systemd System and Service Manager
-CHANGES WITH 255 in spe:
+CHANGES WITH 256 in spe:
Announcements of Future Feature Removals and Incompatible Changes:
Features:
+* introduce mntid_t, and make it 64bit, as apparently the kernel switched to
+ 64bit mount ids
+
* Add an alias to systemd-run maybe called "uid0" or so, which tries to mimic
the sudo/su command lines to some level, but is backed by transient services,
and proper security isolate/tty forwarding. This would then allow us to run
file system paths to enable on start.
• make systemd-fstab-generator look for a system credential encoding root= or
usr=
- • systemd-homed: when initializing, look for a credential
- systemd.homed.register or so with JSON user records to automatically
- register if not registered yet. Use case: deploy a system, and add an
- account one can directly log into.
• in gpt-auto-generator: check partition uuids against such uuids supplied via
sd-stub credentials. That way, we can support parallel OS installations with
pre-built kernels.
- support new FS_IOC_ADD_ENCRYPTION_KEY ioctl for setting up fscrypt
- maybe pre-create ~/.cache as subvol so that it can have separate quota
easily?
- - add a switch to homectl (maybe called --first-boot) where it will check if
- any non-system users exist, and if not prompts interactively for basic user
- info, mimicking systemd-firstboot. Then, place this in a service that runs
- after systemd-homed, but before gdm and friends, as a simple, barebones
- fallback logic to get a regular user created on uninitialized systems.
- store PKCS#11 + FIDO2 token info in LUKS2 header, compatible with
systemd-cryptsetup, so that it can unlock homed volumes
- maybe make all *.home files owned by `systemd-home` user or so, so that we
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/binfmt.d/*.conf</filename></para>
- <para><filename>/run/binfmt.d/*.conf</filename></para>
- <para><filename>/usr/lib/binfmt.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/binfmt.d/*.conf</filename></member>
+ <member><filename>/run/binfmt.d/*.conf</filename></member>
+ <member><filename>/usr/lib/binfmt.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/systemd/coredump.conf</filename></para>
- <para><filename>/etc/systemd/coredump.conf.d/*.conf</filename></para>
- <para><filename>/run/systemd/coredump.conf.d/*.conf</filename></para>
- <para><filename>/usr/lib/systemd/coredump.conf.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/systemd/coredump.conf</filename></member>
+ <member><filename>/etc/systemd/coredump.conf.d/*.conf</filename></member>
+ <member><filename>/run/systemd/coredump.conf.d/*.conf</filename></member>
+ <member><filename>/usr/lib/systemd/coredump.conf.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/dnssec-trust-anchors.d/*.positive</filename></para>
- <para><filename>/run/dnssec-trust-anchors.d/*.positive</filename></para>
- <para><filename>/usr/lib/dnssec-trust-anchors.d/*.positive</filename></para>
- <para><filename>/etc/dnssec-trust-anchors.d/*.negative</filename></para>
- <para><filename>/run/dnssec-trust-anchors.d/*.negative</filename></para>
- <para><filename>/usr/lib/dnssec-trust-anchors.d/*.negative</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/dnssec-trust-anchors.d/*.positive</filename></member>
+ <member><filename>/run/dnssec-trust-anchors.d/*.positive</filename></member>
+ <member><filename>/usr/lib/dnssec-trust-anchors.d/*.positive</filename></member>
+ <member><filename>/etc/dnssec-trust-anchors.d/*.negative</filename></member>
+ <member><filename>/run/dnssec-trust-anchors.d/*.negative</filename></member>
+ <member><filename>/usr/lib/dnssec-trust-anchors.d/*.negative</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>~/.config/environment.d/*.conf</filename></para>
- <para><filename>/etc/environment.d/*.conf</filename></para>
- <para><filename>/run/environment.d/*.conf</filename></para>
- <para><filename>/usr/lib/environment.d/*.conf</filename></para>
- <para><filename>/etc/environment</filename></para>
+ <para><simplelist>
+ <member><filename>~/.config/environment.d/*.conf</filename></member>
+ <member><filename>/etc/environment.d/*.conf</filename></member>
+ <member><filename>/run/environment.d/*.conf</filename></member>
+ <member><filename>/usr/lib/environment.d/*.conf</filename></member>
+ <member><filename>/etc/environment</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
<refnamediv>
<refname>homectl</refname>
+ <refname>systemd-homed-firstboot.service</refname>
<refpurpose>Create, remove, change or inspect home directories</refpurpose>
</refnamediv>
<xi:include href="version-info.xml" xpointer="v250"/></listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><command>firstboot</command></term>
+
+ <listitem><para>This command is supposed to be invoked during the initial boot of the system. It
+ checks whether any regular home area exists so far, and if not queries the user interactively on the
+ console for user name and password and creates one. Alternatively, if one or more service credentials
+ whose name starts with <literal>home.create.</literal> are passed to the command (containing a user
+ record in JSON format) these users are automatically created at boot.</para>
+
+ <para>This command is invoked by the <filename>systemd-homed-firstboot.service</filename> service
+ unit.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Credentials</title>
+
+ <para>When invoked with the <command>firstboot</command> command, <command>homectl</command> supports the
+ service credentials logic as implemented by
+ <varname>ImportCredential=</varname>/<varname>LoadCredential=</varname>/<varname>SetCredential=</varname>
+ (see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
+ details). The following credentials are used when passed in:</para>
+
+ <variablelist class='system-credentials'>
+ <varlistentry>
+ <term><varname>home.create.*</varname></term>
+
+ <listitem><para>If one or more credentials whose names begin with <literal>home.create.</literal>,
+ followed by a valid UNIX username are passed, a new home area is created, one for each specified user
+ record.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Kernel Command Line</title>
+
+ <variablelist class='kernel-commandline-options'>
+ <varlistentry>
+ <term><varname>systemd.firstboot=</varname></term>
+
+ <listitem><para>This boolean will disable the effect of <command>homectl firstboot</command>
+ command. It's primarily interpreted by
+ <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+ </varlistentry>
</variablelist>
</refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/systemd/homed.conf</filename></para>
- <para><filename>/etc/systemd/homed.conf.d/*.conf</filename></para>
- <para><filename>/run/systemd/homed.conf.d/*.conf</filename></para>
- <para><filename>/usr/lib/systemd/homed.conf.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/systemd/homed.conf</filename></member>
+ <member><filename>/etc/systemd/homed.conf.d/*.conf</filename></member>
+ <member><filename>/run/systemd/homed.conf.d/*.conf</filename></member>
+ <member><filename>/usr/lib/systemd/homed.conf.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/systemd/journal-remote.conf</filename></para>
- <para><filename>/etc/systemd/journal-remote.conf.d/*.conf</filename></para>
- <para><filename>/run/systemd/journal-remote.conf.d/*.conf</filename></para>
- <para><filename>/usr/lib/systemd/journal-remote.conf.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/systemd/journal-remote.conf</filename></member>
+ <member><filename>/etc/systemd/journal-remote.conf.d/*.conf</filename></member>
+ <member><filename>/run/systemd/journal-remote.conf.d/*.conf</filename></member>
+ <member><filename>/usr/lib/systemd/journal-remote.conf.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/systemd/journald.conf</filename></para>
- <para><filename>/etc/systemd/journald.conf.d/*.conf</filename></para>
- <para><filename>/run/systemd/journald.conf.d/*.conf</filename></para>
- <para><filename>/usr/lib/systemd/journald.conf.d/*.conf</filename></para>
- <para><filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf</filename></para>
- <para><filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></para>
- <para><filename>/run/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></para>
- <para><filename>/usr/lib/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/systemd/journald.conf</filename></member>
+ <member><filename>/etc/systemd/journald.conf.d/*.conf</filename></member>
+ <member><filename>/run/systemd/journald.conf.d/*.conf</filename></member>
+ <member><filename>/usr/lib/systemd/journald.conf.d/*.conf</filename></member>
+ <member><filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf</filename></member>
+ <member><filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></member>
+ <member><filename>/run/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></member>
+ <member><filename>/usr/lib/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
<listitem><para>Takes a boolean argument, defaults to on. If off,
<citerefentry><refentrytitle>systemd-firstboot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ and
+ <citerefentry><refentrytitle>systemd-homed-firstboot.service</refentrytitle><manvolnum>1</manvolnum></citerefentry>
will not query the user for basic system settings, even if the system boots up for the first time and
the relevant settings are not initialized yet. Not to be confused with
<varname>systemd.condition-first-boot=</varname> (see below), which overrides the result of the
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/systemd/logind.conf</filename></para>
- <para><filename>/etc/systemd/logind.conf.d/*.conf</filename></para>
- <para><filename>/run/systemd/logind.conf.d/*.conf</filename></para>
- <para><filename>/usr/lib/systemd/logind.conf.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/systemd/logind.conf</filename></member>
+ <member><filename>/etc/systemd/logind.conf.d/*.conf</filename></member>
+ <member><filename>/run/systemd/logind.conf.d/*.conf</filename></member>
+ <member><filename>/usr/lib/systemd/logind.conf.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/modules-load.d/*.conf</filename></para>
- <para><filename>/run/modules-load.d/*.conf</filename></para>
- <para><filename>/usr/lib/modules-load.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/modules-load.d/*.conf</filename></member>
+ <member><filename>/run/modules-load.d/*.conf</filename></member>
+ <member><filename>/usr/lib/modules-load.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/systemd/networkd.conf</filename></para>
- <para><filename>/etc/systemd/networkd.conf.d/*.conf</filename></para>
- <para><filename>/usr/lib/systemd/networkd.conf.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/systemd/networkd.conf</filename></member>
+ <member><filename>/etc/systemd/networkd.conf.d/*.conf</filename></member>
+ <member><filename>/usr/lib/systemd/networkd.conf.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/systemd/oomd.conf</filename></para>
- <para><filename>/etc/systemd/oomd.conf.d/*.conf</filename></para>
- <para><filename>/usr/lib/systemd/oomd.conf.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/systemd/oomd.conf</filename></member>
+ <member><filename>/etc/systemd/oomd.conf.d/*.conf</filename></member>
+ <member><filename>/usr/lib/systemd/oomd.conf.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/os-release</filename></para>
- <para><filename>/usr/lib/os-release</filename></para>
- <para><filename>/etc/initrd-release</filename></para>
- <para><filename>/usr/lib/extension-release.d/extension-release.<replaceable>IMAGE</replaceable></filename></para>
+ <para><simplelist>
+ <member><filename>/etc/os-release</filename></member>
+ <member><filename>/usr/lib/os-release</filename></member>
+ <member><filename>/etc/initrd-release</filename></member>
+ <member><filename>/usr/lib/extension-release.d/extension-release.<replaceable>IMAGE</replaceable></filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><literallayout><filename>/etc/repart.d/*.conf</filename>
-<filename>/run/repart.d/*.conf</filename>
-<filename>/usr/lib/repart.d/*.conf</filename>
- </literallayout></para>
+ <para><simplelist>
+ <member><filename>/etc/repart.d/*.conf</filename></member>
+ <member><filename>/run/repart.d/*.conf</filename></member>
+ <member><filename>/usr/lib/repart.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/systemd/resolved.conf</filename></para>
- <para><filename>/etc/systemd/resolved.conf.d/*.conf</filename></para>
- <para><filename>/run/systemd/resolved.conf.d/*.conf</filename></para>
- <para><filename>/usr/lib/systemd/resolved.conf.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/systemd/resolved.conf</filename></member>
+ <member><filename>/etc/systemd/resolved.conf.d/*.conf</filename></member>
+ <member><filename>/run/systemd/resolved.conf.d/*.conf</filename></member>
+ <member><filename>/usr/lib/systemd/resolved.conf.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
'ENABLE_RESOLVE'],
['environment.d', '5', [], 'ENABLE_ENVIRONMENT_D'],
['file-hierarchy', '7', [], ''],
- ['homectl', '1', [], 'ENABLE_HOMED'],
+ ['homectl', '1', ['systemd-homed-firstboot.service'], 'ENABLE_HOMED'],
['homed.conf', '5', ['homed.conf.d'], 'ENABLE_HOMED'],
['hostname', '5', [], ''],
['hostnamectl', '1', [], 'ENABLE_HOSTNAMED'],
for more information about D-Bus IPC.</para>
<para>See
- <literallayout><citerefentry><refentrytitle>sd_bus_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_add_object</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_add_object_manager</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_add_object_vtable</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_add_fallback</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_add_fallback_vtable</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_add_filter</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_add_node_enumerator</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_attach_event</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_call</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_call_async</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_call_method</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_call_method_async</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_can_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_close</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_creds_new_from_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_default</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_emit_interfaces_added</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_emit_interfaces_added_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_emit_interfaces_removed</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_emit_interfaces_removed_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_emit_object_added</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_emit_object_removed</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_emit_properties_changed</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_emit_properties_changed_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_emit_signal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_emit_signalv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_emit_signal_to</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_emit_signal_tov</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd-bus-errors</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_error_add_map</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_address</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_allow_interactive_authorization</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_bus_id</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_creds_mask</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_current_handler</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_current_message</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_current_slot</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_current_userdata</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_exit_on_disconnect</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_fd</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_method_call_timeout</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_n_queued_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_name_machine_id</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_property</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_property_string</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_property_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_property_trivial</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_scope</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_tid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_get_unique_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_interface_name_is_valid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_is_bus_client</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_is_monitor</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_is_server</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_list_names</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_append_array</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_append_basic</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_append_string_memfd</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_append_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_at_end</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_close_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_copy</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_dump</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_enter_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_exit_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_get_allow_interactive_authorization</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_get_cookie</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_get_errno</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_get_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_get_monotonic_usec</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_get_sender</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_get_signature</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_get_type</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_new</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_new_method_call</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_new_method_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_new_signal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_new_signal_to</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_open_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_peek_type</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_read_array</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_read_basic</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_read_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_rewind</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_seal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_set_allow_interactive_authorization</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_set_destination</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_set_expect_reply</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_set_sender</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_skip</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_message_verify_type</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_negotiate_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_new</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_path_encode</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_process</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_query_sender_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_query_sender_privilege</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_reply_method_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_reply_method_return</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_request_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_send_to</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_address</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_allow_interactive_authorization</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_bus_client</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_close_on_exit</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_connected_signal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_description</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_exit_on_disconnect</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_method_call_timeout</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_monitor</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_property</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_propertyv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_sender</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_server</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_set_watch_bind</refentrytitle><manvolnum>3</manvolnum></citerefentry>
-<citerefentry><refentrytitle>sd_bus_slot_get_current_handler</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_slot_get_current_message</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_slot_get_current_userdata</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_slot_set_description</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_slot_set_destroy_callback</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_slot_set_floating</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_slot_set_userdata</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_start</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_track_add_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_bus_track_new</refentrytitle><manvolnum>3</manvolnum></citerefentry>
-</literallayout>
+ <simplelist>
+ <member><citerefentry><refentrytitle>sd_bus_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_add_object</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_add_object_manager</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_add_object_vtable</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_add_fallback</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_add_fallback_vtable</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_add_filter</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_add_node_enumerator</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_attach_event</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_call</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_call_async</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_call_method</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_call_method_async</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_can_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_close</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_creds_new_from_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_default</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_emit_interfaces_added</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_emit_interfaces_added_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_emit_interfaces_removed</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_emit_interfaces_removed_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_emit_object_added</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_emit_object_removed</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_emit_properties_changed</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_emit_properties_changed_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_emit_signal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_emit_signalv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_emit_signal_to</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_emit_signal_tov</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd-bus-errors</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_error_add_map</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_address</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_allow_interactive_authorization</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_bus_id</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_creds_mask</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_current_handler</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_current_message</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_current_slot</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_current_userdata</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_exit_on_disconnect</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_fd</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_method_call_timeout</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_n_queued_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_name_machine_id</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_property</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_property_string</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_property_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_property_trivial</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_scope</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_tid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_get_unique_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_interface_name_is_valid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_is_bus_client</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_is_monitor</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_is_server</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_list_names</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_append_array</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_append_basic</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_append_string_memfd</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_append_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_at_end</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_close_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_copy</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_dump</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_enter_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_exit_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_get_allow_interactive_authorization</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_get_cookie</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_get_errno</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_get_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_get_monotonic_usec</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_get_sender</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_get_signature</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_get_type</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_new</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_new_method_call</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_new_method_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_new_signal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_new_signal_to</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_open_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_peek_type</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_read_array</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_read_basic</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_read_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_rewind</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_seal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_set_allow_interactive_authorization</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_set_destination</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_set_expect_reply</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_set_sender</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_skip</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_message_verify_type</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_negotiate_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_new</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_path_encode</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_process</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_query_sender_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_query_sender_privilege</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_reply_method_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_reply_method_return</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_request_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_send_to</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_address</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_allow_interactive_authorization</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_bus_client</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_close_on_exit</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_connected_signal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_description</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_exit_on_disconnect</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_method_call_timeout</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_monitor</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_property</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_propertyv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_sender</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_server</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_set_watch_bind</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
+ <member><citerefentry><refentrytitle>sd_bus_slot_get_current_handler</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_slot_get_current_message</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_slot_get_current_userdata</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_slot_set_description</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_slot_set_destroy_callback</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_slot_set_floating</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_slot_set_userdata</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_start</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_track_add_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_bus_track_new</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
+ </simplelist>
for more information about the functions available.</para>
</refsect1>
<filename>libudev.h</filename>.</para>
<para>See
- <literallayout><citerefentry><refentrytitle>sd_device_get_syspath</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-<citerefentry><refentrytitle>sd_device_ref</refentrytitle><manvolnum>3</manvolnum></citerefentry>
-</literallayout>
+ <simplelist>
+ <member><citerefentry><refentrytitle>sd_device_get_syspath</refentrytitle><manvolnum>3</manvolnum></citerefentry>,</member>
+ <member><citerefentry><refentrytitle>sd_device_ref</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
+ </simplelist>
for more information about the functions available.</para>
</refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/sysctl.d/*.conf</filename></para>
- <para><filename>/run/sysctl.d/*.conf</filename></para>
- <para><filename>/usr/lib/sysctl.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/sysctl.d/*.conf</filename></member>
+ <member><filename>/run/sysctl.d/*.conf</filename></member>
+ <member><filename>/usr/lib/sysctl.d/*.conf</filename></member>
+ </simplelist></para>
<programlisting>key.name.under.proc.sys = some value
key/name/under/proc/sys = some value
</refnamediv>
<refsynopsisdiv>
- <para><filename>systemd-ask-password-console.service</filename></para>
- <para><filename>systemd-ask-password-console.path</filename></para>
- <para><filename>systemd-ask-password-wall.service</filename></para>
- <para><filename>systemd-ask-password-wall.path</filename></para>
+ <para><simplelist>
+ <member><filename>systemd-ask-password-console.service</filename></member>
+ <member><filename>systemd-ask-password-console.path</filename></member>
+ <member><filename>systemd-ask-password-wall.service</filename></member>
+ <member><filename>systemd-ask-password-wall.path</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>systemd-fsck@.service</filename></para>
- <para><filename>systemd-fsck-root.service</filename></para>
- <para><filename>systemd-fsck-usr.service</filename></para>
- <para><filename>/usr/lib/systemd/systemd-fsck</filename></para>
+ <para><simplelist>
+ <member><filename>systemd-fsck@.service</filename></member>
+ <member><filename>systemd-fsck-root.service</filename></member>
+ <member><filename>systemd-fsck-usr.service</filename></member>
+ <member><filename>/usr/lib/systemd/systemd-fsck</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>systemd-journald.service</filename></para>
- <para><filename>systemd-journald.socket</filename></para>
- <para><filename>systemd-journald-dev-log.socket</filename></para>
- <para><filename>systemd-journald-audit.socket</filename></para>
- <para><filename>systemd-journald@.service</filename></para>
- <para><filename>systemd-journald@.socket</filename></para>
- <para><filename>systemd-journald-varlink@.socket</filename></para>
- <para><filename>/usr/lib/systemd/systemd-journald</filename></para>
+ <para><simplelist>
+ <member><filename>systemd-journald.service</filename></member>
+ <member><filename>systemd-journald.socket</filename></member>
+ <member><filename>systemd-journald-dev-log.socket</filename></member>
+ <member><filename>systemd-journald-audit.socket</filename></member>
+ <member><filename>systemd-journald@.service</filename></member>
+ <member><filename>systemd-journald@.socket</filename></member>
+ <member><filename>systemd-journald-varlink@.socket</filename></member>
+ <member><filename>/usr/lib/systemd/systemd-journald</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/systemd/sleep.conf</filename></para>
- <para><filename>/etc/systemd/sleep.conf.d/*.conf</filename></para>
- <para><filename>/run/systemd/sleep.conf.d/*.conf</filename></para>
- <para><filename>/usr/lib/systemd/sleep.conf.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/systemd/sleep.conf</filename></member>
+ <member><filename>/etc/systemd/sleep.conf.d/*.conf</filename></member>
+ <member><filename>/run/systemd/sleep.conf.d/*.conf</filename></member>
+ <member><filename>/usr/lib/systemd/sleep.conf.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/usr/lib/systemd/boot/efi/linuxx64.efi.stub</filename></para>
- <para><filename>/usr/lib/systemd/boot/efi/linuxia32.efi.stub</filename></para>
- <para><filename>/usr/lib/systemd/boot/efi/linuxaa64.efi.stub</filename></para>
- <para><filename><replaceable>ESP</replaceable>/.../<replaceable>foo</replaceable>.efi.extra.d/*.addon.efi</filename></para>
- <para><filename><replaceable>ESP</replaceable>/.../<replaceable>foo</replaceable>.efi.extra.d/*.cred</filename></para>
- <para><filename><replaceable>ESP</replaceable>/.../<replaceable>foo</replaceable>.efi.extra.d/*.raw</filename></para>
- <para><filename><replaceable>ESP</replaceable>/loader/addons/*.addon.efi</filename></para>
- <para><filename><replaceable>ESP</replaceable>/loader/credentials/*.cred</filename></para>
+ <para><simplelist>
+ <member><filename>/usr/lib/systemd/boot/efi/linuxx64.efi.stub</filename></member>
+ <member><filename>/usr/lib/systemd/boot/efi/linuxia32.efi.stub</filename></member>
+ <member><filename>/usr/lib/systemd/boot/efi/linuxaa64.efi.stub</filename></member>
+ <member><filename><replaceable>ESP</replaceable>/.../<replaceable>foo</replaceable>.efi.extra.d/*.addon.efi</filename></member>
+ <member><filename><replaceable>ESP</replaceable>/.../<replaceable>foo</replaceable>.efi.extra.d/*.cred</filename></member>
+ <member><filename><replaceable>ESP</replaceable>/.../<replaceable>foo</replaceable>.efi.extra.d/*.raw</filename></member>
+ <member><filename><replaceable>ESP</replaceable>/loader/addons/*.addon.efi</filename></member>
+ <member><filename><replaceable>ESP</replaceable>/loader/credentials/*.cred</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>systemd-suspend.service</filename></para>
- <para><filename>systemd-hibernate.service</filename></para>
- <para><filename>systemd-hybrid-sleep.service</filename></para>
- <para><filename>systemd-suspend-then-hibernate.service</filename></para>
- <para><filename>/usr/lib/systemd/system-sleep</filename></para>
+ <para><simplelist>
+ <member><filename>systemd-suspend.service</filename></member>
+ <member><filename>systemd-hibernate.service</filename></member>
+ <member><filename>systemd-hybrid-sleep.service</filename></member>
+ <member><filename>systemd-suspend-then-hibernate.service</filename></member>
+ <member><filename>/usr/lib/systemd/system-sleep</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
<arg choice="plain">COMMAND</arg>
</cmdsynopsis>
- <para><literallayout><filename>systemd-sysext.service</filename></literallayout></para>
+ <para><filename>systemd-sysext.service</filename></para>
<cmdsynopsis>
<command>systemd-confext</command>
<arg choice="plain">COMMAND</arg>
</cmdsynopsis>
- <para><literallayout><filename>systemd-confext.service</filename></literallayout></para>
-
+ <para><filename>systemd-confext.service</filename></para>
</refsynopsisdiv>
<refsect1>
</cmdsynopsis>
<para>System units:
-<literallayout><filename>systemd-tmpfiles-setup.service</filename>
-<filename>systemd-tmpfiles-setup-dev-early.service</filename>
-<filename>systemd-tmpfiles-setup-dev.service</filename>
-<filename>systemd-tmpfiles-clean.service</filename>
-<filename>systemd-tmpfiles-clean.timer</filename></literallayout></para>
+ <simplelist>
+ <member><filename>systemd-tmpfiles-setup.service</filename></member>
+ <member><filename>systemd-tmpfiles-setup-dev-early.service</filename></member>
+ <member><filename>systemd-tmpfiles-setup-dev.service</filename></member>
+ <member><filename>systemd-tmpfiles-clean.service</filename></member>
+ <member><filename>systemd-tmpfiles-clean.timer</filename></member>
+ </simplelist>
+ </para>
<para>User units:
-<literallayout><filename>systemd-tmpfiles-setup.service</filename>
-<filename>systemd-tmpfiles-clean.service</filename>
-<filename>systemd-tmpfiles-clean.timer</filename></literallayout></para>
+ <simplelist>
+ <member><filename>systemd-tmpfiles-setup.service</filename></member>
+ <member><filename>systemd-tmpfiles-clean.service</filename></member>
+ <member><filename>systemd-tmpfiles-clean.timer</filename></member>
+ </simplelist>
+ </para>
</refsynopsisdiv>
<refsect1>
<command>&USER_ENV_GENERATOR_DIR;/some-generator</command>
</cmdsynopsis>
- <para>
- <literallayout><filename>/run/systemd/system-environment-generators/*</filename>
-<filename>/etc/systemd/system-environment-generators/*</filename>
-<filename>/usr/local/lib/systemd/system-environment-generators/*</filename>
-<filename>&SYSTEM_ENV_GENERATOR_DIR;/*</filename></literallayout>
- </para>
-
- <para>
- <literallayout><filename>/run/systemd/user-environment-generators/*</filename>
-<filename>/etc/systemd/user-environment-generators/*</filename>
-<filename>/usr/local/lib/systemd/user-environment-generators/*</filename>
-<filename>&USER_ENV_GENERATOR_DIR;/*</filename></literallayout>
- </para>
+ <para><simplelist>
+ <member><filename>/run/systemd/system-environment-generators/*</filename></member>
+ <member><filename>/etc/systemd/system-environment-generators/*</filename></member>
+ <member><filename>/usr/local/lib/systemd/system-environment-generators/*</filename></member>
+ <member><filename>&SYSTEM_ENV_GENERATOR_DIR;/*</filename></member>
+ </simplelist></para>
+
+ <para><simplelist>
+ <member><filename>/run/systemd/user-environment-generators/*</filename></member>
+ <member><filename>/etc/systemd/user-environment-generators/*</filename></member>
+ <member><filename>/usr/local/lib/systemd/user-environment-generators/*</filename></member>
+ <member><filename>&USER_ENV_GENERATOR_DIR;/*</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
<arg choice="option"><replaceable>late-dir</replaceable></arg>
</cmdsynopsis>
- <para>
- <literallayout><filename>/run/systemd/system-generators/*</filename>
-<filename>/etc/systemd/system-generators/*</filename>
-<filename>/usr/local/lib/systemd/system-generators/*</filename>
-<filename>&SYSTEM_GENERATOR_DIR;/*</filename></literallayout>
- </para>
-
- <para>
- <literallayout><filename>/run/systemd/user-generators/*</filename>
-<filename>/etc/systemd/user-generators/*</filename>
-<filename>/usr/local/lib/systemd/user-generators/*</filename>
-<filename>&USER_GENERATOR_DIR;/*</filename></literallayout>
- </para>
+ <para><simplelist>
+ <member><filename>/run/systemd/system-generators/*</filename></member>
+ <member><filename>/etc/systemd/system-generators/*</filename></member>
+ <member><filename>/usr/local/lib/systemd/system-generators/*</filename></member>
+ <member><filename>&SYSTEM_GENERATOR_DIR;/*</filename></member>
+ </simplelist></para>
+
+ <para><simplelist>
+ <member><filename>/run/systemd/user-generators/*</filename></member>
+ <member><filename>/etc/systemd/user-generators/*</filename></member>
+ <member><filename>/usr/local/lib/systemd/user-generators/*</filename></member>
+ <member><filename>&USER_GENERATOR_DIR;/*</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/systemd/nspawn/<replaceable>machine</replaceable>.nspawn</filename></para>
- <para><filename>/run/systemd/nspawn/<replaceable>machine</replaceable>.nspawn</filename></para>
- <para><filename>/var/lib/machines/<replaceable>machine</replaceable>.nspawn</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/systemd/nspawn/<replaceable>machine</replaceable>.nspawn</filename></member>
+ <member><filename>/run/systemd/nspawn/<replaceable>machine</replaceable>.nspawn</filename></member>
+ <member><filename>/var/lib/machines/<replaceable>machine</replaceable>.nspawn</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><literallayout>
-<filename>/etc/pcrlock.d/*.pcrlock</filename>
-<filename>/etc/pcrlock.d/*.pcrlock.d/*.pcrlock</filename>
-<filename>/run/pcrlock.d/*.pcrlock</filename>
-<filename>/run/pcrlock.d/*.pcrlock.d/*.pcrlock</filename>
-<filename>/var/lib/pcrlock.d/*.pcrlock</filename>
-<filename>/var/lib/pcrlock.d/*.pcrlock.d/*.pcrlock</filename>
-<filename>/usr/local/pcrlock.d/*.pcrlock</filename>
-<filename>/usr/local/pcrlock.d/*.pcrlock.d/*.pcrlock</filename>
-<filename>/usr/lib/pcrlock.d/*.pcrlock</filename>
-<filename>/usr/lib/pcrlock.d/*.pcrlock.d/*.pcrlock</filename></literallayout></para>
+ <para><simplelist>
+ <member><filename>/etc/pcrlock.d/*.pcrlock</filename></member>
+ <member><filename>/etc/pcrlock.d/*.pcrlock.d/*.pcrlock</filename></member>
+ <member><filename>/run/pcrlock.d/*.pcrlock</filename></member>
+ <member><filename>/run/pcrlock.d/*.pcrlock.d/*.pcrlock</filename></member>
+ <member><filename>/var/lib/pcrlock.d/*.pcrlock</filename></member>
+ <member><filename>/var/lib/pcrlock.d/*.pcrlock.d/*.pcrlock</filename></member>
+ <member><filename>/usr/local/pcrlock.d/*.pcrlock</filename></member>
+ <member><filename>/usr/local/pcrlock.d/*.pcrlock.d/*.pcrlock</filename></member>
+ <member><filename>/usr/lib/pcrlock.d/*.pcrlock</filename></member>
+ <member><filename>/usr/lib/pcrlock.d/*.pcrlock.d/*.pcrlock</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/systemd/system-preset/*.preset</filename></para>
- <para><filename>/run/systemd/system-preset/*.preset</filename></para>
- <para><filename>/usr/lib/systemd/system-preset/*.preset</filename></para>
- <para><filename>/etc/systemd/user-preset/*.preset</filename></para>
- <para><filename>/run/systemd/user-preset/*.preset</filename></para>
- <para><filename>/usr/lib/systemd/user-preset/*.preset</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/systemd/system-preset/*.preset</filename></member>
+ <member><filename>/run/systemd/system-preset/*.preset</filename></member>
+ <member><filename>/usr/lib/systemd/system-preset/*.preset</filename></member>
+ <member><filename>/etc/systemd/user-preset/*.preset</filename></member>
+ <member><filename>/run/systemd/user-preset/*.preset</filename></member>
+ <member><filename>/usr/lib/systemd/user-preset/*.preset</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
<xi:include href="version-info.xml" xpointer="v254"/>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>home.create.*</varname></term>
+ <listitem>
+ <para>Creates a home area for the specified user with the user record data passed in. For details see
+ <citerefentry><refentrytitle>homectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
<refsect2>
<title>System Unit Search Path</title>
- <para><literallayout><filename>/etc/systemd/system.control/*</filename>
-<filename>/run/systemd/system.control/*</filename>
-<filename>/run/systemd/transient/*</filename>
-<filename>/run/systemd/generator.early/*</filename>
-<filename>/etc/systemd/system/*</filename>
-<filename>/etc/systemd/system.attached/*</filename>
-<filename>/run/systemd/system/*</filename>
-<filename>/run/systemd/system.attached/*</filename>
-<filename>/run/systemd/generator/*</filename>
-<filename index='false'>…</filename>
-<filename>/usr/lib/systemd/system/*</filename>
-<filename>/run/systemd/generator.late/*</filename></literallayout></para>
+ <para><simplelist>
+ <member><filename>/etc/systemd/system.control/*</filename></member>
+ <member><filename>/run/systemd/system.control/*</filename></member>
+ <member><filename>/run/systemd/transient/*</filename></member>
+ <member><filename>/run/systemd/generator.early/*</filename></member>
+ <member><filename>/etc/systemd/system/*</filename></member>
+ <member><filename>/etc/systemd/system.attached/*</filename></member>
+ <member><filename>/run/systemd/system/*</filename></member>
+ <member><filename>/run/systemd/system.attached/*</filename></member>
+ <member><filename>/run/systemd/generator/*</filename></member>
+ <member><filename index='false'>…</filename></member>
+ <member><filename>/usr/lib/systemd/system/*</filename></member>
+ <member><filename>/run/systemd/generator.late/*</filename></member>
+ </simplelist></para>
</refsect2>
<refsect2>
<title>User Unit Search Path</title>
- <para><literallayout><filename>~/.config/systemd/user.control/*</filename>
-<filename>$XDG_RUNTIME_DIR/systemd/user.control/*</filename>
-<filename>$XDG_RUNTIME_DIR/systemd/transient/*</filename>
-<filename>$XDG_RUNTIME_DIR/systemd/generator.early/*</filename>
-<filename>~/.config/systemd/user/*</filename>
-<filename>$XDG_CONFIG_DIRS/systemd/user/*</filename>
-<filename>/etc/systemd/user/*</filename>
-<filename>$XDG_RUNTIME_DIR/systemd/user/*</filename>
-<filename>/run/systemd/user/*</filename>
-<filename>$XDG_RUNTIME_DIR/systemd/generator/*</filename>
-<filename>$XDG_DATA_HOME/systemd/user/*</filename>
-<filename>$XDG_DATA_DIRS/systemd/user/*</filename>
-<filename index='false'>…</filename>
-<filename>/usr/lib/systemd/user/*</filename>
-<filename>$XDG_RUNTIME_DIR/systemd/generator.late/*</filename></literallayout></para>
+ <para><simplelist>
+ <member><filename>~/.config/systemd/user.control/*</filename></member>
+ <member><filename>$XDG_RUNTIME_DIR/systemd/user.control/*</filename></member>
+ <member><filename>$XDG_RUNTIME_DIR/systemd/transient/*</filename></member>
+ <member><filename>$XDG_RUNTIME_DIR/systemd/generator.early/*</filename></member>
+ <member><filename>~/.config/systemd/user/*</filename></member>
+ <member><filename>$XDG_CONFIG_DIRS/systemd/user/*</filename></member>
+ <member><filename>/etc/systemd/user/*</filename></member>
+ <member><filename>$XDG_RUNTIME_DIR/systemd/user/*</filename></member>
+ <member><filename>/run/systemd/user/*</filename></member>
+ <member><filename>$XDG_RUNTIME_DIR/systemd/generator/*</filename></member>
+ <member><filename>$XDG_DATA_HOME/systemd/user/*</filename></member>
+ <member><filename>$XDG_DATA_DIRS/systemd/user/*</filename></member>
+ <member><filename index='false'>…</filename></member>
+ <member><filename>/usr/lib/systemd/user/*</filename></member>
+ <member><filename>$XDG_RUNTIME_DIR/systemd/generator.late/*</filename></member>
+ </simplelist></para>
</refsect2>
</refsynopsisdiv>
</refnamediv>
<refsynopsisdiv>
- <para><literallayout><filename>/etc/sysupdate.d/*.conf</filename>
-<filename>/run/sysupdate.d/*.conf</filename>
-<filename>/usr/lib/sysupdate.d/*.conf</filename>
- </literallayout></para>
+ <para><simplelist>
+ <member><filename>/etc/sysupdate.d/*.conf</filename></member>
+ <member><filename>/run/sysupdate.d/*.conf</filename></member>
+ <member><filename>/usr/lib/sysupdate.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/sysusers.d/*.conf</filename></para>
- <para><filename>/run/sysusers.d/*.conf</filename></para>
- <para><filename>/usr/lib/sysusers.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/sysusers.d/*.conf</filename></member>
+ <member><filename>/run/sysusers.d/*.conf</filename></member>
+ <member><filename>/usr/lib/sysusers.d/*.conf</filename></member>
+ </simplelist></para>
<programlisting>
#Type Name ID GECOS Home directory Shell
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/systemd/timesyncd.conf</filename></para>
- <para><filename>/etc/systemd/timesyncd.conf.d/*.conf</filename></para>
- <para><filename>/run/systemd/timesyncd.conf.d/*.conf</filename></para>
- <para><filename>/usr/lib/systemd/timesyncd.conf.d/*.conf</filename></para>
+ <para><simplelist>
+ <member><filename>/etc/systemd/timesyncd.conf</filename></member>
+ <member><filename>/etc/systemd/timesyncd.conf.d/*.conf</filename></member>
+ <member><filename>/run/systemd/timesyncd.conf.d/*.conf</filename></member>
+ <member><filename>/usr/lib/systemd/timesyncd.conf.d/*.conf</filename></member>
+ </simplelist></para>
</refsynopsisdiv>
<refsect1>
<refnamediv>
<refname>tmpfiles.d</refname>
- <refpurpose>Configuration for creation, deletion and cleaning of
- volatile and temporary files</refpurpose>
+ <refpurpose>Configuration for creation, deletion, and cleaning of files and directories</refpurpose>
</refnamediv>
<refsynopsisdiv>
- <para><literallayout><filename>/etc/tmpfiles.d/*.conf</filename>
-<filename>/run/tmpfiles.d/*.conf</filename>
-<filename>/usr/lib/tmpfiles.d/*.conf</filename>
- </literallayout></para>
-
- <para><literallayout><filename>~/.config/user-tmpfiles.d/*.conf</filename>
-<filename>$XDG_RUNTIME_DIR/user-tmpfiles.d/*.conf</filename>
-<filename>~/.local/share/user-tmpfiles.d/*.conf</filename>
-<filename index='false'>…</filename>
-<filename>/usr/share/user-tmpfiles.d/*.conf</filename>
- </literallayout></para>
+ <para><simplelist>
+ <member><filename>/etc/tmpfiles.d/*.conf</filename></member>
+ <member><filename>/run/tmpfiles.d/*.conf</filename></member>
+ <member><filename>/usr/lib/tmpfiles.d/*.conf</filename></member>
+ </simplelist></para>
+
+ <para><simplelist>
+ <member><filename>~/.config/user-tmpfiles.d/*.conf</filename></member>
+ <member><filename>$XDG_RUNTIME_DIR/user-tmpfiles.d/*.conf</filename></member>
+ <member><filename>~/.local/share/user-tmpfiles.d/*.conf</filename></member>
+ <member><filename index='false'>…</filename></member>
+ <member><filename>/usr/share/user-tmpfiles.d/*.conf</filename></member>
+ </simplelist></para>
<programlisting>#Type Path Mode User Group Age Argument
f /file/to/create mode user group - content
@Incremental=yes
@QemuMem=2G
@RuntimeSize=8G
-# Make sure we don't trigger systemd-firstboot prompting for the root password.
-Credentials=passwd.plaintext-password.root=
KernelCommandLineExtra=systemd.crash_shell
systemd.log_level=debug
systemd.log_ratelimit_kmsg=0
selinux=0
enforcing=0
systemd.early_core_pattern=/core
+ systemd.firstboot=no
_cleanup_free_ char *controller = NULL;
int enabled = 0;
- errno = 0;
if (fscanf(f, "%ms %*i %*i %i", &controller, &enabled) != 2) {
+ if (ferror(f))
+ return -errno;
+
if (feof(f))
break;
- if (ferror(f))
- return errno_or_else(EIO);
-
return -EBADMSG;
}
return false;
}
+int uid_map_read_one(FILE *f, uid_t *ret_base, uid_t *ret_shift, uid_t *ret_range) {
+ uid_t uid_base, uid_shift, uid_range;
+ int r;
+
+ assert(f);
+ assert(ret_base);
+ assert(ret_shift);
+ assert(ret_range);
+
+ errno = 0;
+ r = fscanf(f, UID_FMT " " UID_FMT " " UID_FMT "\n", &uid_base, &uid_shift, &uid_range);
+ if (r == EOF)
+ return errno_or_else(ENOMSG);
+ assert(r >= 0);
+ if (r != 3)
+ return -EBADMSG;
+
+ *ret_base = uid_base;
+ *ret_shift = uid_shift;
+ *ret_range = uid_range;
+
+ return 0;
+}
+
int uid_range_load_userns(UidRange **ret, const char *path) {
_cleanup_(uid_range_freep) UidRange *range = NULL;
_cleanup_fclose_ FILE *f = NULL;
for (;;) {
uid_t uid_base, uid_shift, uid_range;
- int k;
-
- errno = 0;
- k = fscanf(f, UID_FMT " " UID_FMT " " UID_FMT "\n", &uid_base, &uid_shift, &uid_range);
- if (k == EOF) {
- if (ferror(f))
- return errno_or_else(EIO);
+ r = uid_map_read_one(f, &uid_base, &uid_shift, &uid_range);
+ if (r == -ENOMSG)
break;
- }
- if (k != 3)
- return -EBADMSG;
+ if (r < 0)
+ return r;
r = uid_range_add_internal(&range, uid_base, uid_range, /* coalesce = */ false);
if (r < 0)
return uid_range_covers(range, uid, 1);
}
+int uid_map_read_one(FILE *f, uid_t *ret_base, uid_t *ret_shift, uid_t *ret_range);
+
int uid_range_load_userns(UidRange **ret, const char *path);
#include "stat-util.h"
#include "string-table.h"
#include "string-util.h"
+#include "uid-range.h"
#include "virt.h"
enum {
static int userns_has_mapping(const char *name) {
_cleanup_fclose_ FILE *f = NULL;
- uid_t a, b, c;
+ uid_t base, shift, range;
int r;
f = fopen(name, "re");
return errno == ENOENT ? false : -errno;
}
- errno = 0;
- r = fscanf(f, UID_FMT " " UID_FMT " " UID_FMT "\n", &a, &b, &c);
- if (r == EOF) {
- if (ferror(f))
- return log_debug_errno(errno_or_else(EIO), "Failed to read %s: %m", name);
-
- log_debug("%s is empty, we're in an uninitialized user namespace", name);
+ r = uid_map_read_one(f, &base, &shift, &range);
+ if (r == -ENOMSG) {
+ log_debug("%s is empty, we're in an uninitialized user namespace.", name);
return true;
}
- if (r != 3)
- return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Failed to parse %s: %m", name);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to read %s: %m", name);
- if (a == 0 && b == 0 && c == UINT32_MAX) {
+ if (base == 0 && shift == 0 && range == UINT32_MAX) {
/* The kernel calls mappings_overlap() and does not allow overlaps */
log_debug("%s has a full 1:1 mapping", name);
return false;
}
/* Anything else implies that we are in a user namespace */
- log_debug("Mapping found in %s, we're in a user namespace", name);
+ log_debug("Mapping found in %s, we're in a user namespace.", name);
return true;
}
c->restrict_network_interfaces_is_allow_list = is_allow_list;
STRV_FOREACH(s, l) {
- if (!ifname_valid(*s)) {
+ if (!ifname_valid_full(*s, IFNAME_VALID_ALTERNATIVE)) {
log_full(LOG_WARNING, "Invalid interface name, ignoring: %s", *s);
continue;
}
break;
}
- if (!ifname_valid(word)) {
+ if (!ifname_valid_full(word, IFNAME_VALID_ALTERNATIVE)) {
log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid interface name, ignoring: %s", word);
continue;
}
if (r < 0)
return log_error_errno(r, "Failed to parse systemd.firstboot= kernel command line argument, ignoring: %m");
if (r > 0 && !enabled) {
- log_debug("Found systemd.firstboot=no kernel command line argument, terminating.");
- return 0; /* disabled */
+ log_debug("Found systemd.firstboot=no kernel command line argument, turning off all prompts.");
+ arg_prompt_locale = arg_prompt_keymap = arg_prompt_timezone = arg_prompt_hostname = arg_prompt_root_password = arg_prompt_root_shell = false;
}
}
else if (feof(f))
r = 0;
else
- r = log_warning_errno(SYNTHETIC_ERRNO(errno), "Failed to parse progress pipe data");
+ r = log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to parse progress pipe data.");
break;
}
#include "cap-list.h"
#include "capability-util.h"
#include "cgroup-util.h"
+#include "creds-util.h"
#include "dns-domain.h"
#include "env-util.h"
#include "fd-util.h"
#include "percent-util.h"
#include "pkcs11-util.h"
#include "pretty-print.h"
+#include "proc-cmdline.h"
#include "process-util.h"
+#include "recurse-dir.h"
#include "rlimit-util.h"
#include "spawn-polkit-agent.h"
#include "terminal-util.h"
#include "user-record-show.h"
#include "user-record-util.h"
#include "user-util.h"
+#include "userdb.h"
#include "verbs.h"
static PagerFlags arg_pager_flags = 0;
} arg_export_format = EXPORT_FORMAT_FULL;
static uint64_t arg_capability_bounding_set = UINT64_MAX;
static uint64_t arg_capability_ambient_set = UINT64_MAX;
+static bool arg_prompt_new_user = false;
STATIC_DESTRUCTOR_REGISTER(arg_identity_extra, json_variant_unrefp);
STATIC_DESTRUCTOR_REGISTER(arg_identity_extra_this_machine, json_variant_unrefp);
return 1;
}
-static int acquire_new_home_record(UserRecord **ret) {
+static int acquire_new_home_record(JsonVariant *input, UserRecord **ret) {
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
_cleanup_(user_record_unrefp) UserRecord *hr = NULL;
int r;
if (arg_identity) {
unsigned line, column;
+ if (input)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Two identity records specified, refusing.");
+
r = json_parse_file(
streq(arg_identity, "-") ? stdin : NULL,
streq(arg_identity, "-") ? "<stdin>" : arg_identity, JSON_PARSE_SENSITIVE, &v, &line, &column);
if (r < 0)
return log_error_errno(r, "Failed to parse identity at %u:%u: %m", line, column);
- }
+ } else
+ v = json_variant_ref(input);
r = apply_identity_changes(&v);
if (r < 0)
if (!hr)
return log_oom();
- r = user_record_load(hr, v, USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_SECRET|USER_RECORD_ALLOW_PRIVILEGED|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_SIGNATURE|USER_RECORD_LOG|USER_RECORD_PERMISSIVE);
+ r = user_record_load(
+ hr,
+ v,
+ USER_RECORD_REQUIRE_REGULAR|
+ USER_RECORD_ALLOW_SECRET|
+ USER_RECORD_ALLOW_PRIVILEGED|
+ USER_RECORD_ALLOW_PER_MACHINE|
+ USER_RECORD_STRIP_BINDING|
+ USER_RECORD_STRIP_STATUS|
+ USER_RECORD_STRIP_SIGNATURE|
+ USER_RECORD_LOG|
+ USER_RECORD_PERMISSIVE);
if (r < 0)
return r;
}
}
-static int create_home(int argc, char *argv[], void *userdata) {
+static int create_home_common(JsonVariant *input) {
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
_cleanup_(user_record_unrefp) UserRecord *hr = NULL;
int r;
(void) polkit_agent_open_if_enabled(arg_transport, arg_ask_password);
- if (argc >= 2) {
- /* If a username was specified, use it */
-
- if (valid_user_group_name(argv[1], 0))
- r = json_variant_set_field_string(&arg_identity_extra, "userName", argv[1]);
- else {
- _cleanup_free_ char *un = NULL, *rr = NULL;
-
- /* Before we consider the user name invalid, let's check if we can split it? */
- r = split_user_name_realm(argv[1], &un, &rr);
- if (r < 0)
- return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User name '%s' is not valid: %m", argv[1]);
-
- if (rr) {
- r = json_variant_set_field_string(&arg_identity_extra, "realm", rr);
- if (r < 0)
- return log_error_errno(r, "Failed to set realm field: %m");
- }
-
- r = json_variant_set_field_string(&arg_identity_extra, "userName", un);
- }
- if (r < 0)
- return log_error_errno(r, "Failed to set userName field: %m");
- } else {
- /* If neither a username nor an identity have been specified we cannot operate. */
- if (!arg_identity)
- return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User name required.");
- }
-
- r = acquire_new_home_record(&hr);
+ r = acquire_new_home_record(input, &hr);
if (r < 0)
return r;
return 0;
}
+static int create_home(int argc, char *argv[], void *userdata) {
+ int r;
+
+ if (argc >= 2) {
+ /* If a username was specified, use it */
+
+ if (valid_user_group_name(argv[1], 0))
+ r = json_variant_set_field_string(&arg_identity_extra, "userName", argv[1]);
+ else {
+ _cleanup_free_ char *un = NULL, *rr = NULL;
+
+ /* Before we consider the user name invalid, let's check if we can split it? */
+ r = split_user_name_realm(argv[1], &un, &rr);
+ if (r < 0)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User name '%s' is not valid: %m", argv[1]);
+
+ if (rr) {
+ r = json_variant_set_field_string(&arg_identity_extra, "realm", rr);
+ if (r < 0)
+ return log_error_errno(r, "Failed to set realm field: %m");
+ }
+
+ r = json_variant_set_field_string(&arg_identity_extra, "userName", un);
+ }
+ if (r < 0)
+ return log_error_errno(r, "Failed to set userName field: %m");
+ } else {
+ /* If neither a username nor an identity have been specified we cannot operate. */
+ if (!arg_identity)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User name required.");
+ }
+
+ return create_home_common(/* input= */ NULL);
+}
+
static int remove_home(int argc, char *argv[], void *userdata) {
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
int r, ret = 0;
return 0;
}
+static int create_from_credentials(void) {
+ _cleanup_close_ int fd = -EBADF;
+ int ret = 0, n_created = 0, r;
+
+ fd = open_credentials_dir();
+ if (IN_SET(fd, -ENXIO, -ENOENT)) /* Credential env var not set, or dir doesn't exist. */
+ return 0;
+ if (fd < 0)
+ return log_error_errno(fd, "Failed to open credentials directory: %m");
+
+ _cleanup_free_ DirectoryEntries *des = NULL;
+ r = readdir_all(fd, RECURSE_DIR_SORT|RECURSE_DIR_IGNORE_DOT|RECURSE_DIR_ENSURE_TYPE, &des);
+ if (r < 0)
+ return log_error_errno(r, "Failed to enumerate credentials: %m");
+
+ FOREACH_ARRAY(i, des->entries, des->n_entries) {
+ _cleanup_(json_variant_unrefp) JsonVariant *identity = NULL;
+ struct dirent *de = *i;
+ const char *e;
+
+ if (de->d_type != DT_REG)
+ continue;
+
+ e = startswith(de->d_name, "home.create.");
+ if (!e)
+ continue;
+
+ if (!valid_user_group_name(e, 0)) {
+ log_notice("Skipping over credential with name that is not a suitable user name: %s", de->d_name);
+ continue;
+ }
+
+ r = json_parse_file_at(
+ /* f= */ NULL,
+ fd,
+ de->d_name,
+ /* flags= */ 0,
+ &identity,
+ /* ret_line= */ NULL,
+ /* ret_column= */ NULL);
+ if (r < 0) {
+ log_warning_errno(r, "Failed to parse user record in credential '%s', ignoring: %m", de->d_name);
+ continue;
+ }
+
+ JsonVariant *un;
+ un = json_variant_by_key(identity, "userName");
+ if (un) {
+ if (!json_variant_is_string(un)) {
+ log_warning("User record from credential '%s' contains 'userName' field of invalid type, ignoring.", de->d_name);
+ continue;
+ }
+
+ if (!streq(json_variant_string(un), e)) {
+ log_warning("User record from credential '%s' contains 'userName' field (%s) that doesn't match credential name (%s), ignoring.", de->d_name, json_variant_string(un), e);
+ continue;
+ }
+ } else {
+ r = json_variant_set_field_string(&identity, "userName", e);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to set userName field: %m");
+ }
+
+ log_notice("Processing user '%s' from credentials.", e);
+
+ r = create_home_common(identity);
+ if (r >= 0)
+ n_created++;
+
+ RET_GATHER(ret, r);
+ }
+
+ return ret < 0 ? ret : n_created;
+}
+
+static int has_regular_user(void) {
+ _cleanup_(userdb_iterator_freep) UserDBIterator *iterator = NULL;
+ int r;
+
+ r = userdb_all(USERDB_SUPPRESS_SHADOW, &iterator);
+ if (r < 0)
+ return log_error_errno(r, "Failed to create user enumerator: %m");
+
+ for (;;) {
+ _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
+
+ r = userdb_iterator_get(iterator, &ur);
+ if (r == -ESRCH)
+ break;
+ if (r < 0)
+ return log_error_errno(r, "Failed to enumerate users: %m");
+
+ if (user_record_disposition(ur) == USER_REGULAR)
+ return true;
+ }
+
+ return false;
+}
+
+static int create_interactively(void) {
+ _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+ _cleanup_free_ char *username = NULL;
+ int r;
+
+ if (!arg_prompt_new_user) {
+ log_debug("Prompting for user creation was not requested.");
+ return 0;
+ }
+
+ r = acquire_bus(&bus);
+ if (r < 0)
+ return r;
+
+ (void) polkit_agent_open_if_enabled(arg_transport, arg_ask_password);
+
+ (void) reset_terminal_fd(STDIN_FILENO, /* switch_to_text= */ false);
+
+ for (;;) {
+ username = mfree(username);
+
+ r = ask_string(&username,
+ "%s Please enter user name to create (empty to skip): ",
+ special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET));
+ if (r < 0)
+ return log_error_errno(r, "Failed to query user for username: %m");
+
+ if (isempty(username)) {
+ log_info("No data entered, skipping.");
+ return 0;
+ }
+
+ if (!valid_user_group_name(username, /* flags= */ 0)) {
+ log_notice("Specified user name is not a valid UNIX user name, try again: %s", username);
+ continue;
+ }
+
+ r = userdb_by_name(username, USERDB_SUPPRESS_SHADOW, /* ret= */ NULL);
+ if (r == -ESRCH)
+ break;
+ if (r < 0)
+ return log_error_errno(r, "Failed to check if specified user '%s' already exists: %m", username);
+
+ log_notice("Specified user '%s' exists already, try again.", username);
+ }
+
+ r = json_variant_set_field_string(&arg_identity_extra, "userName", username);
+ if (r < 0)
+ return log_error_errno(r, "Failed to set userName field: %m");
+
+ return create_home_common(/* input= */ NULL);
+}
+
+static int verb_firstboot(int argc, char *argv[], void *userdata) {
+ int r;
+
+ /* Let's honour the systemd.firstboot kernel command line option, just like the systemd-firstboot
+ * tool. */
+
+ bool enabled;
+ r = proc_cmdline_get_bool("systemd.firstboot", /* flags = */ 0, &enabled);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse systemd.firstboot= kernel command line argument, ignoring: %m");
+ if (r > 0 && !enabled) {
+ log_debug("Found systemd.firstboot=no kernel command line argument, turning off all prompts.");
+ arg_prompt_new_user = false;
+ }
+
+ r = create_from_credentials();
+ if (r < 0)
+ return r;
+ if (r > 0) /* Already created users from credentials */
+ return 0;
+
+ r = has_regular_user();
+ if (r < 0)
+ return r;
+ if (r > 0) {
+ log_info("Regular user already present in user database, skipping user creation.");
+ return 0;
+ }
+
+ return create_interactively();
+}
+
static int drop_from_identity(const char *field) {
int r;
" deactivate-all Deactivate all active home areas\n"
" rebalance Rebalance free space between home areas\n"
" with USER [COMMAND…] Run shell or command with access to a home area\n"
+ " firstboot Run first-boot home area creation wizard\n"
"\n%4$sOptions:%5$s\n"
" -h --help Show this help\n"
" --version Show package version\n"
" -E When specified once equals -j --export-format=\n"
" stripped, when specified twice equals\n"
" -j --export-format=minimal\n"
+ " --prompt-new-user firstboot: Query user interactively for user\n"
+ " to create\n"
"\n%4$sGeneral User Record Properties:%5$s\n"
" -c --real-name=REALNAME Real name for user\n"
" --realm=REALM Realm to create user in\n"
ARG_FIDO2_CRED_ALG,
ARG_CAPABILITY_BOUNDING_SET,
ARG_CAPABILITY_AMBIENT_SET,
+ ARG_PROMPT_NEW_USER,
};
static const struct option options[] = {
{ "rebalance-weight", required_argument, NULL, ARG_REBALANCE_WEIGHT },
{ "capability-bounding-set", required_argument, NULL, ARG_CAPABILITY_BOUNDING_SET },
{ "capability-ambient-set", required_argument, NULL, ARG_CAPABILITY_AMBIENT_SET },
+ { "prompt-new-user", no_argument, NULL, ARG_PROMPT_NEW_USER },
{}
};
break;
}
+ case ARG_PROMPT_NEW_USER:
+ arg_prompt_new_user = true;
+ break;
+
case '?':
return -EINVAL;
{ "lock-all", VERB_ANY, 1, 0, lock_all_homes },
{ "deactivate-all", VERB_ANY, 1, 0, deactivate_all_homes },
{ "rebalance", VERB_ANY, 1, 0, rebalance },
+ { "firstboot", VERB_ANY, 1, 0, verb_firstboot },
{}
};
#include "string-table.h"
#include "terminal-util.h"
#include "tmpfile-util.h"
+#include "uid-range.h"
#include "unit-name.h"
#include "user-util.h"
uid_t uid_base, uid_shift, uid_range;
gid_t gid_base, gid_shift, gid_range;
_cleanup_fclose_ FILE *f = NULL;
- int k, r;
+ int r;
assert(m);
assert(ret);
}
/* Read the first line. There's at least one. */
- errno = 0;
- k = fscanf(f, UID_FMT " " UID_FMT " " UID_FMT "\n", &uid_base, &uid_shift, &uid_range);
- if (k != 3) {
- if (ferror(f))
- return errno_or_else(EIO);
-
- return -EBADMSG;
- }
+ r = uid_map_read_one(f, &uid_base, &uid_shift, &uid_range);
+ if (r < 0)
+ return r;
/* Not a mapping starting at 0? Then it's a complex mapping we can't expose here. */
if (uid_base != 0)
/* Read the first line. There's at least one. */
errno = 0;
- k = fscanf(f, GID_FMT " " GID_FMT " " GID_FMT "\n", &gid_base, &gid_shift, &gid_range);
- if (k != 3) {
- if (ferror(f))
- return errno_or_else(EIO);
-
+ r = fscanf(f, GID_FMT " " GID_FMT " " GID_FMT "\n", &gid_base, &gid_shift, &gid_range);
+ if (r == EOF)
+ return errno_or_else(ENOMSG);
+ assert(r >= 0);
+ if (r != 3)
return -EBADMSG;
- }
/* If there's more than one line, then we don't support this file. */
r = safe_fgetc(f, NULL);
_cleanup_fclose_ FILE *f = NULL;
const char *p;
+ int r;
/* This is a generic implementation for both uids and gids, under the assumptions they have the same types and semantics. */
assert_cc(sizeof(uid_t) == sizeof(gid_t));
for (;;) {
uid_t uid_base, uid_shift, uid_range, converted;
- int k;
- errno = 0;
- k = fscanf(f, UID_FMT " " UID_FMT " " UID_FMT, &uid_base, &uid_shift, &uid_range);
- if (k < 0 && feof(f))
+ r = uid_map_read_one(f, &uid_base, &uid_shift, &uid_range);
+ if (r == -ENOMSG)
break;
- if (k != 3) {
- if (ferror(f))
- return errno_or_else(EIO);
-
- return -EIO;
- }
+ if (r < 0)
+ return r;
/* The private user namespace is disabled, ignoring. */
if (uid_shift == 0)
_cleanup_fclose_ FILE *f = NULL;
const char *p;
+ int r;
/* This is a generic implementation for both uids and gids, under the assumptions they have the same types and semantics. */
assert_cc(sizeof(uid_t) == sizeof(gid_t));
for (;;) {
uid_t uid_base, uid_shift, uid_range, converted;
- int k;
- errno = 0;
- k = fscanf(f, UID_FMT " " UID_FMT " " UID_FMT, &uid_base, &uid_shift, &uid_range);
- if (k < 0 && feof(f))
+ r = uid_map_read_one(f, &uid_base, &uid_shift, &uid_range);
+ if (r == -ENOMSG)
break;
- if (k != 3) {
- if (ferror(f))
- return errno_or_else(EIO);
-
- return -EIO;
- }
+ if (r < 0)
+ return r;
if (uid < uid_base || uid >= uid_base + uid_range)
continue;
if (ret_host_uid)
*ret_host_uid = converted;
+
return 0;
}
}
static int dnssec_nsec_wildcard_equal(DnsResourceRecord *rr, const char *name) {
- char label[DNS_LABEL_MAX];
+ char label[DNS_LABEL_MAX+1];
const char *n;
int r;
while (!dns_name_is_root(name)) {
const char *z = name;
- char label[DNS_LABEL_MAX];
+ char label[DNS_LABEL_MAX+1];
size_t n = 0;
if (allow_compression)
static int make_fallback_hostnames(char **full_hostname, char **llmnr_hostname, char **mdns_hostname) {
_cleanup_free_ char *h = NULL, *n = NULL, *m = NULL;
- char label[DNS_LABEL_MAX];
+ char label[DNS_LABEL_MAX+1];
const char *p;
int r;
return get_credentials_dir_internal("ENCRYPTED_CREDENTIALS_DIRECTORY", ret);
}
+int open_credentials_dir(void) {
+ const char *d;
+ int r;
+
+ r = get_credentials_dir(&d);
+ if (r < 0)
+ return r;
+
+ return RET_NERRNO(open(d, O_CLOEXEC|O_DIRECTORY));
+}
+
int read_credential(const char *name, void **ret, size_t *ret_size) {
_cleanup_free_ char *fn = NULL;
const char *d;
int get_credentials_dir(const char **ret);
int get_encrypted_credentials_dir(const char **ret);
+int open_credentials_dir(void);
+
/* Where creds have been passed to the system */
#define SYSTEM_CREDENTIALS_DIRECTORY "/run/credentials/@system"
#define ENCRYPTED_SYSTEM_CREDENTIALS_DIRECTORY "/run/credentials/@encrypted"
goto finish;
for (;;) {
- char label[DNS_LABEL_MAX];
+ char label[DNS_LABEL_MAX+1];
r = dns_label_unescape(&p, label, sizeof label, flags);
if (r < 0)
y = b + strlen(b);
for (;;) {
- char la[DNS_LABEL_MAX], lb[DNS_LABEL_MAX];
+ char la[DNS_LABEL_MAX+1], lb[DNS_LABEL_MAX+1];
if (x == NULL && y == NULL)
return 0;
assert(y);
for (;;) {
- char la[DNS_LABEL_MAX], lb[DNS_LABEL_MAX];
+ char la[DNS_LABEL_MAX+1], lb[DNS_LABEL_MAX+1];
r = dns_label_unescape(&x, la, sizeof la, 0);
if (r < 0)
s = suffix;
for (;;) {
- char ln[DNS_LABEL_MAX], ls[DNS_LABEL_MAX];
+ char ln[DNS_LABEL_MAX+1], ls[DNS_LABEL_MAX+1];
r = dns_label_unescape(&n, ln, sizeof ln, 0);
if (r < 0)
p = prefix;
for (;;) {
- char ln[DNS_LABEL_MAX], lp[DNS_LABEL_MAX];
+ char ln[DNS_LABEL_MAX+1], lp[DNS_LABEL_MAX+1];
r = dns_label_unescape(&p, lp, sizeof lp, 0);
if (r < 0)
s = old_suffix;
for (;;) {
- char ln[DNS_LABEL_MAX], ls[DNS_LABEL_MAX];
+ char ln[DNS_LABEL_MAX+1], ls[DNS_LABEL_MAX+1];
if (!saved_before)
saved_before = n;
return false;
for (;;) {
- char label[DNS_LABEL_MAX];
+ char label[DNS_LABEL_MAX+1];
/* This more or less implements RFC 6335, Section 5.1 */
return m;
for (;;) {
- char la[DNS_LABEL_MAX], lb[DNS_LABEL_MAX];
+ char la[DNS_LABEL_MAX+1], lb[DNS_LABEL_MAX+1];
const char *x, *y;
if (k >= n || k >= m) {
assert(ret);
for (;;) {
- char label[DNS_LABEL_MAX];
+ char label[DNS_LABEL_MAX+1];
r = dns_label_unescape(&name, label, sizeof label, 0);
if (r < 0)
typedef enum VerifyESPFlags {
VERIFY_ESP_SEARCHING = 1 << 0, /* Downgrade various "not found" logs to debug level */
VERIFY_ESP_UNPRIVILEGED_MODE = 1 << 1, /* Call into udev rather than blkid */
- VERIFY_ESP_RELAX_CHECKS = 1 << 2, /* Do not validate ESP partition */
+ VERIFY_ESP_SKIP_FSTYPE_CHECK = 1 << 2, /* Skip filesystem check */
+ VERIFY_ESP_SKIP_DEVICE_CHECK = 1 << 3, /* Skip device node check */
} VerifyESPFlags;
+static VerifyESPFlags verify_esp_flags_init(int unprivileged_mode, const char *env_name_for_relaxing) {
+ VerifyESPFlags flags = 0;
+
+ assert(env_name_for_relaxing);
+
+ if (unprivileged_mode < 0)
+ unprivileged_mode = geteuid() != 0;
+ if (unprivileged_mode)
+ flags |= VERIFY_ESP_UNPRIVILEGED_MODE;
+
+ if (getenv_bool(env_name_for_relaxing) > 0)
+ flags |= VERIFY_ESP_SKIP_FSTYPE_CHECK | VERIFY_ESP_SKIP_DEVICE_CHECK;
+
+ if (detect_container() > 0)
+ flags |= VERIFY_ESP_SKIP_DEVICE_CHECK;
+
+ return flags;
+}
+
static int verify_esp_blkid(
dev_t devid,
VerifyESPFlags flags,
dev_t *ret_devid,
VerifyESPFlags flags) {
- bool relax_checks, searching = FLAGS_SET(flags, VERIFY_ESP_SEARCHING),
- unprivileged_mode = FLAGS_SET(flags, VERIFY_ESP_UNPRIVILEGED_MODE);
+ bool searching = FLAGS_SET(flags, VERIFY_ESP_SEARCHING),
+ unprivileged_mode = FLAGS_SET(flags, VERIFY_ESP_UNPRIVILEGED_MODE);
_cleanup_free_ char *p = NULL;
_cleanup_close_ int pfd = -EBADF;
dev_t devid = 0;
* -EACESS → if 'unprivileged_mode' is set, and we have trouble accessing the thing
*/
- relax_checks =
- getenv_bool("SYSTEMD_RELAX_ESP_CHECKS") > 0 ||
- FLAGS_SET(flags, VERIFY_ESP_RELAX_CHECKS);
-
/* Non-root user can only check the status, so if an error occurred in the following, it does not cause any
* issues. Let's also, silence the error messages. */
(unprivileged_mode && ERRNO_IS_PRIVILEGE(r)) ? LOG_DEBUG : LOG_ERR,
r, "Failed to open parent directory of \"%s\": %m", path);
- if (!relax_checks) {
+ if (!FLAGS_SET(flags, VERIFY_ESP_SKIP_FSTYPE_CHECK)) {
_cleanup_free_ char *f = NULL;
struct statfs sfs;
"File system \"%s\" is not a FAT EFI System Partition (ESP) file system.", p);
}
- relax_checks =
- relax_checks ||
- detect_container() > 0;
-
- r = verify_fsroot_dir(pfd, p, flags, relax_checks ? NULL : &devid);
+ r = verify_fsroot_dir(pfd, p, flags, FLAGS_SET(flags, VERIFY_ESP_SKIP_DEVICE_CHECK) ? NULL : &devid);
if (r < 0)
return r;
/* In a container we don't have access to block devices, skip this part of the verification, we trust
* the container manager set everything up correctly on its own. */
- if (relax_checks)
+ if (FLAGS_SET(flags, VERIFY_ESP_SKIP_DEVICE_CHECK))
goto finish;
+ if (devnum_is_zero(devid))
+ return log_full_errno(searching ? LOG_DEBUG : LOG_ERR,
+ SYNTHETIC_ERRNO(searching ? EADDRNOTAVAIL : ENODEV),
+ "Could not determine backing block device of directory \"%s\" (btrfs RAID?).", p);
+
/* If we are unprivileged we ask udev for the metadata about the partition. If we are privileged we
* use blkid instead. Why? Because this code is called from 'bootctl' which is pretty much an
* emergency recovery tool that should also work when udev isn't up (i.e. from the emergency shell),
assert(rfd >= 0 || rfd == AT_FDCWD);
- if (unprivileged_mode < 0)
- unprivileged_mode = geteuid() != 0;
- flags = unprivileged_mode > 0 ? VERIFY_ESP_UNPRIVILEGED_MODE : 0;
-
- r = dir_fd_is_root_or_cwd(rfd);
- if (r < 0)
- return log_error_errno(r, "Failed to check if directory file descriptor is root: %m");
- if (r == 0)
- flags |= VERIFY_ESP_RELAX_CHECKS;
+ flags = verify_esp_flags_init(unprivileged_mode, "SYSTEMD_RELAX_ESP_CHECKS");
if (path)
return verify_esp(rfd, path, ret_path, ret_part, ret_pstart, ret_psize, ret_uuid, ret_devid, flags);
_cleanup_free_ char *p = NULL;
_cleanup_close_ int pfd = -EBADF;
bool searching = FLAGS_SET(flags, VERIFY_ESP_SEARCHING),
- unprivileged_mode = FLAGS_SET(flags, VERIFY_ESP_UNPRIVILEGED_MODE),
- relax_checks;
+ unprivileged_mode = FLAGS_SET(flags, VERIFY_ESP_UNPRIVILEGED_MODE);
dev_t devid = 0;
int r;
(unprivileged_mode && ERRNO_IS_PRIVILEGE(r)) ? LOG_DEBUG : LOG_ERR,
r, "Failed to open parent directory of \"%s\": %m", path);
- relax_checks =
- getenv_bool("SYSTEMD_RELAX_XBOOTLDR_CHECKS") > 0 ||
- detect_container() > 0;
-
- r = verify_fsroot_dir(pfd, p, flags, relax_checks ? NULL : &devid);
+ r = verify_fsroot_dir(pfd, p, flags, FLAGS_SET(flags, VERIFY_ESP_SKIP_DEVICE_CHECK) ? NULL : &devid);
if (r < 0)
return r;
- if (relax_checks)
+ if (FLAGS_SET(flags, VERIFY_ESP_SKIP_DEVICE_CHECK))
goto finish;
+ if (devnum_is_zero(devid))
+ return log_full_errno(searching ? LOG_DEBUG : LOG_ERR,
+ SYNTHETIC_ERRNO(searching ? EADDRNOTAVAIL : ENODEV),
+ "Could not determine backing block device of directory \"%s\" (btrfs RAID?).%s",
+ p,
+ searching ? "" :
+ "\nHint: set $SYSTEMD_RELAX_XBOOTLDR_CHECKS=yes environment variable "
+ "to bypass this and further verifications for the directory.");
+
if (unprivileged_mode)
r = verify_xbootldr_udev(devid, flags, ret_uuid);
else
sd_id128_t *ret_uuid,
dev_t *ret_devid) {
- VerifyESPFlags flags = 0;
+ VerifyESPFlags flags;
int r;
/* Similar to find_esp_and_warn(), but finds the XBOOTLDR partition. Returns the same errors. */
assert(rfd >= 0 || rfd == AT_FDCWD);
- if (unprivileged_mode < 0)
- unprivileged_mode = geteuid() != 0;
- if (unprivileged_mode)
- flags |= VERIFY_ESP_UNPRIVILEGED_MODE;
+ flags = verify_esp_flags_init(unprivileged_mode, "SYSTEMD_RELAX_XBOOTLDR_CHECKS");
if (path)
return verify_xbootldr(rfd, path, flags, ret_path, ret_uuid, ret_devid);
if (!GREEDY_REALLOC(result, j + k + l + 1))
return -ENOMEM;
- memcpy(result + j, w, k);
- t = result + j + k;
+ t = mempcpy(result + j, w, k);
} else if (strchr(POSSIBLE_SPECIFIERS, *f))
/* Oops, an unknown specifier. */
return -EBADSLT;
goto error;
}
+ /* This is primarily useful when running systemd in a VM, as it provides the user running the VM with
+ * a mechanism to pick up systemd's exit status in the VM. Note that we execute this as early as
+ * possible since otherwise we might shut down the VM before the AF_VSOCK buffers have been flushed.
+ * While this doesn't guarantee the message will arrive, in practice we do enough work after this
+ * that the message should always arrive on the host */
+ (void) sd_notifyf(0, "EXIT_STATUS=%i", arg_exit_code);
+
(void) cg_get_root_path(&cgroup);
bool in_container = detect_container() > 0;
if (!in_container)
sync_with_progress();
- /* This is primarily useful when running systemd in a VM, as it provides the user running the VM with
- * a mechanism to pick up systemd's exit status in the VM. */
- (void) sd_notifyf(0, "EXIT_STATUS=%i", arg_exit_code);
-
if (streq(arg_verb, "exit")) {
if (in_container) {
log_info("Exiting container.");
mount_initdir
- cryptsetup luksOpen "${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
+ cryptsetup luksOpen "${LOOPDEV:?}p4" "${DM_NAME:?}" <"$TESTDIR/keyfile"
mount "/dev/mapper/$DM_NAME" "$initdir/var"
check_result_common "${initdir:?}" && ret=0 || ret=$?
create_empty_image_rootdir
echo -n test >"${TESTDIR:?}/keyfile"
- cryptsetup -q luksFormat --uuid="$PART_UUID" --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile"
- cryptsetup luksOpen "${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile"
+ cryptsetup -q luksFormat --uuid="$PART_UUID" --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p4" "$TESTDIR/keyfile"
+ cryptsetup luksOpen "${LOOPDEV}p4" "${DM_NAME:?}" <"$TESTDIR/keyfile"
mkfs.ext4 -L var "/dev/mapper/$DM_NAME"
mkdir -p "${initdir:?}/var"
mount "/dev/mapper/$DM_NAME" "$initdir/var"
case "${1:?}" in
btrfs)
- modprobe -nv btrfs && command -v mkfs.btrfs && command -v btrfs || return $?
+ host_has_btrfs
;;
iscsi)
# Client/initiator (Open-iSCSI)
command -v lvm || return $?
;;
mdadm)
- command -v mdadm || return $?
+ host_has_mdadm
;;
multipath)
command -v multipath && command -v multipathd || return $?
# the QEMU test, as nspawn refuses the invalid machine ID with -EUCLEAN
printf "556f48e837bc4424a710fa2e2c9d3e3c\ne3d\n" >"$workspace/etc/machine-id"
fi
+
+ if host_has_btrfs && host_has_mdadm; then
+ install_btrfs
+ install_mdadm
+ generate_module_dependencies
+ fi
}
do_test "$@"
mkdir -p "${initdir:?}/etc/lvm"
}
+host_has_btrfs() (
+ set -e
+ modprobe -nv btrfs && command -v mkfs.btrfs && command -v btrfs || return $?
+)
+
install_btrfs() {
instmods btrfs
# Not all utilities provided by btrfs-progs are listed here; extend the list
fi
}
+host_has_mdadm() (
+ set -e
+ command -v mdadm || return $?
+)
+
install_mdadm() {
local unit
local mdadm_units=(
system-shutdown/mdadm.shutdown
)
+ instmods "=md"
image_install mdadm mdmon
inst_rules 01-md-raid-creating.rules 63-md-raid-arrays.rules 64-md-raid-assembly.rules 69-md-clustered-confirm-device.rules
# Fedora/CentOS/RHEL ships this rule file
for unit in "${mdadm_units[@]}"; do
image_install "${ROOTLIBDIR:?}/$unit"
done
+
+ # Disable the mdmonitor service, since it fails if there's no valid email address
+ # configured in /etc/mdadm.conf, which just unnecessarily pollutes the logs
+ "${SYSTEMCTL:?}" mask --root "${initdir:?}" mdmonitor.service || :
}
install_compiled_systemd() {
# Partition sizes are in MiBs
local root_size=768
local data_size=100
+ local esp_size=128
+ local boot_size=128
+ local total=
if ! get_bool "$NO_BUILD"; then
if meson configure "${BUILD_DIR:?}" | grep 'static-lib\|standalone-binaries' | awk '{ print $2 }' | grep -q 'true'; then
root_size=$((root_size + 200))
data_size=$((data_size + IMAGE_ADDITIONAL_DATA_SIZE))
fi
- echo "Setting up ${IMAGE_PUBLIC:?} (${root_size} MB)"
+ total=$((root_size + data_size + esp_size + boot_size))
+
+ echo "Setting up ${IMAGE_PUBLIC:?} (${total} MB)"
rm -f "${IMAGE_PRIVATE:?}" "$IMAGE_PUBLIC"
# Create the blank file to use as a root filesystem
- truncate -s "${root_size}M" "$IMAGE_PUBLIC"
+ truncate -s "${total}M" "$IMAGE_PUBLIC"
LOOPDEV="$(losetup --show -P -f "$IMAGE_PUBLIC")"
[[ -b "$LOOPDEV" ]] || return 1
# Create two partitions - a root one and a data one (utilized by some tests)
sfdisk "$LOOPDEV" <<EOF
label: gpt
-type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 name=root size=$((root_size - data_size))M bootable
+type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B name=esp size=${esp_size}M
+type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 name=root size=${root_size}M bootable
+type=BC13C2FF-59E6-4262-A352-B275FD6F7172 name=boot size=${boot_size}M
type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 name=data
EOF
udevadm settle
+ if ! mkfs -t vfat "${LOOPDEV}p1"; then
+ dfatal "Failed to mkfs -t vfat ${LOOPDEV}p1"
+ exit 1
+ fi
+
local label=(-L systemd_boot)
# mkfs.reiserfs doesn't know -L. so, use --label instead
[[ "$FSTYPE" == "reiserfs" ]] && label=(--label systemd_boot)
- if ! mkfs -t "${FSTYPE}" "${label[@]}" "${LOOPDEV}p1" -q; then
- dfatal "Failed to mkfs -t ${FSTYPE}"
+ if ! mkfs -t "${FSTYPE}" "${label[@]}" "${LOOPDEV}p2" -q; then
+ dfatal "Failed to mkfs -t ${FSTYPE} ${label[*]} ${LOOPDEV}p2 -q"
+ exit 1
+ fi
+
+ local label=(-L xbootldr)
+ [[ "$FSTYPE" == "reiserfs" ]] && label=(--label xbootldr)
+ if ! mkfs -t "${FSTYPE}" "${label[@]}" "${LOOPDEV}p3" -q; then
+ dfatal "Failed to mkfs -t ${FSTYPE} ${label[*]} ${LOOPDEV}p3 -q"
exit 1
fi
}
if ! mountpoint -q "${initdir:?}"; then
mkdir -p "$initdir"
- mount "${LOOPDEV}p1" "$initdir"
+ mount "${LOOPDEV}p2" "$initdir"
TEST_SETUP_CLEANUP_ROOTDIR=1
fi
}
# Get only the actual kernel version without any build/distro/arch stuff
# e.g. '5.18.5-200.fc36.x86_64' -> '5.18.5'
kver = platform.release().split('-')[0]
+ # Get also rid of '+'
+ kver = kver.split('+')[0]
return version.parse(kver) >= version.parse(min_kernel_version)
test ! -e "$root/etc/systemd/system/test1-badalias.socket"
test -h "$root/etc/systemd/system/test1-goodalias2.service"
-: '-------aliases in reeanable----------------------------------'
+: '-------aliases in reenable----------------------------------'
( ! "$systemctl" --root="$root" reenable test1 )
test -h "$root/etc/systemd/system/default.target.wants/test1.service"
test ! -e "$root/etc/systemd/system/test1-goodalias.service"
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=TEST-62-RESTRICT-IFACES-altname
+[Service]
+ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.1'
+ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.5'
+ExecStart=/bin/sh -c '! ping -c 1 -W 0.2 192.168.113.9'
+RestrictNetworkInterfaces=veth0-altname-with-more-than-15-chars
+RestrictNetworkInterfaces=veth1-altname-with-more-than-15-chars
+Type=oneshot
ip -n "ns${i}" link set dev lo up
ip -n "ns${i}" addr add "192.168.113."$((4*i+1))/30 dev "veth${i}_"
ip link set dev "veth${i}" up
+ ip link property add dev "veth${i}" altname "veth${i}-altname-with-more-than-15-chars"
ip addr add "192.168.113."$((4*i+2))/30 dev "veth${i}"
done
}
helper_check_device_units
}
-# Disable the mdmonitor service, since it fails if there's no valid email address
-# configured in /etc/mdadm.conf, which just unnecessarily pollutes the logs
-systemctl list-unit-files mdmonitor.service >/dev/null && systemctl mask --runtime mdmonitor.service
-
udevadm settle
udevadm control --log-level debug
lsblk -a
--- /dev/null
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+if systemd-detect-virt --quiet --container; then
+ echo "running on container, skipping."
+ exit 0
+fi
+
+if ! command -v bootctl >/dev/null; then
+ echo "bootctl not found, skipping."
+ exit 0
+fi
+
+# shellcheck source=test/units/util.sh
+. "$(dirname "$0")"/util.sh
+
+# shellcheck source=test/units/test-control.sh
+. "$(dirname "$0")"/test-control.sh
+
+basic_tests() {
+ bootctl "$@" --help
+ bootctl "$@" --version
+
+ bootctl "$@" install --make-entry-directory=yes
+ bootctl "$@" remove --make-entry-directory=yes
+
+ bootctl "$@" install --all-architectures
+ bootctl "$@" remove --all-architectures
+
+ bootctl "$@" install --make-entry-directory=yes --all-architectures
+ bootctl "$@" remove --make-entry-directory=yes --all-architectures
+
+ bootctl "$@" install
+ (! bootctl "$@" update)
+ bootctl "$@" update --graceful
+
+ bootctl "$@" is-installed
+ bootctl "$@" is-installed --graceful
+ bootctl "$@" random-seed
+
+ bootctl "$@"
+ bootctl "$@" status
+ bootctl "$@" status --quiet
+ bootctl "$@" list
+ bootctl "$@" list --quiet
+ bootctl "$@" list --json=short
+ bootctl "$@" list --json=pretty
+
+ bootctl "$@" remove
+ (! bootctl "$@" is-installed)
+ (! bootctl "$@" is-installed --graceful)
+}
+
+testcase_bootctl_basic() {
+ assert_eq "$(bootctl --print-esp-path)" "/efi"
+ assert_eq "$(bootctl --print-boot-path)" "/boot"
+ bootctl --print-root-device
+
+ basic_tests
+}
+
+cleanup_image() (
+ set +e
+
+ if [[ -z "${IMAGE_DIR:-}" ]]; then
+ return 0
+ fi
+
+ umount "${IMAGE_DIR}/root"
+
+ if [[ -n "${LOOPDEV:-}" ]]; then
+ losetup -d "${LOOPDEV}"
+ unset LOOPDEV
+ fi
+
+ udevadm settle
+
+ rm -rf "${IMAGE_DIR}"
+ unset IMAGE_DIR
+
+ return 0
+)
+
+testcase_bootctl_image() {
+ IMAGE_DIR="$(mktemp --directory /tmp/test-bootctl.XXXXXXXXXX)"
+ trap cleanup_image RETURN
+
+ truncate -s 256m "${IMAGE_DIR}/image"
+
+ cat >"${IMAGE_DIR}/partscript" <<EOF
+label: gpt
+type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B name=esp size=64M
+type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 name=root size=64M bootable
+type=BC13C2FF-59E6-4262-A352-B275FD6F7172 name=boot
+EOF
+
+ LOOPDEV="$(losetup --show -P -f "${IMAGE_DIR}/image")"
+ sfdisk "$LOOPDEV" <"${IMAGE_DIR}/partscript"
+
+ udevadm settle
+
+ mkfs.vfat -n esp "${LOOPDEV}p1"
+ mkfs.ext4 -L root "${LOOPDEV}p2"
+ mkfs.ext4 -L boot "${LOOPDEV}p3"
+
+ mkdir -p "${IMAGE_DIR}/root"
+ mount -t ext4 "${LOOPDEV}p2" "${IMAGE_DIR}/root"
+
+ mkdir -p "${IMAGE_DIR}/root/efi"
+ mkdir -p "${IMAGE_DIR}/root/boot"
+ mkdir -p "${IMAGE_DIR}/root/etc"
+ mkdir -p "${IMAGE_DIR}/root/usr/lib"
+ if [[ -f /usr/lib/os-release ]]; then
+ cp /usr/lib/os-release "${IMAGE_DIR}/root/usr/lib/."
+ ln -s ../usr/lib/os-release "${IMAGE_DIR}/root/etc/os-release"
+ else
+ cp -a /etc/os-release "${IMAGE_DIR}/root/etc/."
+ fi
+
+ umount "${IMAGE_DIR}/root"
+
+ assert_eq "$(bootctl --image "${IMAGE_DIR}/image" --print-esp-path)" "/run/systemd/mount-rootfs/efi"
+ assert_eq "$(bootctl --image "${IMAGE_DIR}/image" --print-esp-path --esp-path=/efi)" "/run/systemd/mount-rootfs/efi"
+ assert_eq "$(bootctl --image "${IMAGE_DIR}/image" --print-boot-path)" "/run/systemd/mount-rootfs/boot"
+ assert_eq "$(bootctl --image "${IMAGE_DIR}/image" --print-boot-path --boot-path=/boot)" "/run/systemd/mount-rootfs/boot"
+
+ # FIXME: This provides spurious result.
+ bootctl --image "${IMAGE_DIR}/image" --print-root-device || :
+
+ basic_tests --image "${IMAGE_DIR}/image"
+}
+
+cleanup_raid() (
+ set +e
+
+ if [[ -z "${IMAGE_DIR:-}" ]]; then
+ return 0
+ fi
+
+ systemd-umount "${IMAGE_DIR}/root/efi"
+ systemd-umount "${IMAGE_DIR}/root/boot"
+ systemd-umount "${IMAGE_DIR}/root"
+
+ mdadm --misc --stop /dev/md/raid-esp
+ mdadm --misc --stop /dev/md/raid-root
+
+ if [[ -n "${LOOPDEV1:-}" ]]; then
+ mdadm --misc --force --zero-superblock "${LOOPDEV1}p1"
+ mdadm --misc --force --zero-superblock "${LOOPDEV1}p2"
+ fi
+
+ if [[ -n "${LOOPDEV2:-}" ]]; then
+ mdadm --misc --force --zero-superblock "${LOOPDEV2}p1"
+ mdadm --misc --force --zero-superblock "${LOOPDEV2}p2"
+ fi
+
+ udevadm settle
+
+ if [[ -n "${LOOPDEV1:-}" ]]; then
+ mdadm --misc --force --zero-superblock "${LOOPDEV1}p1"
+ mdadm --misc --force --zero-superblock "${LOOPDEV1}p2"
+ losetup -d "${LOOPDEV1}"
+ unset LOOPDEV1
+ fi
+
+ if [[ -n "${LOOPDEV2:-}" ]]; then
+ mdadm --misc --force --zero-superblock "${LOOPDEV2}p1"
+ mdadm --misc --force --zero-superblock "${LOOPDEV2}p2"
+ losetup -d "${LOOPDEV2}"
+ unset LOOPDEV2
+ fi
+
+ udevadm settle
+
+ rm -rf "${IMAGE_DIR}"
+
+ return 0
+)
+
+testcase_bootctl_raid() {
+ if ! command -v mdadm >/dev/null; then
+ echo "mdadm not found, skipping."
+ return 0
+ fi
+
+ if ! command -v mkfs.btrfs >/dev/null; then
+ echo "mkfs.btrfs not found, skipping."
+ return 0
+ fi
+
+ IMAGE_DIR="$(mktemp --directory /tmp/test-bootctl.XXXXXXXXXX)"
+ trap cleanup_raid RETURN
+
+ truncate -s 256m "${IMAGE_DIR}/image1"
+ truncate -s 256m "${IMAGE_DIR}/image2"
+
+ cat >"${IMAGE_DIR}/partscript" <<EOF
+label: gpt
+type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B name=esp size=64M
+type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 name=root size=64M bootable
+type=BC13C2FF-59E6-4262-A352-B275FD6F7172 name=boot
+EOF
+
+ LOOPDEV1="$(losetup --show -P -f "${IMAGE_DIR}/image1")"
+ LOOPDEV2="$(losetup --show -P -f "${IMAGE_DIR}/image2")"
+ sfdisk "$LOOPDEV1" <"${IMAGE_DIR}/partscript"
+ sfdisk "$LOOPDEV2" <"${IMAGE_DIR}/partscript"
+
+ udevadm settle
+
+ echo y | mdadm --create /dev/md/raid-esp --name "raid-esp" "${LOOPDEV1}p1" "${LOOPDEV2}p1" -v -f --level=1 --raid-devices=2
+ mkfs.vfat /dev/md/raid-esp
+ echo y | mdadm --create /dev/md/raid-root --name "raid-root" "${LOOPDEV1}p2" "${LOOPDEV2}p2" -v -f --level=1 --raid-devices=2
+ mkfs.ext4 /dev/md/raid-root
+ mkfs.btrfs -f -M -d raid1 -m raid1 -L "raid-boot" "${LOOPDEV1}p3" "${LOOPDEV2}p3"
+
+ mkdir -p "${IMAGE_DIR}/root"
+ mount -t ext4 /dev/md/raid-root "${IMAGE_DIR}/root"
+ mkdir -p "${IMAGE_DIR}/root/efi"
+ mount -t vfat /dev/md/raid-esp "${IMAGE_DIR}/root/efi"
+ mkdir -p "${IMAGE_DIR}/root/boot"
+ mount -t btrfs "${LOOPDEV1}p3" "${IMAGE_DIR}/root/boot"
+
+ mkdir -p "${IMAGE_DIR}/root/etc"
+ mkdir -p "${IMAGE_DIR}/root/usr/lib"
+ if [[ -f /usr/lib/os-release ]]; then
+ cp /usr/lib/os-release "${IMAGE_DIR}/root/usr/lib/."
+ ln -s ../usr/lib/os-release "${IMAGE_DIR}/root/etc/os-release"
+ else
+ cp -a /etc/os-release "${IMAGE_DIR}/root/etc/."
+ fi
+
+ # find_esp() does not support md RAID partition.
+ (! bootctl --root "${IMAGE_DIR}/root" --print-esp-path)
+ (! bootctl --root "${IMAGE_DIR}/root" --print-esp-path --esp-path=/efi)
+
+ # If the verification is relaxed, it accepts md RAID partition.
+ assert_eq "$(SYSTEMD_RELAX_ESP_CHECKS=yes bootctl --root "${IMAGE_DIR}/root" --print-esp-path)" "${IMAGE_DIR}/root/efi"
+ assert_eq "$(SYSTEMD_RELAX_ESP_CHECKS=yes bootctl --root "${IMAGE_DIR}/root" --print-esp-path --esp-path=/efi)" "${IMAGE_DIR}/root/efi"
+
+ # find_xbootldr() does not support btrfs RAID, and bootctl tries to fall back to use ESP.
+ # (but as in the above, the ESP verification is also failed in this case).
+ (! bootctl --root "${IMAGE_DIR}/root" --print-boot-path)
+ (! bootctl --root "${IMAGE_DIR}/root" --print-boot-path --boot-path=/boot)
+
+ # If the verification for ESP is relaxed, bootctl falls back to use ESP.
+ assert_eq "$(SYSTEMD_RELAX_ESP_CHECKS=yes bootctl --root "${IMAGE_DIR}/root" --print-boot-path)" "${IMAGE_DIR}/root/efi"
+
+ # If the verification is relaxed, it accepts the xbootldr partition.
+ assert_eq "$(SYSTEMD_RELAX_XBOOTLDR_CHECKS=yes bootctl --root "${IMAGE_DIR}/root" --print-boot-path)" "${IMAGE_DIR}/root/boot"
+ assert_eq "$(SYSTEMD_RELAX_XBOOTLDR_CHECKS=yes bootctl --root "${IMAGE_DIR}/root" --print-boot-path --boot-path=/boot)" "${IMAGE_DIR}/root/boot"
+
+ # FIXME: This provides spurious result.
+ bootctl --root "${IMAGE_DIR}/root" --print-root-device || :
+
+ SYSTEMD_RELAX_ESP_CHECKS=yes SYSTEMD_RELAX_XBOOTLDR_CHECKS=yes basic_tests --root "${IMAGE_DIR}/root"
+}
+
+run_testcases
'file' : 'systemd-homed-activate.service',
'conditions' : ['ENABLE_HOMED'],
},
+ {
+ 'file' : 'systemd-homed-firstboot.service',
+ 'conditions' : ['ENABLE_HOMED'],
+ },
{
'file' : 'systemd-homed.service.in',
'conditions' : ['ENABLE_HOMED'],
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=First Boot Home Area Wizard
+Documentation=man:homectl(1)
+ConditionFirstBoot=yes
+After=home.mount systemd-homed.service
+Before=systemd-user-sessions.service first-boot-complete.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=homectl firstboot --prompt-new-user
+StandardOutput=tty
+StandardInput=tty
+StandardError=tty
+ImportCredential=home.*
+
+[Install]
+WantedBy=systemd-homed.service
+Also=systemd-homed.service
[Install]
WantedBy=multi-user.target
Alias=dbus-org.freedesktop.home1.service
-Also=systemd-homed-activate.service systemd-userdbd.service
+Also=systemd-homed-activate.service systemd-userdbd.service systemd-homed-firstboot.service