<citerefentry project='man-pages'><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
This option implies <option>plain</option>.</para>
- <para>WARNING: Using the <option>swap</option> option will
- destroy the contents of the named partition during every boot,
- so make sure the underlying block device is specified
- correctly.</para>
+ <warning>
+ <para>Using the <option>swap</option> option will
+ destroy the contents of the named partition during every boot,
+ so make sure the underlying block device is specified
+ correctly.</para>
+ </warning>
<xi:include href="version-info.xml" xpointer="v186"/></listitem>
</varlistentry>
<literal>btrfs</literal>. If no argument is specified defaults to <literal>ext4</literal>. This
option implies <option>plain</option>.</para>
- <para>WARNING: Using the <option>tmp</option> option will destroy the contents of the named partition
- during every boot, so make sure the underlying block device is specified correctly.</para>
+ <warning>
+ <para>Using the <option>tmp</option> option will destroy the contents of the named partition
+ during every boot, so make sure the underlying block device is specified correctly.</para>
+ </warning>
<xi:include href="version-info.xml" xpointer="v186"/></listitem>
</varlistentry>
processes will be killed forcibly and all file systems are unmounted or remounted read-only. This is hence a
drastic but relatively safe option to request an immediate reboot. If <option>--force</option> is specified
twice for these operations (with the exception of <command>kexec</command>), they will be executed
- immediately, without terminating any processes or unmounting any file systems. Warning: specifying
- <option>--force</option> twice with any of these operations might result in data loss. Note that when
- <option>--force</option> is specified twice the selected operation is executed by
- <command>systemctl</command> itself, and the system manager is not contacted. This means the command should
- succeed even when the system manager has crashed.</para>
+ immediately, without terminating any processes or unmounting any file systems.</para>
+
+ <warning>
+ <para>Specifying
+ <option>--force</option> twice with any of these operations might result in data loss. Note that when
+ <option>--force</option> is specified twice the selected operation is executed by
+ <command>systemctl</command> itself, and the system manager is not contacted. This means the command should
+ succeed even when the system manager has crashed.</para>
+ </warning>
</listitem>
</varlistentry>
NVMe-TCP mass storage devices. Its primary use-case is to be invoked by the
<filename>storage-target-mode.target</filename> unit that can be booted into.</para>
- <para>Warning: the NVMe disks are currently exposed without authentication or encryption, in read/write
- mode. This means network peers may read from and write to the device without any restrictions. This
- functionality should hence only be used in a local setup.</para>
+ <warning>
+ <para>The NVMe disks are currently exposed without authentication or encryption, in read/write
+ mode. This means network peers may read from and write to the device without any restrictions. This
+ functionality should hence only be used in a local setup.</para>
+ </warning>
<para>Note that to function properly networking must be configured too. The recommended mechanism to boot
into a storage target mode is by adding <literal>rd.systemd.unit=storage-target-mode.target
Fallback Peer Labeling</ulink> rules. They will be removed when the interface is
deconfigured. Failures to manage the labels will be ignored.</para>
- <para>Warning: Once labeling is enabled for network traffic, a lot of LSM access control points in
- Linux networking stack go from dormant to active. Care should be taken to avoid getting into a
- situation where for example remote connectivity is broken, when the security policy hasn't been
- updated to consider LSM per-packet access controls and no rules would allow any network
- traffic. Also note that additional configuration with <citerefentry
- project='man-pages'><refentrytitle>netlabelctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- is needed.</para>
+ <warning>
+ <para>Once labeling is enabled for network traffic, a lot of LSM access control points in
+ Linux networking stack go from dormant to active. Care should be taken to avoid getting into a
+ situation where for example remote connectivity is broken, when the security policy hasn't been
+ updated to consider LSM per-packet access controls and no rules would allow any network
+ traffic. Also note that additional configuration with <citerefentry
+ project='man-pages'><refentrytitle>netlabelctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ is needed.</para>
+ </warning>
<para>Example:
<programlisting>[Address]
<para>Typically, it is essential that applications which intend to use such a match, make
sure a suitable udev rule is installed that sets at least one property on devices that
shall be matched. See also Initialized Devices section below for more details.</para>
- <para>WARNING: <option>--initialized-nomatch</option> can potentially save a significant
- amount of time compared to re-triggering all devices in the system and e.g. can be used to
- optimize boot time. However, this is not safe to be used in a boot sequence in general.
- Especially, when udev rules for a device depend on its parent devices (e.g.
- <literal>ATTRS</literal> or <literal>IMPORT{parent}</literal> keys, see
- <citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry>
- for more details), the final state of the device becomes easily unstable with this option.
- </para>
+ <warning>
+ <para><option>--initialized-nomatch</option> can potentially save a significant
+ amount of time compared to re-triggering all devices in the system and e.g. can be used to
+ optimize boot time. However, this is not safe to be used in a boot sequence in general.
+ Especially, when udev rules for a device depend on its parent devices (e.g.
+ <literal>ATTRS</literal> or <literal>IMPORT{parent}</literal> keys, see
+ <citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ for more details), the final state of the device becomes easily unstable with this option.
+ </para>
+ </warning>
<xi:include href="version-info.xml" xpointer="v251"/>
</listitem>
<term><option>ignore-zero-blocks</option></term>
<listitem><para>Instruct kernel to not verify blocks that are expected to contain zeroes and always directly
- return zeroes instead.
+ return zeroes instead.</para>
- WARNING: Use this option only in very specific cases. This option is available since Linux kernel version 4.5.
- </para>
+ <warning>
+ <para>Use this option only in very specific cases. This option is available since Linux kernel version 4.5.</para>
+ </warning>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<term><option>check-at-most-once</option></term>
<listitem><para>Instruct kernel to verify blocks only the first time they are read from the data device, rather
- than every time.
+ than every time.</para>
- WARNING: It provides a reduced level of security because only offline tampering of the data device's content
- will be detected, not online tampering. This option is available since Linux kernel version 4.17.
- </para>
+ <warning>
+ <para>It provides a reduced level of security because only offline tampering of the data device's content
+ will be detected, not online tampering. This option is available since Linux kernel version 4.17.</para>
+ </warning>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
projects / thirdparty / systemd.git / commitdiff
