL_FOREACH_UNIQUE</function> macro to iterate through all values a field
+ <para>Use the <function>SD_JOURNAL_FOREACH_UNIQUE()</function> macro to iterate through all values a field
of the journal can take (and which can be accessed on the given architecture and are not compressed with
an unsupported mechanism). The following example lists all unit names referenced in the journal:</para>
<function>sd_listen_fds()</function>, but optionally also returns
an array of strings with identification names for the passed file
descriptors, if that is available and the
- <parameter>names</parameter> parameter is non-NULL. This
+ <parameter>names</parameter> parameter is non-<constant>NULL</constant>. This
information is read from the <varname>$LISTEN_FDNAMES</varname>
variable, which may contain a colon-separated list of names. For
socket-activated services, these names may be configured with the
<function>sd_is_socket()</function> and related calls is not
sufficient. Note that the names used are not unique in any
way. The returned array of strings has as many entries as file
- descriptors have been received, plus a final NULL pointer
+ descriptors have been received, plus a final <constant>NULL</constant> pointer
terminating the array. The caller needs to free the array itself
and each of its elements with libc's <function>free()</function>
call after use. If the <parameter>names</parameter> parameter is
- NULL, the call is entirely equivalent to
+ <constant>NULL</constant>, the call is entirely equivalent to
<function>sd_listen_fds()</function>.</para>
<para>Under specific conditions, the following automatic file
<para> On success, <function>sd_seat_get_active()</function> returns 0 or a positive integer. On success,
<function>sd_seat_get_sessions()</function> returns the number of entries in the session identifier
array. If the test succeeds,
- <function>sd_seat_can_tty</function> and <function>sd_seat_can_graphical</function> return a positive
+ <function>sd_seat_can_tty()</function> and <function>sd_seat_can_graphical()</function> return a positive
integer, if it fails 0. On failure, these calls return a negative errno-style error code.</para>
<refsect2>
<varlistentry>
<term><constant>-EINVAL</constant></term>
- <listitem><para>An input parameter was invalid (out of range, or NULL, where that is not
- accepted). This is also returned if the passed user ID is <constant>0xFFFF</constant> or
- <constant>0xFFFFFFFF</constant>, which are undefined on Linux.</para></listitem>
+ <listitem><para>An input parameter was invalid (out of range, or <constant>NULL</constant>,
+ where that is not accepted). This is also returned if the passed user ID is
+ <constant>0xFFFF</constant> or <constant>0xFFFFFFFF</constant>, which are undefined on Linux.
+ </para></listitem>
</varlistentry>
<varlistentry>
<function>sd_watchdog_enabled()</function> will also return with
zero.</para>
- <para>If the <parameter>usec</parameter> parameter is non-NULL,
+ <para>If the <parameter>usec</parameter> parameter is non-<constant>NULL</constant>,
<function>sd_watchdog_enabled()</function> will write the timeout
in µs for the watchdog logic to it.</para>
cached key will have a timeout of 2.5min set, after which it
will be purged from the kernel keyring. Note that it is
possible to cache multiple passwords under the same keyname,
- in which case they will be stored as NUL-separated list of
+ in which case they will be stored as <constant>NUL</constant>-separated list of
passwords. Use
<citerefentry project='die-net'><refentrytitle>keyctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
to access the cached key via the kernel keyring
but without the <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting
<varname>User=nobody</varname>), <varname>NoNewPrivileges=yes</varname> is implied. This feature
makes use of the Secure Computing Mode 2 interfaces of the kernel ('seccomp filtering') and is useful
- for enforcing a minimal sandboxing environment. Note that the <function>execve</function>,
- <function>exit</function>, <function>exit_group</function>, <function>getrlimit</function>,
- <function>rt_sigreturn</function>, <function>sigreturn</function> system calls and the system calls
+ for enforcing a minimal sandboxing environment. Note that the <function>execve()</function>,
+ <function>exit()</function>, <function>exit_group()</function>, <function>getrlimit()</function>,
+ <function>rt_sigreturn()</function>, <function>sigreturn()</function> system calls and the system calls
for querying time and sleeping are implicitly allow-listed and do not need to be listed
explicitly. This option may be specified more than once, in which case the filter masks are
merged. If the empty string is assigned, the filter is reset, all prior assignments will have no
<varname>SystemCallArchitectures=native</varname> or similar.</para>
<para>Note that strict system call filters may impact execution and error handling code paths of the service
- invocation. Specifically, access to the <function>execve</function> system call is required for the execution
+ invocation. Specifically, access to the <function>execve()</function> system call is required for the execution
of the service binary — if it is blocked service invocation will necessarily fail. Also, if execution of the
service binary fails for some reason (for example: missing service executable), the error handling logic might
require access to an additional set of system calls in order to process and log this failure correctly. It
encountered will take precedence and will dictate the default action (termination or approval of a
system call). Then the next occurrences of this option will add or delete the listed system calls
from the set of the filtered system calls, depending of its type and the default action. (For
- example, if you have started with an allow list rule for <function>read</function> and
- <function>write</function>, and right after it add a deny list rule for <function>write</function>,
- then <function>write</function> will be removed from the set.)</para>
+ example, if you have started with an allow list rule for <function>read()</function> and
+ <function>write()</function>, and right after it add a deny list rule for <function>write()</function>,
+ then <function>write()</function> will be removed from the set.)</para>
<para>As the number of possible system calls is large, predefined sets of system calls are provided. A set
starts with <literal>@</literal> character, followed by name of the set.
user IDs, public key material and similar non-sensitive data. For everything else use
<varname>LoadCredential=</varname>. In order to embed binary data into the credential data use
C-style escaping (i.e. <literal>\n</literal> to embed a newline, or <literal>\x00</literal> to embed
- a NUL byte).</para>
+ a <constant>NUL</constant> byte).</para>
<para>If a credential of the same ID is listed in both <varname>LoadCredential=</varname> and
<varname>SetCredential=</varname>, the latter will act as default if the former cannot be
<para>Only applies to <literal>_TRANSPORT=stdout</literal> records: indicates that the log message
in the standard output/error stream was not terminated with a normal newline character
(<literal>\n</literal>, i.e. ASCII 10). Specifically, when set this field is one of
- <option>nul</option> (in case the line was terminated by a NUL byte), <option>line-max</option> (in
+ <option>nul</option> (in case the line was terminated by a <constant>NUL</constant> byte), <option>line-max</option> (in
case the maximum log line length was reached, as configured with <varname>LineMax=</varname> in
<citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>),
<option>eof</option> (if this was the last log record of a stream and the stream ended without a
<varlistentry>
<term><varname>AdActorSystem=</varname></term>
<listitem>
- <para>Specifies the 802.3ad system mac address. This can not be either NULL or Multicast.</para>
+ <para>Specifies the 802.3ad system mac address. This can not be either
+ <constant>NULL</constant> or <constant>Multicast</constant>.</para>
</listitem>
</varlistentry>
<para>An [IPv6AddressLabel] section accepts the following keys. Specify several [IPv6AddressLabel]
sections to configure several address labels. IPv6 address labels are used for address selection. See
<ulink url="https://tools.ietf.org/html/rfc3484">RFC 3484</ulink>. Precedence is managed by userspace,
- and only the label itself is stored in the kernel</para>
+ and only the label itself is stored in the kernel.</para>
<variablelist class='network-directives'>
<varlistentry>
<ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
then all options specified earlier are cleared. Takes a whitespace-separated list of strings. Note that
- currently NUL bytes are not allowed.</para>
+ currently <constant>NUL</constant> bytes are not allowed.</para>
</listitem>
</varlistentry>
<title>String Escaping for Inclusion in Unit Names</title>
<para>Sometimes it is useful to convert arbitrary strings into unit names. To facilitate this, a method of string
- escaping is used, in order to map strings containing arbitrary byte values (except NUL) into valid unit names and
- their restricted character set. A common special case are unit names that reflect paths to objects in the file
- system hierarchy. Example: a device unit <filename>dev-sda.device</filename> refers to a device with the device
- node <filename index="false">/dev/sda</filename> in the file system.</para>
+ escaping is used, in order to map strings containing arbitrary byte values (except <constant>NUL</constant>) into
+ valid unit names and their restricted character set. A common special case are unit names that reflect paths to
+ objects in the file system hierarchy. Example: a device unit <filename>dev-sda.device</filename> refers to a device
+ with the device node <filename index="false">/dev/sda</filename> in the file system.</para>
<para>The escaping algorithm operates as follows: given a string, any <literal>/</literal> character is replaced by
<literal>-</literal>, and all other characters which are not ASCII alphanumerics or <literal>_</literal> are
passed to <function>udev_device_has_tag()</function>, but the opposite might not be true, in case a tag is
no longer configured by the rules applied to the most recent device even.</para>
- <para><function>udev_device_get_tags_list_entry()</function> returns a a
- <function>udev_list_entry</function> object, encapsulating a list of tags set for the specified
+ <para><function>udev_device_get_tags_list_entry()</function> returns a
+ <structname>udev_list_entry</structname> object, encapsulating a list of tags set for the specified
device. Similar, <function>udev_device_get_current_tags_list_entry()</function> returns a list of tags
set for the specified device as effect of the most recent device event seen (see above for details on the
difference).</para>
<refsect1>
<title>Description</title>
- <para><function>udev_device_new_from_syspath</function>,
- <function>udev_device_new_from_devnum</function>,
- <function>udev_device_new_from_subsystem_sysname</function>,
- <function>udev_device_new_from_device_id</function>, and
- <function>udev_device_new_from_environment</function>
+ <para><function>udev_device_new_from_syspath()</function>,
+ <function>udev_device_new_from_devnum()</function>,
+ <function>udev_device_new_from_subsystem_sysname()</function>,
+ <function>udev_device_new_from_device_id()</function>, and
+ <function>udev_device_new_from_environment()</function>
allocate a new udev device object and returns a pointer to it. This
object is opaque and must not be accessed by the caller via different
means than functions provided by libudev. Initially, the reference count
<function>udev_device_unref()</function>. Once the reference count hits 0,
the device object is destroyed and freed.</para>
- <para><function>udev_device_new_from_syspath</function>,
- <function>udev_device_new_from_devnum</function>,
- <function>udev_device_new_from_subsystem_sysname</function>, and
- <function>udev_device_new_from_device_id</function>
+ <para><function>udev_device_new_from_syspath()</function>,
+ <function>udev_device_new_from_devnum()</function>,
+ <function>udev_device_new_from_subsystem_sysname()</function>, and
+ <function>udev_device_new_from_device_id()</function>
create the device object based on information found in
<filename>/sys/</filename>, annotated with properties from the udev-internal
device database. A syspath is any subdirectory of <filename>/sys/</filename>,
with the restriction that a subdirectory of <filename>/sys/devices</filename>
(or a symlink to one) represents a real device and as such must contain
- a <filename>uevent</filename> file. <function>udev_device_new_from_devnum</function>
+ a <filename>uevent</filename> file. <function>udev_device_new_from_devnum()</function>
takes a device type, which can be <constant>b</constant> for block devices or
<constant>c</constant> for character devices, as well as a devnum (see
<citerefentry project='man-pages'><refentrytitle>makedev</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
- <function>udev_device_new_from_subsystem_sysname</function> looks up devices based
+ <function>udev_device_new_from_subsystem_sysname()</function> looks up devices based
on the provided subsystem and sysname
(see <citerefentry><refentrytitle>udev_device_get_subsystem</refentrytitle><manvolnum>3</manvolnum></citerefentry>
and
<citerefentry><refentrytitle>udev_device_get_sysname</refentrytitle><manvolnum>3</manvolnum></citerefentry>)
- and <function>udev_device_new_from_device_id</function> looks up devices based on the provided
+ and <function>udev_device_new_from_device_id()</function> looks up devices based on the provided
device ID, which is a special string in one of the following four forms:
<table>
<title>Device ID strings</title>
</table>
</para>
- <para><function>udev_device_new_from_environment</function>
+ <para><function>udev_device_new_from_environment()</function>
creates a device from the current environment (see
<citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
Each key-value pair is interpreted in the same way as if it was
<title>Return Value</title>
<para>On success,
- <function>udev_enumerate_add_match_subsystem</function>,
- <function>udev_enumerate_add_nomatch_subsystem</function>,
- <function>udev_enumerate_add_match_sysattr</function>,
- <function>udev_enumerate_add_nomatch_sysattr</function>,
- <function>udev_enumerate_add_match_property</function>,
- <function>udev_enumerate_add_match_sysname</function>,
- <function>udev_enumerate_add_match_tag</function>,
- <function>udev_enumerate_add_match_parent</function> and
- <function>udev_enumerate_add_match_is_initialized</function>
+ <function>udev_enumerate_add_match_subsystem()</function>,
+ <function>udev_enumerate_add_nomatch_subsystem()</function>,
+ <function>udev_enumerate_add_match_sysattr()</function>,
+ <function>udev_enumerate_add_nomatch_sysattr()</function>,
+ <function>udev_enumerate_add_match_property()</function>,
+ <function>udev_enumerate_add_match_sysname()</function>,
+ <function>udev_enumerate_add_match_tag()</function>,
+ <function>udev_enumerate_add_match_parent()</function> and
+ <function>udev_enumerate_add_match_is_initialized()</function>
return an integer greater than, or equal to,
<constant>0</constant>.</para>
</refsect1>
projects / thirdparty / systemd.git / commitdiff
